Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240426-en
  • resource tags

    arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    25/05/2024, 22:03

General

  • Target

    tor-browser-windows-x86_64-portable-13.0.15.exe

  • Size

    100.1MB

  • MD5

    b5d35118985c877a85d979885da8e26d

  • SHA1

    53e5d218dea4e43f02066c523046ffc5d79439a6

  • SHA256

    0c68b126ce00d3b9b736c1e62cab93b4f9d90374fda95fed96353551eacc61cd

  • SHA512

    8b008fa54a8bf106044f372b901572ccd0a4b0bfb9a32322f919e3ca8baf5e476225f5a5401e93eed22e19ad3d8f2cf2aac320d8ec91252aa923d1170d66c575

  • SSDEEP

    3145728:+6T5tclUjvBRLaxbvsxNUXdCRgaBeq1r1fNO1:HTHc8vraJvsMXdCuaBeq1rdNO1

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 12 IoCs
  • Loads dropped DLL 61 IoCs
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Modifies system certificate store 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 13 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tor-browser-windows-x86_64-portable-13.0.15.exe
    "C:\Users\Admin\AppData\Local\Temp\tor-browser-windows-x86_64-portable-13.0.15.exe"
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3860
    • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:4808
      • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        • Checks processor information in registry
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1984
        • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
          "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1984.0.1845724734\703338260" -parentBuildID 20240510150000 -prefsHandle 2168 -prefMapHandle 2308 -prefsLen 19246 -prefMapSize 243824 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {b16140ad-8b54-4738-8ed1-c3df169bc2fd} 1984 gpu
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:1624
        • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
          "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1984.1.6722862\2067606643" -childID 1 -isForBrowser -prefsHandle 2704 -prefMapHandle 2700 -prefsLen 20081 -prefMapSize 243824 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240510150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {b73dcee4-9fec-470b-b41a-b390833fe109} 1984 tab
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:4224
        • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
          "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:d3ed735be933c8e5603a8275cbcdc8fcec4ab0cca0748d5f3ea005a806 +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 1984 DisableNetwork 1
          4⤵
          • Executes dropped EXE
          PID:2676
        • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
          "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1984.2.674102573\406474875" -childID 2 -isForBrowser -prefsHandle 3016 -prefMapHandle 2968 -prefsLen 20897 -prefMapSize 243824 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240510150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {94ba6667-761d-4b64-8445-abb55613c171} 1984 tab
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:2616
        • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
          "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1984.3.473632408\149085947" -childID 3 -isForBrowser -prefsHandle 3448 -prefMapHandle 3444 -prefsLen 20974 -prefMapSize 243824 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240510150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {f9e2a1c0-e3f4-4cbe-ba39-65772937a4b8} 1984 tab
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:484
        • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
          "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1984.4.613685316\738640636" -parentBuildID 20240510150000 -prefsHandle 3632 -prefMapHandle 3636 -prefsLen 21218 -prefMapSize 243824 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {e118ef9a-f779-41d2-8806-7628d9532a07} 1984 rdd
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:4984
        • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
          "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1984.5.864690257\1322940958" -childID 4 -isForBrowser -prefsHandle 4016 -prefMapHandle 4012 -prefsLen 22199 -prefMapSize 243824 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240510150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {bfcc2507-6c60-4f93-bfd7-782efac731fb} 1984 tab
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:3764
        • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
          "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1984.6.1791513738\833241944" -childID 5 -isForBrowser -prefsHandle 4176 -prefMapHandle 4180 -prefsLen 22199 -prefMapSize 243824 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240510150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {41799489-7ffe-4f01-8d55-31afc1674435} 1984 tab
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:2064
        • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
          "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1984.7.1256591388\767252521" -childID 6 -isForBrowser -prefsHandle 4392 -prefMapHandle 4396 -prefsLen 22199 -prefMapSize 243824 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240510150000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {79732b32-4c9e-458e-8d9c-4ecaa2946236} 1984 tab
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:3316
        • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe
          "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe"
          4⤵
          • Executes dropped EXE
          • Modifies system certificate store
          • Suspicious behavior: EnumeratesProcesses
          PID:4924

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsu52F4.tmp\LangDLL.dll

          Filesize

          8KB

          MD5

          59888d7d17f0100e5cffe2aca0b3dfaf

          SHA1

          8563187a53d22f33b90260819624943204924fdc

          SHA256

          f9075791123be825d521525377f340b0f811e55dcec00d0e8d0347f14733f8a3

          SHA512

          d4ca43a00c689fa3204ce859fdd56cf47f92c10ba5cfa93bb987908a072364685b757c85febc11f8b3f869f413b07c6fcc8c3a3c81c9b5de3fba30d35495ff23

        • C:\Users\Admin\AppData\Local\Temp\nsu52F4.tmp\System.dll

          Filesize

          25KB

          MD5

          480304643eee06e32bfc0ff7e922c5b2

          SHA1

          383c23b3aba0450416b9fe60e77663ee96bb8359

          SHA256

          f2bb03ddaeb75b17a006bc7fc652730d09a88d62861c2681a14ab2a21ef597ce

          SHA512

          125c8d2ccbfd5e123ce680b689ac7a2452f2d14c5bfbb48385d64e24b28b6de97b53916c383945f2ff8d4528fef115fbb0b45a43ffa4579199e16d1004cf1642

        • C:\Users\Admin\AppData\Local\Temp\nsu52F4.tmp\nsDialogs.dll

          Filesize

          14KB

          MD5

          990eb444cf524aa6e436295d5fc1d671

          SHA1

          ae599a54c0d3d57a2f8443ad7fc14a28fe26cac3

          SHA256

          46b59010064c703fbaf22b0dbafadb5bd82ab5399f8b4badcc9eeda9329dbab8

          SHA512

          d1e4eb477c90803ddf07d75f5d94c2dacfdcd3e786a74ea7c521401e116abf036d9399e467d2d12bd1a7c1abda2f1d6d15b40c8039fd6ec79ba5fe4119674c27

        • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

          Filesize

          182B

          MD5

          7fba44cb533472c1e260d1f28892d86b

          SHA1

          727dce051fc511e000053952d568f77b538107bb

          SHA256

          14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf

          SHA512

          1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

        • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

          Filesize

          27KB

          MD5

          6a4814c17c2e7331fbb554f2c07e2161

          SHA1

          5fe2ad5ce3ad05ca5cda350c36be9245a271f954

          SHA256

          07988b4ba498ec6cb1c9c9aca470e408a22843582b77bea6e5a7b6567f25d75b

          SHA512

          bd4f3067e2a5e6e739ee48e826e045a4e9dcb55fea4c4b39ed2836ef8d7ea2e2925c364c28f8cbfe74fc7b6efdbf0b67f2b81fb017763d927b7fc9dcd27ea505

        • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

          Filesize

          5KB

          MD5

          1a14a075573b7cde81aaf721b1b4adf1

          SHA1

          a76966201970e9cb7d6acb1f633d455396707596

          SHA256

          df3a08dad9f097adfbd34d6aca2f099f14c2e1fcc1c5eb7db747a7de16bce7fa

          SHA512

          9c768bc7ab2d8de9055894e8db1fa126b9537b7547bc8fd47ad67a0ec7037be12f7fb24ad2ea3d947eb00b7d51171dbc3a17134c4751d04ac712630a500e1fd1

        • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

          Filesize

          5KB

          MD5

          0f2e2cca308618d200a5e759fa3aa87e

          SHA1

          65bfc4f32f4de63db5e133dd062cba74eef1a08d

          SHA256

          542c12c6902f1ceeff26afd590a45f7e2c66f8da9e0c8f10420bb809e7354bb3

          SHA512

          4895e1a93f1c5f444017c85e7c4ac3debdf076e16ccf9ba346c997cbcff57ab00f4b9ff1eb6c46f0c5ba3e6a518933c28d5301d86bf086bb453356b69170706f

        • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

          Filesize

          5KB

          MD5

          0f6a23ce283311312229adedd4bfd231

          SHA1

          22855e7141ad6421dac9870794123c29b5702583

          SHA256

          55eef12287d391d62d729d13b474fc3c64eb4807065d1d51ae611b6f703b9570

          SHA512

          d4dfe55a7ee7999e7dfb819dcfaf7f18c4c8ebb0a7e05af4f1e45a0c0b9d2fefdcd89b45894973879ee105cea0188f56d63701d569db314b0d05a6a732f4e1c1

        • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

          Filesize

          1KB

          MD5

          d8fb9306ac7066601ecb7c02b97aabc9

          SHA1

          69f04998687ec7df6004d6c25f495b0a76312b32

          SHA256

          21ec29719733b1b20706504c3d6c9de14ce9a363448683596770d7e1cd639ade

          SHA512

          668ba371dfedc17e80649f041471fcc352ccc58d1aa49865754d1ab1e1092e2bcf7969c42d2c45e780b8e8dc95111eb498cf71e649009bbe77791d38bc5fcec9

        • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

          Filesize

          5KB

          MD5

          5328a03932313e7832a9293b3bbc94de

          SHA1

          e43950e7d80a0f042c8009e57b4f169b1f71aaa8

          SHA256

          5c3367c47e58a3a4b3b7601dffd06fd35f3cfc21deb0ec7ef2843545b0c529f9

          SHA512

          72ac788b5607353f3037f974f136456b258f7d3eeb8888c215f90e604b9188d8588dd4283d63b76458af200f9173ba6fa05cd27bf434ff43fa3906580d47fc68

        • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

          Filesize

          160KB

          MD5

          9872cf632de6e98c7fbc7749ff745c20

          SHA1

          828c7a09dd6efa41b94fb70e320671a8e2c92cb6

          SHA256

          6cdd5ef85cfabc8fe69ea1edd88798a3bde1f19cc32dda518cf85a61ff701da3

          SHA512

          cd884279a89aa9a7ad827b2bd91ae2786f752016dc3ca0010309d2247c8031951af324ceb75e1e027de509dce364e906af5b0f97a590e6a164c82ba618b415af

        • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profiles.ini

          Filesize

          103B

          MD5

          5b0cb2afa381416690d2b48a5534fe41

          SHA1

          5c7d290a828ca789ea3cf496e563324133d95e06

          SHA256

          11dedeb495c4c00ad4ef2ecacbd58918d1c7910f572bbbc87397788bafca265c

          SHA512

          0e8aafd992d53b2318765052bf3fbd5f21355ae0cbda0d82558ecbb6304136f379bb869c2f9a863496c5d0c11703dbd24041af86131d32af71f276df7c5a740e

        • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus

          Filesize

          2.4MB

          MD5

          e4bd25ebebbf9f5c56428fa80a78b4cb

          SHA1

          9508ba9c2f7a5c7197011d668b17ac3714a67b24

          SHA256

          09d8368424b1adab39c7542a46c7a1edef203c107e6df6f3ade60d7af9521ccd

          SHA512

          d7971af2d8357cd7ee6fa10176d1d959a60175dd54658dd168ca2f094253e2de95a0959341aebbb25754315bbb4e37e0bd195be7104a06c17403ff4a92c5f02b

        • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new

          Filesize

          11.4MB

          MD5

          8ceb73233e00ca40caebe048ced800fe

          SHA1

          ea84911088884677155b01c5bd8d32a3e1b65c5e

          SHA256

          16802d8852afc56aa13859f23ea9a21c4107039ae26ed99f7f24e967ce8c91e1

          SHA512

          2081de8f3c230c569f784fb637a082abe6125fb29f1ab7ba8346db4766c0c05d36db81466082f4b163e5b8a4cfa554df74a06edae1e6ac552b3aa82c49541ed1

        • C:\Users\Admin\Desktop\Tor Browser\Browser\browser\omni.ja

          Filesize

          24.9MB

          MD5

          0b3feaadc595d2b6588a71f17c6dcbbc

          SHA1

          3209da1b046534efe22c9b3da86e2cf4adf5d3ae

          SHA256

          4b4d1a732676a3775f133ef969b1b73c25a66603928ec542d81c144290a472c9

          SHA512

          55e873a9a824b95a594b7ae1dd106e94118adbb973be272d6b683a6530aaf4b9715a82b9404d1c8c4a9e950fc57a129f8205f2ea3f90d2b4b448f49211c6927f

        • C:\Users\Admin\Desktop\Tor Browser\Browser\defaults\pref\channel-prefs.js

          Filesize

          429B

          MD5

          3d84d108d421f30fb3c5ef2536d2a3eb

          SHA1

          0f3b02737462227a9b9e471f075357c9112f0a68

          SHA256

          7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b

          SHA512

          76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5

        • C:\Users\Admin\Desktop\Tor Browser\Browser\dependentlibs.list

          Filesize

          42B

          MD5

          70b1d09d91bc834e84a48a259f7c1ee9

          SHA1

          592ddaec59f760c0afe677ad3001f4b1a85bb3c0

          SHA256

          2b157d7ff7505d10cb5c3a7de9ba14a6832d1f5bfdbfe4fff981b5db394db6ce

          SHA512

          b37be03d875aa75df5a525f068ed6cf43970d38088d7d28ae100a51e2baa55c2ad5180be0beda2300406db0bdea231dde1d3394ee1c466c0230253edfe6aa6e4

        • C:\Users\Admin\Desktop\Tor Browser\Browser\distribution\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

          Filesize

          930KB

          MD5

          a3fb2788945937b22e92eeeb30fb4f15

          SHA1

          8cade36d4d5067cd9a094ab2e4b3c786e3c160aa

          SHA256

          05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd

          SHA512

          4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

        • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

          Filesize

          1.7MB

          MD5

          1415ff2562e8a4c595e99ff713a1ba38

          SHA1

          0286f612a5572ec221e456ec145149078930c76a

          SHA256

          18324f12f6e5858900e764340a24cf1f86b78041db68f3da062b9bca8ce6c7a8

          SHA512

          4dc261ba9bb6476eedf0c050bbfc20f5a46d080dbe35665b0d9230608b0c08115e6d251de741e87d83cf4ab4304d59e3f2328af71196443f3b967d4492d8dc64

        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\000_README.txt

          Filesize

          297B

          MD5

          793eae5fb25086c0e169081b6034a053

          SHA1

          3c7cc102c8fcaf3dcbe48c3f8b17ec0f45dcc475

          SHA256

          14e396a360e5f9c5833dc71131d0b909f7b24c902b74f31a7a3d78d5aa0fa980

          SHA512

          5e949be232df14bf7bfb679986a16f4a613439f5b5e71271abbfbf74296b43c977510fd6403702139ffd77dd3369e054dbe086e0188fff4f436f3505654e1f70

        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoNaskhArabic-Regular.ttf

          Filesize

          225KB

          MD5

          27dfbbe8ee4015763e3c51d73474e94a

          SHA1

          4328cdc9a3f9c6b7df0624c81afbd3459f213e40

          SHA256

          b4fe7b745c5b40e5d6294a883afcb8b4264b88d331fd0b4620050441479f391e

          SHA512

          42cc921fee7bad58ee1fac12eb8153b580b5d9d6ed510d5df4bd4be754ef1b017c987051385d828b70de050340f9629be7b385d0338c9db6e0f9f51543387375

        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSans-Regular.ttf

          Filesize

          589KB

          MD5

          e782457ebb0389715abdf5a9e20b3234

          SHA1

          e0d9ad78d1972d056d015452ed8dee529e8bb24b

          SHA256

          0e90d375cdb64f088a6a676eb560b755afa184e523fefbb9c33fdda4d7dd8461

          SHA512

          3ec030fdaa18f90bd8060466276c9ec49fd9233746e603d61a4f65a9a53e97e7b3382f8f913da17c48ffefc8adcf2be25f7e1c51f16555068b8f344a4e6dd961

        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansAdlam-Regular.ttf

          Filesize

          91KB

          MD5

          ac01114123630edca1bd86dc859c65e7

          SHA1

          f7e68b5f5e52814121077d40a845a90214b29d41

          SHA256

          1b7b86711479fbfd060ed38abe1258246b4be2826760e6827287958218bb3f5c

          SHA512

          1c9ac878ba12f3de207aa9a7eb8c0239f769f9ae7475fec998e998192aa6900fe146039ac982612c6c0b7e5363355f2803d8f62e4787c0908c883ac3796e2a9b

        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBalinese-Regular.ttf

          Filesize

          128KB

          MD5

          12764d72c2cee67144991a62e8e0d1c5

          SHA1

          f61be58fea99ad23ef720fbc189673a6e3fd6a64

          SHA256

          194e110cb1e3f1938def209e152a8007fe5a8b0db5b7ce46a2de6e346667e43d

          SHA512

          fb670a7dbb57465d6384cd5c3a35356e94bf54ac4cb7578e67c8729ff982943b99c95b57f6059443e3e8b56d8c8d2cfc6e81ae3a1cf07306f91c3a96e4883906

        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBamum-Regular.ttf

          Filesize

          224KB

          MD5

          f0b22427c3ddce97435c84ce50239878

          SHA1

          a4a61de819c79dc743df4c5b152382f7e2e7168d

          SHA256

          0282610e6923d06a4d120cff3824e829b4535a8c4c57c07e11dbe73475541084

          SHA512

          ff2b22e58597d0ba19562c36f03cf83b5f327eee27f979c9ff84fe35a21b1fc9234f21fdb35fb95f933c79b9cf7760328d29b31480153da59a6576cf5f7f544e

        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBassaVah-Regular.ttf

          Filesize

          7KB

          MD5

          778376d22591a4a98bf83ac555ddf413

          SHA1

          608172ca18450b4cc61ff6cc155f66cff55c5bf9

          SHA256

          8218239377452e05634a91ee8a4338daf0aa96a15673a437533a098eb9c06f53

          SHA512

          e895a03374a3d3da04554cd048191722652ed4f1f7cc91639354843138ce26aea6c7f2da0ecda47eb76bcdd61a0315cc2e35e080a5953c24d82f4e94ce4aa260

        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBatak-Regular.ttf

          Filesize

          21KB

          MD5

          9390ee64243e5335b79e33e5e8311341

          SHA1

          c8d4b3ab79f6b12311eb4e4da29e709e583b5870

          SHA256

          cff9f0e51e7f1d95934cac31d9ad43ba453ee308c7b46a27803dc7e2e6c3adef

          SHA512

          ad7b23dab247c5c71298c5023bc58bd1d00160145558d86ab75dd37de1f1017540bac544cd9bf1cb2802d19d2973c0cf189d05a980777de886ffb552ae923bc0

        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBengali-Regular.ttf

          Filesize

          198KB

          MD5

          7b5138efef2c02dda9cfae9917cd913f

          SHA1

          b44b58f354c4a68e119df226f01ad763b2d1025c

          SHA256

          9f8b4dd091f19b111d24ea18daae81bea8684cc67de17ea1acd797e144bf20ba

          SHA512

          47e4cfd2218c91080fc4ccc3ac13dabe9efb7c96b981d53577177fb062973b9fad0052edcf2b0c663ff3b7a1d9e38e96586c93cb72618d64344b96e3df13204c

        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBuginese-Regular.ttf

          Filesize

          7KB

          MD5

          bd4c30081a164037311e8712423c5bf2

          SHA1

          2a13bc7987ca34644b075c1fe197ba293b4ca527

          SHA256

          bc19f17d7f6e8f280c2cc95ef6d1b67fac25becfe98722f482039a4d84f3c9ba

          SHA512

          2a20d113b73cbca311d08dba40dcb7f8ab9d5383f7590b61b785070f77204db9ab163557a420c6c96ede815643f82ffdf75bc59b5802284779ff237616734c66

        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansBuhid-Regular.ttf

          Filesize

          5KB

          MD5

          34699ac8824cdb6593b4dbef605dd6b2

          SHA1

          22ff82e35cbb1ac9053f767f404ee351786fe0c2

          SHA256

          328d80e11e7f65f9b6e4bac12de32b7ce42154301c2a14ba92155e32e05939d6

          SHA512

          fe714d5d44c6c2f4f96b4349bff301a67749bcb084ade3a0270723f1fa6bd6061193c4d782cb663d63e2c32cc809f33a8114e2e0bc6915de2b04efc82b5de673

        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansCanadianAboriginal-Regular.ttf

          Filesize

          111KB

          MD5

          fc6ec655d6a00c567119522854e24172

          SHA1

          b72baef2dc0aca98cf7d3458cc027f4b0622db08

          SHA256

          0d188756c9c282bf31738af5373f2363cc8007bbbc8d5560fae5821ed4937611

          SHA512

          0a0eb23751b5df39becbbb308b6b36e324ea6ec469d2167a795cc10fb3bc38cb7b3187a3a63566e280470b09a080c000280e3b9a01681a68f8a3f35c7a2f139a

        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansChakma-Regular.ttf

          Filesize

          80KB

          MD5

          82f2c632a76dc9922cd85630d0c97db9

          SHA1

          4558e69543903a058b3d5a7b8f50a6dea8ea50f9

          SHA256

          60ce1d029e35b432dd68cc9f6c94f69bd84d8c97f28f06130186606dd2c3325d

          SHA512

          cbfe37179fa4bd8618eade5e5168dcfab9d784586319014692bcfc7f767187e4beee24b3afb471abdd9adde747eaf51648926ed1a790e9f8458152c283fb34e0

        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansCham-Regular.ttf

          Filesize

          31KB

          MD5

          bf95af30d1db0fdb374cf646dc81b461

          SHA1

          6bf52ccaba21c23a9b461af8cfb7574bad6bee3e

          SHA256

          74cbbe944f25c64f0fd2f158716a648b970e3df714f8ca2644d56f65f5eeee4e

          SHA512

          52c5fc608d9e771cffc6de8ffcb953240cd445e77c4d65582dba198eec33c247891bed32de7b88c22f177e07c094716210623d1381c4cbb68fc5ad048cc24e3b

        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansCherokee-Regular.ttf

          Filesize

          92KB

          MD5

          fd393a7c5b16eba60e38b72b5fa3a2dd

          SHA1

          d074eb1baea8caf869ba6aba69b9cc9b2fc4568f

          SHA256

          c052352137ae8d283840a0e2991a675d47859d8fdbae5726d373d4f0d97a8c87

          SHA512

          30d5c5f5069580186ded817621ad2c6eca338216680c288b249972d420f009fe94f77ef44b106355223a80ade7f9d851a6e6fe6417d2bbbb35b9f0182a1c9180

        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansCoptic-Regular.ttf

          Filesize

          47KB

          MD5

          bc7e07463581535f8cf124dbfda9bb5f

          SHA1

          4d59c125be1263685c909b8f1b202194a0087e70

          SHA256

          e3d5915c74797a084d8525cc5fb8da08d0c1256b7ea75f6687fee3f28d2c58df

          SHA512

          ccf8477dfc771c00a5a0e3b3cc0bbce06291679f077f24858b1547de4ac21fd21805c1a1ef6ae8a0215b8b956562a349ee32a956ca5750ff8923c6c19335474a

        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansDeseret-Regular.ttf

          Filesize

          19KB

          MD5

          c0d20faa4acd8b886197e897a6ddc7d4

          SHA1

          64355303ac0b639f0135bb51325b8aee780b11e4

          SHA256

          9f384e8a75a059b8efcbead73ef5aa3b504ac3e9d218be5368a20b19bfccdeec

          SHA512

          c7062651d7fdaae6168f65887f1a6d07b95b721efbe3d756f5a1fad58641f2b5fd1a3d732ae4225ee3228454ed1982c7258be70abb41ab9d8ed867915337192f

        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansDevanagari-Regular.ttf

          Filesize

          229KB

          MD5

          2358cc51bd1271c89f2c173e684876fa

          SHA1

          7c30d7317d34ce0503bfd3b24900bd0fa4c6a69b

          SHA256

          dc0eb899c5852c819bfb30482e6f2ee1e44a4c8cd28f6622a2d4561bf1e3e444

          SHA512

          873696739807520826aa7c6b825701dc36786d020902eedb6ec7438d9aee71efcf1c6dbedf7bd4dea7604de73e1506f66961f7b5f5c80b7a9e71c73bb3aab264

        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansElbasan-Regular.ttf

          Filesize

          18KB

          MD5

          1c7297bc694bdb5baba7c1d39f333c63

          SHA1

          4de6449e4f8d315c91109a741ced09b86c3302c9

          SHA256

          6d52707e91a77e23f389f42b5da65d7047205e7833041fe0b2cd7ff280e14749

          SHA512

          91ba1203c4057c930ef08470395c91b03c2618f5decb9bbedd9b37f858a29c63e537c658bcae73fc32fa7e9e11911bba6d0fc540b16e180936c8082ef00f15ca

        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansEthiopic-Regular.ttf

          Filesize

          367KB

          MD5

          de7cf6c6fa2fbc854dcf6d2e2716f1d1

          SHA1

          f07c1412adb1cc2d742546a25eb66ba63ee3c840

          SHA256

          f6f7fc379db9438959a2b0527e7a2cf36ea9c84626d56ec444fff37fc24c3c10

          SHA512

          ee98dc59d2fe843fbcad6eb2009ef865016478ef655dd2f873b4bc45c4e67908aac4b776c5846514d3f80aa4843d1426b797f2c385e7d3ce814d7d96386049b2

        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansGeorgian-Regular.ttf

          Filesize

          51KB

          MD5

          61f5441fdfe5be8a1b933ef1ef674ec4

          SHA1

          07a3c3cbd0f7d2cfef5e74e1c28d5b2ccbca35eb

          SHA256

          a14c27d89ef15d7855dcf03c6524cd2d98ce7d4374dcd7643b7d07d7ba0f13a5

          SHA512

          2dc8136cb7f4bb57ae2c7bab7b775c317f6f46e76eeeca93bbb0d9edcde3f35e9420601bf3d6e1043511d02d7447e2b64214a89f02f5b32e30ee347236bfcd78

        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansGrantha-Regular.ttf

          Filesize

          350KB

          MD5

          a3d0e9dded672781968f021d6f869ae5

          SHA1

          98af88c343c9b761b0a0b03859fcb1ace7851a40

          SHA256

          98a079a902bcd5f298cdcf59eeb21bbc8565b4f361e75faba300aac376b842cf

          SHA512

          e60d5ceb0b82dcb1f58969487a3075bed673881219c082ee78e6102c4cf17122e8537c8b6e58d2f9b8097b5a1902711b743e9e4cbc455dcf3dbb4bac796d8b28

        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansGujarati-Regular.ttf

          Filesize

          201KB

          MD5

          3853291b52d0b987d15b3595bd792584

          SHA1

          e7fbec665568bc358510f56c7f610c0b7cc1e9a5

          SHA256

          c92e0697dc2d2cae1db5a447bd0bb8a690dfdbacbe618841b21cbfc2f483242e

          SHA512

          0a44cc5cfde9b74da17f81c432f487bc1276c0ad29b01a9d61e535f690b785dec0cba7f2ed828a1b8381050714ebd6309721bdd7b80e6a1ad9b0e9e0af966581

        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansGunjalaGondi-Regular.ttf

          Filesize

          68KB

          MD5

          0f130a6dc9daa7af30009644d0205215

          SHA1

          c01f161467bb12e9d67c9799662fa64bf28c5b69

          SHA256

          bdc8ed1739118d7c1be43cb5b435817fb7a5ae0acb32c89b2ddd66e7e9c2d1b3

          SHA512

          cde4e0cc97cfd3d3c12e9ef837cbbc85c54c5ec72ba354a3cbe8f4ad6a1bc03690066a53bec3c15ae3ef493f419a6b110fd0770cca9ea4b007289ac176d73931

        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansGurmukhi-Regular.ttf

          Filesize

          53KB

          MD5

          c7c77c60cb0c224fdb2f031f68c57c83

          SHA1

          a712f0d05be0cb5f4ff078df580bbfc8ae9d852f

          SHA256

          658d0207da305a1411c539a8b0bbeda64d4146e54fb4827facddb890b6b90d74

          SHA512

          bf2aedc9aeffbdb1e9b2d8e0664dbd001bbbd164ae3ebdb3b8d71b4878460026853edffd67fa8c5970fc296863b5f4cb74430f591d6540d3a641b49d32f4d46d

        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansHanifiRohingya-Regular.ttf

          Filesize

          26KB

          MD5

          e94c7a07b9b1ca1bb14ca57878cca94a

          SHA1

          5ea22b87920e0f5f5f72d5e1ed59c2b5c823b94e

          SHA256

          ce453eaf8807a9a410cdc2ebeb7ae009e90b9e611342ac239aa59b794bdcefdb

          SHA512

          e36ca8e8776010a95565fa8eb95f39aca73011e832d2c12a67455fc5e398dff305977c3bcea55fa9fac9028f6824111f0a9d401117e048c58b1403daa453814f

        • C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoSansHanunoo-Regular.ttf

          Filesize

          7KB

          MD5

          250641d775a2a75290157b7172edc427

          SHA1

          9f36a194d750b7f44971227b6e27d1e973e321a0

          SHA256

          ef23d153e9d666becc0d79fa88f0ae21f46138f1285b8eac304661ab35717aed

          SHA512

          5ead3be49d35b00b4c5f21745da2d010f497e95a12f41bfcc9aa9c3030fdcf909712d76c6500f76222aa0b4abd396f9802d40324fcef63dd811eeb01fffb5641

        • C:\Users\Admin\Desktop\Tor Browser\Browser\freebl3.dll

          Filesize

          690KB

          MD5

          d95b080522c46eb65e8d5649f63b4dcb

          SHA1

          66a1d20c6a9d67c39dd27ab0653cb2c875e4a000

          SHA256

          bd7ba810019884ef8002302d8f3e6bc8476dfddbca6c6caf58bfe35dc1516d00

          SHA512

          720edeba3de59a0e6def728f6f097540032d426a45d2ed1b045f072d916e2f3b3e9b88e8c825959c1cbe52eb7e621ed1e635f3be5ce1bcaf67ccfba3823b837a

        • C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll

          Filesize

          43KB

          MD5

          60060fca03446a8d9927fb3e254d4827

          SHA1

          7939740fa99d45e9dfc8d974b2eb6b26ed6eaf87

          SHA256

          677c9992fbd068364a123f23c22fc8b023d8446b0c33fbbd09b88b722339f179

          SHA512

          aed767f0b4dd0ed8d5f7ef393c37f2512e3a29e0038d768f01b89c52bad85ef29d0a55bd3ab344f853f2a4e6c44d442e193c181d07dfcd38849b2c81c978670d

        • C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

          Filesize

          1.4MB

          MD5

          5382e3987a1347af3bc4705f8c1d1487

          SHA1

          b909e402b53db1cd0adddd80eff9c7dde7a0baea

          SHA256

          7b1f3e637d1a219cf2e8e56a7cb940aeafb442308d8d35aab0fd3d5013346be6

          SHA512

          a3621b656cd9cde98c6bac04a94f564397d05eb62fc52c0b5879cc6d3e9756b3e2234e895f833e3b26e7a03faf1c85ace654c388aa46766929c5dee22d793745

        • C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

          Filesize

          2.5MB

          MD5

          ea8e6a9acebc39f558acd1bd82dbdde1

          SHA1

          17131f0a927ea1f857570b1b541a524d43b53fb7

          SHA256

          37b630d828d3d886ea06f841b83ba37b59b4ed4991e28debe5ecd1d765ff04b8

          SHA512

          a02b2f9850ba19093b9d8c291b0b5253f23c73c7e34fb5649f7effc8cc809d025581af64af28d5b8fd5337ea526146f274ffa25ee3eb7a055d69110752d2a9af

        • C:\Users\Admin\Desktop\Tor Browser\Browser\nssckbi.dll

          Filesize

          472KB

          MD5

          21d0d59316ebc2b15938ca84db562300

          SHA1

          144f12431f9804bf94103d0334b733865547b829

          SHA256

          aa9d1b7421d8f8925e324258ed832983cd9a81d3f11ae301b7c80b1cfd9a27a1

          SHA512

          ee5844abf71140e6bdb4826336b83fe144121c655e47daac3d5ab06312188f14ecbbefe8643ec0dfbc7071eb136d35811c0caefde0077e8707a2d15ec3f0db03

        • C:\Users\Admin\Desktop\Tor Browser\Browser\omni.ja

          Filesize

          17.7MB

          MD5

          19ecacaaea9cd1fa41ece74bf5eef8b4

          SHA1

          8813c248e348f1578a6286dfb6a07a4666e4af3d

          SHA256

          3ed1d3a73a91eb9ff0dd990ec4a2ab3e4ea54d7738dc193e3ad51ae6a9b5c1be

          SHA512

          7cdf9bb8a065792b281f5d9768f98b5326b10609dcd42f85bf06a80dc83bf9390aaac3492a66dbe60e2473b6598aa266e48409bc1b5ac87329f2d7bad510142e

        • C:\Users\Admin\Desktop\Tor Browser\Browser\softokn3.dll

          Filesize

          288KB

          MD5

          c68998293eeb01f29158103e8c568dbe

          SHA1

          87afc20671346abb8c8151f3e7edff4d7c92b5b5

          SHA256

          d063690acd9d5567b497e7b1aad89e3675990c42fbf0c9e82286157bd7471c3c

          SHA512

          552bdb07c01d2008f892b2c4d9d612bcdd89394a34473e4433279fcf9cf4d1400ccc22e56db2b532c3391e4c1cc180d2a27e54173f6aba93a5f7324d693946c8

        • C:\Users\Admin\Desktop\Tor Browser\Start Tor Browser.lnk

          Filesize

          829B

          MD5

          211407098863d831d8c104ac4d295a82

          SHA1

          49765223391661711a2ee550dfd554feca23d8dc

          SHA256

          86600d3424e3e11f84bfd06e8ca7d84081595d69d53bb6c28aefd103d68cc507

          SHA512

          dddaab9900312a7d8d63262d9ca961a88384a98b5ed0dee780ddeb2ff35bbc2fb81dd880e29b03c9d981e0e06760c9ebe528c2e7b1ce873571aa1099001b7a41

        • memory/484-584-0x000001C774640000-0x000001C774671000-memory.dmp

          Filesize

          196KB

        • memory/1984-486-0x000001F4649A0000-0x000001F4649B0000-memory.dmp

          Filesize

          64KB

        • memory/1984-396-0x000001F45F5F0000-0x000001F45F600000-memory.dmp

          Filesize

          64KB

        • memory/2064-586-0x000001A002820000-0x000001A002851000-memory.dmp

          Filesize

          196KB

        • memory/2616-583-0x000002D0CF0F0000-0x000002D0CF121000-memory.dmp

          Filesize

          196KB

        • memory/3316-587-0x000001E36F6A0000-0x000001E36F6D1000-memory.dmp

          Filesize

          196KB

        • memory/3764-585-0x0000029A535F0000-0x0000029A53621000-memory.dmp

          Filesize

          196KB

        • memory/3860-249-0x0000000140000000-0x0000000140070000-memory.dmp

          Filesize

          448KB

        • memory/3860-206-0x0000000140000000-0x0000000140070000-memory.dmp

          Filesize

          448KB

        • memory/3860-208-0x00007FFC60B40000-0x00007FFC60B4D000-memory.dmp

          Filesize

          52KB

        • memory/3860-68-0x0000000140000000-0x0000000140070000-memory.dmp

          Filesize

          448KB

        • memory/3860-10-0x00007FFC60B50000-0x00007FFC60B5F000-memory.dmp

          Filesize

          60KB

        • memory/3860-9-0x0000000140000000-0x0000000140070000-memory.dmp

          Filesize

          448KB

        • memory/4224-554-0x000001E90CFB0000-0x000001E90CFE1000-memory.dmp

          Filesize

          196KB

        • memory/4224-371-0x00007FFC694A0000-0x00007FFC694A1000-memory.dmp

          Filesize

          4KB

        • memory/4224-370-0x00007FFC68F80000-0x00007FFC68F81000-memory.dmp

          Filesize

          4KB