Analysis

  • max time kernel
    207s
  • max time network
    263s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-de
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-delocale:de-deos:windows10-2004-x64systemwindows
  • submitted
    03-11-2022 16:38

General

  • Target

    torbrowser-install-win64-11.5.6_de.exe

  • Size

    99.4MB

  • MD5

    238b039fa7c0699f40ff51cb168effe7

  • SHA1

    3acb4d945017a15807351967529395ddda74b95b

  • SHA256

    8e3f475fc016230a30edb2c92e0ce584bab53476a28204397df5dcae0ddd6497

  • SHA512

    672fd8c2dcf855270325d632a573276dce5996eac19e5d4ad6d3106196f5e6725a0c2f6d0c4047af39f20e7513b1c0e6e98e55dd6e4c92e2736adf371fd1791d

  • SSDEEP

    3145728:JT1EW79ZSuSu+7GEsrb0CguDNbDtC375z/DY9EpcUWcE:JT1EGbSu+7GEsv0ePQ37BLFpj7E

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 8 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 49 IoCs
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\torbrowser-install-win64-11.5.6_de.exe
    "C:\Users\Admin\AppData\Local\Temp\torbrowser-install-win64-11.5.6_de.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2540
    • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:3808
      • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
        3⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Loads dropped DLL
        • Checks whether UAC is enabled
        • Checks processor information in registry
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2428
        • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
          "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2428.0.1661225197\27174259" -parentBuildID 20220607070101 -prefsHandle 2172 -prefMapHandle 2164 -prefsLen 1 -prefMapSize 243159 -appdir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 2428 gpu
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:3916
        • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
          "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" HashedControlPassword 16:326853598072cb8460b06f46756339cea6c09643a178e3e0e360936c8d +__ControlPort 9151 +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 2428 DisableNetwork 1
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:4592
        • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
          "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2428.1.928780911\1386665743" -childID 1 -isForBrowser -prefsHandle 3236 -prefMapHandle 3228 -prefsLen 3767 -prefMapSize 243159 -jsInit 1348 285636 -parentBuildID 20220607070101 -appdir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 2428 tab
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:1908
        • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
          "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2428.2.823139240\192377876" -childID 2 -isForBrowser -prefsHandle 3588 -prefMapHandle 3748 -prefsLen 3872 -prefMapSize 243159 -jsInit 1348 285636 -parentBuildID 20220607070101 -appdir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 2428 tab
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:3780
        • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
          "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2428.5.937694697\714289058" -childID 3 -isForBrowser -prefsHandle 3560 -prefMapHandle 3676 -prefsLen 3909 -prefMapSize 243159 -jsInit 1348 285636 -parentBuildID 20220607070101 -appdir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 2428 tab
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:3836
        • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
          "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2428.7.1382407126\1889058075" -parentBuildID 20220607070101 -prefsHandle 1540 -prefMapHandle 3032 -prefsLen 6905 -prefMapSize 243159 -appdir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 2428 rdd
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:1900

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nse3594.tmp\LangDLL.dll

    Filesize

    8KB

    MD5

    937737d61b5ffcc5baf6f8a61a2ffa28

    SHA1

    fe79dd61b3313da510c26174a8df0e2f9421b8d6

    SHA256

    cf21ead81dcad295d05f255a128de907f1b2012d777b35166cbe8fac79597ed0

    SHA512

    d384338dc56f777f64273e7b60ae4cd0de89c8da01a7602652a652f021256bc98e4d8e98aa60c4260d0c24b37cbcd595d29f864ad7d8e49a5b983fdf2ebb6eb9

  • C:\Users\Admin\AppData\Local\Temp\nse3594.tmp\System.dll

    Filesize

    24KB

    MD5

    4184ec530b70b6f3e00e7673e13be0eb

    SHA1

    ca94a713b9333febddd0dd5d1f50371b0c0860e6

    SHA256

    a9da562606502d08ce3f52c06c34d294b53eb0d7d6d6831cce182a1dc9cc80ec

    SHA512

    0bfc8482f9d6b0ce5c4642a317e9f22421a11e41ed47a863b46db3abf7913723214bb4421d028330dca27a8362139917ec7d7378a9d9fa63c4b738d9aaec6e3b

  • C:\Users\Admin\AppData\Local\Temp\nse3594.tmp\nsDialogs.dll

    Filesize

    14KB

    MD5

    deeca483e9bf3cb725a0964fd7f8fff3

    SHA1

    1b49a21f5f13be811db55072b1cb0916403d5dc3

    SHA256

    989d3336793823cefa72b8f7d9bd3cd24be27a82de2c6330e8f2610bf07d0c85

    SHA512

    61428d837dad1091d90a5968e656596b547e7a0eba134814f482e8b7e69dcf5748ff4fb2fa79afaa2cfe71037fe8739468683511ac99280e565634c8cfe2373d

  • C:\Users\Admin\Desktop\TORBRO~1\Browser\nssckbi.dll

    Filesize

    409KB

    MD5

    2a589523b7815744c695157123b3e4b8

    SHA1

    e147a1738f0083afa327692dc80b8f427f8dbc9f

    SHA256

    08071d5525220fc68822aa3f9f5b3cf5397635d0de6c881820afa0fe2cbd263c

    SHA512

    afadf76664edfce05e8dc5b82b0ed1c18d2856685aa8d547e63c6c11dfcdc95221a3482d3b823a83c22f64282b4ba503df839735a827471281f31de8d01e790b

  • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\[email protected]

    Filesize

    540KB

    MD5

    d7a2cef2b893fc7e4e6c44ce790fea75

    SHA1

    fc3cce4c03b7ced124c26da294d410506f858843

    SHA256

    17f03ca174d1a5da780ccf2628c908e457c9b5dfba0c53255dbbb89996960a63

    SHA512

    ba6eafc9319ce239b20c5932978da01100b355b37e709429863ec4bd5f6cd9da4d36fb7e0e1e9877419e63aaea94e9e120471f6ae0105e734e82cb4b764d8403

  • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

    Filesize

    900KB

    MD5

    d56ba5b1b033d66cc4aeb05be10c1b64

    SHA1

    1983e8c1f950263f09002fc9c467fb352f9fd520

    SHA256

    d1430ddc3f3bc3a5c403dbf39ff8c8275a2e7ecd4a2f079be39c193d462a2a0b

    SHA512

    aaf2418076af898857d0180fcb622199547d99292609bebc87b7882c55c36015b0a155373e3a0375d71a356f1e9642fb41c58565b553cda7c1c9f6229524f280

  • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profiles.ini

    Filesize

    103B

    MD5

    5b0cb2afa381416690d2b48a5534fe41

    SHA1

    5c7d290a828ca789ea3cf496e563324133d95e06

    SHA256

    11dedeb495c4c00ad4ef2ecacbd58918d1c7910f572bbbc87397788bafca265c

    SHA512

    0e8aafd992d53b2318765052bf3fbd5f21355ae0cbda0d82558ecbb6304136f379bb869c2f9a863496c5d0c11703dbd24041af86131d32af71f276df7c5a740e

  • C:\Users\Admin\Desktop\Tor Browser\Browser\browser\features\[email protected]

    Filesize

    366KB

    MD5

    9ade7d29700f54242026503d9ffd91d1

    SHA1

    f549208520dc10a2f5877f5c65f2a5ef0a885055

    SHA256

    e275fe3f7129c0f79076645e1c6d5eccd7fa3b8277fc51f8c5fe81a0a67c7b7a

    SHA512

    154224f18d1a0396c2a4c6e71629ac6e68d9a6f2578e2e0bee9a368614c0bd706bf6c1d4340a094c8aafbb91258f7642241b95b05d0840fdcefef1c14776100e

  • C:\Users\Admin\Desktop\Tor Browser\Browser\browser\omni.ja

    Filesize

    38.2MB

    MD5

    59668a2ae604bf0f6502121e8e01502d

    SHA1

    25a4bc9483ea9a4fd1345e18f7d81c34e32d9eb7

    SHA256

    911d74c4638909e760481265873fe8bedc0963d49778e357c9b5a57dbb0aed8e

    SHA512

    47d1bc9b37268f4b5997cdfeed5456b9e68f1653f6b2d5e0f7696f974bb341aa1860bead536f0a9af2f8120cf295998a3e7cc88c53d8efd44f67735381bac515

  • C:\Users\Admin\Desktop\Tor Browser\Browser\defaults\pref\channel-prefs.js

    Filesize

    429B

    MD5

    3d84d108d421f30fb3c5ef2536d2a3eb

    SHA1

    0f3b02737462227a9b9e471f075357c9112f0a68

    SHA256

    7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b

    SHA512

    76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5

  • C:\Users\Admin\Desktop\Tor Browser\Browser\dependentlibs.list

    Filesize

    42B

    MD5

    70b1d09d91bc834e84a48a259f7c1ee9

    SHA1

    592ddaec59f760c0afe677ad3001f4b1a85bb3c0

    SHA256

    2b157d7ff7505d10cb5c3a7de9ba14a6832d1f5bfdbfe4fff981b5db394db6ce

    SHA512

    b37be03d875aa75df5a525f068ed6cf43970d38088d7d28ae100a51e2baa55c2ad5180be0beda2300406db0bdea231dde1d3394ee1c466c0230253edfe6aa6e4

  • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

    Filesize

    1.6MB

    MD5

    0120d39321a610c41610de063e8cf03a

    SHA1

    08f95daae675fd84dde45adcfaa352b89b1cac2c

    SHA256

    476fbab8245511107945e8431c487999f7656c844a62b93eab6031da3e2bc5c3

    SHA512

    806810afb2912f6fce013b6223fe4a23621e9625b4eeeea7eacddd12a7e1a5e34d0d218db126fdcf319efdbb95a4804f37009f53f017f19196c28eb2331f7e73

  • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

    Filesize

    1.6MB

    MD5

    0120d39321a610c41610de063e8cf03a

    SHA1

    08f95daae675fd84dde45adcfaa352b89b1cac2c

    SHA256

    476fbab8245511107945e8431c487999f7656c844a62b93eab6031da3e2bc5c3

    SHA512

    806810afb2912f6fce013b6223fe4a23621e9625b4eeeea7eacddd12a7e1a5e34d0d218db126fdcf319efdbb95a4804f37009f53f017f19196c28eb2331f7e73

  • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

    Filesize

    1.6MB

    MD5

    0120d39321a610c41610de063e8cf03a

    SHA1

    08f95daae675fd84dde45adcfaa352b89b1cac2c

    SHA256

    476fbab8245511107945e8431c487999f7656c844a62b93eab6031da3e2bc5c3

    SHA512

    806810afb2912f6fce013b6223fe4a23621e9625b4eeeea7eacddd12a7e1a5e34d0d218db126fdcf319efdbb95a4804f37009f53f017f19196c28eb2331f7e73

  • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

    Filesize

    1.6MB

    MD5

    0120d39321a610c41610de063e8cf03a

    SHA1

    08f95daae675fd84dde45adcfaa352b89b1cac2c

    SHA256

    476fbab8245511107945e8431c487999f7656c844a62b93eab6031da3e2bc5c3

    SHA512

    806810afb2912f6fce013b6223fe4a23621e9625b4eeeea7eacddd12a7e1a5e34d0d218db126fdcf319efdbb95a4804f37009f53f017f19196c28eb2331f7e73

  • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoNaskhArabic-Regular.ttf

    Filesize

    129KB

    MD5

    a3f90fbb7ccd51b7d721b536bd00d86b

    SHA1

    4594c8edca930fe352d84559368faa3daeccf07c

    SHA256

    c07c44b165c07288c8bb30b0e05f4cf68bef3f52f394c30873f0e731b0698f21

    SHA512

    6d826d3b5a54b45fd1e2753b381a18ffc533d24b7d386c119f29cc0165aabb7fd44cb7b8f2316f755ddb8fd32e665edea255f0020882861b2e7548928a5ab36e

  • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSans-Regular.ttf

    Filesize

    340KB

    MD5

    0e98433b1317e0b8fae6b9fd2010201f

    SHA1

    2ad9d8df92f70ef19f4285ea0dabb74463c6e092

    SHA256

    dac8e68fe43fca59d522fa5f763322cfb4a919c28957656c58e7836d915307d0

    SHA512

    3fce0f137a92f29a63b1b26cf013110b737fad4215b33d261f6860ae75c29bd4b3114d6137a5c6e91a7cdaf7d1bb14fd73a59dbbd96d7f0c29b71a715e4991ce

  • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansAdlam-Regular.ttf

    Filesize

    59KB

    MD5

    c0fc19ba888e68d9fd93b96ff84cc025

    SHA1

    2c490928e0146f51d70a1cc1c3673fa3d3c4c00c

    SHA256

    5e26f16aa18a917e295003d191e0098a57aa4e5e47e7403e2a3663edd5465f3b

    SHA512

    ae5856e95bd154225a35e0315d90e6dd3aec3dc571da7cd7a9561b4262f8923db0719fabac53da68e5c845405fb6a8a1fb102bf67fd92798f2ce8feeb3325f28

  • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBalinese-Regular.ttf

    Filesize

    90KB

    MD5

    1972648e028a88d840dd8a08dd2c0d1b

    SHA1

    dd7b988ed08a429538aa5b38686ec57d04a21366

    SHA256

    5805934bdd7434202bd1bb550848f10600830f50bce2781b4b71040abd161592

    SHA512

    c64718226634b1b8f68303a328f9c3423e1ecbc853ad9647ce33daa4481505b6a8bdd2913541fcc3512459d021c971297ebf81b8bdf600839bbda6a932eee48f

  • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBamum-Regular.ttf

    Filesize

    144KB

    MD5

    5c9b904830f9e48ac73cb6d798524eed

    SHA1

    da3d2a3f73d09740e23f1d1fe6b2b8280000a564

    SHA256

    19e823b13687706c5c005c593de052fa7b85ac01efe6c1692ecc7a78aa3c90c8

    SHA512

    f2bcf047e3ad627b2a55ca6207677e562a8efbb8a9c4ae6744c112ab686171a7808b5a2a82004a02091fe9eeccf1bf78384f47825407e8c7d0e8e5c86511c4c9

  • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBassaVah-Regular.ttf

    Filesize

    7KB

    MD5

    95029680222453b5512e1d737d4630f9

    SHA1

    8c8f9dcc6f1b8a712ae306ff1cec8aaa9d67639c

    SHA256

    e3bc174b58be6d14efd921aedf305f4d09a427b66e40163c063c915769757345

    SHA512

    346086f3b8d39a52c8903b6e9f68f90f0a9e396c3682f32a094ac4111ec1727cf6ceb5aefd866de3405d69eeceaa78c2464ec5e143cb700dbace2124e2890db3

  • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBatak-Regular.ttf

    Filesize

    14KB

    MD5

    c16262c20b7604477c5c8d61722ba86b

    SHA1

    03526ec7f707de2104a0f5c581654a714c027179

    SHA256

    92e74db6565ec5fa4ac3d73418c0547ac0307900c93edb74e24a3f4b09e2116e

    SHA512

    a2c17b3ce5e0687793e0e65a95849b509650d30194f5d7e214e5cb493fd82d03503143fdeed70339d7da0d9159e123bf1bff7867eed995091f8d42c92254e879

  • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBengali-Regular.ttf

    Filesize

    197KB

    MD5

    4c558c48f33fa32f69d698280715ae9a

    SHA1

    9b48f6963da65cc68c1ff9c1ec79861b91b9ec90

    SHA256

    09f3eb0c3f5132fad997eec3eab8e479c47dd95f12baee8e43dfd064a9235a10

    SHA512

    c190ca08140714190d707d0250548e34b31ce2562fdd2cf063009114903a82de3a23546dddc9027314c3a04d3a254f3d9bebd11ca448b77cfeb167d3bc7814ac

  • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBuginese-Regular.ttf

    Filesize

    7KB

    MD5

    5d759e716119b5333619ae979037c962

    SHA1

    2ecedee889710a8bb206842f7786aaaa9c63bd41

    SHA256

    aebac71dd9027781266c254d4b8e019be0c117acf060a0555fed58b1716e0e28

    SHA512

    7a51d34f3c081cc3ec12c3472e6375a21219efa5d951337062187ca920aa58d9fa3c4b5e5c9636ae5840598f691b1995a6435f316cf444e862ba10d03ba3fb95

  • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBuhid-Regular.ttf

    Filesize

    11KB

    MD5

    c567292287cc184460c036423987a30b

    SHA1

    700c0da392da95accf34a3cec798ae8ea0c2bcc9

    SHA256

    e59eea608bfbac624403d2ad5f8c8874584caa934c790428f120e674863e27ea

    SHA512

    daf9c18e877cf6261f1ab482ec1c5b2806b888eebc63f7449a8432dfad38f2c09279606d8096a0bcda30f022dd2b6960254a44b5b062f3d3b2909406b851b9d5

  • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansCanadianAboriginal-Regular.ttf

    Filesize

    84KB

    MD5

    b7d7cf6c582e374043fc51c146b58e4a

    SHA1

    b541ba868fef516e9bd1bc07561ac07d17345750

    SHA256

    b2a411476a3f48fd4e62144f166ca67f723e4e354ae801d44723a4b43d704f9a

    SHA512

    6988498f4f16218b5ffc212222c8701cdc3ae15fbdbe5210fcadf8c9d4a4166520029fabfc2157a1e7424a238da70dbb8e18013900dd500b828ecb9c5fa05936

  • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansChakma-Regular.ttf

    Filesize

    58KB

    MD5

    a7618ca65037e473ea86436dd6923c30

    SHA1

    659ab91d5d23f5ceaf5d4efe775c4287aadb7121

    SHA256

    d2dfc4fcf762d88431a03b67d8c1890c57dbf1f730be9302c406a2542abbc43f

    SHA512

    d9287b42bf243eb1f1a840f0db3ed0f5ba664a183722189c42f2ecbc64dcac0413b1d9d3ace7de39c57516143c5fe2ebddc590edc9785c235376945c2b0e720f

  • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansCham-Regular.ttf

    Filesize

    29KB

    MD5

    949490a812074a2f4fde428695517c2a

    SHA1

    15710e2dcb23196aa42abab60d85c2451d21221b

    SHA256

    03604918831224d27161887ba0de3a2ccd84f43246dda2cad47695bc34473f80

    SHA512

    ac2cff4328bbb38043e3dc627382a158f31aa6e41d45221fa51de63d2f001045640b88c7ef41dcdcc23f4f83c5f1256404c5b9cdd3bcf4ccc679ce304df26fd9

  • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansCherokee-Regular.ttf

    Filesize

    92KB

    MD5

    8e6c3875a1e2dccf066926dd13809843

    SHA1

    4d2b4205de8b26af320fa6c19840211840b2edd4

    SHA256

    56dda8a7dc2cb7c18b9255a2afe140e5439c40cfe790ca1dd0aaafcb73d44ab9

    SHA512

    0719906d50d384c3e216b5adf0dc870fadfc5b68a0b8e2ddf4515d476ebf342b6c0395a7e2c26d1e49f7799077c1c9dd3abb12c0c38e95c8ccc4c66becd23ae3

  • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansCoptic-Regular.ttf

    Filesize

    43KB

    MD5

    5545d51e75aee81cef21d9f1dd0646a2

    SHA1

    3cad0fc90e0c4c2f3cbeacda893cee9ea1637f1d

    SHA256

    b59b415f67849af121bd9c86b4de37dcc0cb29496aed2057724ef55663d79eb4

    SHA512

    dafc0e7ed31c0e4d14e625ba32c1059527f1260e2e71359775ef36dd4dc2e1b828f62ba6ffbf8552e0f4b07c13a8248e65d5d51f18bb39e71842a32b1d2b7d64

  • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansDeseret-Regular.ttf

    Filesize

    19KB

    MD5

    d2e6cf8c6ad818d4952ca008bcaacde5

    SHA1

    b782e8f4a1bdd5d5ba0a08829f17a79b5934acb5

    SHA256

    ace7a1ff13dfe32d080ae603fc2fa60b51a0270896cad1dc067ae4d9fc8c9d2c

    SHA512

    5cd28ca489254dd711ed0134fc019422b5af7ea976aad094200bd266373eb01782e0a2f2b2b00817ba5f1a8f1d88b4928693f706800ab45f3d3d3ab417e42703

  • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansDevanagari-Regular.ttf

    Filesize

    223KB

    MD5

    d6a6b36f18594d6194e5dda27e126fdd

    SHA1

    9654c0fdfcc88057327f05d0a74caab3986b8cf3

    SHA256

    a0489982cdfa20a4ac46313862a362b6720c5c016253f5518b24293f97a46e52

    SHA512

    c141de23851e0838280aa32639b0f26f5220f5e687e5ffaddbd81a08c5d9046a313969731b7853d29f70426ffad1c28e4c84661985db70ac6a5b9eab1bc61d4d

  • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansElbasan-Regular.ttf

    Filesize

    18KB

    MD5

    4d9cd55b68b773b3018bc80382f1d3a8

    SHA1

    067dc3fadf220e2689e295a6396cdc3a9c5f5997

    SHA256

    e598c86537ad9c98c60e0a5135dfce5dadecddd42c9f6f1c8e938cf041fac079

    SHA512

    572a8f8375af6054b969f7c64512e4212a64b4e57cd75315c9585dd54649a5ea2c3a5b513fbd1208e11153a5bc73688e2cdb2d441c813d375bf86e503f2f4a54

  • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansEthiopic-Regular.ttf

    Filesize

    253KB

    MD5

    8c0ffa46f08e5aa602437f26ca217136

    SHA1

    07f91ef096e38ea01993c30e3a1f16a8b404d5c5

    SHA256

    269b3a54ab56f53e74741f6145d841441cdd97148f3c09377ee4babe472e49c1

    SHA512

    4057462f1271c1ae76880e67c4418947cad1d7bac18f380238d7df9317cdbf6ac8ba1616120caabce3eb2278e3083e854dbba3b524a243ca5cc1aff9ac4f6e97

  • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansGeorgian-Regular.ttf

    Filesize

    51KB

    MD5

    509480886bdfebb77cb0bfaa8a3c76d1

    SHA1

    bcd1c848cb6741b489b2fb225c713be506c34ada

    SHA256

    158eb18a45c3225c12efc4256690de4a51332c501f8a120000dc3ed99f13a21f

    SHA512

    f65890214f5024b6b1e234fce67893ca6e7fc469540a07dc87fbcd4d42868904997ce0812e33fd7c59c9865548c3cde74d0c3b5ba07309149c69333c2d0ed674

  • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansGrantha-Regular.ttf

    Filesize

    390KB

    MD5

    9cc119144f5378f53452a4ce723d3d76

    SHA1

    6a134404b18ef0cd9e8437768aca8f5b91acd56d

    SHA256

    00d8e1156f3ddb8b9af1e3dda3d5669f6a19d93c52ff51b1ea96e1d69dae1092

    SHA512

    e912237e2da0aa7bd1e97588469d20ba38c008afab874d61c2471bbe8924b576f9455433b8dfc47a46147a226102830496e566ffe2889190fb4d8175c9ec66f6

  • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansGujarati-Regular.ttf

    Filesize

    142KB

    MD5

    4c9bce771599f5d7c3bd649d1405ca78

    SHA1

    465fa9086420e505c56de92d5f7cd2a0b271397e

    SHA256

    badc8675e99fc00e66168dcabeed37fd73a50ba0985a1b1ae2481593d60a614a

    SHA512

    e8f82d3a812fed9c7569584f05424e34d3f616704da3659100d19084e752e1cf5b4a4f6b42b87519573de7be4f61f5c0b974b1a3b3ee9273f782298b3dfb529a

  • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansGunjalaGondi-Regular.ttf

    Filesize

    61KB

    MD5

    f208d1abe0404e8d8cb90cfc934dcac8

    SHA1

    7f56159205d455fdf8796ad58727764534c29104

    SHA256

    3152837f40966db22272aeaef1dc5f8f9c62a055e74296f03c80301aadd88663

    SHA512

    9b1b243eca5604f0ffb20af60287719b1203514a8f40f651ad36b21be50679f4f98430514b4ad3ee7552f29fb9b044c3d54d297a0af3533aab4bede61a2dfab5

  • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansGurmukhi-Regular.ttf

    Filesize

    51KB

    MD5

    e61b65e066991ed9c2b50f514f648149

    SHA1

    ca41464a4fd6a48bc2030a15a32fce72b6eb5369

    SHA256

    00f965d927714f56c08d083a57c325b6e4bb78ccd9953b582e9d24c3a5d50c75

    SHA512

    5f7ea4c75e010ba14912532e0ba08c76fbdb09a8b8b0874fe699befa1917773202a68f6dd4d14bb26a515bf10ed6aa167da750780b1d58a92e22408dc39cf48c

  • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansHanifiRohingya-Regular.ttf

    Filesize

    26KB

    MD5

    720b6871a1d8372a0f6dc6cdbd76c273

    SHA1

    a48a968e555606f13848c2f4c5461e54fd5699be

    SHA256

    cd43d9a2a62033dbf8351d1937c3e832443283cd5eefc92848b24c80d37b59fd

    SHA512

    b29bf891c20b146592d6a79ee801f1e82d94a8582a2995456b915d4e6b3a755a32b1c7562f992e7dc7df80c23528ae68250d70e03764bc37c454a011769c707a

  • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansHanunoo-Regular.ttf

    Filesize

    7KB

    MD5

    3dfe3ba52b3fc8ac9fad7a3e223cb30e

    SHA1

    d81d152020ed91aea31f8b417c2e2493c794d947

    SHA256

    8ca73679c887abe5644430de6ffb2196b2bfa1808d05af37078966b0e7a22b13

    SHA512

    bc2c0f46be0647957c5be8c3aaf6b6d75815e24026d4624d1ef2295d2dbce5494f7784f591d0bc9ff261d6495728aa53d0d0af8d3c406322ebf479e905e31f38

  • C:\Users\Admin\Desktop\Tor Browser\Browser\freebl3.dll

    Filesize

    741KB

    MD5

    afd88988e438b4dcbc5c33a29f85ae05

    SHA1

    042cd5d4b3ba44a8d22bdc525282bc3061cfd324

    SHA256

    f8f035f387349f6f99aad63fb9f2dfb6604eba5072dd751308114882285ae232

    SHA512

    e7908cf10a7a471de6955dead0cea9451b0c8ee0c55e8c87e0aac16202b1f8c332170869466b2018cbdb8c60c4434cad21fc51c87d9c9cfbf07cf424c72be90c

  • C:\Users\Admin\Desktop\Tor Browser\Browser\freebl3.dll

    Filesize

    741KB

    MD5

    afd88988e438b4dcbc5c33a29f85ae05

    SHA1

    042cd5d4b3ba44a8d22bdc525282bc3061cfd324

    SHA256

    f8f035f387349f6f99aad63fb9f2dfb6604eba5072dd751308114882285ae232

    SHA512

    e7908cf10a7a471de6955dead0cea9451b0c8ee0c55e8c87e0aac16202b1f8c332170869466b2018cbdb8c60c4434cad21fc51c87d9c9cfbf07cf424c72be90c

  • C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll

    Filesize

    44KB

    MD5

    56bacb7c9c7e2c192d10d9a6e7d06301

    SHA1

    f74dd2fde2ddeb6a60119f51ac019dab949316f3

    SHA256

    6d61c74cb6950b53a3b31b96d447a97226ee43d89eb252a4f55d04989f6f748d

    SHA512

    3e135bfccc3d26c27258fa1f9001d9bb5056855a3a9162fa407afb4910a0042beea5f160c4b38331f74c2bef21d19122ebc674fa9a4a25d9e6952743b2b3c790

  • C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll

    Filesize

    44KB

    MD5

    56bacb7c9c7e2c192d10d9a6e7d06301

    SHA1

    f74dd2fde2ddeb6a60119f51ac019dab949316f3

    SHA256

    6d61c74cb6950b53a3b31b96d447a97226ee43d89eb252a4f55d04989f6f748d

    SHA512

    3e135bfccc3d26c27258fa1f9001d9bb5056855a3a9162fa407afb4910a0042beea5f160c4b38331f74c2bef21d19122ebc674fa9a4a25d9e6952743b2b3c790

  • C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll

    Filesize

    44KB

    MD5

    56bacb7c9c7e2c192d10d9a6e7d06301

    SHA1

    f74dd2fde2ddeb6a60119f51ac019dab949316f3

    SHA256

    6d61c74cb6950b53a3b31b96d447a97226ee43d89eb252a4f55d04989f6f748d

    SHA512

    3e135bfccc3d26c27258fa1f9001d9bb5056855a3a9162fa407afb4910a0042beea5f160c4b38331f74c2bef21d19122ebc674fa9a4a25d9e6952743b2b3c790

  • C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll

    Filesize

    44KB

    MD5

    56bacb7c9c7e2c192d10d9a6e7d06301

    SHA1

    f74dd2fde2ddeb6a60119f51ac019dab949316f3

    SHA256

    6d61c74cb6950b53a3b31b96d447a97226ee43d89eb252a4f55d04989f6f748d

    SHA512

    3e135bfccc3d26c27258fa1f9001d9bb5056855a3a9162fa407afb4910a0042beea5f160c4b38331f74c2bef21d19122ebc674fa9a4a25d9e6952743b2b3c790

  • C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

    Filesize

    1.4MB

    MD5

    45515bde484d4bd8268b8d89b803a9a9

    SHA1

    f640d7c10529bde601f9586b68c1e1536bd67b80

    SHA256

    e8c1b0ae898a9c7cecb99cd6cf6c021c8938cc7e0980762b660e4c37d103b153

    SHA512

    ec08889d1a61b0892540d22d10d999cc76e468338b0aad2892c9c12defe2fb905ea2fb62bd998b0cbd125f471fbe6c42ad2a41ba2f710e7f603017ef67eb4aef

  • C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

    Filesize

    1.4MB

    MD5

    45515bde484d4bd8268b8d89b803a9a9

    SHA1

    f640d7c10529bde601f9586b68c1e1536bd67b80

    SHA256

    e8c1b0ae898a9c7cecb99cd6cf6c021c8938cc7e0980762b660e4c37d103b153

    SHA512

    ec08889d1a61b0892540d22d10d999cc76e468338b0aad2892c9c12defe2fb905ea2fb62bd998b0cbd125f471fbe6c42ad2a41ba2f710e7f603017ef67eb4aef

  • C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

    Filesize

    1.4MB

    MD5

    45515bde484d4bd8268b8d89b803a9a9

    SHA1

    f640d7c10529bde601f9586b68c1e1536bd67b80

    SHA256

    e8c1b0ae898a9c7cecb99cd6cf6c021c8938cc7e0980762b660e4c37d103b153

    SHA512

    ec08889d1a61b0892540d22d10d999cc76e468338b0aad2892c9c12defe2fb905ea2fb62bd998b0cbd125f471fbe6c42ad2a41ba2f710e7f603017ef67eb4aef

  • C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

    Filesize

    1.4MB

    MD5

    45515bde484d4bd8268b8d89b803a9a9

    SHA1

    f640d7c10529bde601f9586b68c1e1536bd67b80

    SHA256

    e8c1b0ae898a9c7cecb99cd6cf6c021c8938cc7e0980762b660e4c37d103b153

    SHA512

    ec08889d1a61b0892540d22d10d999cc76e468338b0aad2892c9c12defe2fb905ea2fb62bd998b0cbd125f471fbe6c42ad2a41ba2f710e7f603017ef67eb4aef

  • C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

    Filesize

    1.4MB

    MD5

    45515bde484d4bd8268b8d89b803a9a9

    SHA1

    f640d7c10529bde601f9586b68c1e1536bd67b80

    SHA256

    e8c1b0ae898a9c7cecb99cd6cf6c021c8938cc7e0980762b660e4c37d103b153

    SHA512

    ec08889d1a61b0892540d22d10d999cc76e468338b0aad2892c9c12defe2fb905ea2fb62bd998b0cbd125f471fbe6c42ad2a41ba2f710e7f603017ef67eb4aef

  • C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

    Filesize

    2.4MB

    MD5

    1acb968ea81d47093e96fcad856851e4

    SHA1

    efff62d4e1caad7a3089fffa12b98f0335868eda

    SHA256

    5b91a207c2a40c540eb0faef0fac3a435f6f51bbea71133b0118b621dec9b5cf

    SHA512

    e67af43cb652cc7202695d2ad197579f4f3a45b9ac50d62e053e610409c7822f5819f54f9842358200bd44e0f4f842a4d561385b3e9eabc0776092a0f5d45e60

  • C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

    Filesize

    2.4MB

    MD5

    1acb968ea81d47093e96fcad856851e4

    SHA1

    efff62d4e1caad7a3089fffa12b98f0335868eda

    SHA256

    5b91a207c2a40c540eb0faef0fac3a435f6f51bbea71133b0118b621dec9b5cf

    SHA512

    e67af43cb652cc7202695d2ad197579f4f3a45b9ac50d62e053e610409c7822f5819f54f9842358200bd44e0f4f842a4d561385b3e9eabc0776092a0f5d45e60

  • C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

    Filesize

    2.4MB

    MD5

    1acb968ea81d47093e96fcad856851e4

    SHA1

    efff62d4e1caad7a3089fffa12b98f0335868eda

    SHA256

    5b91a207c2a40c540eb0faef0fac3a435f6f51bbea71133b0118b621dec9b5cf

    SHA512

    e67af43cb652cc7202695d2ad197579f4f3a45b9ac50d62e053e610409c7822f5819f54f9842358200bd44e0f4f842a4d561385b3e9eabc0776092a0f5d45e60

  • C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

    Filesize

    2.4MB

    MD5

    1acb968ea81d47093e96fcad856851e4

    SHA1

    efff62d4e1caad7a3089fffa12b98f0335868eda

    SHA256

    5b91a207c2a40c540eb0faef0fac3a435f6f51bbea71133b0118b621dec9b5cf

    SHA512

    e67af43cb652cc7202695d2ad197579f4f3a45b9ac50d62e053e610409c7822f5819f54f9842358200bd44e0f4f842a4d561385b3e9eabc0776092a0f5d45e60

  • C:\Users\Admin\Desktop\Tor Browser\Browser\nssckbi.dll

    Filesize

    409KB

    MD5

    2a589523b7815744c695157123b3e4b8

    SHA1

    e147a1738f0083afa327692dc80b8f427f8dbc9f

    SHA256

    08071d5525220fc68822aa3f9f5b3cf5397635d0de6c881820afa0fe2cbd263c

    SHA512

    afadf76664edfce05e8dc5b82b0ed1c18d2856685aa8d547e63c6c11dfcdc95221a3482d3b823a83c22f64282b4ba503df839735a827471281f31de8d01e790b

  • C:\Users\Admin\Desktop\Tor Browser\Browser\omni.ja

    Filesize

    10.9MB

    MD5

    baf11c0496a0250d866d75925beceff5

    SHA1

    eb824b4925074dd0185de5f9cfd6ef3f7e9a004f

    SHA256

    108544d6941f945e39f26dcb33085e225b645bd3ab3d18d06a1b980e61a11302

    SHA512

    5a627a9763c335477e6da583e9d84947c0218a7bb7b9a88dc359754a3f82a6d031020dc458a87efdb9b7c9016fd9cc5635c368654dfbe81691df4068fdba5cf8

  • C:\Users\Admin\Desktop\Tor Browser\Browser\softokn3.dll

    Filesize

    291KB

    MD5

    16c0ee24a5b866f82c4f5fc8b6dae733

    SHA1

    02a965ec7cd6b1524f74f4a537f2dcf229018dd4

    SHA256

    d83a0afa0eb5c0125f39cbcf135d69c06e29ab31ee0a8a3f8f4ab41d905694ba

    SHA512

    d09d4ac6576d711e712a64f19a0298d28fe8651d81585d4049236aaee309621724c7a805d84dc2a4d2f14b9adbfd45ffffa4b40f9963bef38dba272a508fffde

  • C:\Users\Admin\Desktop\Tor Browser\Browser\softokn3.dll

    Filesize

    291KB

    MD5

    16c0ee24a5b866f82c4f5fc8b6dae733

    SHA1

    02a965ec7cd6b1524f74f4a537f2dcf229018dd4

    SHA256

    d83a0afa0eb5c0125f39cbcf135d69c06e29ab31ee0a8a3f8f4ab41d905694ba

    SHA512

    d09d4ac6576d711e712a64f19a0298d28fe8651d81585d4049236aaee309621724c7a805d84dc2a4d2f14b9adbfd45ffffa4b40f9963bef38dba272a508fffde

  • C:\Users\Admin\Desktop\Tor Browser\Browser\xul.dll

    Filesize

    130.7MB

    MD5

    7f14d3cdadf57a6790fab6b2628cd206

    SHA1

    77a94b690268c2259222b7f0b16b200cd739e260

    SHA256

    5991dad1a6e851d8ef26b5806a5963c4112377c778e7552ab8944556e224160f

    SHA512

    7c99b6bf1fd934713406e6074942d304821e33caaddafd33a1147908af97efabab696bdde9c5d30d8538fbecb87a82902ed1305a1384f087e94a1e7ad98a1c46

  • C:\Users\Admin\Desktop\Tor Browser\Browser\xul.dll

    Filesize

    130.7MB

    MD5

    7f14d3cdadf57a6790fab6b2628cd206

    SHA1

    77a94b690268c2259222b7f0b16b200cd739e260

    SHA256

    5991dad1a6e851d8ef26b5806a5963c4112377c778e7552ab8944556e224160f

    SHA512

    7c99b6bf1fd934713406e6074942d304821e33caaddafd33a1147908af97efabab696bdde9c5d30d8538fbecb87a82902ed1305a1384f087e94a1e7ad98a1c46

  • C:\Users\Admin\Desktop\Tor Browser\Browser\xul.dll

    Filesize

    130.7MB

    MD5

    7f14d3cdadf57a6790fab6b2628cd206

    SHA1

    77a94b690268c2259222b7f0b16b200cd739e260

    SHA256

    5991dad1a6e851d8ef26b5806a5963c4112377c778e7552ab8944556e224160f

    SHA512

    7c99b6bf1fd934713406e6074942d304821e33caaddafd33a1147908af97efabab696bdde9c5d30d8538fbecb87a82902ed1305a1384f087e94a1e7ad98a1c46

  • C:\Users\Admin\Desktop\Tor Browser\Browser\xul.dll

    Filesize

    130.7MB

    MD5

    7f14d3cdadf57a6790fab6b2628cd206

    SHA1

    77a94b690268c2259222b7f0b16b200cd739e260

    SHA256

    5991dad1a6e851d8ef26b5806a5963c4112377c778e7552ab8944556e224160f

    SHA512

    7c99b6bf1fd934713406e6074942d304821e33caaddafd33a1147908af97efabab696bdde9c5d30d8538fbecb87a82902ed1305a1384f087e94a1e7ad98a1c46

  • memory/1900-961-0x0000000000000000-mapping.dmp

  • memory/1908-745-0x0000000000000000-mapping.dmp

  • memory/2428-154-0x00007FFA46A30000-0x00007FFA47A30000-memory.dmp

    Filesize

    16.0MB

  • memory/2428-140-0x0000000000000000-mapping.dmp

  • memory/3780-751-0x0000000000000000-mapping.dmp

  • memory/3808-135-0x0000000000000000-mapping.dmp

  • memory/3836-786-0x0000000000000000-mapping.dmp

  • memory/3916-584-0x0000000000000000-mapping.dmp

  • memory/4592-628-0x0000000000000000-mapping.dmp