hxxps://www[.]torproject[.]org/download/

Analysis

max time kernel
300s
max time network
297s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2024, 22:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.torproject.org/download/

Score

8^/10

evasion trojan

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation	tor-browser-windows-x86_64-portable-13.0.9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation	firefox.exe

Executes dropped EXE 16 IoCs

pid	Process
1400	tor-browser-windows-x86_64-portable-13.0.9.exe
1784	firefox.exe
3684	firefox.exe
4072	firefox.exe
2324	firefox.exe
1208	tor.exe
4332	firefox.exe
1744	firefox.exe
4780	firefox.exe
5816	firefox.exe
5844	firefox.exe
5888	firefox.exe
6032	firefox.exe
5336	firefox.exe
5388	firefox.exe
1532	firefox.exe

Loads dropped DLL 64 IoCs

pid	Process
1400	tor-browser-windows-x86_64-portable-13.0.9.exe
1400	tor-browser-windows-x86_64-portable-13.0.9.exe
1400	tor-browser-windows-x86_64-portable-13.0.9.exe
1784	firefox.exe
3684	firefox.exe
3684	firefox.exe
3684	firefox.exe
3684	firefox.exe
3684	firefox.exe
3684	firefox.exe
3684	firefox.exe
3684	firefox.exe
3684	firefox.exe
3684	firefox.exe
3684	firefox.exe
4072	firefox.exe
4072	firefox.exe
4072	firefox.exe
4072	firefox.exe
2324	firefox.exe
2324	firefox.exe
2324	firefox.exe
2324	firefox.exe
4332	firefox.exe
4332	firefox.exe
4332	firefox.exe
4332	firefox.exe
1744	firefox.exe
2324	firefox.exe
2324	firefox.exe
1744	firefox.exe
1744	firefox.exe
1744	firefox.exe
4332	firefox.exe
4332	firefox.exe
4780	firefox.exe
4780	firefox.exe
4780	firefox.exe
4780	firefox.exe
1744	firefox.exe
1744	firefox.exe
4780	firefox.exe
4780	firefox.exe
5816	firefox.exe
5816	firefox.exe
5816	firefox.exe
5816	firefox.exe
5844	firefox.exe
5844	firefox.exe
5844	firefox.exe
5844	firefox.exe
5888	firefox.exe
5816	firefox.exe
5816	firefox.exe
5844	firefox.exe
5844	firefox.exe
5888	firefox.exe
5888	firefox.exe
5888	firefox.exe
5888	firefox.exe
5888	firefox.exe
6032	firefox.exe
6032	firefox.exe
6032	firefox.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	tor-browser-windows-x86_64-portable-13.0.9.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 597725.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2096	msedge.exe
2096	msedge.exe
2380	msedge.exe
2380	msedge.exe
4732	identity_helper.exe
4732	identity_helper.exe
3880	msedge.exe
3880	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3684	firefox.exe
Token: SeDebugPrivilege	3684	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
3684	firefox.exe
2380	msedge.exe
3684	firefox.exe
3684	firefox.exe
3684	firefox.exe
3684	firefox.exe
3684	firefox.exe
3684	firefox.exe
3684	firefox.exe
3684	firefox.exe
3684	firefox.exe
3684	firefox.exe
3684	firefox.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
3684	firefox.exe
3684	firefox.exe
3684	firefox.exe
3684	firefox.exe
3684	firefox.exe
3684	firefox.exe
3684	firefox.exe
3684	firefox.exe
3684	firefox.exe
3684	firefox.exe
3684	firefox.exe
3684	firefox.exe
3684	firefox.exe
3684	firefox.exe
3684	firefox.exe
3684	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3684	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 2136	2380	msedge.exe	86
PID 2380 wrote to memory of 2136	2380	msedge.exe	86
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 1532	2380	msedge.exe	88
PID 2380 wrote to memory of 2096	2380	msedge.exe	87
PID 2380 wrote to memory of 2096	2380	msedge.exe	87
PID 2380 wrote to memory of 3136	2380	msedge.exe	89
PID 2380 wrote to memory of 3136	2380	msedge.exe	89
PID 2380 wrote to memory of 3136	2380	msedge.exe	89
PID 2380 wrote to memory of 3136	2380	msedge.exe	89
PID 2380 wrote to memory of 3136	2380	msedge.exe	89
PID 2380 wrote to memory of 3136	2380	msedge.exe	89
PID 2380 wrote to memory of 3136	2380	msedge.exe	89
PID 2380 wrote to memory of 3136	2380	msedge.exe	89
PID 2380 wrote to memory of 3136	2380	msedge.exe	89
PID 2380 wrote to memory of 3136	2380	msedge.exe	89
PID 2380 wrote to memory of 3136	2380	msedge.exe	89
PID 2380 wrote to memory of 3136	2380	msedge.exe	89
PID 2380 wrote to memory of 3136	2380	msedge.exe	89
PID 2380 wrote to memory of 3136	2380	msedge.exe	89
PID 2380 wrote to memory of 3136	2380	msedge.exe	89
PID 2380 wrote to memory of 3136	2380	msedge.exe	89
PID 2380 wrote to memory of 3136	2380	msedge.exe	89
PID 2380 wrote to memory of 3136	2380	msedge.exe	89
PID 2380 wrote to memory of 3136	2380	msedge.exe	89
PID 2380 wrote to memory of 3136	2380	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.torproject.org/download/
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffde6346f8,0x7fffde634708,0x7fffde634718
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1856,4336747661454341658,17143556776849553815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,4336747661454341658,17143556776849553815,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1856,4336747661454341658,17143556776849553815,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4336747661454341658,17143556776849553815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4336747661454341658,17143556776849553815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1856,4336747661454341658,17143556776849553815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1856,4336747661454341658,17143556776849553815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4336747661454341658,17143556776849553815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4336747661454341658,17143556776849553815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4336747661454341658,17143556776849553815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1856,4336747661454341658,17143556776849553815,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3456 /prefetch:8
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4336747661454341658,17143556776849553815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4336747661454341658,17143556776849553815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1856,4336747661454341658,17143556776849553815,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6400 /prefetch:8
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1856,4336747661454341658,17143556776849553815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4196 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3880
- C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.9.exe
  "C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.9.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  PID:1400
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1784
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      PID:3684
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3684.0.1498303752\2134692678" -parentBuildID 20240115174022 -prefsHandle 1828 -prefMapHandle 1868 -prefsLen 19245 -prefMapSize 243588 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {391a0da0-d1ae-4dae-9106-cc502cfb9472} 3684 gpu
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4072
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3684.1.849400299\286555151" -childID 1 -isForBrowser -prefsHandle 2872 -prefMapHandle 2868 -prefsLen 20081 -prefMapSize 243588 -jsInitHandle 1328 -jsInitLen 240916 -parentBuildID 20240115174022 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {7c80089a-935d-4c45-9403-fe6364896187} 3684 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2324
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3684.2.1813131566\546974779" -childID 2 -isForBrowser -prefsHandle 3236 -prefMapHandle 3476 -prefsLen 20893 -prefMapSize 243588 -jsInitHandle 1328 -jsInitLen 240916 -parentBuildID 20240115174022 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {2bef3e39-ee98-4d97-b065-a37428b44076} 3684 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4332
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:7269f9e8c488791c60b43c48f5131f718ddca91d779db29ab3927b443b +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 3684 DisableNetwork 1
        5⤵
        Executes dropped EXE
        
        PID:1208
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3684.3.1333739884\1858073430" -childID 3 -isForBrowser -prefsHandle 3404 -prefMapHandle 2400 -prefsLen 20970 -prefMapSize 243588 -jsInitHandle 1328 -jsInitLen 240916 -parentBuildID 20240115174022 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {7cb5acd4-d864-49e4-8827-632f1ad994a7} 3684 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1744
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3684.4.1516330969\2026059787" -parentBuildID 20240115174022 -prefsHandle 3348 -prefMapHandle 3064 -prefsLen 22145 -prefMapSize 243588 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {b29ead51-8179-4684-b5e6-1cf94046d17d} 3684 rdd
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4780
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3684.5.1112622991\1618571495" -childID 4 -isForBrowser -prefsHandle 3276 -prefMapHandle 3144 -prefsLen 22426 -prefMapSize 243588 -jsInitHandle 1328 -jsInitLen 240916 -parentBuildID 20240115174022 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {6919b5cf-ec1e-4769-8d71-95fb7f35acb0} 3684 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5816
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3684.6.2033712430\1142346287" -childID 5 -isForBrowser -prefsHandle 4312 -prefMapHandle 4308 -prefsLen 22426 -prefMapSize 243588 -jsInitHandle 1328 -jsInitLen 240916 -parentBuildID 20240115174022 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {05ed57e4-7f01-4035-bb66-a7deff87b3d8} 3684 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5844
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3684.7.445013879\318459104" -childID 6 -isForBrowser -prefsHandle 4376 -prefMapHandle 4380 -prefsLen 22426 -prefMapSize 243588 -jsInitHandle 1328 -jsInitLen 240916 -parentBuildID 20240115174022 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {691170ee-7916-4545-9d85-fc3c978d65ee} 3684 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5888
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3684.8.878856944\179348941" -childID 7 -isForBrowser -prefsHandle 2032 -prefMapHandle 2828 -prefsLen 22590 -prefMapSize 243588 -jsInitHandle 1328 -jsInitLen 240916 -parentBuildID 20240115174022 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {4d60f4ea-8f9f-49ae-b2cb-e8cdc2c71407} 3684 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:6032
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3684.9.807882425\1400909850" -childID 8 -isForBrowser -prefsHandle 3028 -prefMapHandle 3620 -prefsLen 22914 -prefMapSize 243588 -jsInitHandle 1328 -jsInitLen 240916 -parentBuildID 20240115174022 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {dc83ccb2-f47a-4737-9bc9-8a6e52717667} 3684 tab
        5⤵
        Executes dropped EXE
        
        PID:5336
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3684.10.1571718860\32809029" -childID 9 -isForBrowser -prefsHandle 4388 -prefMapHandle 4652 -prefsLen 22914 -prefMapSize 243588 -jsInitHandle 1328 -jsInitLen 240916 -parentBuildID 20240115174022 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {1bcc1048-c2db-4e3c-92b8-b5f5d30c0cb4} 3684 tab
        5⤵
        Executes dropped EXE
        
        PID:5388
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="3684.11.1619168347\1625490043" -childID 10 -isForBrowser -prefsHandle 4656 -prefMapHandle 1660 -prefsLen 22914 -prefMapSize 243588 -jsInitHandle 1328 -jsInitLen 240916 -parentBuildID 20240115174022 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {85edd2ea-cb80-46df-bff9-3a231bf6c71d} 3684 tab
        5⤵
        Executes dropped EXE
        
        PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,4336747661454341658,17143556776849553815,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4876 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1386433ecc349475d39fb1e4f9e149a0

SHA1
f04f71ac77cb30f1d04fd16d42852322a8b2680f

SHA256
a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

SHA512
fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
5942d6a205bfaff6c4a4c08da3fc901e

SHA1
309f09a550138d2f2680ec4a5f467d214ad499b5

SHA256
97fdf7f77def6a7d01687f192d2b00d1ce0e40a31c81d5d8174fa9c7d19be178

SHA512
a820181389ff7f220b129e1fe0559ed41c5566ed1ce4156e01b7d39bd1082262d16a2da96a67ea1ff537921fa635da51112c7db4f762dabffcfa2b58a2a3a7c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ebf38ebc05c403e59c59831e251398ae

SHA1
4e3d4ef236eb78b7cc49021ee98f41972de03234

SHA256
16c1a0a63b35a5e3f063558164674292d88e311efa91f527d983b4bee4d95f7e

SHA512
b1bf8a5c0beb83487f7de0c5a199e3c75ee73141401b1be691bde9305c8df36425f8d3a314b7de498e21bdb322a6f8c915dc666b5311e07c9ef4f2921e539f78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f6a4603ce0a25c6b48dfdf43fac396e2

SHA1
1e291a82d78260a56042baffc58fc6639698be0d

SHA256
4c3d8b38a1e952cecd04d7890dad8a7dc9a09f156fdbc18338fd779140331c6f

SHA512
f56f215c8d352bb8b3a0afdb6fdd7b753b9e5b0dabf823c3d59fd47a3dda3fc8fd3bc6164652093c20b4bfc066418677360206e6c1226ef5be5562e1a04958c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0560ea5b557d4a20cf09599f3705af0a

SHA1
46e04881cb2413e0ecf33fcae2db6ef59f4f06bb

SHA256
a402de9f9abd3f7121254280691e85bb825743e128686b1f3f2add68495c317d

SHA512
0329392d3176ba60c4e7700333743d91c3a83a183a440bbb36d5bd051f567c81768e4f2ab493d3deb77fc8bc6067539833489f329086a6e8f457c2ad017919a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e73ccb40e4c7b2b30228ae9e5633c823

SHA1
f847bf9a86842ed2d16c11e66f4eb232508f0fbf

SHA256
861af582ceb88c3587b1fc20172e44fd699e29b85db701fe17eb3f7b81738d16

SHA512
4ab16958bcc798396198afc8fc88d88f5328366aa81d1e49a59d2bc05dd7f33d3bae73a4ca9dcd724a7369054b8f8fdb89be3e2b289c2e24eb4d6e6a54f5ebc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e664066e3aa135f185ed1c194b9fa1f8

SHA1
358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5

SHA256
86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617

SHA512
58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
d772c7c53697f6751bfaeb26318ddffc

SHA1
208f55a52688e230ab062e05f61e2640946297fd

SHA256
38cf86c70617444b57750a6a9629a220324d0748ec97048411ba2e555d0f6374

SHA512
0a8499cef3ccc52977286d8527860ead3d610dc8c6d19e006ea7c471d8ca8499abef9608bd8eba34766f9d3dc96e2051f4b97c4192e84501a60d031b0bec43e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579ed0.TMP

Filesize
204B

MD5
dc24c87f3b19c434b6534489d8ca7dd5

SHA1
30dda620fbf21fc62b58f6a824ea78838fa28913

SHA256
2ab7fa6a4e11870d12c4a7bcee0e0ffe776ac8c61da9fb517ea18746316e2963

SHA512
2a255ca4598c13eee24ae5b26ec68a9a1ba2c78013f0045be10ee1dee6221e14336be6b507cef118a4858f410db20bde8fe819b476e2dc170dac27dd176285bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5ec4694be02a6b6f199acebc87eb8d3b

SHA1
953e5891f1edb23ee25c1f8f5fd23fa416907960

SHA256
3ee91fce5ef48197600511b011354e98030ff33a6ca5777e6036938e04e5ad75

SHA512
8fec978ffe74db01e8681baf2d4ca216daa8028347cec55fb356a546277559db389057711fe222e51495fe76050e8c830db9419c1706ab56f6c3893e9f7100f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a95a41e03ccce3ac0c05c8df3c1a3cd2

SHA1
898362e8fdf31d4a9f0754b88058b35e5f058943

SHA256
8d033074f6e2df2e42748ab41dd992d1f09dc39012ee6b8f040993b75f36025b

SHA512
d9914af5899498d073b7ca18ebbfaa8694c7359618b5e55b4fdc97f5b820e3fa18d0d1b02ff944f5b39367d9f5f3fdc8b2ab8e69e2a7a54311befe44fcb33a76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d32dd4678aae5855714fe60861ff5974

SHA1
124dc3112dbe4fdae81a2abe9d4a88e8b90243ce

SHA256
786b96b09e047467088fe0648fd0d9fd7d64213e8fc47f3da827d324d9ee09c8

SHA512
ab3e8dfa8f65205691364368259f1d2b3ce010503e0c332e84ae33f6277adca4e7d05a441d23420b3608f1f9938eb333bed7aea0479d93333d74d0ac60b788f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse1BE2.tmp\LangDLL.dll

Filesize
8KB

MD5
59888d7d17f0100e5cffe2aca0b3dfaf

SHA1
8563187a53d22f33b90260819624943204924fdc

SHA256
f9075791123be825d521525377f340b0f811e55dcec00d0e8d0347f14733f8a3

SHA512
d4ca43a00c689fa3204ce859fdd56cf47f92c10ba5cfa93bb987908a072364685b757c85febc11f8b3f869f413b07c6fcc8c3a3c81c9b5de3fba30d35495ff23

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse1BE2.tmp\System.dll

Filesize
25KB

MD5
480304643eee06e32bfc0ff7e922c5b2

SHA1
383c23b3aba0450416b9fe60e77663ee96bb8359

SHA256
f2bb03ddaeb75b17a006bc7fc652730d09a88d62861c2681a14ab2a21ef597ce

SHA512
125c8d2ccbfd5e123ce680b689ac7a2452f2d14c5bfbb48385d64e24b28b6de97b53916c383945f2ff8d4528fef115fbb0b45a43ffa4579199e16d1004cf1642

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse1BE2.tmp\nsDialogs.dll

Filesize
14KB

MD5
990eb444cf524aa6e436295d5fc1d671

SHA1
ae599a54c0d3d57a2f8443ad7fc14a28fe26cac3

SHA256
46b59010064c703fbaf22b0dbafadb5bd82ab5399f8b4badcc9eeda9329dbab8

SHA512
d1e4eb477c90803ddf07d75f5d94c2dacfdcd3e786a74ea7c521401e116abf036d9399e467d2d12bd1a7c1abda2f1d6d15b40c8039fd6ec79ba5fe4119674c27

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
7fba44cb533472c1e260d1f28892d86b

SHA1
727dce051fc511e000053952d568f77b538107bb

SHA256
14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf

SHA512
1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json.tmp

Filesize
26KB

MD5
cdb8c97de40aa7d5663aa3edd62dd956

SHA1
436dbdaf3857d166fb80961d8e09871910c5f67c

SHA256
7f170f3a1d8dc742bae14ea8659aa16b4ac270aa5e1a9fec6192ff0dfbf17a19

SHA512
fcf5a7483724bc845eab34aa84a87bbc59a063b5bd6a4f36309e95c52b8f58b13fc9b97ee3570fc89c7499cd103b94a3547f05805f0a56b217fd2e4842c1f077

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
13947eab1ae6c7ab5c3727abbb420f92

SHA1
b90b3f69395e52ae3674e73228c3ef9f841ca7ac

SHA256
c56b5941de7466bff89ae22daf7ff58229df9040a3906e4aa296935e7469aeb6

SHA512
aab77af5b153677d3979b95d14f25f1625d5a25ce9d0698c4fa5e3c267e341ac2e65abcf47f2b9579c2c62ae464f91ebd43ddca5b1a7cf4170eca39ea3bc5160

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
fe79a05b36e79b205e75c2226e666792

SHA1
804a60b2092e4e59c360db0a6b2decf2006588d6

SHA256
0a26996386ee57f49e609897a22dbf21ee97ca378fc8606531d22af0c1c8098c

SHA512
1fb67b5a86374c92b1eddb170e0017c1c1fb9c39c0159b9158ccd96ee744d9cab70a3263634d42bdc652816b4a2a41f4ad0d2489eec5c428dd31e2b384a16baa

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
2KB

MD5
1828bd369412806c45660f3710097399

SHA1
99c5665fa1401a801921f26585641c7faab63816

SHA256
dd145ac765ac5c615d40183f7b82a402992716a838be30e941d974a79ffe9d30

SHA512
671e30cc87651a229ed9322fc9612e5075aeced3729e6fa7b80ee2ef3e2a11097e45f0458cc63f05c0c9380634e3ce760a268630f6a6be97138517d1dc38a385

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
5KB

MD5
2ef2d4c128299c8f9dfd76ffc2cd3cef

SHA1
e9ca48aa755674aae2c062053ac0965764e3b41a

SHA256
1689e35e45b4a72a9134d60654628ab56688a79dc485a23e6382996f5604f46e

SHA512
add7a0ef2028264b4c4c1ffd46417f63b9d2b91a445afc846656c41931bb5780a87ed8e9bcb6a7dc863d0bd62aabbac15e18240f21435fa621cb2db44fd63c3e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
160KB

MD5
19004bd0ecd2f4d5750d9e40968d0b93

SHA1
2b41fed78eed6df6e5fb0576e9cf0c295f4c8c7b

SHA256
86c9f10c3cd67464a350c0124548f08d5511e7c604ed38585055f9eb6f054a5b

SHA512
60aea82b79ee6b1c47883f45178aea2cdc7ed06e51f95d50fe6dbe4b14e03f0a68cc36b10b18ac632805453a709bb04a7c6378d71ac845d9ecbb98f9a62617a9

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
216KB

MD5
6714d67fe755e6ff244356f2e5f76e64

SHA1
6c7abab734fec576a1ffd765dfb9e84eede618b0

SHA256
6f116599a2fe4598394af1232a561f952121aa529c88f05d6fcd68ad25e88a54

SHA512
57e37793d1944f06922f36a57d5c34f9b7a0e62e3ce93f6b8f0a5a05fe4f75ff3adcf9a545728ea98428cb3f596ae180600f94e32abb580407415b39475115df

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profiles.ini

Filesize
103B

MD5
5b0cb2afa381416690d2b48a5534fe41

SHA1
5c7d290a828ca789ea3cf496e563324133d95e06

SHA256
11dedeb495c4c00ad4ef2ecacbd58918d1c7910f572bbbc87397788bafca265c

SHA512
0e8aafd992d53b2318765052bf3fbd5f21355ae0cbda0d82558ecbb6304136f379bb869c2f9a863496c5d0c11703dbd24041af86131d32af71f276df7c5a740e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus.tmp

Filesize
2.6MB

MD5
91a5bd50749aabda56a801f7b78f0e10

SHA1
64189945c273de7b97d9f0ae4b827bf10b889229

SHA256
40aaeca658cddca5d5c9a60b582440d992cdbc38ffaedb9fca426411ce7b20a6

SHA512
2b108d3cb61b7138f467401dee51abe5140ed4630ac2b27cf5e609d10c7e369db3f29bd31edd3bd635f2e755dd13bca7a6a14c19582608d34135a144ae278357

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new

Filesize
11.7MB

MD5
62e02ae97117ebf6c7f593a59d2dc852

SHA1
d958dc91fe592ddb16d355e5581fe09cfc2b4615

SHA256
79be37f5eabe98e675371a11dbff156aa5fccdd19ca292644b14706ecbeb6721

SHA512
1f8913900f256a93f7c80ed30075e04f8282956b4b1e291406401bac441ea5ddf88d70e81c3cfdadd6b121cc467422851398533c0aadf7882317a6ac5ec1b844

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\browser\omni.ja

Filesize
10.1MB

MD5
2d3a590c4e854504e95c558af1ff2b05

SHA1
fde1d161f9aebdb4f7cfc80a868e6f5c984e3d5f

SHA256
ea0132da9e1ce7407927567336b0990eee75595d7e95f18fd4bcc3e4ad7338e4

SHA512
11f67a25d69c5128cee41dda8bee005adacfa5a78619f401fe501ce415a40e90fcd366363026e51fd711d1c67837d14c7dabb5f38b8d002f8b45d7e133eab521

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\defaults\pref\channel-prefs.js

Filesize
429B

MD5
3d84d108d421f30fb3c5ef2536d2a3eb

SHA1
0f3b02737462227a9b9e471f075357c9112f0a68

SHA256
7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b

SHA512
76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\dependentlibs.list

Filesize
42B

MD5
70b1d09d91bc834e84a48a259f7c1ee9

SHA1
592ddaec59f760c0afe677ad3001f4b1a85bb3c0

SHA256
2b157d7ff7505d10cb5c3a7de9ba14a6832d1f5bfdbfe4fff981b5db394db6ce

SHA512
b37be03d875aa75df5a525f068ed6cf43970d38088d7d28ae100a51e2baa55c2ad5180be0beda2300406db0bdea231dde1d3394ee1c466c0230253edfe6aa6e4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\distribution\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

Filesize
930KB

MD5
a3fb2788945937b22e92eeeb30fb4f15

SHA1
8cade36d4d5067cd9a094ab2e4b3c786e3c160aa

SHA256
05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd

SHA512
4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.7MB

MD5
8657a4a8317072b9add9c91431f09de4

SHA1
415406bb72114572d689aa09c19d4c6c60673eb5

SHA256
77fe9d57114def479f661e8813f2d48aef9aec1eb62081999f0c482bf205dcc2

SHA512
89325fdd3ec217674a5b59f16b4e7b8a56cb69207f27bddc59b84e6842962f517f69560ba33181efe70095016b45e31138276c11885a80596b5f5077e35967a1

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
576KB

MD5
89c9c16f37ff6b38b2b889e946b1d63e

SHA1
01a62133ed82531c065371424fd0dc3d86cb33aa

SHA256
d3d8b028aa7b40b53e51e120ada28f98287a9dd93e25afec1b9290158774d1bf

SHA512
67a5e6f2b2395ba293a6623d9c15e28504a3fa558381e554aef14ad9ed58d93bed3b078ff3795074eb8defe459d5bea98762d30eaf8c5c87677530151c239a11

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\000_README.txt

Filesize
297B

MD5
793eae5fb25086c0e169081b6034a053

SHA1
3c7cc102c8fcaf3dcbe48c3f8b17ec0f45dcc475

SHA256
14e396a360e5f9c5833dc71131d0b909f7b24c902b74f31a7a3d78d5aa0fa980

SHA512
5e949be232df14bf7bfb679986a16f4a613439f5b5e71271abbfbf74296b43c977510fd6403702139ffd77dd3369e054dbe086e0188fff4f436f3505654e1f70

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoNaskhArabic-Regular.ttf

Filesize
225KB

MD5
27dfbbe8ee4015763e3c51d73474e94a

SHA1
4328cdc9a3f9c6b7df0624c81afbd3459f213e40

SHA256
b4fe7b745c5b40e5d6294a883afcb8b4264b88d331fd0b4620050441479f391e

SHA512
42cc921fee7bad58ee1fac12eb8153b580b5d9d6ed510d5df4bd4be754ef1b017c987051385d828b70de050340f9629be7b385d0338c9db6e0f9f51543387375

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSans-Regular.ttf

Filesize
589KB

MD5
e782457ebb0389715abdf5a9e20b3234

SHA1
e0d9ad78d1972d056d015452ed8dee529e8bb24b

SHA256
0e90d375cdb64f088a6a676eb560b755afa184e523fefbb9c33fdda4d7dd8461

SHA512
3ec030fdaa18f90bd8060466276c9ec49fd9233746e603d61a4f65a9a53e97e7b3382f8f913da17c48ffefc8adcf2be25f7e1c51f16555068b8f344a4e6dd961

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansAdlam-Regular.ttf

Filesize
91KB

MD5
ac01114123630edca1bd86dc859c65e7

SHA1
f7e68b5f5e52814121077d40a845a90214b29d41

SHA256
1b7b86711479fbfd060ed38abe1258246b4be2826760e6827287958218bb3f5c

SHA512
1c9ac878ba12f3de207aa9a7eb8c0239f769f9ae7475fec998e998192aa6900fe146039ac982612c6c0b7e5363355f2803d8f62e4787c0908c883ac3796e2a9b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBalinese-Regular.ttf

Filesize
128KB

MD5
12764d72c2cee67144991a62e8e0d1c5

SHA1
f61be58fea99ad23ef720fbc189673a6e3fd6a64

SHA256
194e110cb1e3f1938def209e152a8007fe5a8b0db5b7ce46a2de6e346667e43d

SHA512
fb670a7dbb57465d6384cd5c3a35356e94bf54ac4cb7578e67c8729ff982943b99c95b57f6059443e3e8b56d8c8d2cfc6e81ae3a1cf07306f91c3a96e4883906

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBamum-Regular.ttf

Filesize
224KB

MD5
f0b22427c3ddce97435c84ce50239878

SHA1
a4a61de819c79dc743df4c5b152382f7e2e7168d

SHA256
0282610e6923d06a4d120cff3824e829b4535a8c4c57c07e11dbe73475541084

SHA512
ff2b22e58597d0ba19562c36f03cf83b5f327eee27f979c9ff84fe35a21b1fc9234f21fdb35fb95f933c79b9cf7760328d29b31480153da59a6576cf5f7f544e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBassaVah-Regular.ttf

Filesize
7KB

MD5
778376d22591a4a98bf83ac555ddf413

SHA1
608172ca18450b4cc61ff6cc155f66cff55c5bf9

SHA256
8218239377452e05634a91ee8a4338daf0aa96a15673a437533a098eb9c06f53

SHA512
e895a03374a3d3da04554cd048191722652ed4f1f7cc91639354843138ce26aea6c7f2da0ecda47eb76bcdd61a0315cc2e35e080a5953c24d82f4e94ce4aa260

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBatak-Regular.ttf

Filesize
21KB

MD5
9390ee64243e5335b79e33e5e8311341

SHA1
c8d4b3ab79f6b12311eb4e4da29e709e583b5870

SHA256
cff9f0e51e7f1d95934cac31d9ad43ba453ee308c7b46a27803dc7e2e6c3adef

SHA512
ad7b23dab247c5c71298c5023bc58bd1d00160145558d86ab75dd37de1f1017540bac544cd9bf1cb2802d19d2973c0cf189d05a980777de886ffb552ae923bc0

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBengali-Regular.ttf

Filesize
198KB

MD5
7b5138efef2c02dda9cfae9917cd913f

SHA1
b44b58f354c4a68e119df226f01ad763b2d1025c

SHA256
9f8b4dd091f19b111d24ea18daae81bea8684cc67de17ea1acd797e144bf20ba

SHA512
47e4cfd2218c91080fc4ccc3ac13dabe9efb7c96b981d53577177fb062973b9fad0052edcf2b0c663ff3b7a1d9e38e96586c93cb72618d64344b96e3df13204c

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBuginese-Regular.ttf

Filesize
7KB

MD5
bd4c30081a164037311e8712423c5bf2

SHA1
2a13bc7987ca34644b075c1fe197ba293b4ca527

SHA256
bc19f17d7f6e8f280c2cc95ef6d1b67fac25becfe98722f482039a4d84f3c9ba

SHA512
2a20d113b73cbca311d08dba40dcb7f8ab9d5383f7590b61b785070f77204db9ab163557a420c6c96ede815643f82ffdf75bc59b5802284779ff237616734c66

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBuhid-Regular.ttf

Filesize
5KB

MD5
34699ac8824cdb6593b4dbef605dd6b2

SHA1
22ff82e35cbb1ac9053f767f404ee351786fe0c2

SHA256
328d80e11e7f65f9b6e4bac12de32b7ce42154301c2a14ba92155e32e05939d6

SHA512
fe714d5d44c6c2f4f96b4349bff301a67749bcb084ade3a0270723f1fa6bd6061193c4d782cb663d63e2c32cc809f33a8114e2e0bc6915de2b04efc82b5de673

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansCanadianAboriginal-Regular.ttf

Filesize
111KB

MD5
fc6ec655d6a00c567119522854e24172

SHA1
b72baef2dc0aca98cf7d3458cc027f4b0622db08

SHA256
0d188756c9c282bf31738af5373f2363cc8007bbbc8d5560fae5821ed4937611

SHA512
0a0eb23751b5df39becbbb308b6b36e324ea6ec469d2167a795cc10fb3bc38cb7b3187a3a63566e280470b09a080c000280e3b9a01681a68f8a3f35c7a2f139a

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansChakma-Regular.ttf

Filesize
80KB

MD5
82f2c632a76dc9922cd85630d0c97db9

SHA1
4558e69543903a058b3d5a7b8f50a6dea8ea50f9

SHA256
60ce1d029e35b432dd68cc9f6c94f69bd84d8c97f28f06130186606dd2c3325d

SHA512
cbfe37179fa4bd8618eade5e5168dcfab9d784586319014692bcfc7f767187e4beee24b3afb471abdd9adde747eaf51648926ed1a790e9f8458152c283fb34e0

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansCham-Regular.ttf

Filesize
31KB

MD5
bf95af30d1db0fdb374cf646dc81b461

SHA1
6bf52ccaba21c23a9b461af8cfb7574bad6bee3e

SHA256
74cbbe944f25c64f0fd2f158716a648b970e3df714f8ca2644d56f65f5eeee4e

SHA512
52c5fc608d9e771cffc6de8ffcb953240cd445e77c4d65582dba198eec33c247891bed32de7b88c22f177e07c094716210623d1381c4cbb68fc5ad048cc24e3b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\freebl3.dll

Filesize
686KB

MD5
ab53e44b82fc10fba2871652a940ca41

SHA1
abaf16db1d00654dee7dfe8b87ae7a2db82b8d3d

SHA256
6e9557dc3dcc1d3fde04c4276f187cef61c289baf4de02113586ad97c779742c

SHA512
0c4f2f202fbf391efce792ba80ecf77899d4ca6964e92b204dcebbb2604c7e41afe73e34db8c554a94664c6d1f9105bdbabd5375fe4f907eb1bd7b68724573df

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll

Filesize
43KB

MD5
4fbe7a921c122571493598d342901798

SHA1
fb4c7ba5cb85f09ae41eebd1b6480c8105bdd50d

SHA256
6c6c36f632197c38dc8482de6c79a9288e242a4b5b666f2717acd6a5d5cfe2b2

SHA512
b100dccf1ab5416dd4bd465c7c5dd23c0f62e80e50617c46528d6c8df14b39b1ca8c153d793238c795e9c6925a0761a0d21abc155896a267563a0728632f3244

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
1.4MB

MD5
c4a8ec311f3c54ad8d9c768d954f1795

SHA1
ee041bc1313678f8d744da21d94e194991732f4c

SHA256
a2d313a9d79de2b3fa0a15189dee85b4f5e75e5a9166d2500a706450e26718be

SHA512
f529aed2d947f1bb0c6845660b3b0fbd6e34f7f1f01cf6a5cf13bd3586cd933fdcfb049c44da7900594f0e9a648efbc40057bf27213cba6f7228c8d3a3e23a04

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
256KB

MD5
e704c072a0dde936ce743bd4e6843ddf

SHA1
9bb4333944693dc126fb723185550d418f73f231

SHA256
b5b8fdc6b82f33a055a3a260355f03a27d82a30c139be7a0a9334cab71a926f2

SHA512
4819b0fc39a25ff358ac65a2c04b8778adf9d7009c0f809d7cc2af280ec6c4c004c9b9356b5cabc841798a146c2f6816ee8c8c1e16f4c01f7162a2cf33a8e981

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

Filesize
2.5MB

MD5
e4204084082d135e03ae93345d559a67

SHA1
44d92396de011cb89b3e3fc615adb1416afa18e3

SHA256
e57672b60a4215defd3eca5ece7e227ebae6e1bebe1b62e19fc273bbf7aa3a8a

SHA512
887236e9a94f42d6ad9158ebb94a63efb3ef1507dc58718fbb7109d99951ac58dfe8f4d4826dd39d8d0c291a017d81a2f82b6967fb4fefefc2cc423925b4fdfc

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nssckbi.dll

Filesize
472KB

MD5
8713bbd76e342bd66d98bdbfc6d35a39

SHA1
c180702bac5792c00b8423be9c54b4fa7e92b8df

SHA256
488b0b18fd6a7a6bcaf0cedfdd01fad23cdcc301fba54ee15e9a15f9b09ec760

SHA512
79ae532870f30950b6b3a6a7cb477767e5347e5c55a875150ab4e5b8e830068c8c0ada1249b10ecf4658f9f75832ce782952bd7b141fec009cb6734c02aa4dfb

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\omni.ja

Filesize
9.6MB

MD5
9482fbf332f82d8413bc62cde006cc5c

SHA1
30f9f0a45edbd7e779c018db2559a54c4f15020e

SHA256
0eac39845bbb44d2a6541b8be6ff1816fb7c28beeb95d702f4757a4be31d5d00

SHA512
859d2ae9f4e7fc87cc8ab047b33a2326c36d509f21aa21582d4e9e8462aea769eeca299d13754c430c4c6d16729acf23c8886a700f05cc85d383550654dae236

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\softokn3.dll

Filesize
288KB

MD5
ec87fbbf8dcb4de334f29edd75f090cd

SHA1
d68dbcbce12d309d9606a0cad56522e738ff4fc6

SHA256
fbefd396a1fbe9908f27db5ae72c96a3b91121ce89dda3f6376b8698cb2f33ae

SHA512
718771c0754709419a822a2c3a7a0bcd265b05adb6aadfb9afd47fb22e2ec8d8c73246afa2386a458eab2f04bcc0e6acd598782972888270f926133b7f76d0d7

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\xul.dll

Filesize
7.3MB

MD5
f7e3aa8f4227a12df520703e56b88fba

SHA1
f5c5cbb3b29e4091fa38af880397d40fb81d9c71

SHA256
c1c9dda0e1dc8a88920be2227a8821b1254d5b8b5f37af629b22a8ba35d704c1

SHA512
aba9649ca357261553929da2ae8c6ef78804d1556828f6520cd45f19d593d0924f0d865b956f973ee818bc152a2db456cdf1316538c80658217568429103a086

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\xul.dll

Filesize
6.1MB

MD5
486e208976a757d82a7a56c686e8711a

SHA1
eb4e9a75d2f228b7dbe005fa956a02f3b3de9a4a

SHA256
8ce6313b003bd03fa8ca9101a930a7f9a5728fc9969c61820ba220ae85bd1d09

SHA512
5e4aeb24ac70b6263c17f6b2d5150c7498b0aac06a93be79d8aaad2e0cf35d637e68ebbacab771a685f8f1486dcf307798058e20a5d91df5faa6cd6c794f0020

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\xul.dll

Filesize
8.0MB

MD5
a7dd44d6c0bf38dde9c9bfbffd7d95ec

SHA1
ac09a5d7dd0a1d10332395c7930bc1f9809c2258

SHA256
1d3c67f1629487659c8feb76f14833e3e302294926deb7452a34d2b32112737b

SHA512
6aee1c2be0434f01a43487480f4066c58cc375a7ab5747e03d9a59980bdfeeb67250d5585d4a65d083278e0de35434b5a97ba840f467aaed1c70c3227889e449

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Start Tor Browser.lnk

Filesize
829B

MD5
3f7bb437dfedc9c99915aa8244216e61

SHA1
fc7cfa4f4c3f6e8223328608cf732d279fbbd1de

SHA256
9dce1749fe13dbfd28b3e98710a64257772a7672b5521e0bef0a2e5e11390bf9

SHA512
69b0ac0c411bab6921917999f66059d0ccd05c647d3a12beecdd92d99d7b9d3dcdd8b591876375e713734d9d01dfd718713053e8924d1ead17c4c752e654dea3

Download Submit
C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.9.exe

Filesize
98.2MB

MD5
50dc710482ab307d2b410dab7b69b9c7

SHA1
6bb0bb2fe5c72315793588d7dec8e21c94dec2fd

SHA256
73b3d43f1d7940714e19e0f58c55682d46cf7e1c062a95b9327244b9894eddf9

SHA512
ea21b3bccde43e6ba90e6acd9d3c6d9e45490d54b914ef5dfc64e173e9a22c564185122522ae416d1830a093375ded7077389312084ed5f1a27f08ead0f23694

Download Submit
C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.9.exe

Filesize
38.1MB

MD5
710fc5bf03d641af31b1783713e463fe

SHA1
aae8442d3b811c90823e9f8ae8ee7f8a876249dc

SHA256
fa218329deca4b7acbb58fdbbc2ab3946bf0cd352423a6454f24c8d6d7dffa5f

SHA512
3ad2fa4fc064583a6a267555a36cc379f2f7c7ee5838665560f63961d1cd6985d2f71d4d2b8186b9a2f9f1d577de5279a5794e2e6d808cc5296e304cfff61702

Download Submit
C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.9.exe

Filesize
57.1MB

MD5
dd17416efbfcc52e52bfc6a459765d3c

SHA1
1668c935de09c86645cd09591c7d239d2ce915fc

SHA256
07059aea1828c41995039fae62c839fb78a557fdcc281d3b44997ce65f1ff341

SHA512
03c69f203eb416276041f65b0e7f7a808c0e8eea0bda8d4d8a946de68773cb6b89847aee5dd536603199535d02f16b380789c91c4558d4c836cc6a13a528ead1

Download Submit
memory/1400-225-0x00007FFFE2470000-0x00007FFFE247F000-memory.dmp

Filesize
60KB

Download
memory/1400-278-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/1400-444-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/1400-224-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/1400-446-0x00007FFFE6210000-0x00007FFFE621D000-memory.dmp

Filesize
52KB

Download
memory/1400-486-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/2324-605-0x00007FFFEB980000-0x00007FFFEB981000-memory.dmp

Filesize
4KB

Download
memory/2324-604-0x00007FFFEB8F0000-0x00007FFFEB8F1000-memory.dmp

Filesize
4KB

Download