hxxps://www[.]torproject[.]org/download/

Analysis

max time kernel
1198s
max time network
1204s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2024, 23:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.torproject.org/download/

Score

8^/10

evasion trojan

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation	firefox.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation	tor-browser-windows-x86_64-portable-13.0.9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation	firefox.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation	firefox.exe

Executes dropped EXE 26 IoCs

pid	Process
3772	tor-browser-windows-x86_64-portable-13.0.9.exe
1308	firefox.exe
3908	firefox.exe
2116	firefox.exe
3224	firefox.exe
368	tor.exe
3100	firefox.exe
1248	firefox.exe
3252	firefox.exe
3688	firefox.exe
4884	firefox.exe
3424	firefox.exe
3332	firefox.exe
3356	firefox.exe
3336	firefox.exe
3696	firefox.exe
4200	firefox.exe
3784	firefox.exe
4828	firefox.exe
1396	firefox.exe
2832	firefox.exe
2440	firefox.exe
3236	firefox.exe
5856	firefox.exe
2216	firefox.exe
5768	firefox.exe

Loads dropped DLL 64 IoCs

pid	Process
3772	tor-browser-windows-x86_64-portable-13.0.9.exe
3772	tor-browser-windows-x86_64-portable-13.0.9.exe
3772	tor-browser-windows-x86_64-portable-13.0.9.exe
1308	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
2116	firefox.exe
2116	firefox.exe
2116	firefox.exe
2116	firefox.exe
3224	firefox.exe
3224	firefox.exe
3224	firefox.exe
3224	firefox.exe
3100	firefox.exe
3100	firefox.exe
3100	firefox.exe
3100	firefox.exe
1248	firefox.exe
1248	firefox.exe
1248	firefox.exe
1248	firefox.exe
3224	firefox.exe
3224	firefox.exe
3100	firefox.exe
3100	firefox.exe
3252	firefox.exe
1248	firefox.exe
1248	firefox.exe
3252	firefox.exe
3252	firefox.exe
3252	firefox.exe
3252	firefox.exe
3252	firefox.exe
3688	firefox.exe
4884	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3424	firefox.exe
4884	firefox.exe
4884	firefox.exe
4884	firefox.exe
3424	firefox.exe
3424	firefox.exe
3424	firefox.exe
3688	firefox.exe
3688	firefox.exe
4884	firefox.exe
4884	firefox.exe
3424	firefox.exe
3424	firefox.exe
3332	firefox.exe
3332	firefox.exe
3332	firefox.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	tor-browser-windows-x86_64-portable-13.0.9.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 100758.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2620	msedge.exe
2620	msedge.exe
2092	msedge.exe
2092	msedge.exe
1328	identity_helper.exe
1328	identity_helper.exe
1764	msedge.exe
1764	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	3908	firefox.exe
Token: SeDebugPrivilege	3908	firefox.exe
Token: SeManageVolumePrivilege	5132	svchost.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe
3908	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 1776	2092	msedge.exe	84
PID 2092 wrote to memory of 1776	2092	msedge.exe	84
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2412	2092	msedge.exe	87
PID 2092 wrote to memory of 2620	2092	msedge.exe	85
PID 2092 wrote to memory of 2620	2092	msedge.exe	85
PID 2092 wrote to memory of 3264	2092	msedge.exe	86
PID 2092 wrote to memory of 3264	2092	msedge.exe	86
PID 2092 wrote to memory of 3264	2092	msedge.exe	86
PID 2092 wrote to memory of 3264	2092	msedge.exe	86
PID 2092 wrote to memory of 3264	2092	msedge.exe	86
PID 2092 wrote to memory of 3264	2092	msedge.exe	86
PID 2092 wrote to memory of 3264	2092	msedge.exe	86
PID 2092 wrote to memory of 3264	2092	msedge.exe	86
PID 2092 wrote to memory of 3264	2092	msedge.exe	86
PID 2092 wrote to memory of 3264	2092	msedge.exe	86
PID 2092 wrote to memory of 3264	2092	msedge.exe	86
PID 2092 wrote to memory of 3264	2092	msedge.exe	86
PID 2092 wrote to memory of 3264	2092	msedge.exe	86
PID 2092 wrote to memory of 3264	2092	msedge.exe	86
PID 2092 wrote to memory of 3264	2092	msedge.exe	86
PID 2092 wrote to memory of 3264	2092	msedge.exe	86
PID 2092 wrote to memory of 3264	2092	msedge.exe	86
PID 2092 wrote to memory of 3264	2092	msedge.exe	86
PID 2092 wrote to memory of 3264	2092	msedge.exe	86
PID 2092 wrote to memory of 3264	2092	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.torproject.org/download/
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff8d23846f8,0x7ff8d2384708,0x7ff8d2384718
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1468,18116210552025296798,16118909947765331220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1468,18116210552025296798,16118909947765331220,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1468,18116210552025296798,16118909947765331220,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,18116210552025296798,16118909947765331220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,18116210552025296798,16118909947765331220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1468,18116210552025296798,16118909947765331220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1468,18116210552025296798,16118909947765331220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,18116210552025296798,16118909947765331220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,18116210552025296798,16118909947765331220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,18116210552025296798,16118909947765331220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,18116210552025296798,16118909947765331220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1468,18116210552025296798,16118909947765331220,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3396 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,18116210552025296798,16118909947765331220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2204 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1468,18116210552025296798,16118909947765331220,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6308 /prefetch:8
  2⤵
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1468,18116210552025296798,16118909947765331220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1764
- C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.9.exe
  "C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.9.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  PID:3772
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1308
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      Checks processor information in registry
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      PID:3908
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3908.0.281965043\1275895987" -parentBuildID 20240115174022 -prefsHandle 2396 -prefMapHandle 2160 -prefsLen 19245 -prefMapSize 243588 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {948b0540-1f84-4181-8d47-131a54fce7ac} 3908 gpu
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2116
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3908.1.1129556430\1312481899" -childID 1 -isForBrowser -prefsHandle 2216 -prefMapHandle 2288 -prefsLen 20123 -prefMapSize 243588 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240115174022 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {51be84d7-a686-4af7-9235-ece50925fc81} 3908 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3224
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3908.2.2013019592\102067846" -childID 2 -isForBrowser -prefsHandle 3444 -prefMapHandle 3440 -prefsLen 20893 -prefMapSize 243588 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240115174022 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {c69fb40a-462a-490d-9d0c-dd9a029e307e} 3908 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3100
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:872f68d5c221bcf2609afa8efcb57683ea0bbd4bec58337a709d4c9951 +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 3908 DisableNetwork 1
        5⤵
        Executes dropped EXE
        
        PID:368
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3908.3.710535176\271783586" -childID 3 -isForBrowser -prefsHandle 3340 -prefMapHandle 3236 -prefsLen 20970 -prefMapSize 243588 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240115174022 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {f822eedc-b168-42b9-b4ae-744e718aad91} 3908 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1248
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3908.4.824619503\1850065381" -parentBuildID 20240115174022 -prefsHandle 3620 -prefMapHandle 3612 -prefsLen 22145 -prefMapSize 243588 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {996c91c2-5161-4843-a90c-7302dccfd715} 3908 rdd
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3252
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3908.5.1049874110\1443367260" -childID 4 -isForBrowser -prefsHandle 3920 -prefMapHandle 3916 -prefsLen 21169 -prefMapSize 243588 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240115174022 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {1c0e9a41-b085-4936-85df-a54095d6f844} 3908 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3688
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3908.6.1755999387\422938930" -childID 5 -isForBrowser -prefsHandle 4136 -prefMapHandle 4132 -prefsLen 22347 -prefMapSize 243588 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240115174022 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {a402af10-dd4f-4075-8a50-86f6daea9fb3} 3908 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4884
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3908.7.485900038\1161478418" -childID 6 -isForBrowser -prefsHandle 4356 -prefMapHandle 3664 -prefsLen 22396 -prefMapSize 243588 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240115174022 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {d5c76053-9718-4d04-bac4-8ec15759619a} 3908 tab
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3424
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3908.8.1490633655\391950224" -childID 7 -isForBrowser -prefsHandle 4752 -prefMapHandle 4748 -prefsLen 22522 -prefMapSize 243588 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240115174022 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {60d5a45d-6b2f-4139-b968-50a278ac57c6} 3908 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3332
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3908.9.1513665281\771840939" -childID 8 -isForBrowser -prefsHandle 4724 -prefMapHandle 4892 -prefsLen 22846 -prefMapSize 243588 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240115174022 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {c0383789-b16d-4b1a-b928-9b44d44084f3} 3908 tab
        5⤵
        Executes dropped EXE
        
        PID:3356
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3908.10.1194324796\617785185" -childID 9 -isForBrowser -prefsHandle 4536 -prefMapHandle 3648 -prefsLen 22846 -prefMapSize 243588 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240115174022 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {f03afb0f-332c-4e7d-a73a-0a70b605e9ba} 3908 tab
        5⤵
        Executes dropped EXE
        
        PID:3336
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3908.11.811008750\1498346454" -childID 10 -isForBrowser -prefsHandle 9056 -prefMapHandle 9044 -prefsLen 22846 -prefMapSize 243588 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240115174022 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {4286c0d2-b112-47a0-9900-7b5fa48de51a} 3908 tab
        5⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:3696
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3908.12.2011456627\1660891599" -childID 11 -isForBrowser -prefsHandle 4736 -prefMapHandle 1576 -prefsLen 22846 -prefMapSize 243588 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240115174022 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {d25ff65c-cc4e-4d33-8e65-d2e2f541d1e6} 3908 tab
        5⤵
        Executes dropped EXE
        
        PID:4200
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3908.13.1907823763\1227734320" -childID 12 -isForBrowser -prefsHandle 4964 -prefMapHandle 4956 -prefsLen 22846 -prefMapSize 243588 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240115174022 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {5de898be-3e15-4804-bb3d-4a492fd0efd5} 3908 tab
        5⤵
        Executes dropped EXE
        
        PID:3784
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3908.14.603315670\807882968" -childID 13 -isForBrowser -prefsHandle 1764 -prefMapHandle 4524 -prefsLen 22846 -prefMapSize 243588 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240115174022 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {1acba512-cdd4-4507-ae32-ecc7971b0164} 3908 tab
        5⤵
        Executes dropped EXE
        
        PID:4828
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3908.15.1519290316\734251164" -childID 14 -isForBrowser -prefsHandle 4204 -prefMapHandle 1140 -prefsLen 22846 -prefMapSize 243588 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240115174022 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {3b8150e5-1a0e-4f80-935c-fdb0625e3b8e} 3908 tab
        5⤵
        Executes dropped EXE
        
        PID:1396
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3908.16.1075085145\1130350768" -childID 15 -isForBrowser -prefsHandle 7816 -prefMapHandle 7628 -prefsLen 22846 -prefMapSize 243588 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240115174022 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {08c6433b-f54c-4180-b96e-6bc12baf3d82} 3908 tab
        5⤵
        Executes dropped EXE
        
        PID:2832
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3908.17.1722879093\963670770" -childID 16 -isForBrowser -prefsHandle 8988 -prefMapHandle 1276 -prefsLen 22846 -prefMapSize 243588 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240115174022 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {dbab85c9-0928-4e87-995d-0defc426d6b9} 3908 tab
        5⤵
        Executes dropped EXE
        
        PID:2440
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3908.18.1323073185\243879764" -childID 17 -isForBrowser -prefsHandle 4472 -prefMapHandle 1208 -prefsLen 22970 -prefMapSize 243588 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240115174022 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {3426934e-fb5f-43fa-bd5b-ec7168c2ad38} 3908 tab
        5⤵
        Executes dropped EXE
        
        PID:3236
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3908.19.656686743\268487347" -childID 18 -isForBrowser -prefsHandle 4112 -prefMapHandle 8916 -prefsLen 22970 -prefMapSize 243588 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240115174022 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {c01c00f4-3cb8-4421-b105-905bd25b4545} 3908 tab
        5⤵
        Executes dropped EXE
        
        PID:5856
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3908.20.1486998538\1059182807" -childID 19 -isForBrowser -prefsHandle 8880 -prefMapHandle 4964 -prefsLen 22970 -prefMapSize 243588 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240115174022 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {5b9571bf-2618-4980-867d-35326eaaec1f} 3908 tab
        5⤵
        Executes dropped EXE
        
        PID:2216
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3908.21.327014079\1102530729" -childID 20 -isForBrowser -prefsHandle 4492 -prefMapHandle 1656 -prefsLen 22970 -prefMapSize 243588 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240115174022 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {e83eba4c-490c-4f80-a1ca-b23c42f9af25} 3908 tab
        5⤵
        Executes dropped EXE
        
        PID:5768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3780

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:3972

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
efc9c7501d0a6db520763baad1e05ce8

SHA1
60b5e190124b54ff7234bb2e36071d9c8db8545f

SHA256
7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

SHA512
bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
a56cbfa3c4165da7926ee7de8537369c

SHA1
1cc9394f8ac71ad3e9fd7eda3807dcb8739d74ae

SHA256
da7cffcd5363358614bff11e6c393d127ea3f36465e5df0953bb9c923a6a1163

SHA512
22717eac22aedf823c4453ac9a3445bf2845e8ff8f3c42125f589f67b9879a5295468159eb279e0eb474205a1bfabc32c7d90b9554197f606af6f01251efcd66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d9388472a56e4cab39be3a0ac7e3fbba

SHA1
1ac99b0a465d05225f2b931019c1da64ef03901f

SHA256
a6cd27e61022a02a2fd9129d4537322e8b2dce7cb56448698c52ab1dfae9a3d2

SHA512
5732e8241e4c145ac8651c537dc69cbbb256659a4053f22df07e3837ca14665e41b1310ecd1eb1e1eb035c42b0609d084f469a4b59d4a90470374ca629f4965f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
64f7cfa82bc1f22fbe84fce500716b9e

SHA1
d1947c70a2b29976a4811c7ca33bd9a2bf8c3853

SHA256
2b19beddb3702a5bfffcfcc71a81f456f03f5393acbc75a7d97e74fa17513ae9

SHA512
c7ab2db0e9eae5c989a87cf94be73c9035af6093b57e3825b99f7f0413a55ff3741fc676b34352a54704357f26dc3e577734c93ff9ec24047ef4dc3e43463572

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
42e0edacf8762f80cfd8ba851637bd44

SHA1
f895e04dfe2aa728cef51b4fc5d76368b3ba7de0

SHA256
50ceab2f863cef340dec6642472289d5f25de190d0d5ac7636448ce9056ef96f

SHA512
903361518ad53670141bee81d85341e6ffb3e930d4fdc0052ff155dca75625589d60d9208b2a025871b4c287612800a36217ae68cb712bf436eb93bb2ac4035f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
53887035ebc83d7c6d1e77cb014c0285

SHA1
cc00969b7c8bc9d7d45802214cc0319cfd2ae677

SHA256
f90831d14f34bf48e5f0cdded23e76ef1385aa84f9eff816549bf686292e2a0e

SHA512
0a4dc262c8abc5b79729407b5e8e332b391f2dcf755926c91e09e57df89980142601d381cb68d8fca851e43fde09006fc3000f431136399cf4626fc0146296ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
121510c1483c9de9fdb590c20526ec0a

SHA1
96443a812fe4d3c522cfdbc9c95155e11939f4e2

SHA256
cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

SHA512
b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5e757e2445436fa52df711554537c42f

SHA1
97c4f257d5678184364e8f10441a6ba2ac19ab74

SHA256
f939efdc52f5a0e8dad80bcb24369fce52aa602c1cc93c521bfeaacaf4a3d93b

SHA512
1da2c47bb61a463c9c886daff7eabc1e1bfe754e305ae425e9547dceb3cc96d73a89781288da9baf9380e2a53d64e7c07419296cd95dde81fc426d7c2012113e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1a8bfdd90bfbd2d7cc779cd9da6a965d

SHA1
9a9df2dd25fc515ca4528f2ed49476d036850309

SHA256
ca5c88158169a639c2836aef14b47da4bdd3654c06c84c507faad3e5739c7384

SHA512
8bee9426c69db347192f952d9fedf83ded754547568eea08179d400688612421bf8f1699d260832fcf1534a29eb867e4c7aa28724ce431d28462f517a132abbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0eaaa80eb5317ad628882bad17346487

SHA1
2e853b82028cadcfb2afd5a5e80a71997446a1de

SHA256
8452d6e2cec1d93bdee50dd751f09f6387b4043f92780da067cf1452f51bb4d2

SHA512
152707d8b786e465f16c054b9e5294fd057ecd416f4430eb856dd45dc008082377cf6a1e9e3ffe69d95c262e5f0d16e0d02a99806cc75a8583009f93c331d78d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg6E28.tmp\LangDLL.dll

Filesize
8KB

MD5
59888d7d17f0100e5cffe2aca0b3dfaf

SHA1
8563187a53d22f33b90260819624943204924fdc

SHA256
f9075791123be825d521525377f340b0f811e55dcec00d0e8d0347f14733f8a3

SHA512
d4ca43a00c689fa3204ce859fdd56cf47f92c10ba5cfa93bb987908a072364685b757c85febc11f8b3f869f413b07c6fcc8c3a3c81c9b5de3fba30d35495ff23

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg6E28.tmp\System.dll

Filesize
25KB

MD5
480304643eee06e32bfc0ff7e922c5b2

SHA1
383c23b3aba0450416b9fe60e77663ee96bb8359

SHA256
f2bb03ddaeb75b17a006bc7fc652730d09a88d62861c2681a14ab2a21ef597ce

SHA512
125c8d2ccbfd5e123ce680b689ac7a2452f2d14c5bfbb48385d64e24b28b6de97b53916c383945f2ff8d4528fef115fbb0b45a43ffa4579199e16d1004cf1642

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg6E28.tmp\nsDialogs.dll

Filesize
14KB

MD5
990eb444cf524aa6e436295d5fc1d671

SHA1
ae599a54c0d3d57a2f8443ad7fc14a28fe26cac3

SHA256
46b59010064c703fbaf22b0dbafadb5bd82ab5399f8b4badcc9eeda9329dbab8

SHA512
d1e4eb477c90803ddf07d75f5d94c2dacfdcd3e786a74ea7c521401e116abf036d9399e467d2d12bd1a7c1abda2f1d6d15b40c8039fd6ec79ba5fe4119674c27

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
b1c8aa9861b461806c9e738511edd6ae

SHA1
fe13c1bbc7e323845cbe6a1bb89259cbd05595f8

SHA256
7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70

SHA512
841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
63b1bb87284efe954e1c3ae390e7ee44

SHA1
75b297779e1e2a8009276dd8df4507eb57e4e179

SHA256
b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a

SHA512
f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
1c3c58f7838dde7f753614d170f110fc

SHA1
c17e5a486cecaddd6ced7217d298306850a87f48

SHA256
81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d

SHA512
9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
7d3d11283370585b060d50a12715851a

SHA1
3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3

SHA256
86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9

SHA512
a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
c58234a092f9d899f0a623e28a4ab9db

SHA1
7398261b70453661c8b84df12e2bde7cbc07474b

SHA256
eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c

SHA512
ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

Filesize
26KB

MD5
c9df48dd7384f671eee8c59fed069425

SHA1
7828d3030d83ba8ef936735f93944580ab880531

SHA256
c51403819f9453e8af28a48bacd819226bfbcebb062eebdfcd6b5b1caf120f77

SHA512
025a505e2fbbf48d2dae0c24ff4db1d7a0246f2546e80f56774730c10b2229b579e78823d5a3fe548fe1ae7090ba47872efcf10d466104d1a94f30090d6cc012

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

Filesize
930KB

MD5
a3fb2788945937b22e92eeeb30fb4f15

SHA1
8cade36d4d5067cd9a094ab2e4b3c786e3c160aa

SHA256
05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd

SHA512
4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
7c46e9331e12a0437564b4879cc4afcf

SHA1
6d66cbacb4f60023f631c0e0d7705ed78c119943

SHA256
9583a6bde511be00c009ec40d61db62d201873c7f099c369c4577372c99649f2

SHA512
9fe05354cc24346c11a0a5fa74cb49e3abf14f10bd753b3268d07f64eb9e375d007d3a0b366b0930ab42ae7825555db960ac1b1bf327330cd5ea02d4f08ef4c7

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
814c8dc51ed089b498024efaf39bbb2e

SHA1
c4a82fd7d62659d395ba675efc6fe72f92c46325

SHA256
ba8928202cdb244383c4a475139bfff3e3c9751c5dfc58dee466ba48d7caa1b0

SHA512
d3c616fae476c4d39e3fd7988809196d7d217fe34744340751d3cc4ceabb94e7e4d4bd771f5d89726c219e1304f512b311515a86d2ec58588a1f4bcc024add8b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
2KB

MD5
82ee7613087d3b2a395b12191185a4be

SHA1
2cdf7865a0a80df738c9bf9d7ca16f0497a59369

SHA256
1dd8703606ea6f9b42cf1b48fbf4507f1bc774192bfbac88cf35c5812191bd5c

SHA512
10b079d46bf3691cba3f4e14449b7ab308a05520876aef6ea2590bfe2d881607a552ea6cb065072e4adcb92ebe729ee90af79fd8e8502d5cdb800d14d0d201e6

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
5KB

MD5
3184b3fb032ddce899da69b7ac1b1d67

SHA1
6e260a99dd3b3b7d853113a1b45df0d060ac9d4b

SHA256
31d682477745592f994ef1d6e445a39cbda55f567bc015e8c3ed6c768163e5bb

SHA512
2be5dae70955370cff771933e0181d557a14470880a1996f938b0e911f3447f80526ba9270a25037fcf2d57844d49eead296c1e439aad62ad49ce77f3cae2203

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
2KB

MD5
188c092790646518bf33e985b502683b

SHA1
96f65bea6a98ab5e7aaa0207c2d2a0a9266e0961

SHA256
a5ceb06d9150d0e5e679ebd0bc3746eea401e0d216886e1d649d262ea3bae3c0

SHA512
edfa879a7aee5e0cd34d8435aea56cacf169677b30798d489cc096f3ad34bba3ac60ac0c62b54ce4e1919506f0b267c96af26b4a20ee907e8a8849e0358e9ba6

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
160KB

MD5
1812cc9635a2eceb68c967e6079ae627

SHA1
67da09db62c9d4f08e7050a9d98ae015a056fd66

SHA256
eb122734b10b207239628fee96b01019401260bcca4148d6bdf1f1b12e4f96a7

SHA512
832be0075540077c1f07b6dbb6a732d4ce18aedb4001ea340aae1a716e7c1779e54faab43fcf1640689942088adde40a716b785b0e2973eb0545268ea0d16d3a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profiles.ini

Filesize
103B

MD5
5b0cb2afa381416690d2b48a5534fe41

SHA1
5c7d290a828ca789ea3cf496e563324133d95e06

SHA256
11dedeb495c4c00ad4ef2ecacbd58918d1c7910f572bbbc87397788bafca265c

SHA512
0e8aafd992d53b2318765052bf3fbd5f21355ae0cbda0d82558ecbb6304136f379bb869c2f9a863496c5d0c11703dbd24041af86131d32af71f276df7c5a740e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus.tmp

Filesize
2.6MB

MD5
91a5bd50749aabda56a801f7b78f0e10

SHA1
64189945c273de7b97d9f0ae4b827bf10b889229

SHA256
40aaeca658cddca5d5c9a60b582440d992cdbc38ffaedb9fca426411ce7b20a6

SHA512
2b108d3cb61b7138f467401dee51abe5140ed4630ac2b27cf5e609d10c7e369db3f29bd31edd3bd635f2e755dd13bca7a6a14c19582608d34135a144ae278357

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new

Filesize
1.0MB

MD5
94f98533ef59fa31d70e6a1dc8b15648

SHA1
9eadcb303a33be4eaf87c1a48a6220484a890591

SHA256
0550cea84bbf65f850229e012d7aadae0a9c67adfa5ad207f4b1f1d017576e9e

SHA512
91abd4efe6ace53e110498f0d32486c9fa5ddf297433636929f370126e659cbda4daaf332c5042edebe93af0a266fe00d4cbfd8065e52137ee1b46df29a6500a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\browser\omni.ja

Filesize
1.3MB

MD5
c9cd76482f6f29cf756d404b627b1332

SHA1
c5c30556970e46bf035e678d4e510381128583a2

SHA256
c1850a3162cd50aa39c1fa425ccb51489c18d207041b27627d1f440c14d60413

SHA512
89f101cb9cb5768b7d3aa1b922feaa5c25ba6e6d06b4db426374089df084a20dc1e1a4035bdca3596f2a6251d69a495058620c162be59bbf20008ce29f81071e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\defaults\pref\channel-prefs.js

Filesize
429B

MD5
3d84d108d421f30fb3c5ef2536d2a3eb

SHA1
0f3b02737462227a9b9e471f075357c9112f0a68

SHA256
7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b

SHA512
76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\dependentlibs.list

Filesize
42B

MD5
70b1d09d91bc834e84a48a259f7c1ee9

SHA1
592ddaec59f760c0afe677ad3001f4b1a85bb3c0

SHA256
2b157d7ff7505d10cb5c3a7de9ba14a6832d1f5bfdbfe4fff981b5db394db6ce

SHA512
b37be03d875aa75df5a525f068ed6cf43970d38088d7d28ae100a51e2baa55c2ad5180be0beda2300406db0bdea231dde1d3394ee1c466c0230253edfe6aa6e4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\distribution\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

Filesize
676KB

MD5
994c439a9a401fd2daeef5bfe4e9dd74

SHA1
e5eb20f89b81e08de6a332fbf164654d3c3c911d

SHA256
d41511693e3a7ce762e9b2e6a369c4e4d66f4642c3a873d06979377cf2427d89

SHA512
f3213739990ff1073ee601813977be234ed137689fdad80257fa5bff030f76ddc1dd7a059871cf51496665e0f2d4503221ae12c00d0341dd9e0e64acd79c1c4c

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.5MB

MD5
2c6fc36dadc9253ef58aa5aafc602377

SHA1
fe5b496b0c34ea0210bb4ec449d90cbdd7bf5708

SHA256
c513acf50de63caa2e00f2fb2b9ad5610400d6c76c0fccd366b34458b4804372

SHA512
ab61da93c977881a485cd978e9e366305f5b84ad7ce68e0675223b3b5b110202b6874c0d647fb839d1e0a03c84d720a2ad731d9c84f78b1969c075194006a613

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.1MB

MD5
406c13114f725051de5b713445abb264

SHA1
b3b7152294bf28367e007aafedcf7a281a419837

SHA256
277943e652000c706e4f36ca88a08935cd1b61cd83029dd174d89e448e18c8bc

SHA512
941708fd2d06a7f34fd84443dcbef56ebe5bd047111a2ca253d2abed76c049849b7bcba7880aa73b7ff7028f8b0239b82a2a9c74876ede886c4d0a1357073001

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.4MB

MD5
ffcae4c43b9ff240bb9cdd9f80ed370c

SHA1
c5158048bc45dc5d4f1f0bb595e82a2b6e2db11c

SHA256
ebf2ac78bd32ccb9df64998c6ee90a278e5ba0880a3382c1adf915f15c9d7d77

SHA512
b8415e9f779fd7303f227ddc1b417cb590d23c458fb4c059c319905e386128b7c45ce685a2ae3ca2e40b0d7975ff8345b194187e1d3ebd25835476154ab65b94

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
631KB

MD5
7f2f8f5e156fa6332b97de004f6fedfa

SHA1
f6271bfd1339fcf188bccea2f161c9f68ab49403

SHA256
3f84aa0734db8dd1e658d524a24231956d478cd6f866a798804e2c5bbaddbbeb

SHA512
2eb4e9b8a636e62ea7ca8cb63cf6481ee52f38df5f93267d169f7546a437bb1b4bb10603d3b6bcc578f7338b1e63b743bc22da41355969f4ef27da88d30c3ca8

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
440KB

MD5
21ed23ea2edecea5ecd89fbe6547b09a

SHA1
5ee7d61d353e5bd19ecc79d2f33f739efe286455

SHA256
576fe2f7ffd8ff23a35d447feb322ed9a6a0ad12dfe58b6d39bcd012cfd0e674

SHA512
93b41c39740cd981e4ea3791c364c4dedcb270b73fda5b979e08ad721f330ed5c184111dfc6abb856d6b086a59e64a52646510169d0fde54b914d989cb387313

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\000_README.txt

Filesize
297B

MD5
793eae5fb25086c0e169081b6034a053

SHA1
3c7cc102c8fcaf3dcbe48c3f8b17ec0f45dcc475

SHA256
14e396a360e5f9c5833dc71131d0b909f7b24c902b74f31a7a3d78d5aa0fa980

SHA512
5e949be232df14bf7bfb679986a16f4a613439f5b5e71271abbfbf74296b43c977510fd6403702139ffd77dd3369e054dbe086e0188fff4f436f3505654e1f70

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoNaskhArabic-Regular.ttf

Filesize
225KB

MD5
27dfbbe8ee4015763e3c51d73474e94a

SHA1
4328cdc9a3f9c6b7df0624c81afbd3459f213e40

SHA256
b4fe7b745c5b40e5d6294a883afcb8b4264b88d331fd0b4620050441479f391e

SHA512
42cc921fee7bad58ee1fac12eb8153b580b5d9d6ed510d5df4bd4be754ef1b017c987051385d828b70de050340f9629be7b385d0338c9db6e0f9f51543387375

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSans-Regular.ttf

Filesize
589KB

MD5
e782457ebb0389715abdf5a9e20b3234

SHA1
e0d9ad78d1972d056d015452ed8dee529e8bb24b

SHA256
0e90d375cdb64f088a6a676eb560b755afa184e523fefbb9c33fdda4d7dd8461

SHA512
3ec030fdaa18f90bd8060466276c9ec49fd9233746e603d61a4f65a9a53e97e7b3382f8f913da17c48ffefc8adcf2be25f7e1c51f16555068b8f344a4e6dd961

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansAdlam-Regular.ttf

Filesize
91KB

MD5
ac01114123630edca1bd86dc859c65e7

SHA1
f7e68b5f5e52814121077d40a845a90214b29d41

SHA256
1b7b86711479fbfd060ed38abe1258246b4be2826760e6827287958218bb3f5c

SHA512
1c9ac878ba12f3de207aa9a7eb8c0239f769f9ae7475fec998e998192aa6900fe146039ac982612c6c0b7e5363355f2803d8f62e4787c0908c883ac3796e2a9b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBalinese-Regular.ttf

Filesize
128KB

MD5
12764d72c2cee67144991a62e8e0d1c5

SHA1
f61be58fea99ad23ef720fbc189673a6e3fd6a64

SHA256
194e110cb1e3f1938def209e152a8007fe5a8b0db5b7ce46a2de6e346667e43d

SHA512
fb670a7dbb57465d6384cd5c3a35356e94bf54ac4cb7578e67c8729ff982943b99c95b57f6059443e3e8b56d8c8d2cfc6e81ae3a1cf07306f91c3a96e4883906

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBamum-Regular.ttf

Filesize
224KB

MD5
f0b22427c3ddce97435c84ce50239878

SHA1
a4a61de819c79dc743df4c5b152382f7e2e7168d

SHA256
0282610e6923d06a4d120cff3824e829b4535a8c4c57c07e11dbe73475541084

SHA512
ff2b22e58597d0ba19562c36f03cf83b5f327eee27f979c9ff84fe35a21b1fc9234f21fdb35fb95f933c79b9cf7760328d29b31480153da59a6576cf5f7f544e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBassaVah-Regular.ttf

Filesize
7KB

MD5
778376d22591a4a98bf83ac555ddf413

SHA1
608172ca18450b4cc61ff6cc155f66cff55c5bf9

SHA256
8218239377452e05634a91ee8a4338daf0aa96a15673a437533a098eb9c06f53

SHA512
e895a03374a3d3da04554cd048191722652ed4f1f7cc91639354843138ce26aea6c7f2da0ecda47eb76bcdd61a0315cc2e35e080a5953c24d82f4e94ce4aa260

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBatak-Regular.ttf

Filesize
21KB

MD5
9390ee64243e5335b79e33e5e8311341

SHA1
c8d4b3ab79f6b12311eb4e4da29e709e583b5870

SHA256
cff9f0e51e7f1d95934cac31d9ad43ba453ee308c7b46a27803dc7e2e6c3adef

SHA512
ad7b23dab247c5c71298c5023bc58bd1d00160145558d86ab75dd37de1f1017540bac544cd9bf1cb2802d19d2973c0cf189d05a980777de886ffb552ae923bc0

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBengali-Regular.ttf

Filesize
198KB

MD5
7b5138efef2c02dda9cfae9917cd913f

SHA1
b44b58f354c4a68e119df226f01ad763b2d1025c

SHA256
9f8b4dd091f19b111d24ea18daae81bea8684cc67de17ea1acd797e144bf20ba

SHA512
47e4cfd2218c91080fc4ccc3ac13dabe9efb7c96b981d53577177fb062973b9fad0052edcf2b0c663ff3b7a1d9e38e96586c93cb72618d64344b96e3df13204c

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBuginese-Regular.ttf

Filesize
7KB

MD5
bd4c30081a164037311e8712423c5bf2

SHA1
2a13bc7987ca34644b075c1fe197ba293b4ca527

SHA256
bc19f17d7f6e8f280c2cc95ef6d1b67fac25becfe98722f482039a4d84f3c9ba

SHA512
2a20d113b73cbca311d08dba40dcb7f8ab9d5383f7590b61b785070f77204db9ab163557a420c6c96ede815643f82ffdf75bc59b5802284779ff237616734c66

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBuhid-Regular.ttf

Filesize
5KB

MD5
34699ac8824cdb6593b4dbef605dd6b2

SHA1
22ff82e35cbb1ac9053f767f404ee351786fe0c2

SHA256
328d80e11e7f65f9b6e4bac12de32b7ce42154301c2a14ba92155e32e05939d6

SHA512
fe714d5d44c6c2f4f96b4349bff301a67749bcb084ade3a0270723f1fa6bd6061193c4d782cb663d63e2c32cc809f33a8114e2e0bc6915de2b04efc82b5de673

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\freebl3.dll

Filesize
249KB

MD5
d34887aa64e5fa33e45e9b8ab4688913

SHA1
1ce7c0d6c79d8b729890f0c1f43b123156febb1e

SHA256
50201be3249f5b79eea79c7e7b5989e51f02003d5e1c233f3072d8b2855e8e5a

SHA512
cacf3cd50bd7e580f30e6fb82746ea5d25af4b30adeac1b8aff11da0a190128a93f05fa86bde8ea84989e5c62bd27fca6d817477459afc7ffa50f93ae8ea4afa

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\freebl3.dll

Filesize
284KB

MD5
da6eb72c68fef327495f4463ba56db1b

SHA1
4825f8f18c0cbf9453615ea1ba567a6f9664acb6

SHA256
dd7ded00c7985356cecfb16a40b94d29938adfd22acf817111355e3595ad1cac

SHA512
e589b9f79e0ee056bd87238a44551a23dc625ae3316ee956663b482ad5daa2d13f936271850fe38eaf8604270d793d12a5bb417bb5180927c7a8b3494c120b3a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll

Filesize
43KB

MD5
4fbe7a921c122571493598d342901798

SHA1
fb4c7ba5cb85f09ae41eebd1b6480c8105bdd50d

SHA256
6c6c36f632197c38dc8482de6c79a9288e242a4b5b666f2717acd6a5d5cfe2b2

SHA512
b100dccf1ab5416dd4bd465c7c5dd23c0f62e80e50617c46528d6c8df14b39b1ca8c153d793238c795e9c6925a0761a0d21abc155896a267563a0728632f3244

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
1.4MB

MD5
02cfb29d87bdd307f1f6e09effa938db

SHA1
1be51a326239713bac1f4b8efd91fb8c124900a4

SHA256
ef9622e5fd803e503b9165245766ec5b9d6ae8faae8c32d5e86b0d32308b96ec

SHA512
fff6fc984dc85105a2a5fe8c36633ba3a59d78605c3d12d5363c4ac70b79a4b6340bd3a31ff6a58d3b9bdc6e22a39a41479140c55f58c3023ef8b0be62be710b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
1.2MB

MD5
0095e57b655a841824eb65a31d06823a

SHA1
055d00bca95d49117d41635508efd65c2c389517

SHA256
bb2c3e7f4f39231e66c37498a4bce475a6b883b37c7551ac079f6934af24a2f6

SHA512
ff198bc7a80331ac0d2c4b05981fc11e8048bd2b69f071386898f8909b81386999847642c05e44c95d509a01ee2c91188ed3ca20137af5c72b41c4a928067277

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
685KB

MD5
2d57b3914b5afa4191393e9f0ee12688

SHA1
1b3a8b9a195116f67d9cbb1aa5a2c242583de859

SHA256
7c97ccf751b4154934ece5f120ba7b63e94ed5875aff0503f2c132ce71398c56

SHA512
03576d7affdcddf81404f9a993e652111a95f32d649051716aea2ddbb57ae2d3b7dd0686f96f68b327ba01293d21431491f7c157056b3bb111a494fd6a4b815c

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
626KB

MD5
cf2e551525d475bc67db291ff8f97d05

SHA1
9b1fd4cfa5ca0a2c977d439ef83186ca184e7238

SHA256
19eb7cc33d516ec40be7ecbe99f064bc35d2507a6747562638da57b8456f1ec8

SHA512
a4dd0c2cdcfee7fb6b3930ef7272f8622048d41bfa3d7a42a748a17f8699ff0286d6762b6be3e05e3818da452ccfd793f73fb19483b2d2b50636e3e5f4cc3461

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
1.1MB

MD5
d490569a8e9321cfdea5b000cc74b73a

SHA1
81f3a7bb439b0a7be60e5519818c18735f4d12ec

SHA256
fe9605f7c2441b896db04c31196fc02d0d2fde9912fd94bfdaa940fea3b3d1fe

SHA512
47c2713c8903907843575bf57108c4b624ae45e7b83178bac48b8ce988a676c668a2097ce0528320006acbc38b01b24b6b728744cbddd3679a3b228cbab00237

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

Filesize
691KB

MD5
3da51f184f23a4119b4f361ec271054e

SHA1
084ed2eafd210238c7658004404ad35ffefb908e

SHA256
d809357a6dab399ab09286c24581c025757372b04df048cb03a0d0ef2c2d4bba

SHA512
e995ec996918cddb267f4c66b9773de63ca2f6058999ebd58f82fc67706ed8d1747f43d3f2d739af8f7416a627262e0082632f4c2cf52d8739b22658e399c114

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

Filesize
310KB

MD5
388b8baa1b61266fd5d0f859fd1bb9aa

SHA1
022cef632d5a0dea457dbdd6c4e74b0044fe44a8

SHA256
5de0a8f486c7291c43686eaa20b7bf6d4635696934b5a7f0afd75ef17d59b8ee

SHA512
e04900095715acca46740d8e9274b48ba4179a2e997e3d3c07403b2cd3f5e365a062158478223bfb5234d7481c2f6bfe2285a57502fc2428d195aa268472bae5

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

Filesize
487KB

MD5
008bedca3b9c103ec4e7dac0ea9d57ee

SHA1
78f95a322ffbf6e02abac4db524d0640dcc49da5

SHA256
41bfbb35e00e1ca6154ee2689a67ded260aafa8af25d960277437fac5215a422

SHA512
707655d41ccaaeccb931149dfff6c5fe39ab0b0aa69079115adc325927208d4ea8c6e8fc40de9e4936d9e479fa59e6fae0eb589686b9f5537f85ca82e96d2ad6

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

Filesize
1.2MB

MD5
bc3648db819d3b41e3cec46e0e21fa35

SHA1
5ba03a616560323fd99718f2e14767c925bc7baa

SHA256
4d395b425dccc7dc9d836ed72e90363d93aeda713a0f11fb029268d1159fa59f

SHA512
b92bddb5088ef4660daf942eaef7f4714091c2e65dab37fe44c38c12ce8d7bd340cc03c2287d79deffbb2f89730db62ff1f381a8a0dac1082e972ac112c0bdcd

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nssckbi.dll

Filesize
281KB

MD5
8f89e3d506fb0547bf81dc4043d6f1cd

SHA1
514a4e8d39151b606f861d65d5550ff0acfe76a6

SHA256
1db4d5af48e55df994de3c3985c7b70615ac5740f115cc3c9f0014df33cfb165

SHA512
9f5f2d46212d0f522377a8bcae8a9a0e41fea0aa78e59059c92aeb6d89abcd498b853bb235184488b624753c6c784825129574e44718f341a86d89e825d25e15

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nssckbi.dll

Filesize
384KB

MD5
ead17cfee9559ab8d278bdb07ed86430

SHA1
046e8bf6ff650021adce1194060cd0314d958a22

SHA256
a45f8e3a6d62a89af34429d6404421470ecde2e5ba4b992403cf16bf7d7f02cb

SHA512
93a5e0c2024835ce8bb929d75713e6f36a2ed6450f2a33d9d87000d690649d3046b1a4a7a204234f7f032b682cf1b9bca669f90992146d357935bcbe7f5e6b6a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\omni.ja

Filesize
1.3MB

MD5
e09a4d8cf172bcbd16b975af055bd3d2

SHA1
07a04c4a8423770f3f9c2399e7b2981c4d839263

SHA256
ff02ed75c9b0262dae4c8990fc3bb2d46335d2f260a20a6d3eb95e48a0240064

SHA512
815ae84f6bacaff813f0d9ba73f5d6cccd34f5a3d896ed8c1c6037dfdc176319f9c211411c3898b54a28f2fa3237077b613da6e9e1e77fb3d68feb4a7c6abacc

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\softokn3.dll

Filesize
288KB

MD5
ec87fbbf8dcb4de334f29edd75f090cd

SHA1
d68dbcbce12d309d9606a0cad56522e738ff4fc6

SHA256
fbefd396a1fbe9908f27db5ae72c96a3b91121ce89dda3f6376b8698cb2f33ae

SHA512
718771c0754709419a822a2c3a7a0bcd265b05adb6aadfb9afd47fb22e2ec8d8c73246afa2386a458eab2f04bcc0e6acd598782972888270f926133b7f76d0d7

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\softokn3.dll

Filesize
218KB

MD5
061bc6a2263c617d703c67558eb7638b

SHA1
3ead1e0e80a5f47a37a1d1a4dca0a3c9305cbc03

SHA256
d86c8c0aa7ec60683e8ebf7b3b85f33629c15b3501105ff629cc2b17992c0294

SHA512
7dca24a7053a17ee8662f1aa2731c1a99675ec1b4f088f03b752603537d4823562f60307c18c392ad469483986897760eebe621f4ee486ee12ac33a1f157fe88

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\xul.dll

Filesize
367KB

MD5
74895244c270b26b09de4bd3bc8ca6b8

SHA1
868e0812c9a9e049461374d9d297de2e3a622407

SHA256
ca8fd9eee4c939f6d1bfdee18581040a8c18d3537b0f8b12df8a6d353d3a7b00

SHA512
86af04ffb5a14775e4a7492bed07f1eb8db63a2c9ff5037eab53a44cf0dd00aec3eb60f946b2e2d3fe0ec29d48ff1e16ea3edc3952043453fd3bad0ddf36c26c

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\xul.dll

Filesize
167KB

MD5
22e4df5425231565318a7d3e935638a7

SHA1
c09fa82769fce85c053c46cb0bc8748fb75b1847

SHA256
35ee95c7dd123f8a35372618b5efda6b0e12e6e9abff3fffe3690e28c3d39a9a

SHA512
84fab905e358f9d26fba834353882d7ecf468c56a42429fde54a47dc9608bb767159baedd9854380dd1ba00e491166c92d77a257d05937dbe7eb5a082ccff6e4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\xul.dll

Filesize
1.3MB

MD5
9211065f807aadd6c64ee804c4725982

SHA1
b9975b832f475e8f54a7ea6f43fe74442f3b1725

SHA256
7752261344e7f2fb82563abaf722e6895ec8663b6a41bb9e8ac23af88c92b950

SHA512
457931c392776028893e90a388a700618eb9a565bac5ab7b943539fbf0f2a79403c5c8cc60da23514908ee35f7172bfacafb2afff60569e60079e96fe180c510

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\xul.dll

Filesize
992KB

MD5
26b6df4e722f55f10d64bdf227204f73

SHA1
dba9c7d81e2563fc3f16733c7a736c2902bea410

SHA256
739a346b4a6edb5aea69852f69215bbb2f1ef3d2efd961d5eaa9f69e30f0da01

SHA512
8a99043c8bd1a37958f6a7f8738baeb37fe42b56d3319de51e99c592e2d495b65f7dbda67a9fae341e52a4e77e77ae7558109cb35160369ab44f1f9a881c82ac

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Start Tor Browser.lnk

Filesize
829B

MD5
6c52c54b9358ab3fa58396e520453f2d

SHA1
2b6e2b2235ba6ebc989c52377b8d5792e8f96cf7

SHA256
3f01c6cf8e897aa705f596b0fe4b7b3aa2cb5eb89d0cf7f7f1eaa5ea040e974f

SHA512
46553083947bfcd737fa5da00e1176ec872d1e6aa8dea99e15ed8d4c481baf91f8563941a6df96d9c95e0299ec542ec9f0ad36f3e00fe29a2f6b1573a6a24ca8

Download Submit
C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.9.exe

Filesize
9.4MB

MD5
8b887c201b97aaa070214486ff4b468d

SHA1
009f501d9604bbd0bed2d2ad6626e9868b474297

SHA256
688f4410ca710f662004124c712eaee1a2a2df9abb33c011c0573d77ff18d438

SHA512
088daaa7e47a82b2a6dd65b2e28244c668930c1738f2fbdcf1652e30cb7965ce11450728a7c25bc88d0ea470dd565ff8edabf62f3685af3b22bc7882f14dc99b

Download Submit
C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.9.exe

Filesize
9.4MB

MD5
e5a525a27382634b5f02d335b4db4bfc

SHA1
dff724663e0e5eb5f3839d13087b2c23edcddb77

SHA256
ab0c95055263360490d8fdb043cd0c06f5f2433dbf2b7f973a7bb702ebf9e74e

SHA512
693d40ad0c7a8c73f5de4faeea78742772875eaf9cb3107fb7f47796e46d1ff194b58dfe207217d1f2cf413e3a071aba3123ea45f0fcb729246ef105c2562c2d

Download Submit
C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.9.exe

Filesize
10.5MB

MD5
e61ee742b4e77f3cf556e84ca896b4e5

SHA1
10eb1d78b4f6e5a3c8449d49fe04041eef1275ed

SHA256
c7027ba8034fa571f9def076d2392c45e077642bc3a58fde34b941f91ed7fc44

SHA512
373ecf6f4cfcdef07ed7d8a6a12048fefb935b35da447ada1543eb47371c6576ece72cde5df4aee504ff364a6fd9d6b1a532b249fe0505b491b6b85fa959194a

Download Submit
memory/3224-672-0x00007FF8DEEE0000-0x00007FF8DEEE1000-memory.dmp

Filesize
4KB

Download
memory/3224-670-0x00007FF8DECF0000-0x00007FF8DECF1000-memory.dmp

Filesize
4KB

Download
memory/3772-563-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/3772-312-0x00007FF8D2620000-0x00007FF8D262F000-memory.dmp

Filesize
60KB

Download
memory/3772-311-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/3772-341-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/3772-370-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/3772-511-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/3772-515-0x00007FF8D6B50000-0x00007FF8D6B5D000-memory.dmp

Filesize
52KB

Download
memory/5132-1155-0x000001ECB8A80000-0x000001ECB8A90000-memory.dmp

Filesize
64KB

Download
memory/5132-1171-0x000001ECB8B80000-0x000001ECB8B90000-memory.dmp

Filesize
64KB

Download