hxxps://www[.]torproject[.]org/

Analysis

max time kernel
1800s
max time network
1800s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06-02-2023 16:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.torproject.org/

Score

8^/10

evasion trojan

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

torbrowser-install-win64-12.0.2_ALL.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	torbrowser-install-win64-12.0.2_ALL.exe

Executes dropped EXE 39 IoCs

Processes:

torbrowser-install-win64-12.0.2_ALL.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exetor.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exetor.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exe

pid	process
3900	torbrowser-install-win64-12.0.2_ALL.exe
6048	firefox.exe
6084	firefox.exe
1692	firefox.exe
5572	firefox.exe
5384	firefox.exe
5228	firefox.exe
6004	firefox.exe
6128	firefox.exe
5188	firefox.exe
5284	firefox.exe
3288	firefox.exe
2880	firefox.exe
1400	firefox.exe
5292	tor.exe
5104	firefox.exe
5504	firefox.exe
5596	firefox.exe
4028	firefox.exe
5060	firefox.exe
408	firefox.exe
1556	firefox.exe
5736	firefox.exe
5464	firefox.exe
6080	firefox.exe
2912	firefox.exe
5636	tor.exe
1776	firefox.exe
5304	firefox.exe
4664	firefox.exe
3904	firefox.exe
2128	firefox.exe
1404	firefox.exe
5260	firefox.exe
4992	firefox.exe
796	firefox.exe
5708	firefox.exe
3720	firefox.exe
2740	firefox.exe

Loads dropped DLL 64 IoCs

Processes:

torbrowser-install-win64-12.0.2_ALL.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exe

pid	process
3900	torbrowser-install-win64-12.0.2_ALL.exe
3900	torbrowser-install-win64-12.0.2_ALL.exe
3900	torbrowser-install-win64-12.0.2_ALL.exe
6048	firefox.exe
6084	firefox.exe
6084	firefox.exe
6084	firefox.exe
6084	firefox.exe
6084	firefox.exe
6084	firefox.exe
6084	firefox.exe
6084	firefox.exe
1692	firefox.exe
5572	firefox.exe
5572	firefox.exe
5572	firefox.exe
5572	firefox.exe
5572	firefox.exe
5572	firefox.exe
5572	firefox.exe
5572	firefox.exe
5384	firefox.exe
5384	firefox.exe
5384	firefox.exe
5384	firefox.exe
6084	firefox.exe
6084	firefox.exe
6084	firefox.exe
5228	firefox.exe
5228	firefox.exe
5228	firefox.exe
5228	firefox.exe
5228	firefox.exe
5228	firefox.exe
5228	firefox.exe
6004	firefox.exe
6004	firefox.exe
6004	firefox.exe
6004	firefox.exe
6004	firefox.exe
6004	firefox.exe
6004	firefox.exe
6128	firefox.exe
6128	firefox.exe
6128	firefox.exe
6128	firefox.exe
5188	firefox.exe
5188	firefox.exe
5188	firefox.exe
5188	firefox.exe
5284	firefox.exe
5284	firefox.exe
5284	firefox.exe
5284	firefox.exe
3288	firefox.exe
3288	firefox.exe
3288	firefox.exe
3288	firefox.exe
5284	firefox.exe
5284	firefox.exe
5188	firefox.exe
5188	firefox.exe
2880	firefox.exe
2880	firefox.exe

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 23 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exefirefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 3 IoCs

Processes:

firefox.exetorbrowser-install-win64-12.0.2_ALL.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	torbrowser-install-win64-12.0.2_ALL.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

Processes:

firefox.exe

description ioc process

File created C:\Users\Admin\Downloads\torbrowser-install-win64-12.0.2_ALL.exe:Zone.Identifier firefox.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

firefox.exe

pid process

5572 firefox.exe
5572 firefox.exe
5572 firefox.exe
5572 firefox.exe
5572 firefox.exe
5572 firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\torbrowser-install-win64-12.0.2_ALL.exe:Zone.Identifier	firefox.exe

pid	process
5572	firefox.exe
5572	firefox.exe
5572	firefox.exe
5572	firefox.exe
5572	firefox.exe
5572	firefox.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes:

firefox.exefirefox.exefirefox.exe

description	pid	process
Token: SeDebugPrivilege	2648	firefox.exe
Token: SeDebugPrivilege	2648	firefox.exe
Token: SeDebugPrivilege	2648	firefox.exe
Token: SeDebugPrivilege	2648	firefox.exe
Token: SeDebugPrivilege	6084	firefox.exe
Token: SeDebugPrivilege	6084	firefox.exe
Token: SeDebugPrivilege	5060	firefox.exe
Token: SeDebugPrivilege	5060	firefox.exe

Suspicious use of FindShellTrayWindow 13 IoCs

Processes:

firefox.exefirefox.exefirefox.exe

pid	process
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
6084	firefox.exe
5060	firefox.exe
5060	firefox.exe
5060	firefox.exe

Suspicious use of SendNotifyMessage 10 IoCs

Processes:

firefox.exefirefox.exe

pid	process
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
5060	firefox.exe
5060	firefox.exe

Suspicious use of SetWindowsHookEx 61 IoCs

Processes:

firefox.exefirefox.exefirefox.exefirefox.exe

pid	process
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
2648	firefox.exe
5572	firefox.exe
6084	firefox.exe
5060	firefox.exe
5060	firefox.exe
5060	firefox.exe
5060	firefox.exe
5060	firefox.exe
5060	firefox.exe
5060	firefox.exe
5060	firefox.exe
5060	firefox.exe
5060	firefox.exe
5060	firefox.exe
5060	firefox.exe
5060	firefox.exe
5060	firefox.exe
5060	firefox.exe
5060	firefox.exe
5060	firefox.exe
5060	firefox.exe
5060	firefox.exe
5060	firefox.exe
5060	firefox.exe
5060	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exefirefox.exe

description	pid	process	target process
PID 1540 wrote to memory of 2648	1540	firefox.exe	firefox.exe
PID 1540 wrote to memory of 2648	1540	firefox.exe	firefox.exe
PID 1540 wrote to memory of 2648	1540	firefox.exe	firefox.exe
PID 1540 wrote to memory of 2648	1540	firefox.exe	firefox.exe
PID 1540 wrote to memory of 2648	1540	firefox.exe	firefox.exe
PID 1540 wrote to memory of 2648	1540	firefox.exe	firefox.exe
PID 1540 wrote to memory of 2648	1540	firefox.exe	firefox.exe
PID 1540 wrote to memory of 2648	1540	firefox.exe	firefox.exe
PID 1540 wrote to memory of 2648	1540	firefox.exe	firefox.exe
PID 1448 wrote to memory of 4896	1448	firefox.exe	firefox.exe
PID 1448 wrote to memory of 4896	1448	firefox.exe	firefox.exe
PID 1448 wrote to memory of 4896	1448	firefox.exe	firefox.exe
PID 1448 wrote to memory of 4896	1448	firefox.exe	firefox.exe
PID 1448 wrote to memory of 4896	1448	firefox.exe	firefox.exe
PID 1448 wrote to memory of 4896	1448	firefox.exe	firefox.exe
PID 1448 wrote to memory of 4896	1448	firefox.exe	firefox.exe
PID 1448 wrote to memory of 4896	1448	firefox.exe	firefox.exe
PID 1448 wrote to memory of 4896	1448	firefox.exe	firefox.exe
PID 2648 wrote to memory of 1804	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 1804	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 3880	2648	firefox.exe	firefox.exe
PID 2648 wrote to memory of 1980	2648	firefox.exe	firefox.exe

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.torproject.org/
1⤵
- Suspicious use of WriteProcessMemory
PID:1540

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.torproject.org/
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2648

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2648.0.730429111\939021266" -parentBuildID 20200403170909 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 1 -prefMapSize 220117 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2648 "\\.\pipe\gecko-crash-server-pipe.2648" 1800 gpu
3⤵
PID:1804

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2648.3.1795400588\1574677173" -childID 1 -isForBrowser -prefsHandle 2424 -prefMapHandle 2416 -prefsLen 112 -prefMapSize 220117 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2648 "\\.\pipe\gecko-crash-server-pipe.2648" 2404 tab
3⤵
PID:3880

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2648.13.1893609140\129630964" -childID 2 -isForBrowser -prefsHandle 3652 -prefMapHandle 3648 -prefsLen 6894 -prefMapSize 220117 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2648 "\\.\pipe\gecko-crash-server-pipe.2648" 3664 tab
3⤵
PID:1980

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1448

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
PID:4896

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3824

C:\Users\Admin\Downloads\torbrowser-install-win64-12.0.2_ALL.exe
"C:\Users\Admin\Downloads\torbrowser-install-win64-12.0.2_ALL.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:3900

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6048

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:6084

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="6084.0.1809960850\478771777" -parentBuildID 20230702030101 -prefsHandle 1728 -prefMapHandle 1732 -prefsLen 22722 -prefMapSize 228120 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 6084 socket
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6004

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="6084.1.157141153\1298110143" -parentBuildID 20230702030101 -prefsHandle 2020 -prefMapHandle 2016 -prefsLen 23140 -prefMapSize 228120 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 6084 gpu
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6128

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="6084.2.112790782\2054153544" -childID 1 -isForBrowser -prefsHandle 2816 -prefMapHandle 2808 -prefsLen 24547 -prefMapSize 228120 -jsInitHandle 1244 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 6084 tab
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5188

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="6084.3.2013667600\1728289318" -childID 2 -isForBrowser -prefsHandle 2676 -prefMapHandle 3164 -prefsLen 25599 -prefMapSize 228120 -jsInitHandle 1244 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 6084 tab
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5284

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="6084.4.116675243\452490415" -childID 3 -isForBrowser -prefsHandle 3308 -prefMapHandle 3284 -prefsLen 25676 -prefMapSize 228120 -jsInitHandle 1244 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 6084 tab
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3288

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="6084.5.467442155\1520967582" -parentBuildID 20230702030101 -prefsHandle 3536 -prefMapHandle 3112 -prefsLen 26638 -prefMapSize 228120 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 6084 socket
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2880

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="6084.6.16708739\506122772" -parentBuildID 20230702030101 -prefsHandle 3108 -prefMapHandle 2964 -prefsLen 26732 -prefMapSize 228120 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 6084 rdd
4⤵
- Executes dropped EXE
PID:1400

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" HashedControlPassword 16:cc56996b797fb40d604f4ac1abc586b36a9c910eb505690a745722af73 +__ControlPort 9151 +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 6084 DisableNetwork 1
4⤵
- Executes dropped EXE
PID:5292

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="6084.7.146711757\2041726207" -childID 4 -isForBrowser -prefsHandle 2752 -prefMapHandle 3452 -prefsLen 28776 -prefMapSize 228120 -jsInitHandle 1244 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 6084 tab
4⤵
- Executes dropped EXE
PID:5104

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="6084.8.679332593\1042624396" -childID 5 -isForBrowser -prefsHandle 3628 -prefMapHandle 3624 -prefsLen 28776 -prefMapSize 228120 -jsInitHandle 1244 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 6084 tab
4⤵
- Executes dropped EXE
PID:5504

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="6084.9.1321804764\659820316" -childID 6 -isForBrowser -prefsHandle 4196 -prefMapHandle 4192 -prefsLen 28776 -prefMapSize 228120 -jsInitHandle 1244 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 6084 tab
4⤵
- Executes dropped EXE
PID:5596

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1692

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5572

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5572.0.545495042\1684175219" -parentBuildID 20230702030101 -prefsHandle 1540 -prefMapHandle 1532 -prefsLen 22300 -prefMapSize 228100 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 5572 gpu
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5384

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5572.1.264255816\883042879" -parentBuildID 20230702030101 -prefsHandle 1764 -prefMapHandle 1760 -prefsLen 22300 -prefMapSize 228100 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 5572 socket
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5228

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
3⤵
- Executes dropped EXE
PID:4028

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
4⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5060

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5060.0.1972680565\153208541" -parentBuildID 20230702030101 -prefsHandle 1664 -prefMapHandle 1648 -prefsLen 25637 -prefMapSize 229512 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 5060 gpu
5⤵
- Executes dropped EXE
PID:408

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5060.1.1584680526\1540163494" -parentBuildID 20230702030101 -prefsHandle 1952 -prefMapHandle 1948 -prefsLen 25725 -prefMapSize 229512 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 5060 socket
5⤵
- Executes dropped EXE
PID:1556

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5060.2.1208493403\824502956" -childID 1 -isForBrowser -prefsHandle 2424 -prefMapHandle 2728 -prefsLen 25763 -prefMapSize 229512 -jsInitHandle 1280 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 5060 tab
5⤵
- Executes dropped EXE
PID:5736

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5060.3.844070817\1631054329" -childID 2 -isForBrowser -prefsHandle 2336 -prefMapHandle 2520 -prefsLen 25991 -prefMapSize 229512 -jsInitHandle 1280 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 5060 tab
5⤵
- Executes dropped EXE
PID:5464

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5060.4.1906666918\2067829941" -childID 3 -isForBrowser -prefsHandle 2564 -prefMapHandle 2632 -prefsLen 26809 -prefMapSize 229512 -jsInitHandle 1280 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 5060 tab
5⤵
- Executes dropped EXE
PID:6080

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5060.5.1709767745\1670592825" -childID 4 -isForBrowser -prefsHandle 3388 -prefMapHandle 2956 -prefsLen 26809 -prefMapSize 229512 -jsInitHandle 1280 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 5060 tab
5⤵
- Executes dropped EXE
PID:2912

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5060.6.718046141\350931312" -childID 5 -isForBrowser -prefsHandle 3684 -prefMapHandle 3692 -prefsLen 27354 -prefMapSize 229512 -jsInitHandle 1280 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 5060 tab
5⤵
- Executes dropped EXE
PID:1776

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" HashedControlPassword 16:0daa0d08b223cbe86009ad7a3f306c846972d73ed470c626551de83ad2 +__ControlPort 9151 +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 5060 DisableNetwork 1
5⤵
- Executes dropped EXE
PID:5636

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5060.7.1365760256\1661761899" -childID 6 -isForBrowser -prefsHandle 3820 -prefMapHandle 3900 -prefsLen 27455 -prefMapSize 229512 -jsInitHandle 1280 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 5060 tab
5⤵
- Executes dropped EXE
PID:5304

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5060.8.1400576816\1011937575" -childID 7 -isForBrowser -prefsHandle 3436 -prefMapHandle 3536 -prefsLen 27534 -prefMapSize 229512 -jsInitHandle 1280 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 5060 tab
5⤵
- Executes dropped EXE
PID:4664

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5060.9.368847330\886326455" -childID 8 -isForBrowser -prefsHandle 3032 -prefMapHandle 4700 -prefsLen 27718 -prefMapSize 229512 -jsInitHandle 1280 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 5060 tab
5⤵
- Executes dropped EXE
PID:3904

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5060.10.1596342833\629031579" -childID 9 -isForBrowser -prefsHandle 3164 -prefMapHandle 2712 -prefsLen 27727 -prefMapSize 229512 -jsInitHandle 1280 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 5060 tab
5⤵
- Executes dropped EXE
PID:2128

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5060.11.1117526902\1204813368" -childID 10 -isForBrowser -prefsHandle 4428 -prefMapHandle 4828 -prefsLen 27727 -prefMapSize 229512 -jsInitHandle 1280 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 5060 tab
5⤵
- Executes dropped EXE
PID:1404

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5060.12.157246799\1492836258" -childID 11 -isForBrowser -prefsHandle 3480 -prefMapHandle 3472 -prefsLen 27727 -prefMapSize 229512 -jsInitHandle 1280 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 5060 tab
5⤵
- Executes dropped EXE
PID:5260

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5060.13.1071810298\1241232374" -childID 12 -isForBrowser -prefsHandle 4688 -prefMapHandle 3780 -prefsLen 27727 -prefMapSize 229512 -jsInitHandle 1280 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 5060 tab
5⤵
- Executes dropped EXE
PID:4992

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5060.14.2035970651\1196938109" -childID 13 -isForBrowser -prefsHandle 4696 -prefMapHandle 4668 -prefsLen 27727 -prefMapSize 229512 -jsInitHandle 1280 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 5060 tab
5⤵
- Executes dropped EXE
PID:796

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5060.15.1433089582\2003149269" -childID 14 -isForBrowser -prefsHandle 3680 -prefMapHandle 3504 -prefsLen 27727 -prefMapSize 229512 -jsInitHandle 1280 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 5060 tab
5⤵
- Executes dropped EXE
PID:5708

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5060.16.1777057058\806449673" -childID 15 -isForBrowser -prefsHandle 4200 -prefMapHandle 4848 -prefsLen 29183 -prefMapSize 229512 -jsInitHandle 1280 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 5060 tab
5⤵
- Executes dropped EXE
PID:3720

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5060.17.2136618656\835144993" -childID 16 -isForBrowser -prefsHandle 4568 -prefMapHandle 3480 -prefsLen 29201 -prefMapSize 229512 -jsInitHandle 1280 -jsInitLen 277276 -a11yResourceId 64 -parentBuildID 20230702030101 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 5060 tab
5⤵
- Executes dropped EXE
PID:2740

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsf79E5.tmp\LangDLL.dll
Filesize
8KB

MD5
a342d5a613dcf7e57e1f1a1bd4dda897

SHA1
5448bacb7ae79fc1a35624efd130be31ad914ed9

SHA256
58d4aec72eed0f5bfc6d0a292903a4019f406c00f5017ec29831ae35b108a72d

SHA512
5c9d3976cda336f59720584b2e5ade882a956485033ad14ce2038b04388f19daf2a379ef537ee327d36ddc24984d6fc3be4d51f75f73fcb62c1f214561c45b2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf79E5.tmp\System.dll
Filesize
25KB

MD5
a6797f5ba3cc8c13da1c4c374bee9788

SHA1
6e085737a7daf91a2536ae38356bb1786e310469

SHA256
0182ffbba0cc909677cdd00654feae5e35ee047e7c7b094f3b5b320cbed21aaa

SHA512
da5f8eb85faafb26674e31bdfa2c5d8f2e83fef5f4bf1a14aede4fe36305cdd39c0394df65967f85d33fba91a9c083f1c12145bc7a1b4310e89adf93e366ac1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf79E5.tmp\nsDialogs.dll
Filesize
14KB

MD5
7e1708ebf215276eca7284f19ef12c06

SHA1
d9e10da2c0cee2ed5f05ceb550c00a8bdc56518c

SHA256
4401d9c3cadb5845e0e899e3f7ef325e2f02cd83a982331acef193fed20ab7e5

SHA512
4e7aa02cee85184a8362f2f52d926de318a3c2cf3b8beaed47a1c0f975c5970b9f922996ca584d450c6b165654f2901c4c3615c2e317c3cf0ccfe007e686a262

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profiles.ini
Filesize
103B

MD5
5b0cb2afa381416690d2b48a5534fe41

SHA1
5c7d290a828ca789ea3cf496e563324133d95e06

SHA256
11dedeb495c4c00ad4ef2ecacbd58918d1c7910f572bbbc87397788bafca265c

SHA512
0e8aafd992d53b2318765052bf3fbd5f21355ae0cbda0d82558ecbb6304136f379bb869c2f9a863496c5d0c11703dbd24041af86131d32af71f276df7c5a740e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\browser\omni.ja
Filesize
25.0MB

MD5
eb5e3f3783814728aa6d42988af771bd

SHA1
d045ca0b9bc07924ea64c45bfbd9fc2ecc221e06

SHA256
aacee509657fbc75e247e431d29f305154b27b8e9d579a3d9467f2f328c2ca95

SHA512
0c813226276347d1bd56b3954ee6eef67d956d9f15443e2003c2fa5bb9f697876cb064bc0d22d134f1c87628aa6bafc11b357ad87854fcee7b8d8faaa90e7e83

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\defaults\pref\channel-prefs.js
Filesize
429B

MD5
3d84d108d421f30fb3c5ef2536d2a3eb

SHA1
0f3b02737462227a9b9e471f075357c9112f0a68

SHA256
7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b

SHA512
76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\dependentlibs.list
Filesize
42B

MD5
70b1d09d91bc834e84a48a259f7c1ee9

SHA1
592ddaec59f760c0afe677ad3001f4b1a85bb3c0

SHA256
2b157d7ff7505d10cb5c3a7de9ba14a6832d1f5bfdbfe4fff981b5db394db6ce

SHA512
b37be03d875aa75df5a525f068ed6cf43970d38088d7d28ae100a51e2baa55c2ad5180be0beda2300406db0bdea231dde1d3394ee1c466c0230253edfe6aa6e4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
Filesize
1.7MB

MD5
39db93ecd93fd26f92162d55262bcb1d

SHA1
25f34dde9bf0cc5c89a1cf1d296d54ef3f88b0ca

SHA256
fc610ae2891459d8c831ce309e2484d397063b18a89c98d7414645cf5ec070cb

SHA512
46ac1c9dda14edb6af31fdcda4df845172be87e98445fa201febeb4bf5657f431f820870c77d364f3337e7b1530b8d852371ed4bfaaa108da29c9dcaf6681cf5

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
Filesize
1.7MB

MD5
39db93ecd93fd26f92162d55262bcb1d

SHA1
25f34dde9bf0cc5c89a1cf1d296d54ef3f88b0ca

SHA256
fc610ae2891459d8c831ce309e2484d397063b18a89c98d7414645cf5ec070cb

SHA512
46ac1c9dda14edb6af31fdcda4df845172be87e98445fa201febeb4bf5657f431f820870c77d364f3337e7b1530b8d852371ed4bfaaa108da29c9dcaf6681cf5

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
Filesize
1.7MB

MD5
39db93ecd93fd26f92162d55262bcb1d

SHA1
25f34dde9bf0cc5c89a1cf1d296d54ef3f88b0ca

SHA256
fc610ae2891459d8c831ce309e2484d397063b18a89c98d7414645cf5ec070cb

SHA512
46ac1c9dda14edb6af31fdcda4df845172be87e98445fa201febeb4bf5657f431f820870c77d364f3337e7b1530b8d852371ed4bfaaa108da29c9dcaf6681cf5

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
Filesize
1.7MB

MD5
39db93ecd93fd26f92162d55262bcb1d

SHA1
25f34dde9bf0cc5c89a1cf1d296d54ef3f88b0ca

SHA256
fc610ae2891459d8c831ce309e2484d397063b18a89c98d7414645cf5ec070cb

SHA512
46ac1c9dda14edb6af31fdcda4df845172be87e98445fa201febeb4bf5657f431f820870c77d364f3337e7b1530b8d852371ed4bfaaa108da29c9dcaf6681cf5

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
Filesize
1.7MB

MD5
39db93ecd93fd26f92162d55262bcb1d

SHA1
25f34dde9bf0cc5c89a1cf1d296d54ef3f88b0ca

SHA256
fc610ae2891459d8c831ce309e2484d397063b18a89c98d7414645cf5ec070cb

SHA512
46ac1c9dda14edb6af31fdcda4df845172be87e98445fa201febeb4bf5657f431f820870c77d364f3337e7b1530b8d852371ed4bfaaa108da29c9dcaf6681cf5

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
Filesize
1.7MB

MD5
39db93ecd93fd26f92162d55262bcb1d

SHA1
25f34dde9bf0cc5c89a1cf1d296d54ef3f88b0ca

SHA256
fc610ae2891459d8c831ce309e2484d397063b18a89c98d7414645cf5ec070cb

SHA512
46ac1c9dda14edb6af31fdcda4df845172be87e98445fa201febeb4bf5657f431f820870c77d364f3337e7b1530b8d852371ed4bfaaa108da29c9dcaf6681cf5

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoNaskhArabic-Regular.ttf
Filesize
129KB

MD5
a3f90fbb7ccd51b7d721b536bd00d86b

SHA1
4594c8edca930fe352d84559368faa3daeccf07c

SHA256
c07c44b165c07288c8bb30b0e05f4cf68bef3f52f394c30873f0e731b0698f21

SHA512
6d826d3b5a54b45fd1e2753b381a18ffc533d24b7d386c119f29cc0165aabb7fd44cb7b8f2316f755ddb8fd32e665edea255f0020882861b2e7548928a5ab36e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSans-Regular.ttf
Filesize
340KB

MD5
0e98433b1317e0b8fae6b9fd2010201f

SHA1
2ad9d8df92f70ef19f4285ea0dabb74463c6e092

SHA256
dac8e68fe43fca59d522fa5f763322cfb4a919c28957656c58e7836d915307d0

SHA512
3fce0f137a92f29a63b1b26cf013110b737fad4215b33d261f6860ae75c29bd4b3114d6137a5c6e91a7cdaf7d1bb14fd73a59dbbd96d7f0c29b71a715e4991ce

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansAdlam-Regular.ttf
Filesize
59KB

MD5
c0fc19ba888e68d9fd93b96ff84cc025

SHA1
2c490928e0146f51d70a1cc1c3673fa3d3c4c00c

SHA256
5e26f16aa18a917e295003d191e0098a57aa4e5e47e7403e2a3663edd5465f3b

SHA512
ae5856e95bd154225a35e0315d90e6dd3aec3dc571da7cd7a9561b4262f8923db0719fabac53da68e5c845405fb6a8a1fb102bf67fd92798f2ce8feeb3325f28

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBalinese-Regular.ttf
Filesize
90KB

MD5
1972648e028a88d840dd8a08dd2c0d1b

SHA1
dd7b988ed08a429538aa5b38686ec57d04a21366

SHA256
5805934bdd7434202bd1bb550848f10600830f50bce2781b4b71040abd161592

SHA512
c64718226634b1b8f68303a328f9c3423e1ecbc853ad9647ce33daa4481505b6a8bdd2913541fcc3512459d021c971297ebf81b8bdf600839bbda6a932eee48f

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBamum-Regular.ttf
Filesize
144KB

MD5
5c9b904830f9e48ac73cb6d798524eed

SHA1
da3d2a3f73d09740e23f1d1fe6b2b8280000a564

SHA256
19e823b13687706c5c005c593de052fa7b85ac01efe6c1692ecc7a78aa3c90c8

SHA512
f2bcf047e3ad627b2a55ca6207677e562a8efbb8a9c4ae6744c112ab686171a7808b5a2a82004a02091fe9eeccf1bf78384f47825407e8c7d0e8e5c86511c4c9

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBassaVah-Regular.ttf
Filesize
7KB

MD5
95029680222453b5512e1d737d4630f9

SHA1
8c8f9dcc6f1b8a712ae306ff1cec8aaa9d67639c

SHA256
e3bc174b58be6d14efd921aedf305f4d09a427b66e40163c063c915769757345

SHA512
346086f3b8d39a52c8903b6e9f68f90f0a9e396c3682f32a094ac4111ec1727cf6ceb5aefd866de3405d69eeceaa78c2464ec5e143cb700dbace2124e2890db3

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBatak-Regular.ttf
Filesize
14KB

MD5
c16262c20b7604477c5c8d61722ba86b

SHA1
03526ec7f707de2104a0f5c581654a714c027179

SHA256
92e74db6565ec5fa4ac3d73418c0547ac0307900c93edb74e24a3f4b09e2116e

SHA512
a2c17b3ce5e0687793e0e65a95849b509650d30194f5d7e214e5cb493fd82d03503143fdeed70339d7da0d9159e123bf1bff7867eed995091f8d42c92254e879

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBengali-Regular.ttf
Filesize
197KB

MD5
4c558c48f33fa32f69d698280715ae9a

SHA1
9b48f6963da65cc68c1ff9c1ec79861b91b9ec90

SHA256
09f3eb0c3f5132fad997eec3eab8e479c47dd95f12baee8e43dfd064a9235a10

SHA512
c190ca08140714190d707d0250548e34b31ce2562fdd2cf063009114903a82de3a23546dddc9027314c3a04d3a254f3d9bebd11ca448b77cfeb167d3bc7814ac

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBuginese-Regular.ttf
Filesize
7KB

MD5
5d759e716119b5333619ae979037c962

SHA1
2ecedee889710a8bb206842f7786aaaa9c63bd41

SHA256
aebac71dd9027781266c254d4b8e019be0c117acf060a0555fed58b1716e0e28

SHA512
7a51d34f3c081cc3ec12c3472e6375a21219efa5d951337062187ca920aa58d9fa3c4b5e5c9636ae5840598f691b1995a6435f316cf444e862ba10d03ba3fb95

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBuhid-Regular.ttf
Filesize
11KB

MD5
c567292287cc184460c036423987a30b

SHA1
700c0da392da95accf34a3cec798ae8ea0c2bcc9

SHA256
e59eea608bfbac624403d2ad5f8c8874584caa934c790428f120e674863e27ea

SHA512
daf9c18e877cf6261f1ab482ec1c5b2806b888eebc63f7449a8432dfad38f2c09279606d8096a0bcda30f022dd2b6960254a44b5b062f3d3b2909406b851b9d5

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansCanadianAboriginal-Regular.ttf
Filesize
84KB

MD5
b7d7cf6c582e374043fc51c146b58e4a

SHA1
b541ba868fef516e9bd1bc07561ac07d17345750

SHA256
b2a411476a3f48fd4e62144f166ca67f723e4e354ae801d44723a4b43d704f9a

SHA512
6988498f4f16218b5ffc212222c8701cdc3ae15fbdbe5210fcadf8c9d4a4166520029fabfc2157a1e7424a238da70dbb8e18013900dd500b828ecb9c5fa05936

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansChakma-Regular.ttf
Filesize
58KB

MD5
a7618ca65037e473ea86436dd6923c30

SHA1
659ab91d5d23f5ceaf5d4efe775c4287aadb7121

SHA256
d2dfc4fcf762d88431a03b67d8c1890c57dbf1f730be9302c406a2542abbc43f

SHA512
d9287b42bf243eb1f1a840f0db3ed0f5ba664a183722189c42f2ecbc64dcac0413b1d9d3ace7de39c57516143c5fe2ebddc590edc9785c235376945c2b0e720f

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansCham-Regular.ttf
Filesize
29KB

MD5
949490a812074a2f4fde428695517c2a

SHA1
15710e2dcb23196aa42abab60d85c2451d21221b

SHA256
03604918831224d27161887ba0de3a2ccd84f43246dda2cad47695bc34473f80

SHA512
ac2cff4328bbb38043e3dc627382a158f31aa6e41d45221fa51de63d2f001045640b88c7ef41dcdcc23f4f83c5f1256404c5b9cdd3bcf4ccc679ce304df26fd9

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansCherokee-Regular.ttf
Filesize
92KB

MD5
8e6c3875a1e2dccf066926dd13809843

SHA1
4d2b4205de8b26af320fa6c19840211840b2edd4

SHA256
56dda8a7dc2cb7c18b9255a2afe140e5439c40cfe790ca1dd0aaafcb73d44ab9

SHA512
0719906d50d384c3e216b5adf0dc870fadfc5b68a0b8e2ddf4515d476ebf342b6c0395a7e2c26d1e49f7799077c1c9dd3abb12c0c38e95c8ccc4c66becd23ae3

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansCoptic-Regular.ttf
Filesize
43KB

MD5
5545d51e75aee81cef21d9f1dd0646a2

SHA1
3cad0fc90e0c4c2f3cbeacda893cee9ea1637f1d

SHA256
b59b415f67849af121bd9c86b4de37dcc0cb29496aed2057724ef55663d79eb4

SHA512
dafc0e7ed31c0e4d14e625ba32c1059527f1260e2e71359775ef36dd4dc2e1b828f62ba6ffbf8552e0f4b07c13a8248e65d5d51f18bb39e71842a32b1d2b7d64

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansDeseret-Regular.ttf
Filesize
19KB

MD5
d2e6cf8c6ad818d4952ca008bcaacde5

SHA1
b782e8f4a1bdd5d5ba0a08829f17a79b5934acb5

SHA256
ace7a1ff13dfe32d080ae603fc2fa60b51a0270896cad1dc067ae4d9fc8c9d2c

SHA512
5cd28ca489254dd711ed0134fc019422b5af7ea976aad094200bd266373eb01782e0a2f2b2b00817ba5f1a8f1d88b4928693f706800ab45f3d3d3ab417e42703

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansDevanagari-Regular.ttf
Filesize
223KB

MD5
d6a6b36f18594d6194e5dda27e126fdd

SHA1
9654c0fdfcc88057327f05d0a74caab3986b8cf3

SHA256
a0489982cdfa20a4ac46313862a362b6720c5c016253f5518b24293f97a46e52

SHA512
c141de23851e0838280aa32639b0f26f5220f5e687e5ffaddbd81a08c5d9046a313969731b7853d29f70426ffad1c28e4c84661985db70ac6a5b9eab1bc61d4d

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansElbasan-Regular.ttf
Filesize
18KB

MD5
4d9cd55b68b773b3018bc80382f1d3a8

SHA1
067dc3fadf220e2689e295a6396cdc3a9c5f5997

SHA256
e598c86537ad9c98c60e0a5135dfce5dadecddd42c9f6f1c8e938cf041fac079

SHA512
572a8f8375af6054b969f7c64512e4212a64b4e57cd75315c9585dd54649a5ea2c3a5b513fbd1208e11153a5bc73688e2cdb2d441c813d375bf86e503f2f4a54

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansEthiopic-Regular.ttf
Filesize
253KB

MD5
8c0ffa46f08e5aa602437f26ca217136

SHA1
07f91ef096e38ea01993c30e3a1f16a8b404d5c5

SHA256
269b3a54ab56f53e74741f6145d841441cdd97148f3c09377ee4babe472e49c1

SHA512
4057462f1271c1ae76880e67c4418947cad1d7bac18f380238d7df9317cdbf6ac8ba1616120caabce3eb2278e3083e854dbba3b524a243ca5cc1aff9ac4f6e97

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansGeorgian-Regular.ttf
Filesize
51KB

MD5
509480886bdfebb77cb0bfaa8a3c76d1

SHA1
bcd1c848cb6741b489b2fb225c713be506c34ada

SHA256
158eb18a45c3225c12efc4256690de4a51332c501f8a120000dc3ed99f13a21f

SHA512
f65890214f5024b6b1e234fce67893ca6e7fc469540a07dc87fbcd4d42868904997ce0812e33fd7c59c9865548c3cde74d0c3b5ba07309149c69333c2d0ed674

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansGrantha-Regular.ttf
Filesize
390KB

MD5
9cc119144f5378f53452a4ce723d3d76

SHA1
6a134404b18ef0cd9e8437768aca8f5b91acd56d

SHA256
00d8e1156f3ddb8b9af1e3dda3d5669f6a19d93c52ff51b1ea96e1d69dae1092

SHA512
e912237e2da0aa7bd1e97588469d20ba38c008afab874d61c2471bbe8924b576f9455433b8dfc47a46147a226102830496e566ffe2889190fb4d8175c9ec66f6

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansGujarati-Regular.ttf
Filesize
142KB

MD5
4c9bce771599f5d7c3bd649d1405ca78

SHA1
465fa9086420e505c56de92d5f7cd2a0b271397e

SHA256
badc8675e99fc00e66168dcabeed37fd73a50ba0985a1b1ae2481593d60a614a

SHA512
e8f82d3a812fed9c7569584f05424e34d3f616704da3659100d19084e752e1cf5b4a4f6b42b87519573de7be4f61f5c0b974b1a3b3ee9273f782298b3dfb529a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansGunjalaGondi-Regular.ttf
Filesize
61KB

MD5
f208d1abe0404e8d8cb90cfc934dcac8

SHA1
7f56159205d455fdf8796ad58727764534c29104

SHA256
3152837f40966db22272aeaef1dc5f8f9c62a055e74296f03c80301aadd88663

SHA512
9b1b243eca5604f0ffb20af60287719b1203514a8f40f651ad36b21be50679f4f98430514b4ad3ee7552f29fb9b044c3d54d297a0af3533aab4bede61a2dfab5

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansGurmukhi-Regular.ttf
Filesize
51KB

MD5
e61b65e066991ed9c2b50f514f648149

SHA1
ca41464a4fd6a48bc2030a15a32fce72b6eb5369

SHA256
00f965d927714f56c08d083a57c325b6e4bb78ccd9953b582e9d24c3a5d50c75

SHA512
5f7ea4c75e010ba14912532e0ba08c76fbdb09a8b8b0874fe699befa1917773202a68f6dd4d14bb26a515bf10ed6aa167da750780b1d58a92e22408dc39cf48c

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll
Filesize
44KB

MD5
c52489063e768381581b6f5c2b3ee053

SHA1
dbb56bc3c98f08695b6f36813c46b4fd18eac0b6

SHA256
c93a6a82fd19ebad964e844797d56b4517ac2a4f2ecb6be1f0f6f6a5a60d78a4

SHA512
0dbc1d3d7b293a4b0ea1f6b34f8215d0709da50e2b560940370c8603f25751abd71ee8e593db8c073bef296e9da474bcf745faeb9fcc065acb764c4e4bcc3b66

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll
Filesize
44KB

MD5
c52489063e768381581b6f5c2b3ee053

SHA1
dbb56bc3c98f08695b6f36813c46b4fd18eac0b6

SHA256
c93a6a82fd19ebad964e844797d56b4517ac2a4f2ecb6be1f0f6f6a5a60d78a4

SHA512
0dbc1d3d7b293a4b0ea1f6b34f8215d0709da50e2b560940370c8603f25751abd71ee8e593db8c073bef296e9da474bcf745faeb9fcc065acb764c4e4bcc3b66

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll
Filesize
44KB

MD5
c52489063e768381581b6f5c2b3ee053

SHA1
dbb56bc3c98f08695b6f36813c46b4fd18eac0b6

SHA256
c93a6a82fd19ebad964e844797d56b4517ac2a4f2ecb6be1f0f6f6a5a60d78a4

SHA512
0dbc1d3d7b293a4b0ea1f6b34f8215d0709da50e2b560940370c8603f25751abd71ee8e593db8c073bef296e9da474bcf745faeb9fcc065acb764c4e4bcc3b66

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll
Filesize
44KB

MD5
c52489063e768381581b6f5c2b3ee053

SHA1
dbb56bc3c98f08695b6f36813c46b4fd18eac0b6

SHA256
c93a6a82fd19ebad964e844797d56b4517ac2a4f2ecb6be1f0f6f6a5a60d78a4

SHA512
0dbc1d3d7b293a4b0ea1f6b34f8215d0709da50e2b560940370c8603f25751abd71ee8e593db8c073bef296e9da474bcf745faeb9fcc065acb764c4e4bcc3b66

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll
Filesize
44KB

MD5
c52489063e768381581b6f5c2b3ee053

SHA1
dbb56bc3c98f08695b6f36813c46b4fd18eac0b6

SHA256
c93a6a82fd19ebad964e844797d56b4517ac2a4f2ecb6be1f0f6f6a5a60d78a4

SHA512
0dbc1d3d7b293a4b0ea1f6b34f8215d0709da50e2b560940370c8603f25751abd71ee8e593db8c073bef296e9da474bcf745faeb9fcc065acb764c4e4bcc3b66

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll
Filesize
1.5MB

MD5
114df6426277c363bafc332acaca6d74

SHA1
43b31bc3e0ed751d1dc367ae9d07476ed008fe9c

SHA256
3347ebf954eb9f5a01158ca651ec1454820caa3ca757151b7df804abde0607bc

SHA512
17639aecaebe22baafc86f32917b1baa239b73230094a0b732a0820b867593678e524270ecf29ed89371e1aba917d4120b61045bfdbc6ed222a6b4134a9a4baf

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll
Filesize
1.5MB

MD5
114df6426277c363bafc332acaca6d74

SHA1
43b31bc3e0ed751d1dc367ae9d07476ed008fe9c

SHA256
3347ebf954eb9f5a01158ca651ec1454820caa3ca757151b7df804abde0607bc

SHA512
17639aecaebe22baafc86f32917b1baa239b73230094a0b732a0820b867593678e524270ecf29ed89371e1aba917d4120b61045bfdbc6ed222a6b4134a9a4baf

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll
Filesize
1.5MB

MD5
114df6426277c363bafc332acaca6d74

SHA1
43b31bc3e0ed751d1dc367ae9d07476ed008fe9c

SHA256
3347ebf954eb9f5a01158ca651ec1454820caa3ca757151b7df804abde0607bc

SHA512
17639aecaebe22baafc86f32917b1baa239b73230094a0b732a0820b867593678e524270ecf29ed89371e1aba917d4120b61045bfdbc6ed222a6b4134a9a4baf

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll
Filesize
1.5MB

MD5
114df6426277c363bafc332acaca6d74

SHA1
43b31bc3e0ed751d1dc367ae9d07476ed008fe9c

SHA256
3347ebf954eb9f5a01158ca651ec1454820caa3ca757151b7df804abde0607bc

SHA512
17639aecaebe22baafc86f32917b1baa239b73230094a0b732a0820b867593678e524270ecf29ed89371e1aba917d4120b61045bfdbc6ed222a6b4134a9a4baf

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll
Filesize
1.5MB

MD5
114df6426277c363bafc332acaca6d74

SHA1
43b31bc3e0ed751d1dc367ae9d07476ed008fe9c

SHA256
3347ebf954eb9f5a01158ca651ec1454820caa3ca757151b7df804abde0607bc

SHA512
17639aecaebe22baafc86f32917b1baa239b73230094a0b732a0820b867593678e524270ecf29ed89371e1aba917d4120b61045bfdbc6ed222a6b4134a9a4baf

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll
Filesize
1.5MB

MD5
114df6426277c363bafc332acaca6d74

SHA1
43b31bc3e0ed751d1dc367ae9d07476ed008fe9c

SHA256
3347ebf954eb9f5a01158ca651ec1454820caa3ca757151b7df804abde0607bc

SHA512
17639aecaebe22baafc86f32917b1baa239b73230094a0b732a0820b867593678e524270ecf29ed89371e1aba917d4120b61045bfdbc6ed222a6b4134a9a4baf

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll
Filesize
1.5MB

MD5
114df6426277c363bafc332acaca6d74

SHA1
43b31bc3e0ed751d1dc367ae9d07476ed008fe9c

SHA256
3347ebf954eb9f5a01158ca651ec1454820caa3ca757151b7df804abde0607bc

SHA512
17639aecaebe22baafc86f32917b1baa239b73230094a0b732a0820b867593678e524270ecf29ed89371e1aba917d4120b61045bfdbc6ed222a6b4134a9a4baf

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll
Filesize
1.5MB

MD5
114df6426277c363bafc332acaca6d74

SHA1
43b31bc3e0ed751d1dc367ae9d07476ed008fe9c

SHA256
3347ebf954eb9f5a01158ca651ec1454820caa3ca757151b7df804abde0607bc

SHA512
17639aecaebe22baafc86f32917b1baa239b73230094a0b732a0820b867593678e524270ecf29ed89371e1aba917d4120b61045bfdbc6ed222a6b4134a9a4baf

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll
Filesize
2.5MB

MD5
d528dd450545201bc52aa14525c7b81d

SHA1
199ee98ba5a95d861a0d7800788d52abaf3f575d

SHA256
dd4008be9914e245a88cfc41e32b5a782e21600cb6aa1fc1720b266794a14ccd

SHA512
8a52cd35190a9ee9eee3b4f023dac8d2a0cec1f384e5617ed48905741d459d3d794785cdc1f8f439dce8f0181eae5a675ac6451e2df8d730205ff8ac310d1d81

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll
Filesize
2.5MB

MD5
d528dd450545201bc52aa14525c7b81d

SHA1
199ee98ba5a95d861a0d7800788d52abaf3f575d

SHA256
dd4008be9914e245a88cfc41e32b5a782e21600cb6aa1fc1720b266794a14ccd

SHA512
8a52cd35190a9ee9eee3b4f023dac8d2a0cec1f384e5617ed48905741d459d3d794785cdc1f8f439dce8f0181eae5a675ac6451e2df8d730205ff8ac310d1d81

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll
Filesize
2.5MB

MD5
d528dd450545201bc52aa14525c7b81d

SHA1
199ee98ba5a95d861a0d7800788d52abaf3f575d

SHA256
dd4008be9914e245a88cfc41e32b5a782e21600cb6aa1fc1720b266794a14ccd

SHA512
8a52cd35190a9ee9eee3b4f023dac8d2a0cec1f384e5617ed48905741d459d3d794785cdc1f8f439dce8f0181eae5a675ac6451e2df8d730205ff8ac310d1d81

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll
Filesize
2.5MB

MD5
d528dd450545201bc52aa14525c7b81d

SHA1
199ee98ba5a95d861a0d7800788d52abaf3f575d

SHA256
dd4008be9914e245a88cfc41e32b5a782e21600cb6aa1fc1720b266794a14ccd

SHA512
8a52cd35190a9ee9eee3b4f023dac8d2a0cec1f384e5617ed48905741d459d3d794785cdc1f8f439dce8f0181eae5a675ac6451e2df8d730205ff8ac310d1d81

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll
Filesize
2.5MB

MD5
d528dd450545201bc52aa14525c7b81d

SHA1
199ee98ba5a95d861a0d7800788d52abaf3f575d

SHA256
dd4008be9914e245a88cfc41e32b5a782e21600cb6aa1fc1720b266794a14ccd

SHA512
8a52cd35190a9ee9eee3b4f023dac8d2a0cec1f384e5617ed48905741d459d3d794785cdc1f8f439dce8f0181eae5a675ac6451e2df8d730205ff8ac310d1d81

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\omni.ja
Filesize
15.7MB

MD5
9a8d0168c6150c7865e3711113eda3d8

SHA1
8f753128a0e1f61cf81f524e4474b5460f4e32b0

SHA256
d1aed7a5bc35c32ec564a0278cee63fcbf188e903d7226f928c9669439c0a456

SHA512
a8af7b62f1185b37f9e0df015a06ef42cbe340d87225124b76d99a790c0a1c16ce0160b2b3f73afa89297fc257b5fb711097e62fc8755aceebe97fc36d1eaa73

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\xul.dll
Filesize
133.8MB

MD5
9bd33e37125713b85d2d09587479e1c8

SHA1
e2811c3a8cddd29301f7d4c3d71eb87d0aef34cb

SHA256
349973e984bad23d1a7612a57fc96feabd67a162410e5648d8e1cfee2192217d

SHA512
1e1ba9174124952a4e79150cc09b2c9ef82b490d4eb82d6e2b8cc9425664312ea30eeaaa7195aed269c93d7b81f289ad2bb2b4167d1aa993dd1f851614beb918

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\xul.dll
Filesize
133.8MB

MD5
9bd33e37125713b85d2d09587479e1c8

SHA1
e2811c3a8cddd29301f7d4c3d71eb87d0aef34cb

SHA256
349973e984bad23d1a7612a57fc96feabd67a162410e5648d8e1cfee2192217d

SHA512
1e1ba9174124952a4e79150cc09b2c9ef82b490d4eb82d6e2b8cc9425664312ea30eeaaa7195aed269c93d7b81f289ad2bb2b4167d1aa993dd1f851614beb918

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\xul.dll
Filesize
133.8MB

MD5
9bd33e37125713b85d2d09587479e1c8

SHA1
e2811c3a8cddd29301f7d4c3d71eb87d0aef34cb

SHA256
349973e984bad23d1a7612a57fc96feabd67a162410e5648d8e1cfee2192217d

SHA512
1e1ba9174124952a4e79150cc09b2c9ef82b490d4eb82d6e2b8cc9425664312ea30eeaaa7195aed269c93d7b81f289ad2bb2b4167d1aa993dd1f851614beb918

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\xul.dll
Filesize
133.8MB

MD5
9bd33e37125713b85d2d09587479e1c8

SHA1
e2811c3a8cddd29301f7d4c3d71eb87d0aef34cb

SHA256
349973e984bad23d1a7612a57fc96feabd67a162410e5648d8e1cfee2192217d

SHA512
1e1ba9174124952a4e79150cc09b2c9ef82b490d4eb82d6e2b8cc9425664312ea30eeaaa7195aed269c93d7b81f289ad2bb2b4167d1aa993dd1f851614beb918

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\xul.dll
Filesize
133.8MB

MD5
9bd33e37125713b85d2d09587479e1c8

SHA1
e2811c3a8cddd29301f7d4c3d71eb87d0aef34cb

SHA256
349973e984bad23d1a7612a57fc96feabd67a162410e5648d8e1cfee2192217d

SHA512
1e1ba9174124952a4e79150cc09b2c9ef82b490d4eb82d6e2b8cc9425664312ea30eeaaa7195aed269c93d7b81f289ad2bb2b4167d1aa993dd1f851614beb918

Download Submit
C:\Users\Admin\Downloads\torbrowser-install-win64-12.0.2_ALL.exe
Filesize
90.4MB

MD5
631e8f2b457b98cd9e8f560eda9f38a4

SHA1
f9c6f1b7e174f59eae4fd0ff39e213b0067242f9

SHA256
7f5b78bf7aafe4c94b321199316682922709544f5b897f13b6bdccb0afe9086d

SHA512
dbeff66ccdfc4cdbb0510889444607279b1c01ffecf6caf911a8f92964d695525d447ed8c045e9f1f44d44c66d257dd42db32d7c1a977e6f540e7815bcbbe893

Download Submit
C:\Users\Admin\Downloads\torbrowser-install-win64-12.0.2_ALL.exe
Filesize
90.4MB

MD5
631e8f2b457b98cd9e8f560eda9f38a4

SHA1
f9c6f1b7e174f59eae4fd0ff39e213b0067242f9

SHA256
7f5b78bf7aafe4c94b321199316682922709544f5b897f13b6bdccb0afe9086d

SHA512
dbeff66ccdfc4cdbb0510889444607279b1c01ffecf6caf911a8f92964d695525d447ed8c045e9f1f44d44c66d257dd42db32d7c1a977e6f540e7815bcbbe893

Download Submit
memory/408-1448-0x0000000000000000-mapping.dmp

Download
memory/796-7596-0x0000000000000000-mapping.dmp

Download
memory/1400-1059-0x0000000000000000-mapping.dmp

Download
memory/1404-7091-0x0000000000000000-mapping.dmp

Download
memory/1556-1476-0x0000000000000000-mapping.dmp

Download
memory/1776-2409-0x0000000000000000-mapping.dmp

Download
memory/2128-6986-0x0000000000000000-mapping.dmp

Download
memory/2740-11012-0x0000000000000000-mapping.dmp

Download
memory/2880-1050-0x0000000000000000-mapping.dmp

Download
memory/2912-2237-0x0000000000000000-mapping.dmp

Download
memory/3288-942-0x0000000000000000-mapping.dmp

Download
memory/3720-10398-0x0000000000000000-mapping.dmp

Download
memory/3904-4778-0x0000000000000000-mapping.dmp

Download
memory/4028-1265-0x0000000000000000-mapping.dmp

Download
memory/4664-3512-0x0000000000000000-mapping.dmp

Download
memory/4992-7416-0x0000000000000000-mapping.dmp

Download
memory/5060-2930-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2907-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2934-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2939-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2940-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2941-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2942-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2943-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2944-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2945-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2906-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2908-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2909-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2914-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2924-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2923-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2922-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2921-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2920-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2919-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2918-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2917-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2916-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2915-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2913-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2912-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2911-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2965-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2964-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2905-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2938-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2927-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2926-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2929-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2931-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2932-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2933-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2946-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2928-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2935-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2937-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2936-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2925-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-1269-0x0000000000000000-mapping.dmp

Download
memory/5060-2910-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2966-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2967-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2968-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2963-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2962-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2961-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2960-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2959-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2958-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2957-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2956-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2955-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2954-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2953-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2952-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2951-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2950-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2949-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2948-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5060-2947-0x000000CFD76E0000-0x000000CFD76F0000-memory.dmp

Filesize
64KB

Download
memory/5104-1146-0x0000000000000000-mapping.dmp

Download
memory/5188-840-0x0000000000000000-mapping.dmp

Download
memory/5228-387-0x0000000000000000-mapping.dmp

Download
memory/5260-7281-0x0000000000000000-mapping.dmp

Download
memory/5284-874-0x0000000000000000-mapping.dmp

Download
memory/5292-1076-0x0000000000000000-mapping.dmp

Download
memory/5304-3099-0x0000000000000000-mapping.dmp

Download
memory/5384-300-0x0000000000000000-mapping.dmp

Download
memory/5464-1872-0x0000000000000000-mapping.dmp

Download
memory/5504-1156-0x0000000000000000-mapping.dmp

Download
memory/5572-262-0x0000000000000000-mapping.dmp

Download
memory/5596-1165-0x0000000000000000-mapping.dmp

Download
memory/5636-2404-0x0000000000000000-mapping.dmp

Download
memory/5708-7799-0x0000000000000000-mapping.dmp

Download
memory/5736-1780-0x0000000000000000-mapping.dmp

Download
memory/6004-653-0x0000000000000000-mapping.dmp

Download
memory/6048-137-0x0000000000000000-mapping.dmp

Download
memory/6080-2231-0x0000000000000000-mapping.dmp

Download
memory/6084-142-0x0000000000000000-mapping.dmp

Download
memory/6128-701-0x0000000000000000-mapping.dmp

Download