Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

stub_tor.exe

windows7-x64

10

stub_tor.exe

windows10-1703-x64

10

stub_tor.exe

windows10-2004-x64

10

stub_tor.exe

windows11-21h2-x64

10

Resubmissions

12/04/2024, 13:18 UTC

240412-qj2nwsdg6z 10

12/04/2024, 13:18 UTC

240412-qj13csdg6y 10

12/04/2024, 13:18 UTC

240412-qj1rladg6x 10

12/04/2024, 13:18 UTC

240412-qjz53aag26 10

12/04/2024, 13:18 UTC

240412-qjzvasag25 10

09/04/2024, 03:59 UTC

240409-ekaq1sea34 10

09/04/2024, 03:58 UTC

240409-ej1aaadh98 10

09/04/2024, 03:58 UTC

240409-ejnw9adh85 10

09/04/2024, 03:55 UTC

240409-eg8tmshd41 10

17/02/2024, 23:58 UTC

240217-31gfhacd52 10

Analysis

  • max time kernel
    299s
  • max time network
    300s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    12/04/2024, 13:18 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    stub_tor.exe

  • Size

    7.8MB

  • MD5

    c76390d9e1052d9e708940d67b5c135d

  • SHA1

    a370a73a9dd746584428e8a939288ecffd3c80f7

  • SHA256

    caf48b67e7bb94a178426fc7ce6b9ed50ffb2f3813a7c68900f21bfffb24e44f

  • SHA512

    4d2d38d8719cdac8a406cfa96944ee99d2d926511e64d6b6aa964d40d0d9ddb1dc6e4e6253bcb1e77b32613c0b4409ab32ea54c476018fee963574edb043dd3b

  • SSDEEP

    196608:oIRcbH4jSteTGvExwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOf:odHsfuExwZ6v1CPwDv3uFteg2EeJUO9E

Score
10/10
bitratpersistencetrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

7sbl4dpbubwjjghdquwg47fyq7rookd4bgm2ypm2kjzkivd7tomvczqd.onion:440

Attributes
  • communication_password

    4124bc0a9335c27f086f24ba207a4912

  • install_dir

    Minecraft

  • install_file

    Runtime_Broker

  • tor_process

    tor

Signatures

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat
  • ACProtect 1.3x - 1.4x DLL software 7 IoCs

    Detects file using ACProtect software.

  • Executes dropped EXE 12 IoCs
  • Loads dropped DLL 64 IoCs
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 9 IoCs
    persistence
  • Looks up external IP address via web service 6 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 9 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: RenamesItself 53 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 36 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\stub_tor.exe
    "C:\Users\Admin\AppData\Local\Temp\stub_tor.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: RenamesItself
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4924
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:876
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2052
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:796
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:216
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2252
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2812
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3692
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1068
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2456
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:4248
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1260
    • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
      "C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2744

Network

  • flag-us
    DNS
    28.28.87.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.28.87.192.in-addr.arpa
    IN PTR
    Response
    28.28.87.192.in-addr.arpa
    IN PTR
    anonymous6secnl
  • flag-us
    DNS
    218.89.15.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    218.89.15.51.in-addr.arpa
    IN PTR
    Response
    218.89.15.51.in-addr.arpa
    IN PTR
    tor-7cdc6jgkde
  • flag-us
    DNS
    128.11.67.82.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    128.11.67.82.in-addr.arpa
    IN PTR
    Response
    128.11.67.82.in-addr.arpa
    IN PTR
    lal69-1_migr-82-67-11-128fbxproxadnet
  • flag-us
    DNS
    43.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2.223.216.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.223.216.88.in-addr.arpa
    IN PTR
    Response
    2.223.216.88.in-addr.arpa
    IN PTR
    222321688kemmitde
  • flag-us
    DNS
    143.248.232.46.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    143.248.232.46.in-addr.arpa
    IN PTR
    Response
    143.248.232.46.in-addr.arpa
    IN PTR
    v220240179589252401ultrasrvde
  • flag-us
    DNS
    myexternalip.com
    stub_tor.exe
    Remote address:
    8.8.8.8:53
    Request
    myexternalip.com
    IN A
    Response
    myexternalip.com
    IN A
    34.117.118.44
  • flag-us
    GET
    https://myexternalip.com/raw
    stub_tor.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: FpHDj87VIfu3Xa4X4J2IEYiqbZo5pyf5
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Fri, 12 Apr 2024 13:20:50 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    190.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    190.178.17.96.in-addr.arpa
    IN PTR
    Response
    190.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-190deploystaticakamaitechnologiescom
  • flag-us
    DNS
    44.118.117.34.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    44.118.117.34.in-addr.arpa
    IN PTR
    Response
    44.118.117.34.in-addr.arpa
    IN PTR
    4411811734bcgoogleusercontentcom
  • flag-us
    DNS
    66.146.100.95.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    66.146.100.95.in-addr.arpa
    IN PTR
    Response
    66.146.100.95.in-addr.arpa
    IN PTR
    a95-100-146-66deploystaticakamaitechnologiescom
  • flag-us
    DNS
    51.113.220.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    51.113.220.23.in-addr.arpa
    IN PTR
    Response
    51.113.220.23.in-addr.arpa
    IN PTR
    a23-220-113-51deploystaticakamaitechnologiescom
  • flag-us
    DNS
    27.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    27.173.189.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    77.7.214.103.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    77.7.214.103.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    0.205.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.205.248.87.in-addr.arpa
    IN PTR
    Response
    0.205.248.87.in-addr.arpa
    IN PTR
    https-87-248-205-0lgwllnwnet
  • flag-us
    GET
    https://myexternalip.com/raw
    stub_tor.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: c7eWiPsuUSEWr8OMJJG56OvVCj4jozqz
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Fri, 12 Apr 2024 13:21:54 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    225.182.129.45.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    225.182.129.45.in-addr.arpa
    IN PTR
    Response
    225.182.129.45.in-addr.arpa
    IN PTR
    torb0rkende
  • flag-us
    GET
    https://myexternalip.com/raw
    stub_tor.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: J0aQCYkbLMPFXvZHRo7yJomKToh3pVAw
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Fri, 12 Apr 2024 13:22:26 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    https://myexternalip.com/raw
    stub_tor.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: MOt3D0WnreMxfmEBJWfIJ1IbRQ2TXSnj
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Fri, 12 Apr 2024 13:23:04 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    https://myexternalip.com/raw
    stub_tor.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: 9049uJn4JjG7TnFsVsZXEJUhmj1krWvV
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Fri, 12 Apr 2024 13:23:38 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • 37.187.102.186:9001
    tor.exe
    156 B
     3
  • 127.0.0.1:49793
    tor.exe
  • 163.172.157.213:443
    tor.exe
    156 B
     3
  • 185.220.101.48:20048
    tor.exe
    156 B
     120 B
     3
    3
  • 192.87.28.28:9001
    www.qg3cwuv.com
    tls
    tor.exe
    67.3kB
     782.2kB
     535
    587
  • 127.0.0.1:45808
    stub_tor.exe
  • 82.67.11.128:443
    www.qzrcbyn3t2pdtwczsdamcpt.com
    tls
    tor.exe
    984.9kB
     9.5MB
     6277
    7108
  • 51.15.89.218:443
    www.vx3hntozruy3kzmc4cddk3sux.com
    tls
    tor.exe
    346.7kB
     3.7MB
     2265
    2886
  • 127.0.0.1:45808
    stub_tor.exe
  • 51.15.89.218:443
    www.p2c7.com
    tls
    tor.exe
    11.1kB
     7.6kB
     25
    25
  • 82.67.11.128:443
    www.ynqfzetlpsq6e27epq3v.com
    tls
    tor.exe
    7.4kB
     9.8kB
     22
    24
  • 127.0.0.1:49926
    tor.exe
  • 127.0.0.1:49965
    tor.exe
  • 88.216.223.2:1337
    www.sa7jq25o4zci.com
    tls
    tor.exe
    23.2kB
     28.6kB
     54
    71
  • 46.232.248.143:9001
    www.6drsavnup5gsdacmxkzl4.com
    tls
    tor.exe
    12.9kB
     17.0kB
     35
    36
  • 127.0.0.1:45808
    stub_tor.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    stub_tor.exe
    955 B
     4.1kB
     12
    9

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:50041
    tor.exe
  • 103.214.7.77:2083
    www.bphuj43mabasczwzec.com
    tls
    tor.exe
    20.1kB
     24.0kB
     48
    62
  • 127.0.0.1:50079
    tor.exe
  • 88.216.223.2:1337
    www.kk5gujfvee5pku.com
    tls
    tor.exe
    21.8kB
     26.4kB
     51
    69
  • 127.0.0.1:45808
    stub_tor.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    stub_tor.exe
    1.0kB
     651 B
     9
    6

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:50159
    tor.exe
  • 127.0.0.1:50187
    tor.exe
  • 45.129.182.225:443
    www.netaiadv42v.com
    tls
    tor.exe
    4.4kB
     10.5kB
     18
    21
  • 103.214.7.77:2083
    www.nzzo.com
    tls
    tor.exe
    17.2kB
     22.8kB
     44
    59
  • 88.216.223.2:1337
    www.ihqa2kmfc3smafvi32izwt4d.com
    tls
    tor.exe
    14.9kB
     20.8kB
     40
    49
  • 127.0.0.1:45808
    stub_tor.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    stub_tor.exe
    1.5kB
     715 B
     11
    7

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:50231
    tor.exe
  • 127.0.0.1:50257
    tor.exe
  • 185.13.39.197:443
    tor.exe
    156 B
     3
  • 103.214.7.77:2083
    www.7i34n.com
    tls
    tor.exe
    19.6kB
     21.1kB
     48
    54
  • 88.216.223.2:1337
    www.oatq.com
    tls
    tor.exe
    23.1kB
     28.0kB
     57
    68
  • 127.0.0.1:45808
    stub_tor.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    stub_tor.exe
    1.0kB
     651 B
     9
    6

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:50306
    tor.exe
  • 127.0.0.1:50336
    tor.exe
  • 81.7.16.182:443
    tor.exe
    156 B
     3
  • 88.216.223.2:1337
    www.r2n4oeyhx3yhdi.com
    tls
    tor.exe
    24.8kB
     30.7kB
     60
    83
  • 103.214.7.77:2083
    www.upqr2rb5.com
    tls
    tor.exe
    10.3kB
     15.7kB
     29
    38
  • 127.0.0.1:45808
    stub_tor.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    stub_tor.exe
    1.0kB
     651 B
     9
    6

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:50377
    tor.exe
  • 8.8.8.8:53
    28.28.87.192.in-addr.arpa
    dns
    71 B
     102 B
     1
    1

    DNS Request

    28.28.87.192.in-addr.arpa

  • 8.8.8.8:53
    218.89.15.51.in-addr.arpa
    dns
    71 B
     101 B
     1
    1

    DNS Request

    218.89.15.51.in-addr.arpa

  • 8.8.8.8:53
    128.11.67.82.in-addr.arpa
    dns
    71 B
     125 B
     1
    1

    DNS Request

    128.11.67.82.in-addr.arpa

  • 8.8.8.8:53
    43.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    43.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    2.223.216.88.in-addr.arpa
    dns
    71 B
     107 B
     1
    1

    DNS Request

    2.223.216.88.in-addr.arpa

  • 8.8.8.8:53
    143.248.232.46.in-addr.arpa
    dns
    73 B
     118 B
     1
    1

    DNS Request

    143.248.232.46.in-addr.arpa

  • 8.8.8.8:53
    myexternalip.com
    dns
    stub_tor.exe
    62 B
     78 B
     1
    1

    DNS Request

    myexternalip.com

    DNS Response

    34.117.118.44

  • 8.8.8.8:53
    190.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    190.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    44.118.117.34.in-addr.arpa
    dns
    72 B
     124 B
     1
    1

    DNS Request

    44.118.117.34.in-addr.arpa

  • 8.8.8.8:53
    66.146.100.95.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    66.146.100.95.in-addr.arpa

  • 8.8.8.8:53
    51.113.220.23.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    51.113.220.23.in-addr.arpa

  • 8.8.8.8:53
    27.173.189.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    27.173.189.20.in-addr.arpa

  • 8.8.8.8:53
    77.7.214.103.in-addr.arpa
    dns
    71 B
     134 B
     1
    1

    DNS Request

    77.7.214.103.in-addr.arpa

  • 8.8.8.8:53
    0.205.248.87.in-addr.arpa
    dns
    71 B
     116 B
     1
    1

    DNS Request

    0.205.248.87.in-addr.arpa

  • 8.8.8.8:53
    225.182.129.45.in-addr.arpa
    dns
    73 B
     100 B
     1
    1

    DNS Request

    225.182.129.45.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\a5b260eb\tor\data\cached-certs
    Filesize

    20KB

    MD5

    f67651d87551229bf472c4f4cc4f1f3f

    SHA1

    bf826b376810b28543558fd32e8f51dbebaf3422

    SHA256

    f3d10c56ccbb60f776f76f91aae6c240d5bfa13bf1ca5ea3a381a1487f7337b8

    SHA512

    d0f9201961fbe76e2c1282359c372bf8dda5f178c43e1b6076c63e6b3a00b226a7441e0f77b63e70d4f53a343be50d99cf5f9f5d181b370dcac7d365c07e33f1

    Download Submit

  • C:\Users\Admin\AppData\Local\a5b260eb\tor\data\cached-microdesc-consensus.tmp
    Filesize

    2.7MB

    MD5

    27acfbf94480631e547b5cb508d9d4fb

    SHA1

    f6477330ca9aeb4a8cd19cc44e1a30fa9695b36c

    SHA256

    0fd156526952ba5edb62133774a19bf72f71d3c968d01fcdb517521d45a67c5e

    SHA512

    902ccecfa284881c1f241802b9ccd51a85da0cc48632fbd944b686d37a4fa57bc7cd01c44ef79bfe475494be780164b82ff8fa9a3e77984f6e29467843138929

    Download Submit

  • C:\Users\Admin\AppData\Local\a5b260eb\tor\data\cached-microdescs
    Filesize

    20.3MB

    MD5

    c058c8cbcef0e54f981a3e6c382a9183

    SHA1

    afbb255bd838c55ac853415f796c6dab9e727d85

    SHA256

    9b5189813e4a8e8839eeffba3958077c7c4bdb73e93264b8b27049fc210d6904

    SHA512

    0c529dc3c8566852d276183fd0bbdea6e6745d95ca9abcff3e62dd8c6bbbb8c8dace78074dba6bd72dd4c433426fd780e54bc58691d195785d2bc7b064a13454

    Download Submit

  • C:\Users\Admin\AppData\Local\a5b260eb\tor\data\cached-microdescs.new
    Filesize

    5.5MB

    MD5

    b8c2a4f714a9b88297e7dc77bdc190b3

    SHA1

    ce9e63fa6af06cf57e0251c3605815ece1a08ca0

    SHA256

    7f714a075be64819413ec5ea6d223b93bcdd0f3459c693e7492adbcea060f39f

    SHA512

    0ab59994fef282090960be31c246ae8207350c7d54daa74655c749dd4d197d26c31b695860afee2a37c2775449e1161253d322bd07128b4a35c9bf7f4908b9b6

    Download Submit

  • C:\Users\Admin\AppData\Local\a5b260eb\tor\data\cached-microdescs.new
    Filesize

    20.3MB

    MD5

    13b72e40a997c006ad16c0059358f05b

    SHA1

    0fdf0bc5e43cb621a4c9e0b9b462e5e04f0f4a50

    SHA256

    f34c271e87b58149e8d92f647677983ff8cd4e5f4df624eedbeade8a7671ba60

    SHA512

    1d232ce9142b0b2818b8809977284160da5f9de5bc8d4f82e5f31cae89ef3fc92eafde341593120d47e8ebf45c133f24f5be28cc052110b18fb9e24e2668776b

    Download Submit

  • C:\Users\Admin\AppData\Local\a5b260eb\tor\data\state
    Filesize

    232B

    MD5

    7e7464bd60befff31587e3f6761f3659

    SHA1

    9999d8bf192c31a5d94ef8764dcb3c616af31a2b

    SHA256

    877092bb1f4b315db772b09afb83006413b4d2ac5692384b8b970d60f68f129d

    SHA512

    f877c8ada2554cb2d9b1af6b90c1090ff4ed69e081bef8620eea5014b862bde6313a987a9837acf842793f3f009976466078fe7bbfa5f4485d7beda6007b5a3b

    Download Submit

  • C:\Users\Admin\AppData\Local\a5b260eb\tor\data\state
    Filesize

    3KB

    MD5

    7ecb50fe4daacc10dfc5bae53fd0198b

    SHA1

    85595cfb46e523a5f78663f0afd22ea7e3881fb9

    SHA256

    d305adb1163a1f2e6393c2f01635e5b90975834f69d65db0da45a4973fca31c5

    SHA512

    fc9c32076f4fa6166bf7a1bd053bb98d556ec05ee37365b9ecd728908d6567eacea88f10b375738773334d8104f55a4e3f8b080c901ce4be1d38044665458ff5

    Download Submit

  • C:\Users\Admin\AppData\Local\a5b260eb\tor\libgcc_s_sjlj-1.dll
    Filesize

    286KB

    MD5

    b0d98f7157d972190fe0759d4368d320

    SHA1

    5715a533621a2b642aad9616e603c6907d80efc4

    SHA256

    2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5

    SHA512

    41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

    Download Submit

  • C:\Users\Admin\AppData\Local\a5b260eb\tor\libssl-1_1.dll
    Filesize

    439KB

    MD5

    c88826ac4bb879622e43ead5bdb95aeb

    SHA1

    87d29853649a86f0463bfd9ad887b85eedc21723

    SHA256

    c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f

    SHA512

    f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

    Download Submit

  • C:\Users\Admin\AppData\Local\a5b260eb\tor\libssp-0.dll
    Filesize

    88KB

    MD5

    2c916456f503075f746c6ea649cf9539

    SHA1

    fa1afc1f3d728c89b2e90e14ca7d88b599580a9d

    SHA256

    cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6

    SHA512

    1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

    Download Submit

  • C:\Users\Admin\AppData\Local\a5b260eb\tor\libwinpthread-1.dll
    Filesize

    188KB

    MD5

    d407cc6d79a08039a6f4b50539e560b8

    SHA1

    21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71

    SHA256

    92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e

    SHA512

    378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

    Download Submit

  • C:\Users\Admin\AppData\Local\a5b260eb\tor\tor.exe
    Filesize

    973KB

    MD5

    5cfe61ff895c7daa889708665ef05d7b

    SHA1

    5e58efe30406243fbd58d4968b0492ddeef145f2

    SHA256

    f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5

    SHA512

    43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

    Download Submit

  • C:\Users\Admin\AppData\Local\a5b260eb\tor\torrc
    Filesize

    157B

    MD5

    8ea874223f853aac5ea469ccc164a8f9

    SHA1

    70d31011547870c9f930496dbf9fb7ec296a8c28

    SHA256

    95e134044f370b2a96408d581f3c0381fe95388dae27c6d9598f44dc7d72b9ed

    SHA512

    fd1dc20219fbf4863926d90b5a2127b65e165656eac4493a80288d0c57fc309ed998b5d30fe8ce313987ee367fc4fe9b6026ff32d4391950d7f26ca7b6fdcdf2

    Download Submit

  • C:\Users\Admin\AppData\Local\a5b260eb\tor\zlib1.dll
    Filesize

    52KB

    MD5

    add33041af894b67fe34e1dc819b7eb6

    SHA1

    6db46eb021855a587c95479422adcc774a272eeb

    SHA256

    8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183

    SHA512

    bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

    Download Submit

  • \Users\Admin\AppData\Local\a5b260eb\tor\libcrypto-1_1.dll
    Filesize

    1.7MB

    MD5

    2384a02c4a1f7ec481adde3a020607d3

    SHA1

    7e848d35a10bf9296c8fa41956a3daa777f86365

    SHA256

    c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369

    SHA512

    1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

    Download Submit

  • \Users\Admin\AppData\Local\a5b260eb\tor\libevent-2-1-6.dll
    Filesize

    366KB

    MD5

    099983c13bade9554a3c17484e5481f1

    SHA1

    a84e69ad9722f999252d59d0ed9a99901a60e564

    SHA256

    b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838

    SHA512

    89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

    Download Submit

  • memory/216-264-0x0000000072FB0000-0x000000007307E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/216-270-0x00000000738F0000-0x0000000073914000-memory.dmp

    Filesize

    144KB

    Download

  • memory/216-272-0x0000000072EA0000-0x0000000072FAA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/216-281-0x0000000073080000-0x0000000073148000-memory.dmp

    Filesize

    800KB

    Download

  • memory/216-268-0x0000000073920000-0x0000000073969000-memory.dmp

    Filesize

    292KB

    Download

  • memory/216-263-0x0000000073080000-0x0000000073148000-memory.dmp

    Filesize

    800KB

    Download

  • memory/216-280-0x0000000073150000-0x000000007341F000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/216-260-0x0000000073150000-0x000000007341F000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/216-274-0x0000000072E10000-0x0000000072E98000-memory.dmp

    Filesize

    544KB

    Download

  • memory/216-279-0x00000000010E0000-0x00000000014E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/796-219-0x0000000073080000-0x0000000073148000-memory.dmp

    Filesize

    800KB

    Download

  • memory/796-218-0x00000000010E0000-0x00000000014E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/796-201-0x0000000073150000-0x000000007341F000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/796-220-0x0000000072FB0000-0x000000007307E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/796-198-0x00000000738F0000-0x0000000073914000-memory.dmp

    Filesize

    144KB

    Download

  • memory/796-200-0x0000000072E10000-0x0000000072E98000-memory.dmp

    Filesize

    544KB

    Download

  • memory/796-199-0x0000000072EA0000-0x0000000072FAA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/796-267-0x00000000010E0000-0x00000000014E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/796-197-0x0000000073920000-0x0000000073969000-memory.dmp

    Filesize

    292KB

    Download

  • memory/796-192-0x0000000072FB0000-0x000000007307E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/796-190-0x00000000010E0000-0x00000000014E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/796-191-0x0000000073080000-0x0000000073148000-memory.dmp

    Filesize

    800KB

    Download

  • memory/876-56-0x00000000010E0000-0x00000000014E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/876-58-0x0000000072BB0000-0x0000000072C7E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/876-16-0x00000000010E0000-0x00000000014E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/876-25-0x0000000072C80000-0x0000000072D48000-memory.dmp

    Filesize

    800KB

    Download

  • memory/876-26-0x0000000072BB0000-0x0000000072C7E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/876-34-0x0000000072D50000-0x000000007301F000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/876-39-0x00000000015B0000-0x00000000015F9000-memory.dmp

    Filesize

    292KB

    Download

  • memory/876-165-0x00000000010E0000-0x00000000014E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/876-38-0x0000000072B30000-0x0000000072B54000-memory.dmp

    Filesize

    144KB

    Download

  • memory/876-168-0x0000000001A00000-0x0000000001A88000-memory.dmp

    Filesize

    544KB

    Download

  • memory/876-40-0x0000000072990000-0x0000000072A18000-memory.dmp

    Filesize

    544KB

    Download

  • memory/876-41-0x0000000001A00000-0x0000000001A88000-memory.dmp

    Filesize

    544KB

    Download

  • memory/876-42-0x0000000072B60000-0x0000000072BA9000-memory.dmp

    Filesize

    292KB

    Download

  • memory/876-43-0x0000000072A20000-0x0000000072B2A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/876-132-0x00000000010E0000-0x00000000014E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/876-118-0x00000000010E0000-0x00000000014E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/876-101-0x00000000010E0000-0x00000000014E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/876-93-0x00000000010E0000-0x00000000014E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/876-57-0x0000000072C80000-0x0000000072D48000-memory.dmp

    Filesize

    800KB

    Download

  • memory/876-83-0x00000000010E0000-0x00000000014E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/876-75-0x00000000010E0000-0x00000000014E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/876-73-0x00000000015B0000-0x00000000015F9000-memory.dmp

    Filesize

    292KB

    Download

  • memory/876-74-0x0000000001A00000-0x0000000001A88000-memory.dmp

    Filesize

    544KB

    Download

  • memory/876-65-0x00000000010E0000-0x00000000014E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/876-64-0x00000000010E0000-0x00000000014E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/876-59-0x0000000072D50000-0x000000007301F000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2052-166-0x0000000072B30000-0x0000000072B54000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2052-154-0x00000000010E0000-0x00000000014E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2052-155-0x0000000072D50000-0x000000007301F000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2052-158-0x0000000072C80000-0x0000000072D48000-memory.dmp

    Filesize

    800KB

    Download

  • memory/2052-159-0x0000000072BB0000-0x0000000072C7E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/2052-178-0x0000000072C80000-0x0000000072D48000-memory.dmp

    Filesize

    800KB

    Download

  • memory/2052-177-0x0000000072D50000-0x000000007301F000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2052-176-0x00000000010E0000-0x00000000014E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2052-171-0x0000000072990000-0x0000000072A18000-memory.dmp

    Filesize

    544KB

    Download

  • memory/2052-169-0x0000000072A20000-0x0000000072B2A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2052-163-0x0000000072B60000-0x0000000072BA9000-memory.dmp

    Filesize

    292KB

    Download

  • memory/2252-293-0x0000000073080000-0x0000000073148000-memory.dmp

    Filesize

    800KB

    Download

  • memory/2252-300-0x0000000072E10000-0x0000000072E98000-memory.dmp

    Filesize

    544KB

    Download

  • memory/2252-324-0x0000000072FB0000-0x000000007307E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/2252-323-0x0000000073080000-0x0000000073148000-memory.dmp

    Filesize

    800KB

    Download

  • memory/2252-294-0x0000000072FB0000-0x000000007307E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/2252-295-0x0000000073920000-0x0000000073969000-memory.dmp

    Filesize

    292KB

    Download

  • memory/2252-313-0x00000000010E0000-0x00000000014E4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2252-298-0x00000000738F0000-0x0000000073914000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2252-299-0x0000000072EA0000-0x0000000072FAA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2252-301-0x0000000073150000-0x000000007341F000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/4924-44-0x00000000726C0000-0x00000000726FA000-memory.dmp

    Filesize

    232KB

    Download

  • memory/4924-1-0x0000000073930000-0x000000007396A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/4924-91-0x0000000073230000-0x000000007326A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/4924-314-0x00000000720D0000-0x000000007210A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/4924-217-0x0000000072B70000-0x0000000072BAA000-memory.dmp

    Filesize

    232KB

    Download

  • memory/4924-0-0x0000000000400000-0x0000000000BD8000-memory.dmp

    Filesize

    7.8MB

    Download

  • memory/4924-341-0x0000000073930000-0x000000007396A000-memory.dmp

    Filesize

    232KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.