bitrat | 2d49873798ab5ee10992f377ebb27ee940b1f354b9ec4ebebe687177ea2b214c

max time kernel
157s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
03-04-2024 00:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
Size

7.6MB
MD5

9b035bad2b8a21fb2c57fd784c89b8d5
SHA1

ee15fad65f3f22df7f54e218176c45d369ebb70f
SHA256

2d49873798ab5ee10992f377ebb27ee940b1f354b9ec4ebebe687177ea2b214c
SHA512

96c0189aba67db2f1c38affa5ac44665566ea17e20e5f749aef771739c81beb96bbcac8ea35aad80cffc9d492e23fcbaefbf03f72011d9bd1ccac36182466dde
SSDEEP

196608:imEljesxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQUDxtw3iFFrS6XOfTV73cP:balxwZ6v1CPwDv3uFteg2EeJUO9WLjD/

Score

10^/10

bitrat trojan upx

Malware Config

Extracted

Family

bitrat

Version

1.32

7ix5nfolcp4ta4mk2dtihev73rw7d2edpbd5tp7sf7zgmpv66fpxnwqd.onion:80

Attributes

communication_password
e10adc3949ba59abbe56e057f20f883e
tor_process
dllhost

Signatures

BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
trojan bitrat

BitRAT payload 2 IoCs

resource	yara_rule
behavioral2/memory/4712-0-0x0000000000400000-0x0000000000BAA000-memory.dmp	family_bitrat
behavioral2/memory/4712-29-0x0000000000400000-0x0000000000BAA000-memory.dmp	family_bitrat

ACProtect 1.3x - 1.4x DLL software 7 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x0007000000023275-21.dat	acprotect
behavioral2/files/0x0008000000023270-18.dat	acprotect
behavioral2/files/0x0007000000023274-32.dat	acprotect
behavioral2/files/0x000900000002326d-30.dat	acprotect
behavioral2/files/0x0008000000023271-25.dat	acprotect
behavioral2/files/0x0007000000023276-31.dat	acprotect
behavioral2/files/0x0007000000023278-37.dat	acprotect

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe

Executes dropped EXE 4 IoCs

pid	Process
1368	dllhost.exe
1876	dllhost.exe
4064	dllhost.exe
4560	dllhost.exe

Loads dropped DLL 29 IoCs

pid	Process
1368	dllhost.exe
1368	dllhost.exe
1368	dllhost.exe
1368	dllhost.exe
1368	dllhost.exe
1368	dllhost.exe
1368	dllhost.exe
1368	dllhost.exe
1876	dllhost.exe
1876	dllhost.exe
1876	dllhost.exe
1876	dllhost.exe
1876	dllhost.exe
1876	dllhost.exe
1876	dllhost.exe
4064	dllhost.exe
4064	dllhost.exe
4064	dllhost.exe
4064	dllhost.exe
4064	dllhost.exe
4064	dllhost.exe
4064	dllhost.exe
4560	dllhost.exe
4560	dllhost.exe
4560	dllhost.exe
4560	dllhost.exe
4560	dllhost.exe
4560	dllhost.exe
4560	dllhost.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0007000000023277-14.dat	upx
behavioral2/memory/1368-20-0x0000000000200000-0x0000000000604000-memory.dmp	upx
behavioral2/files/0x0007000000023275-21.dat	upx
behavioral2/files/0x0008000000023270-18.dat	upx
behavioral2/memory/1368-26-0x0000000074520000-0x0000000074569000-memory.dmp	upx
behavioral2/memory/1368-27-0x0000000074450000-0x0000000074518000-memory.dmp	upx
behavioral2/files/0x0007000000023274-32.dat	upx
behavioral2/files/0x000900000002326d-30.dat	upx
behavioral2/files/0x0008000000023271-25.dat	upx
behavioral2/memory/1368-33-0x0000000074180000-0x000000007444F000-memory.dmp	upx
behavioral2/memory/1368-36-0x0000000073FA0000-0x00000000740AA000-memory.dmp	upx
behavioral2/files/0x0007000000023276-31.dat	upx
behavioral2/files/0x0007000000023278-37.dat	upx
behavioral2/memory/1368-40-0x0000000073EE0000-0x0000000073F68000-memory.dmp	upx
behavioral2/memory/1368-34-0x00000000740B0000-0x000000007417E000-memory.dmp	upx
behavioral2/memory/1368-42-0x0000000073F70000-0x0000000073F94000-memory.dmp	upx
behavioral2/memory/1368-47-0x0000000000200000-0x0000000000604000-memory.dmp	upx
behavioral2/memory/1368-48-0x0000000074520000-0x0000000074569000-memory.dmp	upx
behavioral2/memory/1368-49-0x0000000074450000-0x0000000074518000-memory.dmp	upx
behavioral2/memory/1368-50-0x0000000074180000-0x000000007444F000-memory.dmp	upx
behavioral2/memory/1368-51-0x00000000740B0000-0x000000007417E000-memory.dmp	upx
behavioral2/memory/1368-52-0x0000000073FA0000-0x00000000740AA000-memory.dmp	upx
behavioral2/memory/1368-55-0x0000000000200000-0x0000000000604000-memory.dmp	upx
behavioral2/memory/1368-56-0x0000000000200000-0x0000000000604000-memory.dmp	upx
behavioral2/memory/1368-73-0x0000000000200000-0x0000000000604000-memory.dmp	upx
behavioral2/memory/1368-91-0x0000000000200000-0x0000000000604000-memory.dmp	upx
behavioral2/memory/1368-101-0x0000000000200000-0x0000000000604000-memory.dmp	upx
behavioral2/memory/1368-112-0x0000000000200000-0x0000000000604000-memory.dmp	upx
behavioral2/memory/1368-120-0x0000000000200000-0x0000000000604000-memory.dmp	upx
behavioral2/memory/1876-130-0x0000000000200000-0x0000000000604000-memory.dmp	upx
behavioral2/memory/1876-138-0x0000000073FA0000-0x00000000740AA000-memory.dmp	upx
behavioral2/memory/1876-139-0x0000000073EE0000-0x0000000073F68000-memory.dmp	upx
behavioral2/memory/1876-141-0x0000000074180000-0x000000007444F000-memory.dmp	upx
behavioral2/memory/1876-145-0x0000000074450000-0x0000000074518000-memory.dmp	upx
behavioral2/memory/1876-146-0x00000000740B0000-0x000000007417E000-memory.dmp	upx
behavioral2/memory/1876-147-0x0000000074520000-0x0000000074569000-memory.dmp	upx
behavioral2/memory/1876-148-0x0000000073F70000-0x0000000073F94000-memory.dmp	upx
behavioral2/memory/1876-164-0x0000000000200000-0x0000000000604000-memory.dmp	upx
behavioral2/memory/1876-165-0x0000000074180000-0x000000007444F000-memory.dmp	upx
behavioral2/memory/1876-170-0x0000000073FA0000-0x00000000740AA000-memory.dmp	upx
behavioral2/memory/1876-180-0x0000000000200000-0x0000000000604000-memory.dmp	upx
behavioral2/memory/4064-214-0x0000000000200000-0x0000000000604000-memory.dmp	upx
behavioral2/memory/4064-216-0x0000000074180000-0x000000007444F000-memory.dmp	upx
behavioral2/memory/4064-218-0x0000000074450000-0x0000000074518000-memory.dmp	upx
behavioral2/memory/1876-219-0x0000000000200000-0x0000000000604000-memory.dmp	upx
behavioral2/memory/4064-222-0x0000000074520000-0x0000000074569000-memory.dmp	upx
behavioral2/memory/4064-225-0x0000000073FA0000-0x00000000740AA000-memory.dmp	upx
behavioral2/memory/4064-223-0x0000000073F70000-0x0000000073F94000-memory.dmp	upx
behavioral2/memory/4064-226-0x0000000073EE0000-0x0000000073F68000-memory.dmp	upx
behavioral2/memory/4064-220-0x00000000740B0000-0x000000007417E000-memory.dmp	upx
behavioral2/memory/4064-235-0x00000000740B0000-0x000000007417E000-memory.dmp	upx
behavioral2/memory/4064-237-0x0000000074180000-0x000000007444F000-memory.dmp	upx
behavioral2/memory/4064-236-0x0000000000200000-0x0000000000604000-memory.dmp	upx
behavioral2/memory/4064-234-0x0000000074450000-0x0000000074518000-memory.dmp	upx
behavioral2/memory/4560-249-0x00000000741E0000-0x00000000742A8000-memory.dmp	upx
behavioral2/memory/4560-250-0x0000000074190000-0x00000000741D9000-memory.dmp	upx
behavioral2/memory/4560-251-0x0000000074080000-0x000000007418A000-memory.dmp	upx
behavioral2/memory/4560-252-0x0000000073FF0000-0x0000000074078000-memory.dmp	upx
behavioral2/memory/4560-253-0x0000000073FC0000-0x0000000073FE4000-memory.dmp	upx
behavioral2/memory/4560-254-0x0000000073EF0000-0x0000000073FBE000-memory.dmp	upx
behavioral2/memory/4560-255-0x00000000742B0000-0x000000007457F000-memory.dmp	upx
behavioral2/memory/4560-274-0x0000000000200000-0x0000000000604000-memory.dmp	upx
behavioral2/memory/4560-283-0x00000000741E0000-0x00000000742A8000-memory.dmp	upx
behavioral2/memory/4560-284-0x0000000073EF0000-0x0000000073FBE000-memory.dmp	upx

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
68	myexternalip.com
69	myexternalip.com

Uses Tor communications 1 TTPs
Malware can proxy its traffic through Tor for more anonymity.

Proxy
T1090

Suspicious use of NtSetInformationThreadHideFromDebugger 6 IoCs

pid	Process
4712	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
4712	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
4712	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
4712	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
4712	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
4712	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4712	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
Token: SeShutdownPrivilege	4712	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4712	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
4712	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 4712 wrote to memory of 1368	4712	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	95
PID 4712 wrote to memory of 1368	4712	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	95
PID 4712 wrote to memory of 1368	4712	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	95
PID 4712 wrote to memory of 1876	4712	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	105
PID 4712 wrote to memory of 1876	4712	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	105
PID 4712 wrote to memory of 1876	4712	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	105
PID 4712 wrote to memory of 4064	4712	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	106
PID 4712 wrote to memory of 4064	4712	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	106
PID 4712 wrote to memory of 4064	4712	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	106
PID 4712 wrote to memory of 4560	4712	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	107
PID 4712 wrote to memory of 4560	4712	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	107
PID 4712 wrote to memory of 4560	4712	9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe	107

C:\Users\Admin\AppData\Local\Temp\9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4712
- C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
  "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1368
- C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
  "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1876
- C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
  "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4064
- C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
  "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1032 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
1⤵
PID:5052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Proxy

T1090

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\cached-certs

Filesize
20KB

MD5
4746fdfd3de0fdc1a4ba066adc8cd95e

SHA1
a83f50e2735055e07b90504cf055b74c50d2c8ba

SHA256
2ce36acac349e88d1d4b5b5bd53935bc772834c481d5b8c9b61d6ea7414c4d32

SHA512
fece793055e4d53aa1bfa8f87547601425190fa6908677eda143bcfde3a7f822e9d4ffd55c40afbf4567048ff3975fc417007f208252fb41b9db25ad55a22cfc

Download Submit
C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\cached-microdesc-consensus.tmp

Filesize
2.6MB

MD5
d2ce13cd74103463ffd4de7ab74ebc34

SHA1
175556bd007dbf8b826a4ffba96fd5517e6bf4a3

SHA256
f781a7b920e53a42f1af09eee17b7551af9039497fd804ece8743adbf564008f

SHA512
3c578e36a583ffbe3eda8b1311d71b4308ec880dec9f71367a6a820d568686ac591a743f5c845da83a84fe3da5e60f2b8a0a9183be77376b2790fe75d72801ed

Download Submit
C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\cached-microdescs

Filesize
10.7MB

MD5
48689923ed6bbe900a234990e98f01bd

SHA1
96f992c95179f04dc3db6f9b1bc7217dc143f30c

SHA256
21999b25b93068a991ddf419ca67fb8a8bee885aa7910be6a63a107d3fc20b76

SHA512
1fd323dcc704f584327a7e636c55a7c776fb86ab236682e86e0bd412c906c63efe89a3427864546cd8a803eefc6ee03a02277ac04f742121925992a950906bce

Download Submit
C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\cached-microdescs.new

Filesize
8.5MB

MD5
eaed3733b8c905b38e3a4b4ab93e570e

SHA1
97ac66fdb41d32303ce197338e52236eb64df25f

SHA256
318aac42a32d6eda2a5adca97892cb38613d30b3a63e6d825488f5261c991a56

SHA512
29c32d39cf31e75f6c065642df5c1ce9197cb61c082ca92fc827fbfc7884cf018ce3a5d7f8bd7f6d18a89d1a671a286f3c92bf3d681003bee0ce810c15300bb3

Download Submit
C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\cached-microdescs.new

Filesize
8.5MB

MD5
212b0ed338e0f5250d51ada995ec4077

SHA1
c97956104ce5cdc61ff48fcd6d6aa0045e7ab339

SHA256
55855ab75f4a628976fd4ce5cb283691c39ec938b2d62c1fa8d5a01811d1f19e

SHA512
18af634fcb6b32b3960a4eaff578b67e4401894def81697cb19bc9c61b13f1626beb3ffabf7bbb7888f19b2676ad641aec82c8db635a1b0c9c05ac58a4e8442b

Download Submit
C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\cached-microdescs.new

Filesize
10.7MB

MD5
be76e40c883767f19a0a943bc7073294

SHA1
27cca09b542bcf6571160068169eb7e4a64adf72

SHA256
4883a5fa2ab90c898db713c319c183657da95a0801d2f183e938527fae19ec1e

SHA512
0a401d90512d7b393093cc46f23be08c97028e44f234eb2481ba193431662c69f85c82ff0f9ef4351abedf459ce25cdc2389b7b1114810dcc83e83e800e71635

Download Submit
C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\cached-microdescs.new

Filesize
10.7MB

MD5
da320569787750e0ac8397adec8edf7e

SHA1
558439b76441492a74d4af7a1bb73062d5f2d10e

SHA256
4eea851c0c800a43e2d39fda478428ff35c56bc1496768819a15eab0f66f0515

SHA512
b4d24c16c4ef66e61f8ad10b2ba09db5fd054dbaf0acbc1b035761651ff9bf8014deb74fbd810526654a20f7d6e85c3dc7cec29ed95925b155e162ee6d227de2

Download Submit
C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\state

Filesize
8KB

MD5
ad0482f546b6ad514409e5e0035d136e

SHA1
3465c359b366baf89c868081e967030d653efea4

SHA256
9671118f3157649134045dff5a9d93703ab6bc380a76bdbdb03b8920419f43a4

SHA512
bf553f04d63e5a240b9e7a8fe190c7a83a7639bc034f5a5b298c55ce84e291678781363914a482ee01cb9b2e4792c2a6a09e379b444309bf7d751fb3ec0e985d

Download Submit
C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\state

Filesize
9KB

MD5
e34671cf53b7ea596b7e0f858b01c1e3

SHA1
af0b767630cddaa5ace771cc168de497eed25c64

SHA256
57ac59eb54a5eab78487f07c95f8986d2019c4b179d1872e5e31fd0d9267d888

SHA512
7c88ae00fbe40cc828e00f439dd4255f467231cd0e4a4fbea9be44dd70b98439fc0b58d1406cc3ae25f1e032ab7c7123fe6b61625181a89bb83d0732cbea74b0

Download Submit
C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe

Filesize
973KB

MD5
5cfe61ff895c7daa889708665ef05d7b

SHA1
5e58efe30406243fbd58d4968b0492ddeef145f2

SHA256
f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5

SHA512
43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

Download Submit
C:\Users\Admin\AppData\Local\07fa2a3b\tor\libcrypto-1_1.dll

Filesize
1.7MB

MD5
2384a02c4a1f7ec481adde3a020607d3

SHA1
7e848d35a10bf9296c8fa41956a3daa777f86365

SHA256
c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369

SHA512
1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

Download Submit
C:\Users\Admin\AppData\Local\07fa2a3b\tor\libevent-2-1-6.dll

Filesize
366KB

MD5
099983c13bade9554a3c17484e5481f1

SHA1
a84e69ad9722f999252d59d0ed9a99901a60e564

SHA256
b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838

SHA512
89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

Download Submit
C:\Users\Admin\AppData\Local\07fa2a3b\tor\libgcc_s_sjlj-1.dll

Filesize
286KB

MD5
b0d98f7157d972190fe0759d4368d320

SHA1
5715a533621a2b642aad9616e603c6907d80efc4

SHA256
2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5

SHA512
41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

Download Submit
C:\Users\Admin\AppData\Local\07fa2a3b\tor\libssl-1_1.dll

Filesize
439KB

MD5
c88826ac4bb879622e43ead5bdb95aeb

SHA1
87d29853649a86f0463bfd9ad887b85eedc21723

SHA256
c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f

SHA512
f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

Download Submit
C:\Users\Admin\AppData\Local\07fa2a3b\tor\libssp-0.dll

Filesize
88KB

MD5
2c916456f503075f746c6ea649cf9539

SHA1
fa1afc1f3d728c89b2e90e14ca7d88b599580a9d

SHA256
cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6

SHA512
1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

Download Submit
C:\Users\Admin\AppData\Local\07fa2a3b\tor\libwinpthread-1.dll

Filesize
188KB

MD5
d407cc6d79a08039a6f4b50539e560b8

SHA1
21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71

SHA256
92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e

SHA512
378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

Download Submit
C:\Users\Admin\AppData\Local\07fa2a3b\tor\torrc

Filesize
139B

MD5
dbd537e3da06f7d7aeaf58f4decc0c94

SHA1
7e740ea6dcf8545710f99519014e9bb029028a84

SHA256
349b36a467d778e29b96528cdd25d6c34a54be659a9ef516b3833106ceb679b2

SHA512
a84633c420c825b15ef2fc5cf83a6d75fcdddbb06d3b7dc74537d5bc98b5d910d3dec4838f30be3a06373662d2946f156f36bd2e033e0b6089753006ac327a90

Download Submit
C:\Users\Admin\AppData\Local\07fa2a3b\tor\zlib1.dll

Filesize
52KB

MD5
add33041af894b67fe34e1dc819b7eb6

SHA1
6db46eb021855a587c95479422adcc774a272eeb

SHA256
8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183

SHA512
bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

Download Submit
memory/1368-49-0x0000000074450000-0x0000000074518000-memory.dmp

Filesize
800KB

Download
memory/1368-56-0x0000000000200000-0x0000000000604000-memory.dmp

Filesize
4.0MB

Download
memory/1368-42-0x0000000073F70000-0x0000000073F94000-memory.dmp

Filesize
144KB

Download
memory/1368-34-0x00000000740B0000-0x000000007417E000-memory.dmp

Filesize
824KB

Download
memory/1368-52-0x0000000073FA0000-0x00000000740AA000-memory.dmp

Filesize
1.0MB

Download
memory/1368-48-0x0000000074520000-0x0000000074569000-memory.dmp

Filesize
292KB

Download
memory/1368-40-0x0000000073EE0000-0x0000000073F68000-memory.dmp

Filesize
544KB

Download
memory/1368-50-0x0000000074180000-0x000000007444F000-memory.dmp

Filesize
2.8MB

Download
memory/1368-51-0x00000000740B0000-0x000000007417E000-memory.dmp

Filesize
824KB

Download
memory/1368-47-0x0000000000200000-0x0000000000604000-memory.dmp

Filesize
4.0MB

Download
memory/1368-55-0x0000000000200000-0x0000000000604000-memory.dmp

Filesize
4.0MB

Download
memory/1368-41-0x00000000018C0000-0x0000000001948000-memory.dmp

Filesize
544KB

Download
memory/1368-20-0x0000000000200000-0x0000000000604000-memory.dmp

Filesize
4.0MB

Download
memory/1368-73-0x0000000000200000-0x0000000000604000-memory.dmp

Filesize
4.0MB

Download
memory/1368-27-0x0000000074450000-0x0000000074518000-memory.dmp

Filesize
800KB

Download
memory/1368-91-0x0000000000200000-0x0000000000604000-memory.dmp

Filesize
4.0MB

Download
memory/1368-101-0x0000000000200000-0x0000000000604000-memory.dmp

Filesize
4.0MB

Download
memory/1368-112-0x0000000000200000-0x0000000000604000-memory.dmp

Filesize
4.0MB

Download
memory/1368-120-0x0000000000200000-0x0000000000604000-memory.dmp

Filesize
4.0MB

Download
memory/1368-26-0x0000000074520000-0x0000000074569000-memory.dmp

Filesize
292KB

Download
memory/1368-36-0x0000000073FA0000-0x00000000740AA000-memory.dmp

Filesize
1.0MB

Download
memory/1368-33-0x0000000074180000-0x000000007444F000-memory.dmp

Filesize
2.8MB

Download
memory/1876-139-0x0000000073EE0000-0x0000000073F68000-memory.dmp

Filesize
544KB

Download
memory/1876-219-0x0000000000200000-0x0000000000604000-memory.dmp

Filesize
4.0MB

Download
memory/1876-145-0x0000000074450000-0x0000000074518000-memory.dmp

Filesize
800KB

Download
memory/1876-146-0x00000000740B0000-0x000000007417E000-memory.dmp

Filesize
824KB

Download
memory/1876-147-0x0000000074520000-0x0000000074569000-memory.dmp

Filesize
292KB

Download
memory/1876-141-0x0000000074180000-0x000000007444F000-memory.dmp

Filesize
2.8MB

Download
memory/1876-148-0x0000000073F70000-0x0000000073F94000-memory.dmp

Filesize
144KB

Download
memory/1876-138-0x0000000073FA0000-0x00000000740AA000-memory.dmp

Filesize
1.0MB

Download
memory/1876-130-0x0000000000200000-0x0000000000604000-memory.dmp

Filesize
4.0MB

Download
memory/1876-164-0x0000000000200000-0x0000000000604000-memory.dmp

Filesize
4.0MB

Download
memory/1876-165-0x0000000074180000-0x000000007444F000-memory.dmp

Filesize
2.8MB

Download
memory/1876-170-0x0000000073FA0000-0x00000000740AA000-memory.dmp

Filesize
1.0MB

Download
memory/1876-180-0x0000000000200000-0x0000000000604000-memory.dmp

Filesize
4.0MB

Download
memory/4064-226-0x0000000073EE0000-0x0000000073F68000-memory.dmp

Filesize
544KB

Download
memory/4064-237-0x0000000074180000-0x000000007444F000-memory.dmp

Filesize
2.8MB

Download
memory/4064-216-0x0000000074180000-0x000000007444F000-memory.dmp

Filesize
2.8MB

Download
memory/4064-218-0x0000000074450000-0x0000000074518000-memory.dmp

Filesize
800KB

Download
memory/4064-234-0x0000000074450000-0x0000000074518000-memory.dmp

Filesize
800KB

Download
memory/4064-222-0x0000000074520000-0x0000000074569000-memory.dmp

Filesize
292KB

Download
memory/4064-225-0x0000000073FA0000-0x00000000740AA000-memory.dmp

Filesize
1.0MB

Download
memory/4064-223-0x0000000073F70000-0x0000000073F94000-memory.dmp

Filesize
144KB

Download
memory/4064-214-0x0000000000200000-0x0000000000604000-memory.dmp

Filesize
4.0MB

Download
memory/4064-220-0x00000000740B0000-0x000000007417E000-memory.dmp

Filesize
824KB

Download
memory/4064-235-0x00000000740B0000-0x000000007417E000-memory.dmp

Filesize
824KB

Download
memory/4064-236-0x0000000000200000-0x0000000000604000-memory.dmp

Filesize
4.0MB

Download
memory/4560-274-0x0000000000200000-0x0000000000604000-memory.dmp

Filesize
4.0MB

Download
memory/4560-285-0x00000000742B0000-0x000000007457F000-memory.dmp

Filesize
2.8MB

Download
memory/4560-249-0x00000000741E0000-0x00000000742A8000-memory.dmp

Filesize
800KB

Download
memory/4560-250-0x0000000074190000-0x00000000741D9000-memory.dmp

Filesize
292KB

Download
memory/4560-251-0x0000000074080000-0x000000007418A000-memory.dmp

Filesize
1.0MB

Download
memory/4560-252-0x0000000073FF0000-0x0000000074078000-memory.dmp

Filesize
544KB

Download
memory/4560-253-0x0000000073FC0000-0x0000000073FE4000-memory.dmp

Filesize
144KB

Download
memory/4560-254-0x0000000073EF0000-0x0000000073FBE000-memory.dmp

Filesize
824KB

Download
memory/4560-255-0x00000000742B0000-0x000000007457F000-memory.dmp

Filesize
2.8MB

Download
memory/4560-284-0x0000000073EF0000-0x0000000073FBE000-memory.dmp

Filesize
824KB

Download
memory/4560-283-0x00000000741E0000-0x00000000742A8000-memory.dmp

Filesize
800KB

Download
memory/4712-0-0x0000000000400000-0x0000000000BAA000-memory.dmp

Filesize
7.7MB

Download
memory/4712-273-0x0000000072C00000-0x0000000072C39000-memory.dmp

Filesize
228KB

Download
memory/4712-1-0x0000000075050000-0x0000000075089000-memory.dmp

Filesize
228KB

Download
memory/4712-29-0x0000000000400000-0x0000000000BAA000-memory.dmp

Filesize
7.7MB

Download
memory/4712-46-0x0000000073BE0000-0x0000000073C19000-memory.dmp

Filesize
228KB

Download
memory/4712-181-0x0000000073B70000-0x0000000073BA9000-memory.dmp

Filesize
228KB

Download

Resubmissions

Analysis