Overview
overview
10Static
static
807a66d269e...aa.exe
windows7_x64
807a66d269e...aa.exe
windows10_x64
80829ef5ac4...cb.exe
windows7_x64
80829ef5ac4...cb.exe
windows10_x64
100a6621f3e6...0b.exe
windows7_x64
80a6621f3e6...0b.exe
windows10_x64
80bcadf9e23...a4.exe
windows7_x64
10bcadf9e23...a4.exe
windows10_x64
110c410851b...78.exe
windows7_x64
110c410851b...78.exe
windows10_x64
115b40c27e6...fa.exe
windows7_x64
815b40c27e6...fa.exe
windows10_x64
818d74af2b4...9f.exe
windows7_x64
1018d74af2b4...9f.exe
windows10_x64
10Bat-To-Exe...er-x64
linux_amd64
Bat-To-Exe...er-x86
linux_amd64
25ac59efdf...c7.exe
windows7_x64
1025ac59efdf...c7.exe
windows10_x64
83523671dc7...2a.exe
windows7_x64
83523671dc7...2a.exe
windows10_x64
83cb01d4470...1c.exe
windows7_x64
103cb01d4470...1c.exe
windows10_x64
104a32ef4d91...8a.exe
windows7_x64
84a32ef4d91...8a.exe
windows10_x64
8678938a9ce...25.exe
windows7_x64
1678938a9ce...25.exe
windows10_x64
16f081f8143...3b.exe
windows7_x64
106f081f8143...3b.exe
windows10_x64
10701cab0774...45.exe
windows7_x64
1701cab0774...45.exe
windows10_x64
179b2065107...61.exe
windows7_x64
879b2065107...61.exe
windows10_x64
10Analysis
-
max time kernel
147s -
max time network
206s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
24-09-2021 10:47
Static task
static1
Behavioral task
behavioral1
Sample
07a66d269e4abee565d66a243e76739404bb80cd5ed7a4694ee727b358deb5aa.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
07a66d269e4abee565d66a243e76739404bb80cd5ed7a4694ee727b358deb5aa.exe
Resource
win10-en-20210920
Behavioral task
behavioral3
Sample
0829ef5ac4288be2415215ad1ac9ef1536ff1782b4973eb63f72ebc3a040a8cb.exe
Resource
win7v20210408
Behavioral task
behavioral4
Sample
0829ef5ac4288be2415215ad1ac9ef1536ff1782b4973eb63f72ebc3a040a8cb.exe
Resource
win10-en-20210920
Behavioral task
behavioral5
Sample
0a6621f3e6ec098a36a29cca7119d03e1783b25248caf3e019b77005304c0f0b.exe
Resource
win7-en-20210920
Behavioral task
behavioral6
Sample
0a6621f3e6ec098a36a29cca7119d03e1783b25248caf3e019b77005304c0f0b.exe
Resource
win10v20210408
Behavioral task
behavioral7
Sample
0bcadf9e2311c2190cd4ec93559259f81a03c02db5b29489c2b27ed86d40fca4.exe
Resource
win7-en-20210920
Behavioral task
behavioral8
Sample
0bcadf9e2311c2190cd4ec93559259f81a03c02db5b29489c2b27ed86d40fca4.exe
Resource
win10v20210408
Behavioral task
behavioral9
Sample
10c410851b47490eea158797046a2be886dbf7f7da4f47a7fa4e8081af6f2f78.exe
Resource
win7-en-20210920
Behavioral task
behavioral10
Sample
10c410851b47490eea158797046a2be886dbf7f7da4f47a7fa4e8081af6f2f78.exe
Resource
win10v20210408
Behavioral task
behavioral11
Sample
15b40c27e6cf4c0912a9bd1208ba4f08ff11c2d3f7ece28835dd56c96f666cfa.exe
Resource
win7-en-20210920
Behavioral task
behavioral12
Sample
15b40c27e6cf4c0912a9bd1208ba4f08ff11c2d3f7ece28835dd56c96f666cfa.exe
Resource
win10-en-20210920
Behavioral task
behavioral13
Sample
18d74af2b48fff6dd29d0b76041c4bbb4e4e53224d4ffce1a082487bf2796d9f.exe
Resource
win7v20210408
Behavioral task
behavioral14
Sample
18d74af2b48fff6dd29d0b76041c4bbb4e4e53224d4ffce1a082487bf2796d9f.exe
Resource
win10-en-20210920
Behavioral task
behavioral15
Sample
Bat-To-Exe-Converter-Downloader-master/Linux/downloader-x64
Resource
ubuntu-amd64
Behavioral task
behavioral16
Sample
Bat-To-Exe-Converter-Downloader-master/Linux/downloader-x86
Resource
ubuntu-amd64
Behavioral task
behavioral17
Sample
25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe
Resource
win7v20210408
Behavioral task
behavioral18
Sample
25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe
Resource
win10v20210408
Behavioral task
behavioral19
Sample
3523671dc78bc32e8caf574110eb09023588eb0a9edb91eb7f6afc7c762d332a.exe
Resource
win7-en-20210920
Behavioral task
behavioral20
Sample
3523671dc78bc32e8caf574110eb09023588eb0a9edb91eb7f6afc7c762d332a.exe
Resource
win10-en-20210920
Behavioral task
behavioral21
Sample
3cb01d4470bd82701dc1879cee898d7331ea17df13472d311b55b1ecd4546e1c.exe
Resource
win7v20210408
Behavioral task
behavioral22
Sample
3cb01d4470bd82701dc1879cee898d7331ea17df13472d311b55b1ecd4546e1c.exe
Resource
win10-en-20210920
Behavioral task
behavioral23
Sample
4a32ef4d911a823aaeac64664a8f9e28890bbd20da689580802e23d571d0f68a.exe
Resource
win7v20210408
Behavioral task
behavioral24
Sample
4a32ef4d911a823aaeac64664a8f9e28890bbd20da689580802e23d571d0f68a.exe
Resource
win10-en-20210920
Behavioral task
behavioral25
Sample
678938a9ce9ab7ee37d1c94ee7beadf4cd243c027c268cb412d3aff0b1b83b25.exe
Resource
win7v20210408
Behavioral task
behavioral26
Sample
678938a9ce9ab7ee37d1c94ee7beadf4cd243c027c268cb412d3aff0b1b83b25.exe
Resource
win10-en-20210920
Behavioral task
behavioral27
Sample
6f081f814358d615469a82cab0569fbf3c98a3e152bcfb2a9dd348b2d881b93b.exe
Resource
win7-en-20210920
Behavioral task
behavioral28
Sample
6f081f814358d615469a82cab0569fbf3c98a3e152bcfb2a9dd348b2d881b93b.exe
Resource
win10v20210408
Behavioral task
behavioral29
Sample
701cab0774c16dfca12691ab7786e4b024c8951264998e8dbcbc9b16c34d2245.exe
Resource
win7-en-20210920
Behavioral task
behavioral30
Sample
701cab0774c16dfca12691ab7786e4b024c8951264998e8dbcbc9b16c34d2245.exe
Resource
win10v20210408
Behavioral task
behavioral31
Sample
79b2065107cb362001a2f8a8cd8e2e20678b2eb2c0372ef760495d9fff407361.exe
Resource
win7-en-20210920
Behavioral task
behavioral32
Sample
79b2065107cb362001a2f8a8cd8e2e20678b2eb2c0372ef760495d9fff407361.exe
Resource
win10v20210408
General
-
Target
25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe
-
Size
2.3MB
-
MD5
102a230cc900e7fc9f1a58be6f976cb3
-
SHA1
8e3facc711322eb7ebaa16e5c2e92696f1fc1ce8
-
SHA256
25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7
-
SHA512
925003fe0f6ff00824f42b00a26edf9805691037e09a212a6b5bf3a0e44a1072d457a1aa1fe19500a074fe92c46e08d86c985287af838492a6d1d2210928f0cf
Malware Config
Signatures
-
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
-
Executes dropped EXE 7 IoCs
Processes:
zeronet-downloader.exeZeroNet.exeopenssl.exeopenssl.exeopenssl.exetor.exemeek-client.exepid process 432 zeronet-downloader.exe 1076 ZeroNet.exe 1136 openssl.exe 2016 openssl.exe 1500 openssl.exe 328 tor.exe 1768 meek-client.exe -
Loads dropped DLL 54 IoCs
Processes:
25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exeZeroNet.execmd.exeopenssl.execmd.exeopenssl.execmd.exeopenssl.exetor.exepid process 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 1076 ZeroNet.exe 1076 ZeroNet.exe 1076 ZeroNet.exe 1076 ZeroNet.exe 1076 ZeroNet.exe 1076 ZeroNet.exe 1076 ZeroNet.exe 1076 ZeroNet.exe 1076 ZeroNet.exe 1076 ZeroNet.exe 1076 ZeroNet.exe 1076 ZeroNet.exe 1076 ZeroNet.exe 1076 ZeroNet.exe 1076 ZeroNet.exe 1076 ZeroNet.exe 1076 ZeroNet.exe 1076 ZeroNet.exe 1076 ZeroNet.exe 1076 ZeroNet.exe 1076 ZeroNet.exe 1076 ZeroNet.exe 1076 ZeroNet.exe 1076 ZeroNet.exe 1076 ZeroNet.exe 1076 ZeroNet.exe 1076 ZeroNet.exe 1076 ZeroNet.exe 1076 ZeroNet.exe 1076 ZeroNet.exe 1076 ZeroNet.exe 1076 ZeroNet.exe 1756 cmd.exe 1756 cmd.exe 1136 openssl.exe 1136 openssl.exe 1156 cmd.exe 2016 openssl.exe 2016 openssl.exe 1160 cmd.exe 1500 openssl.exe 1500 openssl.exe 328 tor.exe 328 tor.exe 328 tor.exe 328 tor.exe 328 tor.exe 328 tor.exe 328 tor.exe 328 tor.exe -
Detects Pyinstaller 4 IoCs
Processes:
resource yara_rule \Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\ZeroNet.exe pyinstaller \Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\ZeroNet.exe pyinstaller C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\ZeroNet.exe pyinstaller C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\ZeroNet.exe pyinstaller -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exeopenssl.exeopenssl.exeopenssl.exepid process 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 1136 openssl.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 1136 openssl.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 2016 openssl.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 2016 openssl.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 1500 openssl.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 1500 openssl.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exepid process 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
ZeroNet.exedescription pid process Token: 35 1076 ZeroNet.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
ZeroNet.exepid process 1076 ZeroNet.exe -
Suspicious use of SendNotifyMessage 1 IoCs
Processes:
ZeroNet.exepid process 1076 ZeroNet.exe -
Suspicious use of WriteProcessMemory 32 IoCs
Processes:
25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exeZeroNet.execmd.execmd.execmd.exetor.exedescription pid process target process PID 332 wrote to memory of 432 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe zeronet-downloader.exe PID 332 wrote to memory of 432 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe zeronet-downloader.exe PID 332 wrote to memory of 432 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe zeronet-downloader.exe PID 332 wrote to memory of 1076 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe ZeroNet.exe PID 332 wrote to memory of 1076 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe ZeroNet.exe PID 332 wrote to memory of 1076 332 25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe ZeroNet.exe PID 1076 wrote to memory of 1756 1076 ZeroNet.exe cmd.exe PID 1076 wrote to memory of 1756 1076 ZeroNet.exe cmd.exe PID 1076 wrote to memory of 1756 1076 ZeroNet.exe cmd.exe PID 1756 wrote to memory of 1136 1756 cmd.exe openssl.exe PID 1756 wrote to memory of 1136 1756 cmd.exe openssl.exe PID 1756 wrote to memory of 1136 1756 cmd.exe openssl.exe PID 1076 wrote to memory of 1156 1076 ZeroNet.exe cmd.exe PID 1076 wrote to memory of 1156 1076 ZeroNet.exe cmd.exe PID 1076 wrote to memory of 1156 1076 ZeroNet.exe cmd.exe PID 1156 wrote to memory of 2016 1156 cmd.exe openssl.exe PID 1156 wrote to memory of 2016 1156 cmd.exe openssl.exe PID 1156 wrote to memory of 2016 1156 cmd.exe openssl.exe PID 1076 wrote to memory of 1160 1076 ZeroNet.exe cmd.exe PID 1076 wrote to memory of 1160 1076 ZeroNet.exe cmd.exe PID 1076 wrote to memory of 1160 1076 ZeroNet.exe cmd.exe PID 1160 wrote to memory of 1500 1160 cmd.exe openssl.exe PID 1160 wrote to memory of 1500 1160 cmd.exe openssl.exe PID 1160 wrote to memory of 1500 1160 cmd.exe openssl.exe PID 1076 wrote to memory of 328 1076 ZeroNet.exe tor.exe PID 1076 wrote to memory of 328 1076 ZeroNet.exe tor.exe PID 1076 wrote to memory of 328 1076 ZeroNet.exe tor.exe PID 1076 wrote to memory of 328 1076 ZeroNet.exe tor.exe PID 328 wrote to memory of 1768 328 tor.exe meek-client.exe PID 328 wrote to memory of 1768 328 tor.exe meek-client.exe PID 328 wrote to memory of 1768 328 tor.exe meek-client.exe PID 328 wrote to memory of 1768 328 tor.exe meek-client.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe"C:\Users\Admin\AppData\Local\Temp\25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\5688.tmp\zeronet-downloader.exe"C:\Users\Admin\AppData\Local\Temp\5688.tmp\zeronet-downloader.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\ZeroNet.exe"C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\ZeroNet.exe" --open_browser ""2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""tools\openssl\openssl.exe" req -new -newkey rsa:2048 -days 3650 -nodes -x509 -config "src/lib/openssl/openssl.cnf" -subj "/C=US/O=Amazon/OU=Server CA 1B/CN=Amazon" -keyout "C:/Users/Admin/AppData/Roaming/ZeroNet Filesharing Tool/ZeroNet-win-dist-win64/data/cakey-rsa.pem" -out "C:/Users/Admin/AppData/Roaming/ZeroNet Filesharing Tool/ZeroNet-win-dist-win64/data/cacert-rsa.pem" -batch"3⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\core\tools\openssl\openssl.exe"tools\openssl\openssl.exe" req -new -newkey rsa:2048 -days 3650 -nodes -x509 -config "src/lib/openssl/openssl.cnf" -subj "/C=US/O=Amazon/OU=Server CA 1B/CN=Amazon" -keyout "C:/Users/Admin/AppData/Roaming/ZeroNet Filesharing Tool/ZeroNet-win-dist-win64/data/cakey-rsa.pem" -out "C:/Users/Admin/AppData/Roaming/ZeroNet Filesharing Tool/ZeroNet-win-dist-win64/data/cacert-rsa.pem" -batch4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""tools\openssl\openssl.exe" req -new -newkey rsa:2048 -keyout "C:/Users/Admin/AppData/Roaming/ZeroNet Filesharing Tool/ZeroNet-win-dist-win64/data/key-rsa.pem" -out "C:/Users/Admin/AppData/Roaming/ZeroNet Filesharing Tool/ZeroNet-win-dist-win64/data/cert-rsa.csr" -subj "/CN=msn.com" -sha256 -nodes -batch -config "src/lib/openssl/openssl.cnf""3⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\core\tools\openssl\openssl.exe"tools\openssl\openssl.exe" req -new -newkey rsa:2048 -keyout "C:/Users/Admin/AppData/Roaming/ZeroNet Filesharing Tool/ZeroNet-win-dist-win64/data/key-rsa.pem" -out "C:/Users/Admin/AppData/Roaming/ZeroNet Filesharing Tool/ZeroNet-win-dist-win64/data/cert-rsa.csr" -subj "/CN=msn.com" -sha256 -nodes -batch -config "src/lib/openssl/openssl.cnf"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""tools\openssl\openssl.exe" x509 -req -in "C:/Users/Admin/AppData/Roaming/ZeroNet Filesharing Tool/ZeroNet-win-dist-win64/data/cert-rsa.csr" -CA "C:/Users/Admin/AppData/Roaming/ZeroNet Filesharing Tool/ZeroNet-win-dist-win64/data/cacert-rsa.pem" -CAkey "C:/Users/Admin/AppData/Roaming/ZeroNet Filesharing Tool/ZeroNet-win-dist-win64/data/cakey-rsa.pem" -set_serial 01 -out "C:/Users/Admin/AppData/Roaming/ZeroNet Filesharing Tool/ZeroNet-win-dist-win64/data/cert-rsa.pem" -days 730 -sha256 -extensions x509_ext -extfile "src/lib/openssl/openssl.cnf""3⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\core\tools\openssl\openssl.exe"tools\openssl\openssl.exe" x509 -req -in "C:/Users/Admin/AppData/Roaming/ZeroNet Filesharing Tool/ZeroNet-win-dist-win64/data/cert-rsa.csr" -CA "C:/Users/Admin/AppData/Roaming/ZeroNet Filesharing Tool/ZeroNet-win-dist-win64/data/cacert-rsa.pem" -CAkey "C:/Users/Admin/AppData/Roaming/ZeroNet Filesharing Tool/ZeroNet-win-dist-win64/data/cakey-rsa.pem" -set_serial 01 -out "C:/Users/Admin/AppData/Roaming/ZeroNet Filesharing Tool/ZeroNet-win-dist-win64/data/cert-rsa.pem" -days 730 -sha256 -extensions x509_ext -extfile "src/lib/openssl/openssl.cnf"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\core\tools\tor\tor.exetools/tor/tor.exe -f torrc --defaults-torrc torrc-defaults --ignore-missing-torrc3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\core\tools\tor\PluggableTransports\meek-client.exePluggableTransports/meek-client4⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\5688.tmp\ZeroNet-win-dist-win64.zipMD5
bf04780a88a28be1cc24878b348dd49a
SHA14c496b5bcae2ff97bbb9ef4bfc8ab8e007a6fa7b
SHA2563621349b45ad40a020710607c78e03294b783272240af12a084669478c6a16c6
SHA512da9b0f06642fe2f10c975c8480eac99e69f1f2febc8d56c23e862aa71ec03bba7a048c6acc520af94f0e486d0f6ebfa15dfdc843c09f9c2b7fc516f16f71b915
-
C:\Users\Admin\AppData\Local\Temp\5688.tmp\zeronet-downloader.exeMD5
9e0722e16793b9e6ffd8b48f4033a236
SHA1b76ebcc61e0d16a93feca87525966d0c4f571ec3
SHA256b5782642408eb1aa19df1781e8de277e0f586f66632b3171069630651c11e988
SHA512f12b277330eeac8e04d3d5b69b37c690897fc49c6586e4ec9c5aa412cd64c07fd9c4edfe6607d01fa49ec6efb3d594af6277555ce70cf0d970d1c29ef5f04bd9
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\VCRUNTIME140.dllMD5
0e675d4a7a5b7ccd69013386793f68eb
SHA16e5821ddd8fea6681bda4448816f39984a33596b
SHA256bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1
SHA512cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\ZeroNet.exeMD5
64848426d64b9f6eba3739ce1890e427
SHA11d418d95b288700af12dba7e42ac159627188131
SHA256be070944e245e339c3ffadfdaeb30ae8cc3171b7c6959b1653674482ec09d089
SHA512e4b3c1a20378c5da9d1ab5a162b4749f36d926f9a454f4474b265a622b2555522937424f38b7fb4c0458ce9d2bee247200b744ad787463ca68c044eeb34d04b7
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\ZeroNet.exeMD5
64848426d64b9f6eba3739ce1890e427
SHA11d418d95b288700af12dba7e42ac159627188131
SHA256be070944e245e339c3ffadfdaeb30ae8cc3171b7c6959b1653674482ec09d089
SHA512e4b3c1a20378c5da9d1ab5a162b4749f36d926f9a454f4474b265a622b2555522937424f38b7fb4c0458ce9d2bee247200b744ad787463ca68c044eeb34d04b7
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\ZeroNet.pkgMD5
fcb339b8c1076693c69bccf2f415ecb9
SHA13cc585c3f692bec14b3b95b714905454b4301293
SHA2566be2f92c439e9888fb6c51d2dee5d8144eaf180da8e7639db3eac4e586d6a4a9
SHA5121441a1dba1033db527d5d613d4097ef986978d5ebb5118813fc6f16a81d025fd1c3e7d7e647f3b8dd2b87544ebb201b75b323b1721b8b760dae68252791047cc
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\base_library.zipMD5
ba1612c38044c8c944c15284d3681814
SHA1e1a799dfa9f936ebedcde65eed8fc34e06adbe28
SHA25662fa3e16baa20ad022009eaebdc306ab255d8f50644bdd78e5889e317ac3ba52
SHA512f4bc319714e4d8060ba1536202669f28a349da9c296f89ec7202f6ae617e31b9fe9f33ccd327cbf98a84e0c08120b6df7077204f9525af70d80ff0953fca6340
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\core\src\main.pyMD5
1f88293ead652fad8646cf4ddcf863a2
SHA108699dd71a8c0902fa1281eba572b3ba2df6fbdc
SHA256b7ec0781e12b3d2174b8dd5ffdfa194266bcc7ac0d3be1c53405d3c231091cc4
SHA512311f1416cbd47982d93a943e98a76e6c1c35803d3f92f6b933cb7b36e54956033bb0c8913298195f66c71bae8e343956d166d05bd0416eaddbbf8de4ded4de38
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\core\zeronet.pyMD5
d59e845ee6777519e9917135cca2a6dd
SHA1b727fa5a49470af07570bc14b76905c33feedcfe
SHA25620d88354597b2704a5674c38c42f2122541e347140e30c1c1786d044357af8e2
SHA512cf2dbd8355656b8bf147071f02ff2f8e44fe4c7bb289368cf0c1d3bf812426024270cb89957a6849671021a49381730ca73f0ee0a50840cb02b3a565bc81d2e8
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\_bz2.pydMD5
429ad9f0d7240a1eb9c108b2d7c1382f
SHA1f54e1c1d31f5dd6698e47750daf48b9291b9ea69
SHA256d2571d3a553ea586fb1e5695dd9745caef9f0e30ac5b876d1307678360674f38
SHA512bae51da3560e0a720d45f0741f9992fe0729ead0112a614dba961c50cd6f82ddbdcf7b47aeda4f1093f6654f6db77d767ccddd59d34d2143df54121e9d486760
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\_cffi_backend.cp37-win_amd64.pydMD5
178e59320ad837ee085b52f633eeae6e
SHA1dffe0e46694a0e784bc41e4702ba306c53148363
SHA256750f7b735e09feee3323db8e0f20b88d600f3155bea2124efeb52d998f43b565
SHA5129604633e5b726c2cf7394684735b6d441eddb786cf863dbae89d2b16b642d6f7f23fed56a8bf13b366984e6ae19e1134f4891bb369ad3aa35bc4f75de87e94bb
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\_ctypes.pydMD5
985d2c5623def9d80d1408c01a8628be
SHA1317c298cb2e1728f9c7f14de2f7764c9861be101
SHA2567257178f704cd43e68cd7bc80f9814385b2e5d4f35d6e198ae99dce9f4118976
SHA512be6a9d3465a5e00e6752a4b681fb8ef75126b132965624d4373b8817d68ed11337b068034ebedcfe59fb9486b86a03e67e81badc29375a776f366bf7f834f0dc
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\_hashlib.pydMD5
d61618c28373d7bbdf1dec7ec2b2b1c1
SHA151f4bab84620752aedf7d71dcccb577ed518e9fd
SHA25633c4d06c91166db9ece6e6ad6b9fa1344316f995f7db268bf1b7f9c08ed3e6fb
SHA512ca7ca581c8d8d67f43e7858d7b4859fec1228fd1ba6e63711d508c1ab3477a071d40090fdae6ec0c8d1445e15fbb2fc60154e32e03f8398056388f1148f920de
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\_lzma.pydMD5
5e7a6b749a05dd934ee4471411420053
SHA1fcd1e54011b98928edbb3820a5838568b9573453
SHA2564dcd803319e24ba8c8e3d5ce2e02c209bd14a9ab07a540d6e3ae52f69d01e742
SHA512ce4c5456308adbef0a9d44064aae67b2bb2a913881405ae2e69127eb7ab00a09882fa5304d80d5b3728942b0ab56d1c99132666b6c0ea8809a21396aeaadd8a2
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\_socket.pydMD5
7c5c5e6e4ed888dd26c7aa063bb9f88e
SHA1a7a3694739b27c3d34beb1a9730fc3dcbae6744a
SHA2562bb4e5d711fe521e2c9a80f04d2f745f58561dc35f169e06ea17aabf27d334fe
SHA5129c49c3fe740464f649a0379bdc6bc474cce6a1331f87d2ba2ab489c4545ad7cb311c757af59e8174bb3c87af438a5d47621bd9b2b4750abe128d189d14d80065
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\gevent\__greenlet_primitives.cp37-win_amd64.pydMD5
4f49f53312c23b529a203d4de4273521
SHA1a344f0d51592522629f5b70c263c31f02c352902
SHA2567bfd896a82857b6795eae6ff09de3f819972757410e25f95b8acbaba69460e7c
SHA5127e5c3596cb10db0fa3ee17d33acc8cdc525bbc2292004988fb688468f189bf390860f9e30581a43c5bf126179c7d059f3a4cf2fc84d98e298aef463e56f28294
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\gevent\__hub_local.cp37-win_amd64.pydMD5
5992f660f6cb49f38293fcdd462aeef4
SHA1f6d6648b40aa861a8a736c79e9bc15d98d3deae6
SHA256b95b775719319f90e4fa73525f72bbc9ffd2dda44ad860c8b7d1d68a6dc7d603
SHA512a1ce1c5b1aa44d0b5fa07ab832e6b5a584871d5d8ef09b04b7f77784365699e7995b3400ebe01fada449cacf32fbea0021301e9c77b39e20becf86689ec7d3b0
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\gevent\__hub_primitives.cp37-win_amd64.pydMD5
4f8865be515235ebcb690e7712d51cdf
SHA1e0a738aeeffeb138a11666daa92426120ff08f63
SHA256e3e654f2a0e3d52607501e7fb7b75b11ef196a02679b901a466992cd67df0794
SHA5126f67290d495685235c8a34c01972ba6a09e67a888df75fe6d6095f60979131c62517623ce7a72124f55e61f687559e8fc210054f9e06af794017e9af402bb4cd
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\gevent\__init__.pyMD5
e9d8c62f860b28ab492819aac6fd5c97
SHA19561a402422d1a0ea534717cfd251aad9d4c0aaf
SHA2562e6a96f1febcd3af06c646919626471e90edfcec79929e849be1d441ff74be5f
SHA512379a0ed96ac03f4b966ff4e20059a294234baa2e7b52c1c3f5f3204d400eecdd15651c61ecd82f1253875e3c9a952d619d4b3dda85bd62599f68e6cb8f80be5b
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\gevent\__waiter.cp37-win_amd64.pydMD5
118fb9d79b9552d974e64aedaf79d41c
SHA112a003fbb2c3a6518d366423e34c6b62b528b242
SHA256a0dc94b7913e99dbaeba52aa417a71da2d3250c2de2c17cf718811aa3268acb0
SHA5125f0c3d0f589809b97828ba079d78830753851c45eec5de8429aa10d84ffd97f0d5afb1b1113f387207dc8b5075211308548d297becb6adcdbc33e9cca75d7840
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\gevent\_compat.pyMD5
b24b87e46e02bb99db9c3a0e1fddcd45
SHA11296d28a4852978f4f5e845f55b2aba191dd3d2b
SHA2565bc3fe55b139260194b5473d78e00a95e0c505d8bf201588110c9281e643557e
SHA51282ee59fde7a5b752817a8dc019f6e5f243b5a4ce0ed8bf66448ca39e7a29e476423ae09a9e75f41e9e134114d11b5927a81880d7fb87c16fe1053a0359048438
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\gevent\_config.pyMD5
a7473672cf18b8802da714387e24d674
SHA17356dc7f8c28074c029c69ecb31003f31394c5fc
SHA256cc59c9ca8896dfd8bded36af2bd5397efc4f3b73ba9f70763013f56efd19f1d7
SHA512d73a68e9dabda6e37f3ab012ba670d9891195cc806f0e33b262c125d474ea17a9807e7e5a855f8d47cdadfe48987d4d04e126699fe1e1c20cbaca8af25ed3759
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\gevent\_ffi\__init__.pyMD5
4952c11c89373764c34d9c8918cb738d
SHA1420a926ef6d69ca14c2ba651eda970766aec4e46
SHA2560530608e3bcee1e71004f6d178185e9bed33bf2d4caba8d77f974caf2906221b
SHA51268b67b51f6a0f5e6e2fb6d49649f271298b87ad90f18117b3300863bc591bd7cc895589533c071f18631604b3d8fa5e9fe7c4e648cf76c9c1bc0556baa432e23
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\gevent\_ffi\callback.pyMD5
3d212024df408063eebeb2e6c8a30db1
SHA10da7fd1df5cad2640fafe4c01597442cf778f52d
SHA2565d1f0d965e42897e10283c1f94f2e95a3d7e05a50673091ad10bcedeaaa937cb
SHA5129df585137ecf3232b8a41cec73479dc183c67dd38559e6a547e73892f172e728577f9715b63b6f2a5027aed0c283513ce2338fb4e053b65ab21ac1ef33a4ca3d
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\gevent\_ffi\loop.pyMD5
38800c5ee1756bb798b53fc9d526f6e2
SHA1fd7d7ee6757f6e083f7cf72321f2ebbc7543a6f8
SHA25662397d14a4a5d5e5df16c0a2e71ae5c4a53021f50a2036c5b91be8ffd13512b2
SHA5123f84a23235b348a63b27d1a3e6006077d82e2e7abf090608cbe8fa587cb972bb659e9aec3d4069138ba976c92784f1121d6e04b541c317aa1de9d07d167d1a0a
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\gevent\_ffi\watcher.pyMD5
98cacf79f65a41b6fcf03c9e93c2686d
SHA1f4f1c08f20badc9b3330e1257713a0b28e1d1e4b
SHA256054209f9bcce81f02abcbf27566779c7f8d0fd7eedefd9877b4060107456df2b
SHA512b8c71ac8d5a1df8386bcb682d3ac42e20e8ecfcec963c77bfc867ad86393e19c2073844231c65707c53429b93255f13d1182604ef27de4ccc6595ed4e7eb42ee
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\gevent\_greenlet_primitives.pyMD5
ab03dba623932a8b84189eff2c848bc7
SHA1a956ac041df26495f8de19de85163772291d7d04
SHA2560de7997916ff15230a70a6a6914ac7e135ec0c70817a8148d22738fcb2c8ed28
SHA512d002108f4112f0c8f2597971e9a0767b328274f09943ead72de914f4c7e08b24f2008379c0b1924e61aff44406913a7aefc731bc29eb495597a1822ac67c48aa
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\gevent\_hub_local.pyMD5
bdecfe2fa8d43f3b538fb5961df4e3c5
SHA1e345d158f6413efc9f78aad7e50f1110e4623d20
SHA256944082382e7f09e3fb25bcb8ce3d4b79b9b94946d185a409332b4d7bfcc8f3f9
SHA51261a4e16e4e3ce8e696fd6245ed7a0eb86d8f85395bd5c86df20455ce1f8895aa505673d0b4af4ab7bc7255d746c63f064ef661fe08dc004565502f12acf13a60
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\gevent\_hub_primitives.pyMD5
d2ccb53f46f9804a4cfc80074d87eece
SHA1e2cbc614ada53d0fc6852f1d171a3d9e7271de05
SHA256d48580de59103594a4a2df0eb2a402c1207870d78cdb2b627f714f672c876131
SHA512c63410004bab0a489b0f85589730c497d3e0b976f81fca0aca4b8b9ad0d1c20cf3f4f0ca8d2866a54a18781afa86b301222b3c19f7ab768bf6d7e03cc7fd451c
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\gevent\_interfaces.pyMD5
cc606cdb5b307ee5e817e53c07e9f1eb
SHA1ddb8993b961b62553b1a2fba9cd2f121741c34e9
SHA256d0cc222c9fe623e7cde877b04e68258ccf7743d1894b1d367f93dfe015026fcc
SHA51238dba372bec22cfdcf54f33c98626dccef64e4809bde37517727d773828a089f1204809eff107d253b696e93f53f187d9369a5b451f06c8d4288568338d27154
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\gevent\_util.pyMD5
e03d473c69b08f22a6588ebf70ae4efa
SHA1b00fcd01d3f629619ad3d9de3a6f59fcb651530a
SHA25668e6a90009ecae5d4da81380911469c18671bb4428ad70953c6b96ecbd9cbb50
SHA51280febfdb736571e63c41ec5fff17156a44f8aa487a879d992150d41741d53a98dbfb22edfce84045d8524a1d61198c4741d32ce2305b85240f31b69db7ff9cfe
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\gevent\_waiter.pyMD5
1addb09770c367354e67ff62b35c06b5
SHA10d8a991d11ee57d8b456069802c1defd1ebc89f1
SHA256d96af675ae60e3df8826d3c8f935b2ec38b5461307866904d100c44553cda358
SHA51285975fefb04c049be814d86014aebe32f958e557375db4d1b18697b9ffc7ced9f31f2beda83094d4a6d1f8e74807f72777f6c20483524f6e9b65f1eb7ed50fe9
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\gevent\exceptions.pyMD5
a16e8c6579b19a018630fc9fac80c870
SHA1a46b5e77d239f7974c178ff504025ca75ef8cb57
SHA256283998c1b4908ed31b97ec30c88b0841118b04adb41dd4dd2a916b18f6aed95c
SHA5129892afd146823bc17469f52635f08e90ac3c2187ac15d2d8d379efd27ecce2648ec7e3cfd18dd954ff7c6563367720bed0684a7db0a1b503d413f28161c6471e
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\gevent\libuv\__init__.pyMD5
cf158c94db3d0d4955b843d9a5cc0634
SHA12b77863821302f6507155853eaedbf9d1637ca91
SHA25623a8696052429db0410eba2eb0acd9ed097efa69df005c1f336ab506ec5c31f2
SHA512f575bb9fd204cafda301402c0130e9a24650d2e86140130c56ac049f1ed0acf504af10a263b91bbcf35d27893e2cdd631a39872c6ac69952343a201028a5b8ae
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\gevent\libuv\_corecffi.cp37-win_amd64.pydMD5
5661a74845831bb9b81cdc507e0f15be
SHA1a43e0cfb8c83e78379bb0e0df23735780f2643c8
SHA256b0e30abbb55ca4be12178a1577db821d0d1d5bcadbdf0e989764d074a83a8860
SHA512623f6cf5e0ba56101820a3e839e868a831a5d928aab2493e2c089e7e4bdd6ae13f8cc29ab33a2183eeff12f0c34cd92b4be59803b65b053961670fbebe346f34
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\gevent\libuv\loop.pyMD5
37a0a82e97171245a6853fdf1d34ac21
SHA1983a8c300d0336dca414d7924a468330cabfb3e2
SHA25673cdb50652535ceea426051c4938f2429bc2115d78c36db1d7032f9e101a6883
SHA512d434ead827a5198e218bafd0b2a97bb5f0bf0463949e45ba5688a89d3377ae7bfe6cce457c258a471ae2473cd77a9b94379d6d503b93e7530c8cf80e855bfc7e
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\gevent\libuv\watcher.pyMD5
7c8ae252743f0567c4168069addf8ff2
SHA1672cc7bd1bb8881667355f5a74774dce1fca1553
SHA256d56e2dfb0ae1c227c1a8b1b085a6ce908e32346b25df27f8f1925c9093de9aea
SHA512039f4c1f92db70a3398f56a8d090129d6d5ca04b383fc93b3e09c7208e2bbc822823eec3d5189ac39195f1befd71b110e2d8c97427ecb6ac699dde2f387b6b09
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\gevent\timeout.pyMD5
44580241f2bf04d7576dc0f0509046b9
SHA1ae7a9e3d7286239c22e8c16c4b1cb69e3f1ca623
SHA256914471f11c22f7fff838f6ca42807f50f1d819dfd6a0eb26d5dcf9afad21fd17
SHA5125c92dedd568d6d069fdce9d9ae45863e26dcad22b18bb5a08248d6cbbf6312681f7238e01f20ec277800d7bff8964ea8af5e02355d386e012204f26fcfdd07d1
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\greenlet.cp37-win_amd64.pydMD5
fa09293660821d9a4375a0daffeaf555
SHA147ca1066847bd7898be194f1855368dceefb82b8
SHA256538f96cfaf00c94ce663057da05057a9fb4483b8d61cf0142de07d0c4b1173ad
SHA512baba36fdcc4964fb88bc0b464dca2d00be8380bf3cab11df6f2ff36526099b45213006438f08627cf46acde99be38dac7d1ce61b9776a85908f6a70a65d1fc11
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\libcrypto-1_1-x64.dllMD5
8c75bca5ea3bea4d63f52369e3694d01
SHA1a0c0fd3d9e5688d75386094979171dbde2ce583a
SHA2568513e629cd85a984e4a30dfe4b3b7502ab87c8bc920825c11035718cb0211ea0
SHA5126d80d26d91b704d50ff3ad74f76d6b1afe98af3d7a18e43011dbe3809adc305b0e382c10868328eb82c9f8b4c77bca1522bdc023c7c8712057b65f6579c9dff5
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\pyexpat.pydMD5
a045432966523928d20b7dce4537c776
SHA10869868b4548ec7b0bddf7539b6022185bc3f6da
SHA256d4ca4589c6c8ff5a9f71da2f63c1d214bfeb8662375b42ee201b7c9e07c586a6
SHA512bdab5104b9cc278608cdc6662f38855c3a7c348d372034790c120209cbdf9730bbcece9dd1a59f8060d3dc29f5f193b988c9273b6eec5987bddc94cc28a9bc9b
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\select.pydMD5
1650617f3378c5bd469906ae1256a54c
SHA1dd89ffd426b6820fd79631e4c99760cb485d3a67
SHA2565724cea789a2ebc148ce277ce042e27432603db2ec64e80b13d37bcb775aee98
SHA51289ecbbf156e2be066c7d4e3e0ecd08c2704b6a796079517c91cf4aa6682040ba07460596aaddc5550c6ec588979dfec010fed4b87e049000caceed26e8f86ffe
-
C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\python37.dllMD5
28f9065753cc9436305485567ce894b0
SHA136ebb3188a787b63fb17bd01a847511c7b15e88e
SHA2566f2f87b74aea483a0636fc5c480b294a8103b427a3daf450c1e237c2a2271b1a
SHA512c3bbc50afb4a0b625aff28650befd126481018bd0b1b9a56c107e3792641679c7d1bfc8be6c9d0760fff6853f8f114b62490cd3567b06abc76ab7db3f244ab54
-
\Users\Admin\AppData\Local\Temp\5688.tmp\zeronet-downloader.exeMD5
9e0722e16793b9e6ffd8b48f4033a236
SHA1b76ebcc61e0d16a93feca87525966d0c4f571ec3
SHA256b5782642408eb1aa19df1781e8de277e0f586f66632b3171069630651c11e988
SHA512f12b277330eeac8e04d3d5b69b37c690897fc49c6586e4ec9c5aa412cd64c07fd9c4edfe6607d01fa49ec6efb3d594af6277555ce70cf0d970d1c29ef5f04bd9
-
\Users\Admin\AppData\Local\Temp\5688.tmp\zeronet-downloader.exeMD5
9e0722e16793b9e6ffd8b48f4033a236
SHA1b76ebcc61e0d16a93feca87525966d0c4f571ec3
SHA256b5782642408eb1aa19df1781e8de277e0f586f66632b3171069630651c11e988
SHA512f12b277330eeac8e04d3d5b69b37c690897fc49c6586e4ec9c5aa412cd64c07fd9c4edfe6607d01fa49ec6efb3d594af6277555ce70cf0d970d1c29ef5f04bd9
-
\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\VCRUNTIME140.dllMD5
0e675d4a7a5b7ccd69013386793f68eb
SHA16e5821ddd8fea6681bda4448816f39984a33596b
SHA256bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1
SHA512cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66
-
\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\ZeroNet.exeMD5
64848426d64b9f6eba3739ce1890e427
SHA11d418d95b288700af12dba7e42ac159627188131
SHA256be070944e245e339c3ffadfdaeb30ae8cc3171b7c6959b1653674482ec09d089
SHA512e4b3c1a20378c5da9d1ab5a162b4749f36d926f9a454f4474b265a622b2555522937424f38b7fb4c0458ce9d2bee247200b744ad787463ca68c044eeb34d04b7
-
\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\ZeroNet.exeMD5
64848426d64b9f6eba3739ce1890e427
SHA11d418d95b288700af12dba7e42ac159627188131
SHA256be070944e245e339c3ffadfdaeb30ae8cc3171b7c6959b1653674482ec09d089
SHA512e4b3c1a20378c5da9d1ab5a162b4749f36d926f9a454f4474b265a622b2555522937424f38b7fb4c0458ce9d2bee247200b744ad787463ca68c044eeb34d04b7
-
\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\_bz2.pydMD5
429ad9f0d7240a1eb9c108b2d7c1382f
SHA1f54e1c1d31f5dd6698e47750daf48b9291b9ea69
SHA256d2571d3a553ea586fb1e5695dd9745caef9f0e30ac5b876d1307678360674f38
SHA512bae51da3560e0a720d45f0741f9992fe0729ead0112a614dba961c50cd6f82ddbdcf7b47aeda4f1093f6654f6db77d767ccddd59d34d2143df54121e9d486760
-
\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\_cffi_backend.cp37-win_amd64.pydMD5
178e59320ad837ee085b52f633eeae6e
SHA1dffe0e46694a0e784bc41e4702ba306c53148363
SHA256750f7b735e09feee3323db8e0f20b88d600f3155bea2124efeb52d998f43b565
SHA5129604633e5b726c2cf7394684735b6d441eddb786cf863dbae89d2b16b642d6f7f23fed56a8bf13b366984e6ae19e1134f4891bb369ad3aa35bc4f75de87e94bb
-
\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\_ctypes.pydMD5
985d2c5623def9d80d1408c01a8628be
SHA1317c298cb2e1728f9c7f14de2f7764c9861be101
SHA2567257178f704cd43e68cd7bc80f9814385b2e5d4f35d6e198ae99dce9f4118976
SHA512be6a9d3465a5e00e6752a4b681fb8ef75126b132965624d4373b8817d68ed11337b068034ebedcfe59fb9486b86a03e67e81badc29375a776f366bf7f834f0dc
-
\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\_hashlib.pydMD5
d61618c28373d7bbdf1dec7ec2b2b1c1
SHA151f4bab84620752aedf7d71dcccb577ed518e9fd
SHA25633c4d06c91166db9ece6e6ad6b9fa1344316f995f7db268bf1b7f9c08ed3e6fb
SHA512ca7ca581c8d8d67f43e7858d7b4859fec1228fd1ba6e63711d508c1ab3477a071d40090fdae6ec0c8d1445e15fbb2fc60154e32e03f8398056388f1148f920de
-
\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\_lzma.pydMD5
5e7a6b749a05dd934ee4471411420053
SHA1fcd1e54011b98928edbb3820a5838568b9573453
SHA2564dcd803319e24ba8c8e3d5ce2e02c209bd14a9ab07a540d6e3ae52f69d01e742
SHA512ce4c5456308adbef0a9d44064aae67b2bb2a913881405ae2e69127eb7ab00a09882fa5304d80d5b3728942b0ab56d1c99132666b6c0ea8809a21396aeaadd8a2
-
\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\_socket.pydMD5
7c5c5e6e4ed888dd26c7aa063bb9f88e
SHA1a7a3694739b27c3d34beb1a9730fc3dcbae6744a
SHA2562bb4e5d711fe521e2c9a80f04d2f745f58561dc35f169e06ea17aabf27d334fe
SHA5129c49c3fe740464f649a0379bdc6bc474cce6a1331f87d2ba2ab489c4545ad7cb311c757af59e8174bb3c87af438a5d47621bd9b2b4750abe128d189d14d80065
-
\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\gevent\__greenlet_primitives.cp37-win_amd64.pydMD5
4f49f53312c23b529a203d4de4273521
SHA1a344f0d51592522629f5b70c263c31f02c352902
SHA2567bfd896a82857b6795eae6ff09de3f819972757410e25f95b8acbaba69460e7c
SHA5127e5c3596cb10db0fa3ee17d33acc8cdc525bbc2292004988fb688468f189bf390860f9e30581a43c5bf126179c7d059f3a4cf2fc84d98e298aef463e56f28294
-
\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\gevent\__hub_local.cp37-win_amd64.pydMD5
5992f660f6cb49f38293fcdd462aeef4
SHA1f6d6648b40aa861a8a736c79e9bc15d98d3deae6
SHA256b95b775719319f90e4fa73525f72bbc9ffd2dda44ad860c8b7d1d68a6dc7d603
SHA512a1ce1c5b1aa44d0b5fa07ab832e6b5a584871d5d8ef09b04b7f77784365699e7995b3400ebe01fada449cacf32fbea0021301e9c77b39e20becf86689ec7d3b0
-
\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\gevent\__hub_primitives.cp37-win_amd64.pydMD5
4f8865be515235ebcb690e7712d51cdf
SHA1e0a738aeeffeb138a11666daa92426120ff08f63
SHA256e3e654f2a0e3d52607501e7fb7b75b11ef196a02679b901a466992cd67df0794
SHA5126f67290d495685235c8a34c01972ba6a09e67a888df75fe6d6095f60979131c62517623ce7a72124f55e61f687559e8fc210054f9e06af794017e9af402bb4cd
-
\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\gevent\__waiter.cp37-win_amd64.pydMD5
118fb9d79b9552d974e64aedaf79d41c
SHA112a003fbb2c3a6518d366423e34c6b62b528b242
SHA256a0dc94b7913e99dbaeba52aa417a71da2d3250c2de2c17cf718811aa3268acb0
SHA5125f0c3d0f589809b97828ba079d78830753851c45eec5de8429aa10d84ffd97f0d5afb1b1113f387207dc8b5075211308548d297becb6adcdbc33e9cca75d7840
-
\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\gevent\libuv\_corecffi.cp37-win_amd64.pydMD5
5661a74845831bb9b81cdc507e0f15be
SHA1a43e0cfb8c83e78379bb0e0df23735780f2643c8
SHA256b0e30abbb55ca4be12178a1577db821d0d1d5bcadbdf0e989764d074a83a8860
SHA512623f6cf5e0ba56101820a3e839e868a831a5d928aab2493e2c089e7e4bdd6ae13f8cc29ab33a2183eeff12f0c34cd92b4be59803b65b053961670fbebe346f34
-
\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\greenlet.cp37-win_amd64.pydMD5
fa09293660821d9a4375a0daffeaf555
SHA147ca1066847bd7898be194f1855368dceefb82b8
SHA256538f96cfaf00c94ce663057da05057a9fb4483b8d61cf0142de07d0c4b1173ad
SHA512baba36fdcc4964fb88bc0b464dca2d00be8380bf3cab11df6f2ff36526099b45213006438f08627cf46acde99be38dac7d1ce61b9776a85908f6a70a65d1fc11
-
\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\libcrypto-1_1-x64.dllMD5
8c75bca5ea3bea4d63f52369e3694d01
SHA1a0c0fd3d9e5688d75386094979171dbde2ce583a
SHA2568513e629cd85a984e4a30dfe4b3b7502ab87c8bc920825c11035718cb0211ea0
SHA5126d80d26d91b704d50ff3ad74f76d6b1afe98af3d7a18e43011dbe3809adc305b0e382c10868328eb82c9f8b4c77bca1522bdc023c7c8712057b65f6579c9dff5
-
\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\pyexpat.pydMD5
a045432966523928d20b7dce4537c776
SHA10869868b4548ec7b0bddf7539b6022185bc3f6da
SHA256d4ca4589c6c8ff5a9f71da2f63c1d214bfeb8662375b42ee201b7c9e07c586a6
SHA512bdab5104b9cc278608cdc6662f38855c3a7c348d372034790c120209cbdf9730bbcece9dd1a59f8060d3dc29f5f193b988c9273b6eec5987bddc94cc28a9bc9b
-
\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\lib\select.pydMD5
1650617f3378c5bd469906ae1256a54c
SHA1dd89ffd426b6820fd79631e4c99760cb485d3a67
SHA2565724cea789a2ebc148ce277ce042e27432603db2ec64e80b13d37bcb775aee98
SHA51289ecbbf156e2be066c7d4e3e0ecd08c2704b6a796079517c91cf4aa6682040ba07460596aaddc5550c6ec588979dfec010fed4b87e049000caceed26e8f86ffe
-
\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\ZeroNet-win-dist-win64\python37.dllMD5
28f9065753cc9436305485567ce894b0
SHA136ebb3188a787b63fb17bd01a847511c7b15e88e
SHA2566f2f87b74aea483a0636fc5c480b294a8103b427a3daf450c1e237c2a2271b1a
SHA512c3bbc50afb4a0b625aff28650befd126481018bd0b1b9a56c107e3792641679c7d1bfc8be6c9d0760fff6853f8f114b62490cd3567b06abc76ab7db3f244ab54
-
memory/328-142-0x0000000074BE0000-0x0000000074C62000-memory.dmpFilesize
520KB
-
memory/328-138-0x0000000074820000-0x0000000074A3E000-memory.dmpFilesize
2.1MB
-
memory/328-137-0x0000000074BE0000-0x0000000074C62000-memory.dmpFilesize
520KB
-
memory/328-141-0x0000000074C90000-0x0000000074CB2000-memory.dmpFilesize
136KB
-
memory/328-143-0x0000000074820000-0x0000000074A3E000-memory.dmpFilesize
2.1MB
-
memory/328-145-0x00000000001E0000-0x000000000055F000-memory.dmpFilesize
3.5MB
-
memory/328-144-0x0000000074790000-0x0000000074812000-memory.dmpFilesize
520KB
-
memory/328-136-0x0000000074C90000-0x0000000074CB2000-memory.dmpFilesize
136KB
-
memory/328-140-0x00000000001E0000-0x000000000055F000-memory.dmpFilesize
3.5MB
-
memory/328-139-0x0000000074790000-0x0000000074812000-memory.dmpFilesize
520KB
-
memory/328-134-0x0000000000000000-mapping.dmp
-
memory/328-135-0x0000000075FF1000-0x0000000075FF3000-memory.dmpFilesize
8KB
-
memory/332-59-0x000007FEFBBB1000-0x000007FEFBBB3000-memory.dmpFilesize
8KB
-
memory/432-62-0x0000000000000000-mapping.dmp
-
memory/1076-68-0x0000000000000000-mapping.dmp
-
memory/1076-131-0x0000000002950000-0x0000000002951000-memory.dmpFilesize
4KB
-
memory/1136-128-0x0000000000000000-mapping.dmp
-
memory/1156-129-0x0000000000000000-mapping.dmp
-
memory/1160-132-0x0000000000000000-mapping.dmp
-
memory/1500-133-0x0000000000000000-mapping.dmp
-
memory/1756-127-0x0000000000000000-mapping.dmp
-
memory/1768-146-0x0000000000000000-mapping.dmp
-
memory/2016-130-0x0000000000000000-mapping.dmp