Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

stub_tor.exe

windows7-x64

10

stub_tor.exe

windows10-1703-x64

10

stub_tor.exe

windows10-2004-x64

10

stub_tor.exe

windows11-21h2-x64

10

Resubmissions

12/04/2024, 13:18 UTC

240412-qj2nwsdg6z 10

12/04/2024, 13:18 UTC

240412-qj13csdg6y 10

12/04/2024, 13:18 UTC

240412-qj1rladg6x 10

12/04/2024, 13:18 UTC

240412-qjz53aag26 10

12/04/2024, 13:18 UTC

240412-qjzvasag25 10

09/04/2024, 03:59 UTC

240409-ekaq1sea34 10

09/04/2024, 03:58 UTC

240409-ej1aaadh98 10

09/04/2024, 03:58 UTC

240409-ejnw9adh85 10

09/04/2024, 03:55 UTC

240409-eg8tmshd41 10

17/02/2024, 23:58 UTC

240217-31gfhacd52 10

Analysis

  • max time kernel
    596s
  • max time network
    604s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/04/2024, 13:18 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    stub_tor.exe

  • Size

    7.8MB

  • MD5

    c76390d9e1052d9e708940d67b5c135d

  • SHA1

    a370a73a9dd746584428e8a939288ecffd3c80f7

  • SHA256

    caf48b67e7bb94a178426fc7ce6b9ed50ffb2f3813a7c68900f21bfffb24e44f

  • SHA512

    4d2d38d8719cdac8a406cfa96944ee99d2d926511e64d6b6aa964d40d0d9ddb1dc6e4e6253bcb1e77b32613c0b4409ab32ea54c476018fee963574edb043dd3b

  • SSDEEP

    196608:oIRcbH4jSteTGvExwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOf:odHsfuExwZ6v1CPwDv3uFteg2EeJUO9E

Score
10/10
bitratpersistencetrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

7sbl4dpbubwjjghdquwg47fyq7rookd4bgm2ypm2kjzkivd7tomvczqd.onion:440

Attributes
  • communication_password

    4124bc0a9335c27f086f24ba207a4912

  • install_dir

    Minecraft

  • install_file

    Runtime_Broker

  • tor_process

    tor

Signatures

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat
  • ACProtect 1.3x - 1.4x DLL software 7 IoCs

    Detects file using ACProtect software.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 27 IoCs
  • Loads dropped DLL 64 IoCs
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Looks up external IP address via web service 12 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 15 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: RenamesItself 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\stub_tor.exe
    "C:\Users\Admin\AppData\Local\Temp\stub_tor.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: RenamesItself
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1492
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3292
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2608
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3164
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:116
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1232
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:4616
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2148
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:4584
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2240
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:3908
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:4192
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:4684
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1644
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:4732
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:3292
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:3152
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:3320
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:4296
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:628
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1832
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:3140
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1544
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1764
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2148
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1216
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:4168
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:3100

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    73.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    21.114.53.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    21.114.53.23.in-addr.arpa
    IN PTR
    Response
    21.114.53.23.in-addr.arpa
    IN PTR
    a23-53-114-21deploystaticakamaitechnologiescom
  • flag-us
    DNS
    58.99.105.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.99.105.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    16.2.111.66.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    16.2.111.66.in-addr.arpa
    IN PTR
    Response
    16.2.111.66.in-addr.arpa
    IN PTR
    nycbug1nycbugorg
  • flag-us
    DNS
    16.2.111.66.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    16.2.111.66.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    16.2.111.66.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    16.2.111.66.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    28.20.230.150.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.20.230.150.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    55.98.216.95.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.98.216.95.in-addr.arpa
    IN PTR
    Response
    55.98.216.95.in-addr.arpa
    IN PTR
    hyperionkookiespace
  • flag-us
    DNS
    167.17.171.81.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    167.17.171.81.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.121.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.121.18.2.in-addr.arpa
    IN PTR
    Response
    198.121.18.2.in-addr.arpa
    IN PTR
    a2-18-121-198deploystaticakamaitechnologiescom
  • flag-us
    DNS
    43.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    63.2.89.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    63.2.89.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    19.61.66.82.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.61.66.82.in-addr.arpa
    IN PTR
    Response
    19.61.66.82.in-addr.arpa
    IN PTR
    car75-2_migr-82-66-61-19fbxproxadnet
  • flag-us
    DNS
    myexternalip.com
    stub_tor.exe
    Remote address:
    8.8.8.8:53
    Request
    myexternalip.com
    IN A
    Response
    myexternalip.com
    IN A
    34.117.118.44
  • flag-us
    GET
    https://myexternalip.com/raw
    stub_tor.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: N6f11AKdTqwtz5bldGRwvPS6WsOVFzfI
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Fri, 12 Apr 2024 13:32:16 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    51.113.220.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    51.113.220.23.in-addr.arpa
    IN PTR
    Response
    51.113.220.23.in-addr.arpa
    IN PTR
    a23-220-113-51deploystaticakamaitechnologiescom
  • flag-us
    DNS
    32.121.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    32.121.18.2.in-addr.arpa
    IN PTR
    Response
    32.121.18.2.in-addr.arpa
    IN PTR
    a2-18-121-32deploystaticakamaitechnologiescom
  • flag-us
    DNS
    44.118.117.34.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    44.118.117.34.in-addr.arpa
    IN PTR
    Response
    44.118.117.34.in-addr.arpa
    IN PTR
    4411811734bcgoogleusercontentcom
  • flag-us
    DNS
    185.10.102.149.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    185.10.102.149.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    191.1.113.213.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    191.1.113.213.in-addr.arpa
    IN PTR
    Response
    191.1.113.213.in-addr.arpa
    IN PTR
    c-bf0171d5014-93-7673745bbcusttelenorse
  • flag-us
    GET
    https://myexternalip.com/raw
    stub_tor.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: KpOTSbmfZtXAZCd8HAxqZmUFNXZ9d5E9
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Fri, 12 Apr 2024 13:33:30 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    https://myexternalip.com/raw
    stub_tor.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: 7R4aAu4wXTQKNDfpSWsZV4gLipYQy9Mv
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Fri, 12 Apr 2024 13:34:04 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    242.97.115.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    242.97.115.93.in-addr.arpa
    IN PTR
    Response
    242.97.115.93.in-addr.arpa
    IN PTR
    tor5terjannet
  • flag-us
    GET
    https://myexternalip.com/raw
    stub_tor.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: oKVUeXwdON533zKka1jShUWAVugkz9hM
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Fri, 12 Apr 2024 13:34:36 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    https://myexternalip.com/raw
    stub_tor.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: rFy9IeHlacOlGKjNIlIC5Eu4OmisDJ32
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Fri, 12 Apr 2024 13:35:54 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    20.229.177.185.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    20.229.177.185.in-addr.arpa
    IN PTR
    Response
    20.229.177.185.in-addr.arpa
    IN PTR
    20-229-177-185clientsgthostcom
  • flag-us
    GET
    https://myexternalip.com/raw
    stub_tor.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: 4CecM6ep1PCbbIfBFyumQzRFRzbTv8tX
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Fri, 12 Apr 2024 13:36:38 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    93.29.94.185.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    93.29.94.185.in-addr.arpa
    IN PTR
    Response
  • flag-us
    GET
    https://myexternalip.com/raw
    stub_tor.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: eeApTOQPbbpPQKbRTujna37t9kiBru1N
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Fri, 12 Apr 2024 13:37:24 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    232.62.129.212.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    232.62.129.212.in-addr.arpa
    IN PTR
    Response
    232.62.129.212.in-addr.arpa
    IN PTR
    torrelay wardsbackorg
  • flag-us
    GET
    https://myexternalip.com/raw
    stub_tor.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: SGMvAhBgZBiZELd8fGeVVLJzU2gThz99
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Fri, 12 Apr 2024 13:37:58 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    148.132.4.185.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    148.132.4.185.in-addr.arpa
    IN PTR
    Response
    148.132.4.185.in-addr.arpa
    IN PTR
    onion1libreopscc
  • flag-us
    GET
    https://myexternalip.com/raw
    stub_tor.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: ORuqxU4oSnSqExRjT790Gg0zORhvZOUc
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Fri, 12 Apr 2024 13:38:35 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    248.21.182.46.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    248.21.182.46.in-addr.arpa
    IN PTR
    Response
    248.21.182.46.in-addr.arpa
    IN PTR
    tor-exit-relayanonymizing-proxydigitalcouragede
  • flag-us
    GET
    https://myexternalip.com/raw
    stub_tor.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: IFKfsSEeXYZugDJDiJ64RqWrHT09GWQh
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Fri, 12 Apr 2024 13:39:11 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    157.208.53.108.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    157.208.53.108.in-addr.arpa
    IN PTR
    Response
    157.208.53.108.in-addr.arpa
    IN PTR
    static-108-53-208-157nwrknjfiosverizonnet
  • flag-us
    GET
    https://myexternalip.com/raw
    stub_tor.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: B4lUJQuVcogU7ThgUz495zXiAzqOw9qm
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Fri, 12 Apr 2024 13:39:46 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    130.108.79.45.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    130.108.79.45.in-addr.arpa
    IN PTR
    Response
    130.108.79.45.in-addr.arpa
    IN PTR
    turnlinsscom
  • 127.0.0.1:54125
    tor.exe
  • 66.111.2.16:9001
    www.tdorow2gun7x4dch7iziy.com
    tls
    tor.exe
    60.8kB
     781.5kB
     473
    573
  • 85.248.227.164:9002
    tor.exe
    260 B
     5
  • 127.0.0.1:45808
    stub_tor.exe
  • 95.216.98.55:143
    www.yjmfr6vook.com
    tls
    tor.exe
    712.8kB
     7.7MB
     5482
    5733
  • 150.230.20.28:9001
    www.nwacp6xfyafslrgbo3xg3x.com
    tls
    tor.exe
    506.5kB
     5.4MB
     3663
    4129
  • 150.230.20.28:9001
    www.3jqs5mx5q.com
    tls
    tor.exe
    23.0kB
     27.1kB
     54
    72
  • 127.0.0.1:45808
    stub_tor.exe
  • 95.216.98.55:143
    www.gv6iooovvh3jyopmdgz.com
    tls
    tor.exe
    19.7kB
     20.8kB
     51
    59
  • 81.171.17.167:9001
    www.7n2oscgppamj2pfthfl5slqa.com
    tls
    tor.exe
    519 B
     92 B
     4
    2
  • 127.0.0.1:54268
    tor.exe
  • 127.0.0.1:54302
    tor.exe
  • 51.89.2.63:9001
    www.gkxehmxwuqfa537zdyk4.com
    tls
    tor.exe
    12.4kB
     14.4kB
     31
    35
  • 82.66.61.19:993
    www.czqh4ug3ta3wu63mc.com
    tls
    tor.exe
    23.4kB
     29.6kB
     51
    71
  • 127.0.0.1:45808
    stub_tor.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    stub_tor.exe
    961 B
     4.1kB
     12
    9

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:54370
    tor.exe
  • 149.102.10.185:9001
    www.np2j7ml55gig33x.com
    tls
    tor.exe
    12.1kB
     15.8kB
     35
    43
  • 127.0.0.1:54407
    tor.exe
  • 51.89.2.63:9001
    www.gc2fzy4lwxerxx2prwzbfcl7n.com
    tls
    tor.exe
    18.5kB
     21.7kB
     47
    57
  • 127.0.0.1:45808
    stub_tor.exe
  • 127.0.0.1:54459
    tor.exe
  • 213.113.1.191:6881
    www.ybyxr4.com
    tls
    tor.exe
    24.2kB
     34.6kB
     59
    78
  • 127.0.0.1:54485
    tor.exe
  • 51.89.2.63:9001
    www.udehe5vfpg3qjdpt.com
    tls
    tor.exe
    10.2kB
     14.5kB
     28
    36
  • 127.0.0.1:45808
    stub_tor.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    stub_tor.exe
    1.0kB
     651 B
     9
    6

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:54543
    tor.exe
  • 51.254.136.195:443
    tor.exe
    260 B
     5
  • 127.0.0.1:54569
    tor.exe
  • 51.89.2.63:9001
    www.d5ibt2e45q.com
    tls
    tor.exe
    20.1kB
     22.8kB
     48
    59
  • 213.113.1.191:6881
    www.f7pexcas5mdrid2tfsobc2r.com
    tls
    tor.exe
    22.4kB
     23.3kB
     51
    56
  • 127.0.0.1:45808
    stub_tor.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    stub_tor.exe
    1.3kB
     1.0kB
     12
    8

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:54615
    tor.exe
  • 127.0.0.1:54641
    tor.exe
  • 93.115.97.242:9001
    www.efwmkjg.com
    tls
    tor.exe
    3.2kB
     9.3kB
     15
    18
  • 51.89.2.63:9001
    www.lfnhfdtoow7r.com
    tls
    tor.exe
    20.0kB
     22.8kB
     51
    58
  • 213.113.1.191:6881
    www.q2tx463zs3y7sq5s3r6y.com
    tls
    tor.exe
    17.9kB
     24.1kB
     46
    60
  • 127.0.0.1:45808
    stub_tor.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    stub_tor.exe
    1.3kB
     806 B
     11
    7

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:54700
    tor.exe
  • 85.235.250.88:443
    tor.exe
    260 B
     5
  • 213.113.1.191:6881
    www.li7hdnb4luqnhstu55pzffu.com
    tls
    tor.exe
    21.7kB
     22.5kB
     50
    64
  • 51.89.2.63:9001
    www.ryd3dt5w.com
    tls
    tor.exe
    20.9kB
     19.8kB
     48
    50
  • 127.0.0.1:45808
    stub_tor.exe
  • 127.0.0.1:54748
    tor.exe
  • 127.0.0.1:54782
    tor.exe
  • 5.9.147.226:9001
    tor.exe
    260 B
     160 B
     5
    4
  • 51.89.2.63:9001
    www.n6g2eukbsaiik.com
    tls
    tor.exe
    8.0kB
     10.9kB
     27
    26
  • 213.113.1.191:6881
    www.55dh.com
    tls
    tor.exe
    35.8kB
     36.2kB
     74
    86
  • 127.0.0.1:45808
    stub_tor.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    stub_tor.exe
    1.1kB
     651 B
     10
    6

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:54832
    tor.exe
  • 127.0.0.1:54859
    tor.exe
  • 185.177.229.20:993
    www.zecprcog4igbuz2d.com
    tls
    tor.exe
    3.1kB
     5.9kB
     12
    13
  • 51.89.2.63:9001
    www.smdkxynjgxy.com
    tls
    tor.exe
    20.8kB
     23.6kB
     50
    59
  • 213.113.1.191:6881
    www.w77hjnlsdyhnmm4hi.com
    tls
    tor.exe
    21.4kB
     25.1kB
     53
    63
  • 127.0.0.1:45808
    stub_tor.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    stub_tor.exe
    1.1kB
     611 B
     11
    5

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:54912
    tor.exe
  • 127.0.0.1:54936
    tor.exe
  • 185.94.29.93:443
    www.kuiqvfv.com
    tls
    tor.exe
    4.2kB
     6.5kB
     14
    12
  • 51.89.2.63:9001
    www.up5wgz66.com
    tls
    tor.exe
    37.1kB
     40.6kB
     83
    103
  • 127.0.0.1:45808
    stub_tor.exe
  • 213.113.1.191:6881
    www.zlkrnyxmdcqfl6eea5.com
    tls
    tor.exe
    5.6kB
     8.6kB
     20
    24
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    stub_tor.exe
    1.0kB
     651 B
     9
    6

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:54995
    tor.exe
  • 127.0.0.1:55021
    tor.exe
  • 212.129.62.232:443
    www.xqcc5ezr.com
    tls
    tor.exe
    3.1kB
     9.1kB
     12
    13
  • 213.113.1.191:6881
    www.lq65x.com
    tls
    tor.exe
    21.6kB
     25.6kB
     48
    65
  • 51.89.2.63:9001
    www.gaggewvps.com
    tls
    tor.exe
    13.6kB
     15.7kB
     33
    40
  • 127.0.0.1:45808
    stub_tor.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    stub_tor.exe
    1.0kB
     651 B
     9
    6

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:55071
    tor.exe
  • 185.4.132.148:443
    www.dkoei.com
    tls
    tor.exe
    3.1kB
     9.1kB
     12
    13
  • 127.0.0.1:55097
    tor.exe
  • 213.113.1.191:6881
    www.whlqeq3jbmnk2a4c4utdmtcb.com
    tls
    tor.exe
    20.0kB
     24.4kB
     47
    60
  • 51.89.2.63:9001
    www.p2haejeq2vf6tqt5m.com
    tls
    tor.exe
    16.4kB
     17.1kB
     37
    47
  • 127.0.0.1:45808
    stub_tor.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    stub_tor.exe
    1.0kB
     651 B
     9
    6

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:55147
    tor.exe
  • 127.0.0.1:55175
    tor.exe
  • 46.182.21.248:443
    www.i5v3tahu2xwlik4st.com
    tls
    tor.exe
    3.1kB
     9.2kB
     12
    13
  • 51.89.2.63:9001
    www.milbd33zip46zydsamki7g.com
    tls
    tor.exe
    22.9kB
     28.0kB
     52
    71
  • 213.113.1.191:6881
    www.uvhkyugyzjabjfcoh2swt.com
    tls
    tor.exe
    10.2kB
     15.1kB
     29
    38
  • 127.0.0.1:45808
    stub_tor.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    stub_tor.exe
    1.0kB
     651 B
     9
    6

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:55228
    tor.exe
  • 108.53.208.157:443
    www.46td6yt3wjg4doeh.com
    tls
    tor.exe
    3.1kB
     8.8kB
     12
    12
  • 51.89.2.63:9001
    www.7zxpn7paq36xmyda.com
    tls
    tor.exe
    13.1kB
     16.2kB
     34
    39
  • 213.113.1.191:6881
    www.qnohlprtv6rj6k2yqq7gwy.com
    tls
    tor.exe
    22.5kB
     29.2kB
     56
    74
  • 127.0.0.1:45808
    stub_tor.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    stub_tor.exe
    1.0kB
     651 B
     9
    6

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:55279
    tor.exe
  • 127.0.0.1:55309
    tor.exe
  • 45.79.108.130:9001
    www.lfkxj3.com
    tls
    tor.exe
    3.1kB
     8.8kB
     11
    12
  • 213.113.1.191:6881
    www.lqex2t.com
    tls
    tor.exe
    10.5kB
     12.8kB
     25
    36
  • 51.89.2.63:9001
    www.ufgqdud2e4.com
    tls
    tor.exe
    11.2kB
     15.0kB
     27
    38
  • 127.0.0.1:45808
    stub_tor.exe
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    73.31.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    73.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    21.114.53.23.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    21.114.53.23.in-addr.arpa

  • 8.8.8.8:53
    58.99.105.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    58.99.105.20.in-addr.arpa

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    280 B
     156 B
     4
    1

    DNS Request

    9.228.82.20.in-addr.arpa

    DNS Request

    9.228.82.20.in-addr.arpa

    DNS Request

    9.228.82.20.in-addr.arpa

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    16.2.111.66.in-addr.arpa
    dns
    210 B
     102 B
     3
    1

    DNS Request

    16.2.111.66.in-addr.arpa

    DNS Request

    16.2.111.66.in-addr.arpa

    DNS Request

    16.2.111.66.in-addr.arpa

  • 8.8.8.8:53
    28.20.230.150.in-addr.arpa
    dns
    72 B
     157 B
     1
    1

    DNS Request

    28.20.230.150.in-addr.arpa

  • 8.8.8.8:53
    55.98.216.95.in-addr.arpa
    dns
    71 B
     106 B
     1
    1

    DNS Request

    55.98.216.95.in-addr.arpa

  • 8.8.8.8:53
    167.17.171.81.in-addr.arpa
    dns
    72 B
     135 B
     1
    1

    DNS Request

    167.17.171.81.in-addr.arpa

  • 8.8.8.8:53
    198.121.18.2.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    198.121.18.2.in-addr.arpa

  • 8.8.8.8:53
    43.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    43.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    63.2.89.51.in-addr.arpa
    dns
    69 B
     124 B
     1
    1

    DNS Request

    63.2.89.51.in-addr.arpa

  • 8.8.8.8:53
    19.61.66.82.in-addr.arpa
    dns
    70 B
     123 B
     1
    1

    DNS Request

    19.61.66.82.in-addr.arpa

  • 8.8.8.8:53
    myexternalip.com
    dns
    stub_tor.exe
    62 B
     78 B
     1
    1

    DNS Request

    myexternalip.com

    DNS Response

    34.117.118.44

  • 8.8.8.8:53
    51.113.220.23.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    51.113.220.23.in-addr.arpa

  • 8.8.8.8:53
    32.121.18.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    32.121.18.2.in-addr.arpa

  • 8.8.8.8:53
    44.118.117.34.in-addr.arpa
    dns
    72 B
     124 B
     1
    1

    DNS Request

    44.118.117.34.in-addr.arpa

  • 8.8.8.8:53
    185.10.102.149.in-addr.arpa
    dns
    73 B
     131 B
     1
    1

    DNS Request

    185.10.102.149.in-addr.arpa

  • 8.8.8.8:53
    191.1.113.213.in-addr.arpa
    dns
    72 B
     129 B
     1
    1

    DNS Request

    191.1.113.213.in-addr.arpa

  • 8.8.8.8:53
    242.97.115.93.in-addr.arpa
    dns
    72 B
     101 B
     1
    1

    DNS Request

    242.97.115.93.in-addr.arpa

  • 8.8.8.8:53
    20.229.177.185.in-addr.arpa
    dns
    73 B
     120 B
     1
    1

    DNS Request

    20.229.177.185.in-addr.arpa

  • 8.8.8.8:53
    93.29.94.185.in-addr.arpa
    dns
    71 B
     143 B
     1
    1

    DNS Request

    93.29.94.185.in-addr.arpa

  • 8.8.8.8:53
    232.62.129.212.in-addr.arpa
    dns
    73 B
     110 B
     1
    1

    DNS Request

    232.62.129.212.in-addr.arpa

  • 8.8.8.8:53
    148.132.4.185.in-addr.arpa
    dns
    72 B
     104 B
     1
    1

    DNS Request

    148.132.4.185.in-addr.arpa

  • 8.8.8.8:53
    248.21.182.46.in-addr.arpa
    dns
    72 B
     136 B
     1
    1

    DNS Request

    248.21.182.46.in-addr.arpa

  • 8.8.8.8:53
    157.208.53.108.in-addr.arpa
    dns
    73 B
     132 B
     1
    1

    DNS Request

    157.208.53.108.in-addr.arpa

  • 8.8.8.8:53
    130.108.79.45.in-addr.arpa
    dns
    72 B
     100 B
     1
    1

    DNS Request

    130.108.79.45.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\a5b260eb\tor\data\cached-certs
    Filesize

    20KB

    MD5

    e9323057c6abe3e8075888734930243b

    SHA1

    7e20a63fb6dc70dbba4763b700f20ee128fd9799

    SHA256

    8c49faf85e9cd21394b56c0c4491f8abd9060b7da3d992db04975fb4d9035de0

    SHA512

    c7e0625c1e745feba4e24fb157a120f7b8ce6c6cd7a1fb81162e0009aa3bcf4f0cd20ecb5035cca30e9da9c0ee60e5a09410d76d89d8019fbc4743a7139c14c2

    Download Submit

  • C:\Users\Admin\AppData\Local\a5b260eb\tor\data\cached-microdesc-consensus.tmp
    Filesize

    2.7MB

    MD5

    27acfbf94480631e547b5cb508d9d4fb

    SHA1

    f6477330ca9aeb4a8cd19cc44e1a30fa9695b36c

    SHA256

    0fd156526952ba5edb62133774a19bf72f71d3c968d01fcdb517521d45a67c5e

    SHA512

    902ccecfa284881c1f241802b9ccd51a85da0cc48632fbd944b686d37a4fa57bc7cd01c44ef79bfe475494be780164b82ff8fa9a3e77984f6e29467843138929

    Download Submit

  • C:\Users\Admin\AppData\Local\a5b260eb\tor\data\cached-microdescs
    Filesize

    20.3MB

    MD5

    28a21fd2f31b948c9338d6ea90bb1ad7

    SHA1

    f9577b3a4ec2c90e973d3398acb60b1086e05b34

    SHA256

    693a6e45a16ee507d5a78fa55ec28e903e23b0aea85cde7047d98eca1f4b607d

    SHA512

    d278188512145fd468ac5c66d8f924c2c2076f4b9d65a1b6093acee002174c2f81906b4178d535154fedc4402921207637acc563bc4050fd370f3a695e545b2c

    Download Submit

  • C:\Users\Admin\AppData\Local\a5b260eb\tor\data\cached-microdescs.new
    Filesize

    20.3MB

    MD5

    3e44d7f59eaf6b1123cbc49d43072f9d

    SHA1

    7c078eb103dca2273b528161c85573d79c0d60d8

    SHA256

    18281968d8c329eb96c0147070b86db0dcc0a04d8931e33772265b7634d75ffc

    SHA512

    7e4b9e360175e7bf02aeb341debe3f77b4c989e79383a8d501ec26ac9a41824e6407c43c8b98dd9e443d62643f13c6b6f054556cadbb2968ddbfa5427092da7b

    Download Submit

  • C:\Users\Admin\AppData\Local\a5b260eb\tor\data\cached-microdescs.new
    Filesize

    11.9MB

    MD5

    4fbd96b08ac63c0997370a457901ff99

    SHA1

    5cc96455d6836d506d14d62e274e4920c0d48f79

    SHA256

    0d91e262752ec94fa2dd9dc47710493665ceb13b1af3961e463d5a012e2da970

    SHA512

    240057de4d952f72c6b297e321b0d6cf0691e26e3b5925c76cd47a41ba889fddcefb24c371906ac1612759621ee42caba7d50fa8cdb5766063e722f92ebd9224

    Download Submit

  • C:\Users\Admin\AppData\Local\a5b260eb\tor\data\state
    Filesize

    232B

    MD5

    9c323b1a950cfcba45ee9fa1a91c2609

    SHA1

    3fcfa2d203470e558ffafe2ca5b3169dac26baca

    SHA256

    be374d3d7d650e5e299a4e3e0b321cb4185086863b7dd8d936c08f5a2fd11b7c

    SHA512

    3aeda9c20e56c297cde908ef681fc32aa7915fd17416be2877a1fddafc11aaf105905a724789a59f8f9c2b082a339d8573eee81aa9f7277abdd7f40b7c22811f

    Download Submit

  • C:\Users\Admin\AppData\Local\a5b260eb\tor\data\state
    Filesize

    3KB

    MD5

    0efaec7e3d7f39ad0d4251204a4dc9f3

    SHA1

    47a08b60efe0bdca06cbb3012146368b47087cd5

    SHA256

    0843582ac1a7d2a5b467d2b2f8ae61ada8b7b7486d087943a7613e9d182660ab

    SHA512

    2ba95a247f410c8e3c6d4ddb2afdbd931b78581e0bf515acfaeda6775f1ab011bfde6fc1761740cd263d4aae333879b453a9f9e46b70992103d836146c7984c1

    Download Submit

  • C:\Users\Admin\AppData\Local\a5b260eb\tor\libcrypto-1_1.dll
    Filesize

    1.7MB

    MD5

    2384a02c4a1f7ec481adde3a020607d3

    SHA1

    7e848d35a10bf9296c8fa41956a3daa777f86365

    SHA256

    c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369

    SHA512

    1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

    Download Submit

  • C:\Users\Admin\AppData\Local\a5b260eb\tor\libevent-2-1-6.dll
    Filesize

    366KB

    MD5

    099983c13bade9554a3c17484e5481f1

    SHA1

    a84e69ad9722f999252d59d0ed9a99901a60e564

    SHA256

    b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838

    SHA512

    89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

    Download Submit

  • C:\Users\Admin\AppData\Local\a5b260eb\tor\libgcc_s_sjlj-1.dll
    Filesize

    286KB

    MD5

    b0d98f7157d972190fe0759d4368d320

    SHA1

    5715a533621a2b642aad9616e603c6907d80efc4

    SHA256

    2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5

    SHA512

    41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

    Download Submit

  • C:\Users\Admin\AppData\Local\a5b260eb\tor\libssl-1_1.dll
    Filesize

    439KB

    MD5

    c88826ac4bb879622e43ead5bdb95aeb

    SHA1

    87d29853649a86f0463bfd9ad887b85eedc21723

    SHA256

    c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f

    SHA512

    f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

    Download Submit

  • C:\Users\Admin\AppData\Local\a5b260eb\tor\libssp-0.dll
    Filesize

    88KB

    MD5

    2c916456f503075f746c6ea649cf9539

    SHA1

    fa1afc1f3d728c89b2e90e14ca7d88b599580a9d

    SHA256

    cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6

    SHA512

    1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

    Download Submit

  • C:\Users\Admin\AppData\Local\a5b260eb\tor\libwinpthread-1.dll
    Filesize

    188KB

    MD5

    d407cc6d79a08039a6f4b50539e560b8

    SHA1

    21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71

    SHA256

    92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e

    SHA512

    378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

    Download Submit

  • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
    Filesize

    973KB

    MD5

    5cfe61ff895c7daa889708665ef05d7b

    SHA1

    5e58efe30406243fbd58d4968b0492ddeef145f2

    SHA256

    f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5

    SHA512

    43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

    Download Submit

  • C:\Users\Admin\AppData\Local\a5b260eb\tor\torrc
    Filesize

    157B

    MD5

    8ea874223f853aac5ea469ccc164a8f9

    SHA1

    70d31011547870c9f930496dbf9fb7ec296a8c28

    SHA256

    95e134044f370b2a96408d581f3c0381fe95388dae27c6d9598f44dc7d72b9ed

    SHA512

    fd1dc20219fbf4863926d90b5a2127b65e165656eac4493a80288d0c57fc309ed998b5d30fe8ce313987ee367fc4fe9b6026ff32d4391950d7f26ca7b6fdcdf2

    Download Submit

  • C:\Users\Admin\AppData\Local\a5b260eb\tor\zlib1.dll
    Filesize

    52KB

    MD5

    add33041af894b67fe34e1dc819b7eb6

    SHA1

    6db46eb021855a587c95479422adcc774a272eeb

    SHA256

    8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183

    SHA512

    bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

    Download Submit

  • memory/116-252-0x0000000000DE0000-0x00000000011E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/116-256-0x0000000073510000-0x00000000735D8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/116-263-0x00000000733C0000-0x00000000733E4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/116-261-0x00000000733F0000-0x0000000073439000-memory.dmp

    Filesize

    292KB

    Download

  • memory/116-258-0x0000000073440000-0x000000007350E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/116-266-0x00000000732B0000-0x00000000733BA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/116-267-0x0000000073220000-0x00000000732A8000-memory.dmp

    Filesize

    544KB

    Download

  • memory/116-277-0x0000000073510000-0x00000000735D8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/116-254-0x00000000735E0000-0x00000000738AF000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/116-276-0x00000000735E0000-0x00000000738AF000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/116-275-0x0000000000DE0000-0x00000000011E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/116-274-0x0000000073440000-0x000000007350E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/1232-290-0x0000000073440000-0x000000007350E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/1232-297-0x00000000732B0000-0x00000000733BA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1232-310-0x0000000073510000-0x00000000735D8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/1232-309-0x0000000000DE0000-0x00000000011E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/1232-289-0x0000000073510000-0x00000000735D8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/1232-293-0x0000000073220000-0x00000000732A8000-memory.dmp

    Filesize

    544KB

    Download

  • memory/1232-291-0x00000000733F0000-0x0000000073439000-memory.dmp

    Filesize

    292KB

    Download

  • memory/1232-292-0x00000000733C0000-0x00000000733E4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/1232-296-0x00000000735E0000-0x00000000738AF000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/1492-0-0x0000000000400000-0x0000000000BD8000-memory.dmp

    Filesize

    7.8MB

    Download

  • memory/1492-221-0x0000000072FE0000-0x0000000073019000-memory.dmp

    Filesize

    228KB

    Download

  • memory/1492-47-0x0000000072D70000-0x0000000072DA9000-memory.dmp

    Filesize

    228KB

    Download

  • memory/1492-107-0x0000000073E80000-0x0000000073EB9000-memory.dmp

    Filesize

    228KB

    Download

  • memory/1492-1-0x00000000742C0000-0x00000000742F9000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2608-179-0x00000000736C0000-0x00000000736E4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2608-160-0x00000000735F0000-0x00000000736B8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/2608-180-0x0000000073210000-0x000000007331A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2608-169-0x0000000073180000-0x0000000073208000-memory.dmp

    Filesize

    544KB

    Download

  • memory/2608-178-0x00000000736F0000-0x0000000073739000-memory.dmp

    Filesize

    292KB

    Download

  • memory/2608-177-0x0000000073740000-0x000000007380E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/2608-181-0x0000000000DE0000-0x00000000011E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2608-182-0x0000000073320000-0x00000000735EF000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2608-183-0x00000000735F0000-0x00000000736B8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/2608-157-0x0000000000DE0000-0x00000000011E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2608-159-0x0000000073320000-0x00000000735EF000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2608-162-0x0000000073740000-0x000000007380E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/2608-166-0x0000000073210000-0x000000007331A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2608-163-0x00000000736F0000-0x0000000073739000-memory.dmp

    Filesize

    292KB

    Download

  • memory/2608-164-0x00000000736C0000-0x00000000736E4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/3164-262-0x0000000000DE0000-0x00000000011E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3164-205-0x00000000735E0000-0x00000000738AF000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/3164-200-0x00000000733C0000-0x00000000733E4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/3164-203-0x00000000732B0000-0x00000000733BA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3164-197-0x00000000733F0000-0x0000000073439000-memory.dmp

    Filesize

    292KB

    Download

  • memory/3164-222-0x0000000000DE0000-0x00000000011E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3164-231-0x0000000073510000-0x00000000735D8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/3164-232-0x0000000073440000-0x000000007350E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/3164-204-0x0000000073220000-0x00000000732A8000-memory.dmp

    Filesize

    544KB

    Download

  • memory/3164-196-0x0000000073440000-0x000000007350E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/3164-195-0x0000000073510000-0x00000000735D8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/3292-95-0x0000000000DE0000-0x00000000011E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3292-44-0x0000000073180000-0x0000000073208000-memory.dmp

    Filesize

    544KB

    Download

  • memory/3292-126-0x0000000000DE0000-0x00000000011E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3292-118-0x0000000000DE0000-0x00000000011E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3292-110-0x0000000000DE0000-0x00000000011E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3292-165-0x0000000000DE0000-0x00000000011E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3292-86-0x0000000000DE0000-0x00000000011E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3292-76-0x00000000013F0000-0x0000000001478000-memory.dmp

    Filesize

    544KB

    Download

  • memory/3292-68-0x0000000000DE0000-0x00000000011E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3292-58-0x0000000000DE0000-0x00000000011E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3292-48-0x0000000000DE0000-0x00000000011E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3292-134-0x0000000000DE0000-0x00000000011E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3292-45-0x00000000013F0000-0x0000000001478000-memory.dmp

    Filesize

    544KB

    Download

  • memory/3292-46-0x0000000073740000-0x000000007380E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/3292-43-0x0000000073210000-0x000000007331A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3292-42-0x00000000735F0000-0x00000000736B8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/3292-41-0x0000000073320000-0x00000000735EF000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/3292-40-0x0000000001C30000-0x0000000001EFF000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/3292-39-0x00000000736C0000-0x00000000736E4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/3292-35-0x00000000736F0000-0x0000000073739000-memory.dmp

    Filesize

    292KB

    Download

  • memory/3292-34-0x0000000000DE0000-0x00000000011E4000-memory.dmp

    Filesize

    4.0MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.