hijackloader | hxxp://vortax[.]io

Analysis

max time kernel
538s
max time network
537s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
14-06-2024 13:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://vortax.io

Score

10^/10

hijackloader rhadamanthys stealc vor13 discovery execution loader spyware stealer

Malware Config

Extracted

Family

stealc

Botnet

vor13

http://45.132.105.157

Attributes

url_path
/eb155c7506e03ca9.php

Signatures

Detects HijackLoader (aka IDAT Loader) 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2820-1083-0x0000000000F50000-0x00000000013C3000-memory.dmp	family_hijackloader
behavioral2/memory/3208-1160-0x00007FF6E64F0000-0x00007FF6E6A66000-memory.dmp	family_hijackloader

HijackLoader
HijackLoader is a multistage loader first seen in 2023.
loader hijackloader
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
stealer rhadamanthys
Stealc
Stealc is an infostealer written in C++.
stealer stealc
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

Processes:

explorer.exe

description pid process target process

PID 2848 created 2892 2848 explorer.exe sihost.exe
Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
execution

PowerShell
T1059.001

Processes:

powershell.exepowershell.exepowershell.exepowershell.exe

pid process

1800 powershell.exe
1736 powershell.exe
3700 powershell.exe
2876 powershell.exe
Downloads MZ/PE file
.NET Reactor proctector 1 IoCs
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

Processes:

resource yara_rule

C:\Program Files (x86)\Vortax\Vortax.dll net_reactor
Executes dropped EXE 4 IoCs

Processes:

Vortax App Setup.exeVortax.exesnss1.exesnss2.exe

pid process

1980 Vortax App Setup.exe
2932 Vortax.exe
2820 snss1.exe
3208 snss2.exe

description	pid	process	target process
PID 2848 created 2892	2848	explorer.exe	sihost.exe

pid	process
1800	powershell.exe
1736	powershell.exe
3700	powershell.exe
2876	powershell.exe

resource	yara_rule
C:\Program Files (x86)\Vortax\Vortax.dll	net_reactor

Loads dropped DLL 59 IoCs

Processes:

Vortax App Setup.exeVortax.exeexplorer.exe

pid	process
1980	Vortax App Setup.exe
1980	Vortax App Setup.exe
1980	Vortax App Setup.exe
1980	Vortax App Setup.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2932	Vortax.exe
2688	explorer.exe
2688	explorer.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Suspicious use of SetThreadContext 2 IoCs

Processes:

snss1.exesnss2.exe

description pid process target process

PID 2820 set thread context of 812 2820 snss1.exe cmd.exe
PID 3208 set thread context of 2384 3208 snss2.exe cmd.exe

description	pid	process	target process
PID 2820 set thread context of 812	2820	snss1.exe	cmd.exe
PID 3208 set thread context of 2384	3208	snss2.exe	cmd.exe

Drops file in Program Files directory 64 IoCs

Processes:

Vortax App Setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Vortax\System.Security.Permissions.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\it\WindowsFormsIntegration.resources.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\tr\UIAutomationTypes.resources.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.IO.IsolatedStorage.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\de\PresentationCore.resources.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\it\Microsoft.VisualBasic.Forms.resources.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\ja\System.Windows.Input.Manipulations.resources.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\PenImc_cor3.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Diagnostics.TraceSource.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Memory.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\cs\ReachFramework.resources.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\es\System.Xaml.resources.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\fr\PresentationUI.resources.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Globalization.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.IO.Compression.Brotli.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Private.Xml.Linq.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\mscordaccore_amd64_amd64_8.0.23.53103.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\cs\PresentationUI.resources.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Threading.Tasks.Extensions.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\ko\UIAutomationTypes.resources.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\pl\PresentationCore.resources.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\DirectWriteForwarder.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\PresentationFramework-SystemCore.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Drawing.Primitives.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.IO.Packaging.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Runtime.Extensions.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\tr\PresentationUI.resources.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\pt-BR\System.Xaml.resources.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.IO.MemoryMappedFiles.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Net.WebProxy.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\UIAutomationClient.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\fr\System.Windows.Forms.Design.resources.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\pl\ReachFramework.resources.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.IO.FileSystem.DriveInfo.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Resources.Writer.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\cs\System.Windows.Controls.Ribbon.resources.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\ja\System.Windows.Controls.Ribbon.resources.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\cs\System.Windows.Forms.resources.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\es\System.Windows.Controls.Ribbon.resources.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\ja\UIAutomationClient.resources.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\pt-BR\System.Windows.Controls.Ribbon.resources.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\ru\PresentationUI.resources.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\cs\System.Windows.Input.Manipulations.resources.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\es\UIAutomationProvider.resources.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\it\System.Windows.Forms.resources.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\PresentationFramework.Classic.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Net.WebClient.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Security.AccessControl.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\WindowsBase.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\mscordaccore.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\zh-Hant\UIAutomationClientSideProviders.resources.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.IO.FileSystem.Watcher.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Xml.Linq.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\it\UIAutomationClientSideProviders.resources.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\it\WindowsBase.resources.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\ja\UIAutomationTypes.resources.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\PresentationFramework.Aero.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Runtime.Numerics.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\fr\System.Windows.Controls.Ribbon.resources.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\pt-BR\System.Windows.Forms.resources.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\zh-Hant\UIAutomationProvider.resources.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Reflection.Emit.Lightweight.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\de\UIAutomationProvider.resources.dll	Vortax App Setup.exe
File created	C:\Program Files (x86)\Vortax\pt-BR\Microsoft.VisualBasic.Forms.resources.dll	Vortax App Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

explorer.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	explorer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	explorer.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 3 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 273255.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Vortax App Setup.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 554874.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 38 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exepowershell.exepowershell.exepowershell.exepowershell.exesnss1.execmd.exeexplorer.exesnss2.execmd.exeexplorer.exedialer.exe

pid	process
4108	msedge.exe
4108	msedge.exe
4896	msedge.exe
4896	msedge.exe
2948	identity_helper.exe
2948	identity_helper.exe
4944	msedge.exe
4944	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1132	msedge.exe
1132	msedge.exe
1800	powershell.exe
1800	powershell.exe
1736	powershell.exe
1736	powershell.exe
3700	powershell.exe
3700	powershell.exe
2876	powershell.exe
2876	powershell.exe
2820	snss1.exe
2820	snss1.exe
812	cmd.exe
812	cmd.exe
2688	explorer.exe
2688	explorer.exe
3208	snss2.exe
3208	snss2.exe
2384	cmd.exe
2384	cmd.exe
2848	explorer.exe
2848	explorer.exe
2012	dialer.exe
2012	dialer.exe
2012	dialer.exe
2012	dialer.exe

Suspicious behavior: MapViewOfSection 4 IoCs

Processes:

snss1.execmd.exesnss2.execmd.exe

pid process

2820 snss1.exe
812 cmd.exe
3208 snss2.exe
2384 cmd.exe

pid	process
2820	snss1.exe
812	cmd.exe
3208	snss2.exe
2384	cmd.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

Processes:

msedge.exe

pid	process
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

powershell.exepowershell.exepowershell.exepowershell.exe

description pid process

Token: SeDebugPrivilege 1800 powershell.exe
Token: SeDebugPrivilege 1736 powershell.exe
Token: SeDebugPrivilege 3700 powershell.exe
Token: SeDebugPrivilege 2876 powershell.exe

description	pid	process
Token: SeDebugPrivilege	1800	powershell.exe
Token: SeDebugPrivilege	1736	powershell.exe
Token: SeDebugPrivilege	3700	powershell.exe
Token: SeDebugPrivilege	2876	powershell.exe

Suspicious use of FindShellTrayWindow 58 IoCs

Processes:

msedge.exe

pid	process
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid process

4896 msedge.exe
4896 msedge.exe
4896 msedge.exe
4896 msedge.exe
4896 msedge.exe
4896 msedge.exe
4896 msedge.exe
4896 msedge.exe
4896 msedge.exe
4896 msedge.exe
4896 msedge.exe
4896 msedge.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

Vortax App Setup.exeVortax.exesnss1.exesnss2.exe

pid process

1980 Vortax App Setup.exe
2932 Vortax.exe
2820 snss1.exe
2820 snss1.exe
2820 snss1.exe
3208 snss2.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4896 wrote to memory of 4460	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 4460	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 664	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 4108	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 4108	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 4720	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 4720	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 4720	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 4720	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 4720	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 4720	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 4720	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 4720	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 4720	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 4720	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 4720	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 4720	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 4720	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 4720	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 4720	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 4720	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 4720	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 4720	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 4720	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 4720	4896	msedge.exe	msedge.exe

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:2892

C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://vortax.io
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffebfea3cb8,0x7ffebfea3cc8,0x7ffebfea3cd8
2⤵
PID:4460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,16318281088966587394,17440042849421051653,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
2⤵
PID:664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,16318281088966587394,17440042849421051653,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,16318281088966587394,17440042849421051653,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
2⤵
PID:4720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16318281088966587394,17440042849421051653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
2⤵
PID:2028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16318281088966587394,17440042849421051653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
2⤵
PID:836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16318281088966587394,17440042849421051653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
2⤵
PID:1132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1924,16318281088966587394,17440042849421051653,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4068 /prefetch:8
2⤵
PID:3036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16318281088966587394,17440042849421051653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
2⤵
PID:3972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16318281088966587394,17440042849421051653,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
2⤵
PID:3904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16318281088966587394,17440042849421051653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
2⤵
PID:4420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16318281088966587394,17440042849421051653,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
2⤵
PID:3996

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,16318281088966587394,17440042849421051653,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,16318281088966587394,17440042849421051653,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16318281088966587394,17440042849421051653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
2⤵
PID:1348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16318281088966587394,17440042849421051653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
2⤵
PID:356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,16318281088966587394,17440042849421051653,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6440 /prefetch:8
2⤵
PID:4316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,16318281088966587394,17440042849421051653,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6776 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,16318281088966587394,17440042849421051653,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6256 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:1132

C:\Users\Admin\Downloads\Vortax App Setup.exe
"C:\Users\Admin\Downloads\Vortax App Setup.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Program Files (x86)\Vortax\Vortax.exe
"C:\Program Files (x86)\Vortax\Vortax.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2932

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1800

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1736

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3700

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2876

C:\Users\Admin\AppData\Local\Temp\fb32cae8-5b43-464b-9fae-dac4774f54a5\snss1.exe
"C:\Users\Admin\AppData\Local\Temp\fb32cae8-5b43-464b-9fae-dac4774f54a5\snss1.exe"
4⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:2820

C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:812

C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
6⤵
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:2688

C:\Users\Admin\AppData\Local\Temp\fb32cae8-5b43-464b-9fae-dac4774f54a5\snss2.exe
"C:\Users\Admin\AppData\Local\Temp\fb32cae8-5b43-464b-9fae-dac4774f54a5\snss2.exe"
4⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:3208

C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:2384

C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
6⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious behavior: EnumeratesProcesses
PID:2848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16318281088966587394,17440042849421051653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1840 /prefetch:1
2⤵
PID:2944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16318281088966587394,17440042849421051653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
2⤵
PID:940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,16318281088966587394,17440042849421051653,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6488 /prefetch:8
2⤵
PID:3380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16318281088966587394,17440042849421051653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
2⤵
PID:2156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16318281088966587394,17440042849421051653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:1
2⤵
PID:1128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,16318281088966587394,17440042849421051653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1520 /prefetch:1
2⤵
PID:2672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:448

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004E8
1⤵
PID:2024

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Vortax\System.Collections.Concurrent.dll
Filesize
270KB

MD5
38d21e067d7673194a84cced59066ac8

SHA1
e64362176f714b23603f3a67f1e741f12e35a832

SHA256
483130bfd1e57a0cbfd8a4f3c6e2353ac3f246276f9476c83cca1cadbc47ef47

SHA512
3fa6f78ff0cb527a8e82261549f24a8609d005821ac5c5e7257670dffd55472a134af3ef78d73779758303ae5a90728181cd4caebc871c5cfa4c309141201baf

Download Submit
C:\Program Files (x86)\Vortax\System.Collections.dll
Filesize
254KB

MD5
92063926c04f2e4bf5b5fde16542831d

SHA1
e7be34eaff2d3d8796911d21f1fdbb93bf231dec

SHA256
9193aaef3ea8f19408f88c25fcaf5880e7836d1c35028d7e4077f6090b083541

SHA512
e855ee37980d1da2d143ee39133b05fff81937e529cffe74433e73088549daabd3abadbf05f3765bf3ffffd50313f0ed966efec0eb244d7363241affd73cc29f

Download Submit
C:\Program Files (x86)\Vortax\System.IO.FileSystem.dll
Filesize
15KB

MD5
35e27f4c681085a4b096826ee8ea4f53

SHA1
cf3ea4304e5558c8fdd4422e4d72509cd91ea719

SHA256
7bd41c6b12b73e6e90476f2d56db8581664abe07e7ab9bf2917bb254ed1d75ad

SHA512
1f9e6519ff29524e57cb0b3576ab118014293aade8f30027ef44b1f29a8e9a54e7bcb3b288a92dba996053b16016807d93fa9f44f2c43666ddc6425ddd7ae4b9

Download Submit
C:\Program Files (x86)\Vortax\System.Memory.dll
Filesize
154KB

MD5
7e999da530c21a292cec8a642127b8c8

SHA1
6585d0260ae98bab2ad1eaba0f9cfe8ebb8a0b3f

SHA256
3af25e0c81c1462d0db86f55c4e5fd8c048c70685f9a566d29d499bc46935fb4

SHA512
a18b6649b5c2f9f96bf639863df9faad436759200a64f91fb2d955f33c71ce4b2d5798be982f692a247ac864d8acb63fb731b31c06333e5c7d9a9c895ecd6451

Download Submit
C:\Program Files (x86)\Vortax\System.Private.CoreLib.dll
Filesize
12.6MB

MD5
805cf170e27dd31219a6b873c17dce88

SHA1
ac90fa4690a8b54b6248dcb4c41a2c9a74547667

SHA256
ba7e61a00e7a4634b5c5a79b83126f75580ceec235c613000c3efbc01826cad0

SHA512
fa946aae906b66cb5570155a1c77340f2b6d4efb9be16068da03a8f1c5b5f37ad847d65cd1416017db19375dc6a72670300da4c766e6d9bb1a00374f492bd866

Download Submit
C:\Program Files (x86)\Vortax\System.Private.Xml.Linq.dll
Filesize
394KB

MD5
60ed8b2bffc748d6a2a1fed8fa923368

SHA1
be411429b9a649a495124558c5e5d95a83525d58

SHA256
0b63cebb991d1911a607993ea5b4639f34a2b0b381a73973542db2d3591e9f90

SHA512
b0a4ac2aa96d827258bb30f098512741ad3f93585e05ceae0255e15cd8dc9ab8048788902c1eb32a813e9c69c8a923200a716b4e00f579c22a0b425665e575f8

Download Submit
C:\Program Files (x86)\Vortax\System.Private.Xml.dll
Filesize
7.6MB

MD5
46aebfbd6d7e74d4d558da62d7600d25

SHA1
9c1cd44ab8b5e283967427e91cbddddfc0c2bf5a

SHA256
834e304221e742a831be5c5178892258e689eae35b730172e74161af2785aab9

SHA512
9c4499d174a988cc3830aafcc42f79defff37b16198f49cf5d2dc86f88809fcb44e0c300351f813d46addf9998f64448c50213f1721c6a307aad21c205db1524

Download Submit
C:\Program Files (x86)\Vortax\System.Runtime.InteropServices.dll
Filesize
94KB

MD5
49c86e36b713e2b7daeb7547cede45fb

SHA1
75fe38864362226d2cce32b2c25432b1fd18ba37

SHA256
756de3f5f2e07b478ac046a0ac976b992ef6bc653a1be2bb1e28524a4ff8d67d

SHA512
a9bd42b626158c540be04f8d392620daba544a55b7438d6caefe93b9df10ec2219f28959c4e0d706a86b92008275de94dfdf19de730787cdacf46d99fc45e3a9

Download Submit
C:\Program Files (x86)\Vortax\System.Runtime.dll
Filesize
42KB

MD5
53501b2f33c210123a1a08a977d16b25

SHA1
354e358d7cf2a655e80c4e4a645733c3db0e7e4d

SHA256
1fc86ada2ec543a85b8a06a9470a7b5aaa91eb03cfe497a32cd52a1e043ea100

SHA512
9ef3b47ddd275de9dfb5ded34a69a74af2689ebcb34911f0e4ffef9e2faf409e2395c7730bce364b5668b2b3b3e05a7b5998586563fb15e22c223859b2e77796

Download Submit
C:\Program Files (x86)\Vortax\System.Security.Cryptography.Algorithms.dll
Filesize
17KB

MD5
8f3b379221c31a9c5a39e31e136d0fda

SHA1
e57e8efe5609b27e8c180a04a16fbe1a82f5557d

SHA256
c99c6b384655e1af4ae5161fe9d54d95828ae17b18b884b0a99258f1c45aa388

SHA512
377f4e611a7cf2d5035f4622c590572031a476dd111598168acea1844aaa425c0fe012c763fbc16290c7b32c6c7df7b2563c88227e3dbc5d2bd02250c9d368d9

Download Submit
C:\Program Files (x86)\Vortax\System.Security.Cryptography.Csp.dll
Filesize
15KB

MD5
c7f55dbc6f5090194c5907054779e982

SHA1
efa17e697b8cfd607c728608a3926eda7cd88238

SHA256
16bc1f72938d96deca5ce031a29a43552385674c83f07e4f91d387f5f01b8d0a

SHA512
ae0164273b04afdec2257ae30126a8b44d80ee52725009cc917d28d09fcfb19dfbbb3a817423e98af36f773015768fed9964331d992ad1830f6797b854c0c355

Download Submit
C:\Program Files (x86)\Vortax\System.Security.Cryptography.Primitives.dll
Filesize
15KB

MD5
777ac34f9d89c6e4753b7a7b3be4ca29

SHA1
27e4bd1bfd7c9d9b0b19f3d6008582b44c156443

SHA256
6703e8d35df4b6389f43df88cc35fc3b3823fb3a7f04e5eb540b0af39f5fa622

SHA512
a791fa27b37c67ace72956680c662eb68f053fa8c8f4205f6ed78ecb2748d27d9010a8de94669d0ee33a8fca885380f8e6cfad9f475b07f60d34cdcb02d57439

Download Submit
C:\Program Files (x86)\Vortax\System.Security.Cryptography.dll
Filesize
2.0MB

MD5
75f18d3666eb009dd86fab998bb98710

SHA1
b273f135e289d528c0cfffad5613a272437b1f77

SHA256
4582f67764410785714a30fa05ffaaad78fe1bc8d4689889a43c2af825b2002e

SHA512
9e110e87e00f42c228729e649903ad649b962ae28900d486ee8f96c47acca094dbace608f9504745abf7e69597cdef3c6b544b5194703882a0a7f27b011fa8d5

Download Submit
C:\Program Files (x86)\Vortax\System.Threading.Thread.dll
Filesize
15KB

MD5
72d839e793c4f3200d4c5a6d4aa28d20

SHA1
fbc25dd97b031a6faddd7e33bc500719e8eead19

SHA256
84c9a95609878542f00fe7da658f62d1a6943a43e6346af80d26bcff069a4dbd

SHA512
a414cd9d7cf6a04709f3bdbef0295349b845a8301171ed6394e97b9993f35816383b958736c814f91c359a783cca86ee04802856486d4b4e0ab90a45da39db1d

Download Submit
C:\Program Files (x86)\Vortax\System.Threading.dll
Filesize
82KB

MD5
32aa6e809d0ddb57806c6c23b584440e

SHA1
6bd651b9456f88a28f7054af475031afe52b7b64

SHA256
e8d1f5c422ee0ba3b235b22028ab92dc77c1ff9774edc0b940cad7224a30ba7d

SHA512
fe43b3d6ed5c37d59a44636d3c7522a88d83e6ec074bf69d3cbb6e5454fdd8f0523ea10fdf6fd452cbd0e2fc159cf9d03dfad6b30e80e400e7f1773b5a2e8632

Download Submit
C:\Program Files (x86)\Vortax\System.Windows.Forms.dll
Filesize
12.9MB

MD5
a51632facb386d55cc3bc1f0822e4222

SHA1
59144c26183277304933fd8bb5da7d363fcc11fa

SHA256
efc52dbbef5202d9ff424d7adc6e2249b66450a5fd5414891776fc617b00123e

SHA512
2a8d8e2ee8168e6f79476616385320f463ebc161c7393db2b18a7d35ca0111c5100b83954c5eabfe32b12cac3dbfdc514271dde4cc4468dd26235eb7020d9c14

Download Submit
C:\Program Files (x86)\Vortax\Vortax.dll
Filesize
393KB

MD5
db0a77e84caa01503bea132d7e5ef2f8

SHA1
161661df701e4011570cafb8305f218fa4ac3e50

SHA256
41d023a22c052a1d37bda1f34b8cb73d088fcf6abaf00695360f0a3a8d985239

SHA512
02207090569315f79a5d1f35f39e80cf8b05c87c336da8b52f02cdae4732b7acc3f98f1333986c91ea3f09f054efb09605a1427ba2fe23d90e119797b3984574

Download Submit
C:\Program Files (x86)\Vortax\Vortax.exe
Filesize
308KB

MD5
aa6ea1381097f6e1201a10a0de1029f5

SHA1
23b162c564b54fdc6fa2a4e56401bcb0ad98b6ac

SHA256
d1240769ed4c6dd4603a00f1e05b0ec4c1b2951661bd478c1e10954ab3123924

SHA512
584155f235b8567a5356307bc139e82df049f49bd9c4c07baa346fa8afb7be7e6f0afd1eec024bcebf5a7c416934f692d183a2977e8a38666652ccc1c124ff40

Download Submit
C:\Program Files (x86)\Vortax\clrjit.dll
Filesize
1.7MB

MD5
8b81a3f0521b10e9de59507fe8efd685

SHA1
0516ff331e09fbd88817d265ff9dd0b647f31acb

SHA256
0759c8129bc761fe039e1cacb92c643606591cb8149a2ed33ee16babc9768dcb

SHA512
ea11c04b92a76957dcebe9667bef1881fc9afa0f8c1547e23ada8125aa9e40d36e0efaf5749da346ba40c66da439cbd15bf98453e1f8dab4fe1efd5618fdc176

Download Submit
C:\Program Files (x86)\Vortax\coreclr.dll
Filesize
4.8MB

MD5
9369162a572d150dca56c7ebcbb19285

SHA1
81ce4faeecbd9ba219411a6e61d3510aa90d971d

SHA256
871949a2ec19c183ccdacdea54c7b3e43c590eaf445e1b58817ee1cb3ce366d5

SHA512
1eb5eb2d90e3dd38023a3ae461f717837ce50c2f9fc5e882b0593ab81dae1748bdbb7b9b0c832451dfe3c1529f5e1894a451365b8c872a8c0a185b521dbcd16b

Download Submit
C:\Program Files (x86)\Vortax\hostfxr.dll
Filesize
342KB

MD5
16532d13721ba4eac3ca60c29eefb16d

SHA1
f058d96f8e93b5291c07afdc1d891a8cc3edc9a0

SHA256
5aa15c6119b971742a7f824609739198a3c7c499370ed8b8df5a5942f69d9303

SHA512
9da30d469b4faed86a4bc62617b309f34e6bda66a3021b4a27d197d4bcb361f859c1a7c0aa2d16f0867ad93524b62a5f4e5ae5cf082da47fece87fc3d32ab100

Download Submit
C:\Program Files (x86)\Vortax\hostpolicy.dll
Filesize
388KB

MD5
a7e9ed205cf16318d90734d184f220d0

SHA1
10de2d33e05728e409e254441e864590b77e9637

SHA256
02c8dbe7bf1999352fc561cb35b51c6a88c881a4223c478c91768fdaf8e47b62

SHA512
3ecbaf20946e27d924a38c5a2bf11bac7b678b8c4ebf6f436c923ea935982500e97f91d0e934b7fd6b1fc2a2fd34e7d7b31dbbe91314a218724b3b2fd64c4052

Download Submit
C:\Program Files (x86)\Vortax\mscorrc.dll
Filesize
133KB

MD5
53e03d5e3bffa02fbc7fb1420ac8e858

SHA1
36c44c9ff39815aa167f341c286c5cd1514f771f

SHA256
23a433398be5135222ee14bb1de6334e7b22bad1a38664a83f1cf19dfbddd960

SHA512
f6aca16b90f6b4efa413dc9a8f1d05e83c1e3791b2cb988f9bce69d5272a0077c1edcae4111a494d166b5e3ab4e25956dead4e93ee1e43417c2b7bb082292170

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
64f055a833e60505264595e7edbf62f6

SHA1
dad32ce325006c1d094b7c07550aca28a8dac890

SHA256
7172dc46924936b8dcee2d0c39535d098c2dbf510402c5bbb269399aed4d4c99

SHA512
86644776207d0904bc3293b4fec2fa724b8b3c9c3086cd0ef2696027ab3d840a8049b6bde3464c209e57ffa83cbc3df6115500fbe36a9acb222830c1aac4dc7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a74887034b3a720c50e557d5b1c790bf

SHA1
fb245478258648a65aa189b967590eef6fb167be

SHA256
f25b27187fad2b82ac76fae98dfdddc1c04f4e8370d112d45c1dd17a8908c250

SHA512
888c3fceb1a28a41c5449f5237ca27c7cbd057ce407f1542973478a31aa84ce9b77943130ca37551c31fa7cd737b9195b7374f886a969b39148a531530a91af3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
6ba6cf97b653ce5155425f58ec31a4f5

SHA1
598d3970ff88c3600da18c205f030fe793d68983

SHA256
a29d59dda3699baf3c00ca2a5fd3d7fc30e39c7025ca75d9f413ec5d433a8382

SHA512
09d28eb540f78ad84003305323301ff2922867d7a46dec87d69a66aa0e7e516e8421ef9c962deb68d82351fa1763b7fb85a6f4d73459b96186c71b2246f1e4cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
669395d4c7a22aa21c022a08913e3866

SHA1
3fdd5680ca01185c41a8b45ad146fd55ecad5341

SHA256
b2a8254da8d4a974ae12a1803717986cacc81195b2523ff032474337d4b59d82

SHA512
0faa8e12646597585285097085e9e2b345987623d17ae13560d197f147c01acbb29ae470aca7ce2f8b1cb23e03b940c7f0f4dfda27e2968ae1153cd5765396c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
5c518abfaf04ce8160a5b2ef45189f8d

SHA1
fa3cccc45dff99eabafb8b3fe9df134e60efee94

SHA256
0e58014579d8aeecb222a7a99a2ea0c228c3d04b81cc8a09cf95517f7ed37a69

SHA512
f5e8522cbf96e16627c1ac6130f1124304f0acb88d0c4ce08f3ca08beb00e29405a6ead3093845d4a6ec23d571cd0f4f21e96e62f2af627390a79594996b8e69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
1dd80fdd64d373bbed68347cb06a377e

SHA1
78ae62ccfbe2bca1ac0bdf850ef9a218c2cbf159

SHA256
960b477ba58d34a2d831e806fc68cb544f5b6449eb97e17c06ff9e47b1d16fb5

SHA512
f9c0bd729c1dd8029d2df8e409721bc454f161cd153d8b5d12e2c7b9e583dd18f7c3a787a8ced6acf79e68d336a3ee17b96ed7a14c26cb8dc38cc846e1d8d75d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
565b4d74e809c1fcd1561d8659df1608

SHA1
6692c81807d6e9934be203598139dc6392399c25

SHA256
5aca7327b8e9f4493ce83c3177d80ef331284edb51d357a1fedf5b403e4f9860

SHA512
b122cf10a751d4cc0e004425b3611124548513ff3074666bc29a0040aad083230c45eeb481fa15bac786ee93d4c2e40bd7981791bf513daba1286ec7600fdda7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
083501ad43774acf76cb5b4afcc46e9f

SHA1
70b3ff0f8ef4f4c8c67e4f4308e277b15888295e

SHA256
26ba3911fa17997742ee325f8c92ea78995259dacd3c68751172b36e45b942fb

SHA512
f9f4f9795535a637843be31d5d5a16934d42516444085e4788f8060d1b949575eb746f81084c8aa30679aef2e1b00f2af83c80f0a060a4e601ba8d3dffe7679b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
a5c7bb802cad7b183cf33b212743b381

SHA1
19c860293c98c2245831f18c8d25c448a2429339

SHA256
436d3d1d7b83e75b65b8c1490e756a18c702fc517e94bd2f283a9f2990d45334

SHA512
2521ded65a55dd394de7f0fc10f9567856d441b07a2291cc03276892efccdb8fc155185b2f3888ae0fa5a9a01524c53de4f58d66742266a34de7aba82604843c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
a99c5f7da6c1ec7431514891d3763127

SHA1
25c397a2dd0451d1402838c4d72ab9eb966ef147

SHA256
be0c83e96637a4af5e7128e06e1c0c5f9e938adc46574cf747747867f60e51af

SHA512
9ccec8939d672636c7ea89e1f6b3436d6b05e9f66acaf3ed3e01d57b1f1807d28ee90c715334c970ad5bbc44bbb4c5f620d5885a713297310b0b9eaf0e387dd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
533B

MD5
b30331fc133fd67110f5197f4526a878

SHA1
87c7c0c86a9eda13f1633d44979e8d27c87bada7

SHA256
ff5a42242cb9ca9493894d0ae702a806a91f77de6ebcaf5d893dce4cc3ea5d6c

SHA512
cbf20755ea7d7314e23a393c42b3703d3aa1dbd000535165290a83b915f70d94fd0eaa58e911859cf882c19b77eb9ec6d120841a5b554ec124e1a1ac43d20c8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
867B

MD5
9d4e4d466a754a51f94419c91a16ab42

SHA1
5ca25358230e0a6d52f4b683d603f69b44c925a5

SHA256
71cdfab6b04fb671d4c28c584600251b6177917ee5052f378cafa9e20a7eb00b

SHA512
3f628398566acd7eeaae6aea197157176433a49090bde03d08f634498869088d7798139791e4cf073f42a5832f2b356914750facceacf5f04c62b384eb44d687

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
521c37ee11637764d7d4b680a80f644a

SHA1
38b5a69ea1a6a878c6db202fe748025718f370b3

SHA256
9cfa4bc2c42999830b58a3dd7f90373e4c4f8936828af1ff1eeb2ad452626503

SHA512
d86c2dcf7450883cc3f55765a3e0a167ada22f2fe0058a787d68986cf7d87d8c007be81d23acec2365eda5b5a1cf12612060e5b9441f00ef0e7fcefdbdf03a92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
cb2bc870c96adf98be7be4b59ff1e695

SHA1
c22e0304cea988e866ab7083b29497500b3e3ee0

SHA256
dddfb0e97fb78b081bb2f692f1b6191e9fd0f016fcfe506c53225df6c3bb2a8f

SHA512
b51d664b4bd25e6a9321c82beb09c4b738cfb594ac27c65dd756b007608fd7044a15d2019d42ee53d9e3326798b934ed2e93af6d992c8ce7593ebd95fec1d3a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b4d9.TMP
Filesize
367B

MD5
a8d1909fb24ca9daae43d6c082b60a85

SHA1
9559fdb99830753ef0253b766ef80fbf0ff5ba99

SHA256
f8e1cb32103aa074f301a99d34d2443d6b6349d0dbbdff2fee43d507359863d8

SHA512
98a450c2fd4c75bb45c8c43b57f13709575e5973fc676c867e683b45a68d1428784abac312cb8cb70030b151e189a75e22046b1782cfdbde4cc2298c5d7c5f1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d0693caf-32fd-4ce5-adb7-579a4a201be9.tmp
Filesize
5KB

MD5
3fe57717921b78086e63c31d0bc63040

SHA1
da8aee1f537a93d800870b15b2b9713955ced9eb

SHA256
1cba4a32bc09387bff6965551cd5c8305ee8cdde8a0713380fa797284a61d005

SHA512
633f074a4cd31cc1b070324a3e0cb82e6b4c9c527ef6d3ab5baba563f530f5797f0bda4f8030caf21583bcdd670b1dcedb411a22c93044401ce9e7e09bac9110

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
5efd239277dce2cf12d72e3a0fe10389

SHA1
65afa731f38d866fd242c485691629dd2e710003

SHA256
7ad9ff7ab6a7bbb5396b0c2298b203b5a5194a339822383f29958ef58fc08173

SHA512
ad267eff3b932ee9e727198c7f58155d0eed62a355b28db6ae3eb8af9b5d3c2fdafb26b287b49e7e2865ff68b7020e4e105e3329daea4f1b61c04f9c0ca5c752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
52b31dc7f8d1a0003ae41bae86e18114

SHA1
0a07974a146940d1571b95dc066961795b5c62db

SHA256
cc21bc7713229011a3ba1ec3b2eb7dbdd48440d7b6fa7419e3239ceb33e06804

SHA512
8cf87a66278ea92f81e9c37ef6fd02f97e7df52cfd39832ac58e5baf9f3ae2a59631b518ce9e8bc117c455f1f3d5ace2e589b960ec46dd79a50687cdc7442077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
31cc685f83d0a7a44a5ff3a3eeed0f8f

SHA1
6af6fa6ded136ed1d048288ac8e334d82facd0df

SHA256
1e46fb351f9f484ef07705cae853c01021e95d32cda8125b4f16df7938fbd4f4

SHA512
c133ae1f5211533fa2d7de49614fa97d21081d460b798a66867c8d8191b4c9a7a3c1c70bb7094cc495ba86dd85c7d2e330c28369ea3a8d157b34b4373c910116

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2jczwrfb.vfs.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss555C.tmp\InstallOptions.dll
Filesize
15KB

MD5
d095b082b7c5ba4665d40d9c5042af6d

SHA1
2220277304af105ca6c56219f56f04e894b28d27

SHA256
b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c

SHA512
61fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss555C.tmp\LangDLL.dll
Filesize
5KB

MD5
50016010fb0d8db2bc4cd258ceb43be5

SHA1
44ba95ee12e69da72478cf358c93533a9c7a01dc

SHA256
32230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e

SHA512
ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss555C.tmp\System.dll
Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss555C.tmp\ioSpecial.ini
Filesize
1KB

MD5
0bcaeddfc6534e5110254fa6b97c7193

SHA1
76e3a52472828e1df5725167ae53838eb1d6df39

SHA256
c0f661a336605bd1ca5ae1daa346ca81fc529820a2af88e5ccfdb7b02ecc07cf

SHA512
0384cdced32a08e0507e775b8e6c60451853ec8a09d330c45c63cd38cb03aaa8b77393ae267363f0c0cde3dc309e6b7bc131ca96d87d77b587203363ea94e478

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss555C.tmp\ioSpecial.ini
Filesize
1KB

MD5
fd2c48606c6f7d5db17741c3e34cf3c3

SHA1
c9a45fb581fd02a4a341471d9c918b4cf23ce5dd

SHA256
04044bd396db1e9f9d73973f37528997fe8fe9ed71f0e68ab5a6662b679a8f41

SHA512
17051826907978e28b11744cc772b16f8205fadac84a0b59ba5347aa413ebfa14b046485638a2f2574b271ce5f9626e517198f86c2d13d5ee6b896e69484e4ec

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Vortax App Setup.exe
Filesize
47.3MB

MD5
cab622641242a6f2fcbb8a1ae2698fd2

SHA1
9d56b54643706787c16f0cae4e9e565c1e1a49ec

SHA256
f3176e0859ba92049dcd57685c1b5f49b97183ff49fcc79f2ce4ad2b31d2d843

SHA512
324ad8a7669d15ef19d0c1d7b362d17f2118414b4e8672921fe45994db0425200a38e26fc4c169ecb19f7c4aa8233fc5dfd32c3cb32e600cc031139d0e530cf1

Download Submit
C:\Users\Admin\Downloads\Vortax App Setup.exe:Zone.Identifier
Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
\??\pipe\LOCAL\crashpad_4896_BOHCCCKCWBNPJBKN
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/812-1089-0x0000000074950000-0x0000000074ACD000-memory.dmp

Filesize
1.5MB

Download
memory/812-1088-0x00007FFECF2A0000-0x00007FFECF4A9000-memory.dmp

Filesize
2.0MB

Download
memory/1800-1042-0x000001BE4C990000-0x000001BE4C9B2000-memory.dmp

Filesize
136KB

Download
memory/2012-1183-0x0000000077040000-0x0000000077292000-memory.dmp

Filesize
2.3MB

Download
memory/2012-1181-0x00007FFECF2A0000-0x00007FFECF4A9000-memory.dmp

Filesize
2.0MB

Download
memory/2012-1180-0x0000000002480000-0x0000000002880000-memory.dmp

Filesize
4.0MB

Download
memory/2012-1176-0x00000000005F0000-0x00000000005F9000-memory.dmp

Filesize
36KB

Download
memory/2384-1164-0x00007FFECF2A0000-0x00007FFECF4A9000-memory.dmp

Filesize
2.0MB

Download
memory/2384-1165-0x0000000075040000-0x00000000751BD000-memory.dmp

Filesize
1.5MB

Download
memory/2688-1091-0x00000000009E0000-0x0000000000C1D000-memory.dmp

Filesize
2.2MB

Download
memory/2688-1158-0x00000000009E0000-0x0000000000C1D000-memory.dmp

Filesize
2.2MB

Download
memory/2688-1092-0x00007FFECF2A0000-0x00007FFECF4A9000-memory.dmp

Filesize
2.0MB

Download
memory/2688-1093-0x00000000009E0000-0x0000000000C1D000-memory.dmp

Filesize
2.2MB

Download
memory/2688-1095-0x00000000009E0000-0x0000000000C1D000-memory.dmp

Filesize
2.2MB

Download
memory/2688-1096-0x0000000061E00000-0x0000000061EF3000-memory.dmp

Filesize
972KB

Download
memory/2820-1083-0x0000000000F50000-0x00000000013C3000-memory.dmp

Filesize
4.4MB

Download
memory/2820-1084-0x0000000074950000-0x0000000074ACD000-memory.dmp

Filesize
1.5MB

Download
memory/2820-1085-0x00007FFECF2A0000-0x00007FFECF4A9000-memory.dmp

Filesize
2.0MB

Download
memory/2820-1086-0x0000000074950000-0x0000000074ACD000-memory.dmp

Filesize
1.5MB

Download
memory/2848-1169-0x00000000009D0000-0x0000000000A3F000-memory.dmp

Filesize
444KB

Download
memory/2848-1178-0x00000000009D0000-0x0000000000A3F000-memory.dmp

Filesize
444KB

Download
memory/2848-1175-0x0000000077040000-0x0000000077292000-memory.dmp

Filesize
2.3MB

Download
memory/2848-1172-0x0000000003EC0000-0x00000000042C0000-memory.dmp

Filesize
4.0MB

Download
memory/2848-1171-0x0000000003EC0000-0x00000000042C0000-memory.dmp

Filesize
4.0MB

Download
memory/2848-1168-0x00007FFECF2A0000-0x00007FFECF4A9000-memory.dmp

Filesize
2.0MB

Download
memory/2848-1167-0x00000000009D0000-0x0000000000A3F000-memory.dmp

Filesize
444KB

Download
memory/3208-1160-0x00007FF6E64F0000-0x00007FF6E6A66000-memory.dmp

Filesize
5.5MB

Download
memory/3208-1162-0x00007FFEAD030000-0x00007FFEAD1AA000-memory.dmp

Filesize
1.5MB

Download
memory/3208-1161-0x00007FFEAD030000-0x00007FFEAD1AA000-memory.dmp

Filesize
1.5MB

Download