Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

9b035bad2b...18.exe

windows7-x64

10

9b035bad2b...18.exe

windows10-1703-x64

10

9b035bad2b...18.exe

windows10-2004-x64

10

9b035bad2b...18.exe

windows11-21h2-x64

10

Resubmissions

11/04/2024, 11:14 UTC

240411-nb5z8sdd7y 10

11/04/2024, 11:14 UTC

240411-nb5dpsdd7w 10

11/04/2024, 11:14 UTC

240411-nb43yaac56 10

11/04/2024, 11:14 UTC

240411-nb3vwadd7t 10

11/04/2024, 11:14 UTC

240411-nb3j4sac55 10

09/04/2024, 03:54 UTC

240409-egc2zahd2z 10

09/04/2024, 03:53 UTC

240409-ef443adg89 10

09/04/2024, 03:53 UTC

240409-efxd8ahc9v 10

09/04/2024, 03:53 UTC

240409-efmvsahc8w 10

03/04/2024, 00:16 UTC

240403-akzypahh9t 10

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/04/2024, 11:14 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe

  • Size

    7.6MB

  • MD5

    9b035bad2b8a21fb2c57fd784c89b8d5

  • SHA1

    ee15fad65f3f22df7f54e218176c45d369ebb70f

  • SHA256

    2d49873798ab5ee10992f377ebb27ee940b1f354b9ec4ebebe687177ea2b214c

  • SHA512

    96c0189aba67db2f1c38affa5ac44665566ea17e20e5f749aef771739c81beb96bbcac8ea35aad80cffc9d492e23fcbaefbf03f72011d9bd1ccac36182466dde

  • SSDEEP

    196608:imEljesxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQUDxtw3iFFrS6XOfTV73cP:balxwZ6v1CPwDv3uFteg2EeJUO9WLjD/

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.32

C2

7ix5nfolcp4ta4mk2dtihev73rw7d2edpbd5tp7sf7zgmpv66fpxnwqd.onion:80

Attributes
  • communication_password

    e10adc3949ba59abbe56e057f20f883e

  • tor_process

    dllhost

Signatures

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat
  • BitRAT payload 2 IoCs
  • ACProtect 1.3x - 1.4x DLL software 7 IoCs

    Detects file using ACProtect software.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 31 IoCs
  • UPX packed file 61 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Looks up external IP address via web service 5 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Uses Tor communications 1 TTPs

    Malware can proxy its traffic through Tor for more anonymity.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 12 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3832
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3968
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3320
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1696
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1456

Network

  • flag-us
    DNS
    183.142.211.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.142.211.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.197.17.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.197.17.2.in-addr.arpa
    IN PTR
    Response
    240.197.17.2.in-addr.arpa
    IN PTR
    a2-17-197-240deploystaticakamaitechnologiescom
  • flag-us
    DNS
    136.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    136.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    196.249.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    196.249.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    20.193.25.171.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    20.193.25.171.in-addr.arpa
    IN PTR
    Response
    20.193.25.171.in-addr.arpa
    IN PTR
    tor-exit-read-medfrise
  • flag-us
    DNS
    232.168.11.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    232.168.11.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    159.113.53.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    159.113.53.23.in-addr.arpa
    IN PTR
    Response
    159.113.53.23.in-addr.arpa
    IN PTR
    a23-53-113-159deploystaticakamaitechnologiescom
  • flag-us
    DNS
    50.23.12.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.23.12.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    13.0.31.128.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.0.31.128.in-addr.arpa
    IN PTR
    Response
    13.0.31.128.in-addr.arpa
    IN PTR
    tor-exitcsailmitedu
  • flag-us
    DNS
    49.35.198.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    49.35.198.88.in-addr.arpa
    IN PTR
    Response
    49.35.198.88.in-addr.arpa
    IN PTR
    thisisatorrelay
  • flag-us
    DNS
    98.154.99.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    98.154.99.192.in-addr.arpa
    IN PTR
    Response
    98.154.99.192.in-addr.arpa
    IN PTR
    vps-2999580evpsovhca
  • flag-us
    DNS
    147.142.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    147.142.123.92.in-addr.arpa
    IN PTR
    Response
    147.142.123.92.in-addr.arpa
    IN PTR
    a92-123-142-147deploystaticakamaitechnologiescom
  • flag-us
    DNS
    37.142.204.15.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    37.142.204.15.in-addr.arpa
    IN PTR
    Response
    37.142.204.15.in-addr.arpa
    IN PTR
    ns1013200 ip-15-204-142us
  • flag-us
    DNS
    myexternalip.com
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    myexternalip.com
    IN A
    Response
    myexternalip.com
    IN A
    34.117.118.44
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: XaZT4ru5E1TItOh8E1gER75qfAUeLZEe
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Thu, 11 Apr 2024 11:16:25 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    249.197.17.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    249.197.17.2.in-addr.arpa
    IN PTR
    Response
    249.197.17.2.in-addr.arpa
    IN PTR
    a2-17-197-249deploystaticakamaitechnologiescom
  • flag-us
    DNS
    44.118.117.34.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    44.118.117.34.in-addr.arpa
    IN PTR
    Response
    44.118.117.34.in-addr.arpa
    IN PTR
    4411811734bcgoogleusercontentcom
  • flag-us
    DNS
    11.97.55.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.97.55.23.in-addr.arpa
    IN PTR
    Response
    11.97.55.23.in-addr.arpa
    IN PTR
    a23-55-97-11deploystaticakamaitechnologiescom
  • flag-us
    DNS
    91.90.14.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    91.90.14.23.in-addr.arpa
    IN PTR
    Response
    91.90.14.23.in-addr.arpa
    IN PTR
    a23-14-90-91deploystaticakamaitechnologiescom
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: 040wcfzeq3BCIhAVipwxfnGdMoP3exxy
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Thu, 11 Apr 2024 11:16:52 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: e6piGyf2O7EDP7PIHfGwkWRKc2MeUgs1
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Thu, 11 Apr 2024 11:17:24 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: 4DeaRS3oCJpOjYRWjo0kN1yUnnbJcHhS
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Thu, 11 Apr 2024 11:17:51 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • 171.25.193.20:443
    www.3m3z3ki47shcpuqasr.com
    tls
    dllhost.exe
    844 B
     3.8kB
     9
    9
  • 127.0.0.1:55026
    dllhost.exe
  • 192.42.116.16:443
    dllhost.exe
    260 B
     5
  • 185.225.17.3:443
    dllhost.exe
    260 B
     200 B
     5
    5
  • 5.200.21.144:443
    dllhost.exe
    260 B
     5
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 80.127.137.19:443
    dllhost.exe
    260 B
     5
  • 185.246.152.22:443
    dllhost.exe
    260 B
     200 B
     5
    5
  • 45.66.33.45:443
    dllhost.exe
    260 B
     5
  • 85.230.178.139:443
    dllhost.exe
    260 B
     5
  • 128.31.0.13:443
    www.mkphpnb2qiy5f3l75a72s2.com
    tls
    dllhost.exe
    50.8kB
     773.0kB
     550
    569
  • 192.99.154.98:443
    www.mequahcr.com
    tls
    dllhost.exe
    861.6kB
     8.6MB
     6235
    6287
  • 88.198.35.49:443
    www.levsduv2cz.com
    tls
    dllhost.exe
    420.9kB
     4.6MB
     3221
    3357
  • 15.204.142.37:443
    www.kq6o67b.com
    tls
    dllhost.exe
    4.2kB
     11.8kB
     15
    15
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 192.99.154.98:443
    www.cw3jqyfek46wqqwdmaqnrnhd.com
    tls
    dllhost.exe
    24.0kB
     29.1kB
     53
    81
  • 88.198.35.49:443
    www.pgppn.com
    tls
    dllhost.exe
    18.8kB
     23.4kB
     43
    61
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    961 B
     4.1kB
     12
    9

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:55183
    dllhost.exe
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    1.0kB
     651 B
     9
    6

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:55219
    dllhost.exe
  • 77.247.181.166:443
    dllhost.exe
    260 B
     5
  • 192.99.154.98:443
    www.fnblx4a6xamvijk35q5fwii3f.com
    tls
    dllhost.exe
    26.0kB
     31.6kB
     62
    79
  • 88.198.35.49:443
    www.vx3c.com
    tls
    dllhost.exe
    10.1kB
     14.8kB
     27
    33
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    1.0kB
     651 B
     9
    6

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:55291
    dllhost.exe
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    1.0kB
     651 B
     9
    6

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 8.8.8.8:53
    183.142.211.20.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    183.142.211.20.in-addr.arpa

  • 8.8.8.8:53
    240.197.17.2.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    240.197.17.2.in-addr.arpa

  • 8.8.8.8:53
    136.32.126.40.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    136.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    196.249.167.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    196.249.167.52.in-addr.arpa

  • 8.8.8.8:53
    20.193.25.171.in-addr.arpa
    dns
    72 B
     110 B
     1
    1

    DNS Request

    20.193.25.171.in-addr.arpa

  • 8.8.8.8:53
    232.168.11.51.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    232.168.11.51.in-addr.arpa

  • 8.8.8.8:53
    159.113.53.23.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    159.113.53.23.in-addr.arpa

  • 8.8.8.8:53
    50.23.12.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    50.23.12.20.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    13.0.31.128.in-addr.arpa
    dns
    70 B
     106 B
     1
    1

    DNS Request

    13.0.31.128.in-addr.arpa

  • 8.8.8.8:53
    49.35.198.88.in-addr.arpa
    dns
    71 B
     104 B
     1
    1

    DNS Request

    49.35.198.88.in-addr.arpa

  • 8.8.8.8:53
    98.154.99.192.in-addr.arpa
    dns
    72 B
     109 B
     1
    1

    DNS Request

    98.154.99.192.in-addr.arpa

  • 8.8.8.8:53
    147.142.123.92.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    147.142.123.92.in-addr.arpa

  • 8.8.8.8:53
    37.142.204.15.in-addr.arpa
    dns
    72 B
     112 B
     1
    1

    DNS Request

    37.142.204.15.in-addr.arpa

  • 8.8.8.8:53
    myexternalip.com
    dns
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    62 B
     78 B
     1
    1

    DNS Request

    myexternalip.com

    DNS Response

    34.117.118.44

  • 8.8.8.8:53
    249.197.17.2.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    249.197.17.2.in-addr.arpa

  • 8.8.8.8:53
    44.118.117.34.in-addr.arpa
    dns
    72 B
     124 B
     1
    1

    DNS Request

    44.118.117.34.in-addr.arpa

  • 8.8.8.8:53
    11.97.55.23.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    11.97.55.23.in-addr.arpa

  • 8.8.8.8:53
    91.90.14.23.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    91.90.14.23.in-addr.arpa

  • 8.8.8.8:53
    19.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    19.229.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\cached-certs
    Filesize

    20KB

    MD5

    0835d3d4e33448f964c841ed6ca4fc64

    SHA1

    b6357bdef526ac57ad0c8214e317fb4dc4aabf29

    SHA256

    d5d01724b60f192552c94adde7670780698d41a4e727567684bb02ce0a674064

    SHA512

    42a019ecda56de675295b5b0d98be24b89d543ec94fe607257d9acf3d2ab0c8d2b5461c90b8ee996c8092bb35d635223b9b418c2365c4d8f0addab3463fef194

    Download Submit

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\cached-microdesc-consensus.tmp
    Filesize

    2.7MB

    MD5

    a1ef6838f217c027c3abe2eb5891dc6c

    SHA1

    a93bdbe5e553e23e45378153fb86026a76741fd0

    SHA256

    43d67abc74bf54528d587ced07804275f3bc4d046f495d6bb931a101f0e99bd8

    SHA512

    e81782ea2293bc3e52320446b8b83a31bd82647bc470396bac8c54e9d58a7b79aa11c6cd48e8d0fa1fdc5144a5c6bcaa89b0b4daa905b3075ee2706fa0ed10b7

    Download Submit

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\cached-microdescs.new
    Filesize

    20.3MB

    MD5

    d2030c3b9beea65e59a3f69e691d8dd1

    SHA1

    0040fbbff197bdd0435f7bfe58b864d07f9e7023

    SHA256

    150aaa4eb3913540ac337256f7ac046bb754c8917b5988d15979dbb6a5b6dd5c

    SHA512

    eaf4aae7569300f43e44ca1f79ce7f364b8f0bf0cbec26367345e54cc12c9c0ce2594c932847aacb27cdef5de5e48eced7959abb5ddd6d3962798174d6e85dc0

    Download Submit

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\cached-microdescs.new
    Filesize

    7.0MB

    MD5

    032c63fe4e0feb3adf0ab023221f0b12

    SHA1

    1954376072de5fd722f43926c21dea93aefe2914

    SHA256

    1fef0964ae052adddb78a78ca9858c58efb3cf429d739ee65935c5e0a765529e

    SHA512

    49d501e26f9535fec017ee9fb68fabc2a9683b966e0d5b1c671511a24c388d08f40f4b69dca6f7d67dd7e27748d879aaee77dabbfda5f7ce0adc03610d6f6f04

    Download Submit

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\state
    Filesize

    9KB

    MD5

    0cd45c9b5e3d1990558d088a0546becf

    SHA1

    db862ee4b98ae633ac5c264dcb700b71f7294631

    SHA256

    654dd90152f1e45645b0adc0a2332bd10bd367bcbd3b9f1689acf22d3a887a61

    SHA512

    f0b59d2225c72014315c553384476a749c703162fb6ff0f3b7a2fc34e54744426895023e6b2a4a2e3a287345cddef24b13a5e51d99e3ed03f1904f336e3d3105

    Download Submit

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
    Filesize

    973KB

    MD5

    5cfe61ff895c7daa889708665ef05d7b

    SHA1

    5e58efe30406243fbd58d4968b0492ddeef145f2

    SHA256

    f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5

    SHA512

    43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

    Download Submit

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\libcrypto-1_1.dll
    Filesize

    1.7MB

    MD5

    2384a02c4a1f7ec481adde3a020607d3

    SHA1

    7e848d35a10bf9296c8fa41956a3daa777f86365

    SHA256

    c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369

    SHA512

    1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

    Download Submit

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\libevent-2-1-6.dll
    Filesize

    366KB

    MD5

    099983c13bade9554a3c17484e5481f1

    SHA1

    a84e69ad9722f999252d59d0ed9a99901a60e564

    SHA256

    b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838

    SHA512

    89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

    Download Submit

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\libgcc_s_sjlj-1.dll
    Filesize

    286KB

    MD5

    b0d98f7157d972190fe0759d4368d320

    SHA1

    5715a533621a2b642aad9616e603c6907d80efc4

    SHA256

    2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5

    SHA512

    41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

    Download Submit

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\libssl-1_1.dll
    Filesize

    439KB

    MD5

    c88826ac4bb879622e43ead5bdb95aeb

    SHA1

    87d29853649a86f0463bfd9ad887b85eedc21723

    SHA256

    c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f

    SHA512

    f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

    Download Submit

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\libssp-0.dll
    Filesize

    88KB

    MD5

    2c916456f503075f746c6ea649cf9539

    SHA1

    fa1afc1f3d728c89b2e90e14ca7d88b599580a9d

    SHA256

    cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6

    SHA512

    1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

    Download Submit

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\libwinpthread-1.dll
    Filesize

    188KB

    MD5

    d407cc6d79a08039a6f4b50539e560b8

    SHA1

    21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71

    SHA256

    92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e

    SHA512

    378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

    Download Submit

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\torrc
    Filesize

    139B

    MD5

    dbd537e3da06f7d7aeaf58f4decc0c94

    SHA1

    7e740ea6dcf8545710f99519014e9bb029028a84

    SHA256

    349b36a467d778e29b96528cdd25d6c34a54be659a9ef516b3833106ceb679b2

    SHA512

    a84633c420c825b15ef2fc5cf83a6d75fcdddbb06d3b7dc74537d5bc98b5d910d3dec4838f30be3a06373662d2946f156f36bd2e033e0b6089753006ac327a90

    Download Submit

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\zlib1.dll
    Filesize

    52KB

    MD5

    add33041af894b67fe34e1dc819b7eb6

    SHA1

    6db46eb021855a587c95479422adcc774a272eeb

    SHA256

    8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183

    SHA512

    bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

    Download Submit

  • memory/1456-273-0x0000000073B50000-0x0000000073E1F000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/1456-275-0x00000000726B0000-0x000000007277E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/1456-262-0x0000000072920000-0x0000000072944000-memory.dmp

    Filesize

    144KB

    Download

  • memory/1456-264-0x0000000072810000-0x000000007291A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1456-274-0x0000000073A80000-0x0000000073B48000-memory.dmp

    Filesize

    800KB

    Download

  • memory/1456-272-0x00000000001E0000-0x00000000005E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/1456-255-0x00000000726B0000-0x000000007277E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/1456-266-0x0000000072780000-0x0000000072808000-memory.dmp

    Filesize

    544KB

    Download

  • memory/1456-259-0x0000000072950000-0x0000000072999000-memory.dmp

    Filesize

    292KB

    Download

  • memory/1456-254-0x0000000073A80000-0x0000000073B48000-memory.dmp

    Filesize

    800KB

    Download

  • memory/1456-252-0x0000000073B50000-0x0000000073E1F000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/1456-250-0x00000000001E0000-0x00000000005E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/1696-225-0x00000000014B0000-0x0000000001538000-memory.dmp

    Filesize

    544KB

    Download

  • memory/1696-196-0x00000000014B0000-0x0000000001538000-memory.dmp

    Filesize

    544KB

    Download

  • memory/1696-224-0x0000000073A80000-0x0000000073B48000-memory.dmp

    Filesize

    800KB

    Download

  • memory/1696-215-0x00000000001E0000-0x00000000005E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/1696-190-0x0000000072920000-0x0000000072944000-memory.dmp

    Filesize

    144KB

    Download

  • memory/1696-199-0x0000000073B50000-0x0000000073E1F000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/1696-189-0x0000000072950000-0x0000000072999000-memory.dmp

    Filesize

    292KB

    Download

  • memory/1696-198-0x00000000726B0000-0x000000007277E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/1696-188-0x0000000073A80000-0x0000000073B48000-memory.dmp

    Filesize

    800KB

    Download

  • memory/1696-261-0x00000000001E0000-0x00000000005E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/1696-197-0x0000000072780000-0x0000000072808000-memory.dmp

    Filesize

    544KB

    Download

  • memory/1696-194-0x0000000072810000-0x000000007291A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3320-170-0x0000000073D50000-0x0000000073DD8000-memory.dmp

    Filesize

    544KB

    Download

  • memory/3320-169-0x0000000073DE0000-0x0000000073EEA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3320-159-0x0000000073A80000-0x0000000073D4F000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/3320-161-0x0000000073F20000-0x0000000073FE8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/3320-162-0x0000000073FF0000-0x00000000740BE000-memory.dmp

    Filesize

    824KB

    Download

  • memory/3320-163-0x00000000001E0000-0x00000000005E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3320-156-0x00000000001E0000-0x00000000005E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3320-165-0x0000000073A80000-0x0000000073D4F000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/3320-164-0x00000000740C0000-0x0000000074109000-memory.dmp

    Filesize

    292KB

    Download

  • memory/3320-167-0x0000000073EF0000-0x0000000073F14000-memory.dmp

    Filesize

    144KB

    Download

  • memory/3832-104-0x0000000074BE0000-0x0000000074C19000-memory.dmp

    Filesize

    228KB

    Download

  • memory/3832-56-0x0000000000400000-0x0000000000BAA000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3832-175-0x0000000073F00000-0x0000000073F39000-memory.dmp

    Filesize

    228KB

    Download

  • memory/3832-0-0x0000000000400000-0x0000000000BAA000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3832-47-0x0000000073670000-0x00000000736A9000-memory.dmp

    Filesize

    228KB

    Download

  • memory/3832-1-0x0000000074BC0000-0x0000000074BF9000-memory.dmp

    Filesize

    228KB

    Download

  • memory/3968-43-0x00000000740C0000-0x0000000074109000-memory.dmp

    Filesize

    292KB

    Download

  • memory/3968-141-0x00000000001E0000-0x00000000005E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3968-133-0x00000000001E0000-0x00000000005E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3968-116-0x00000000001E0000-0x00000000005E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3968-90-0x00000000001E0000-0x00000000005E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3968-76-0x00000000001E0000-0x00000000005E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3968-67-0x0000000001250000-0x000000000151F000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/3968-66-0x0000000001250000-0x00000000012D8000-memory.dmp

    Filesize

    544KB

    Download

  • memory/3968-58-0x00000000001E0000-0x00000000005E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3968-57-0x00000000001E0000-0x00000000005E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3968-55-0x0000000073A80000-0x0000000073D4F000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/3968-52-0x0000000073EF0000-0x0000000073F14000-memory.dmp

    Filesize

    144KB

    Download

  • memory/3968-51-0x0000000073F20000-0x0000000073FE8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/3968-50-0x0000000073FF0000-0x00000000740BE000-memory.dmp

    Filesize

    824KB

    Download

  • memory/3968-48-0x00000000001E0000-0x00000000005E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3968-46-0x0000000073A80000-0x0000000073D4F000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/3968-41-0x0000000001250000-0x000000000151F000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/3968-40-0x0000000001250000-0x00000000012D8000-memory.dmp

    Filesize

    544KB

    Download

  • memory/3968-39-0x0000000073D50000-0x0000000073DD8000-memory.dmp

    Filesize

    544KB

    Download

  • memory/3968-38-0x0000000073DE0000-0x0000000073EEA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3968-37-0x0000000073EF0000-0x0000000073F14000-memory.dmp

    Filesize

    144KB

    Download

  • memory/3968-33-0x0000000073FF0000-0x00000000740BE000-memory.dmp

    Filesize

    824KB

    Download

  • memory/3968-34-0x0000000073F20000-0x0000000073FE8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/3968-25-0x00000000001E0000-0x00000000005E4000-memory.dmp

    Filesize

    4.0MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.