New Release: Tor Browser 13.0.10

by richard | February 20, 2024

Tor Browser 13.0.10 is now available from the Tor Browser download page and also from our distribution directory.

This version includes important security updates to Firefox.

This release updates Firefox to 115.8.0esr, OpenSSL to 3.0.13, zlib to 1.3.1, and Snowflake to 2.9.0. It also includes various bug fixes (see changelog for details).

Send us your feedback

If you find a bug or have a suggestion for how we could improve this release, please let us know.

Full changelog

The full changelog since Tor Browser 13.0.9 is:

This is a companion discussion topic for the original entry at

Microsoft has flagged tor.exe of Tor Browser 13.0.10 as Trojan: Wacatac.B!ml. Hope your party notice that.

1 Like

I don’t see that.

Windows 10 22h2 build 19045.4046
scan done 2024.02.22 at 10:39 UTC-5

Norton says clean.

Virustotal: only has Cynet reporting 100% malicious. Who is Cynet?

1 Like

Believe it or not, that’s my Windows Security’s response, and your party can contact Microsoft to check my feedback. According to tech news, last year, Microsoft flagged it as a malware at least once and I didn’t receive any warning from my OS either.


Yes, I remember that from last year.

Just to be clear, the scan I refer to above was done on a a copy of tor.exe which is on my machine which has Norton. It was also NOT flagged by Norton.

The scan was done on a machine which is win10 only (NO Norton).

I just updated Tor on that machine from 13.0.9 to 13.0.10 and Windows security did not flag anything. I even went to the folder and did a specific scan of tor.exe. Nothing.

Here are the checksums for that file:
Name: tor.exe
Size: 8976896 bytes (8766 KiB)
CRC32: 91726039
SHA256: 33049016dd8985e97e69d89cad74b59b06488310c0be86d0f83b10ee096b7875
SHA1: ba64b4b7134d9ccda5cdd3624cdc898e3778fb7f
BLAKE2sp: 1b9bd8ab24a1ad8aa221723bb194b124073c9f283b78d463cc310a00be3145e7

When I say “Windows security” I mean whatever comes with the vanilla OS

1 Like

That would be “Windows Defender”.

Here’s mine after the update:
Name: tor.exe
Size: 8555008 bytes
SHA256: 99FF9BF16318ED3C90500DFC1DEB33A6F3E9B75816BA2AF342FD06D349E9A1A4
SHA1: 9024FC923D54760F589EF580061953C3421B15A6

And my feedback has nothing to do with vanilla OS.

1 Like

So there it is. I should expect that all versions of tor.exe for 13.0.10 to have the same fingerprint. Am I correct or are there different versions of 13.0.10?

Can anyone else confirm this? Can anyone else post a sha256.

I’m going to download a fresh install package of Tor and post.

Have no clue what is meant by this.

OK! I downloaded tor-browser-windows-x86_64-portable-13.0.10.exe and tor-browser-windows-x86_64-portable-13.0.10.exe.asc . Verified the signature.

On that Win10 only machine I deleted the Tor directory from the desktop which eliminated any traces of Tor which was there.

Did the install and scanned tor.exe with Windows Defender. Nothing

The checksums are the same as my original post.


Some artificial intelligence told me:
The SHA256 checksum 99FF9BF16318ED3C90500DFC1DEB33A6F3E9B75816BA2AF342FD06D349E9A1A4 (yours) corresponds to a piece of malicious software classified as a cryptocurrency miner. Specifically, it is designed to generate Ethereum (ETH) and Ethereum Classic (ETC) cryptocurrencies. This malware can significantly decrease system performance and pose a risk to device integrity.

Cynet still considers my SHA256 uploaded tor.exe as malicious. Out of 72 vendors they are the only one. Guess they are full of …

1 Like

It seems the answer to this is because that tor.exe is the 32 bit version of Tor from tor-browser-windows-i686-portable-13.0.10.exe
I get the exact checksums as TORU but Windows Defender does not flag it and neither does Norton.

So ignore the quote from that “artificial intellegence”. It’s BS.

And to answer my question above: Yes, there are different versions of tor.exe 13.0.10

1 Like

My last reply didn’t get approval since I attached my tor.exe. So I rewrite it below:

"I did the same thing (deleted and reinstalled), then the SHA1 & SHA256 of my tor.exe are the same as yours, and fortunately, no warning anymore.

Obviously, I have zero clue why the update could automatically transform my tor.exe into a ‘cryptocurrency miner’, so I uploaded it for anyone who wants to take a look:"

Thank BobbyB for your detailed information. I admit that it’s highly likely my deleted Tor was 32 bit.

1 Like

This is a good resolution for you.

The only thing I can think of is that you always had a 32-bit version of the Tor browser bundle. You have to dig a bit now to get the 32-bit version.

You can search Virustotal by hash with your SHA256 hash. I just did and told it to re-analyse its tor.exe again: (25-Feb-2024 10:27 UTC-5). Same results.

I have an idea for those vendors you see on Virustotal but this is not the place. So I can only conclude that the whole thing was a false positive.

It does feel funny to be censored on a Tor Forum. Seems we are all in jail which does make it hard to get to a conclusion of a topic when you need to wait up to a day for approval. They could have just removed the upload pragmatically.