Analysis
-
max time kernel
1195s -
max time network
1200s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
14-06-2024 14:01
General
-
Target
http://vortax.io
Malware Config
Extracted
stealc
vor13
http://45.132.105.157
-
url_path
/eb155c7506e03ca9.php
Signatures
-
Detects HijackLoader (aka IDAT Loader) 2 IoCs
-
HijackLoader
HijackLoader is a multistage loader first seen in 2023.
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Stealc
Stealc is an infostealer written in C++.
-
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
-
Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
.NET Reactor proctector 1 IoCs
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 58 IoCs
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Suspicious use of SetThreadContext 2 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 46 IoCs
-
Suspicious behavior: MapViewOfSection 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 36 IoCs
Processes
-
C:\Windows\system32\sihost.exesihost.exe1⤵
-
C:\Windows\SysWOW64\dialer.exe"C:\Windows\system32\dialer.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://vortax.io1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4104,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=4040 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3896,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5092 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5196,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5340 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5468,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5536 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5472,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5564 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5324,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5944 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6124,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5880 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6308,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5168 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5092,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5364 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5672,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5528 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=6376,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5796 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=6540,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=3836 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=5900,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=4332 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=5796,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=6300 /prefetch:81⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x518 0x5101⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --field-trial-handle=5880,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=6136 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --field-trial-handle=5172,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=6224 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --field-trial-handle=6772,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5676 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --field-trial-handle=6272,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5204 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --field-trial-handle=6732,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=7064 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --field-trial-handle=7316,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=7404 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=8000,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=7736 /prefetch:81⤵
-
C:\Users\Admin\Downloads\Vortax App Setup.exe"C:\Users\Admin\Downloads\Vortax App Setup.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Vortax\Vortax.exe"C:\Program Files (x86)\Vortax\Vortax.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\d1ac5cb9-412e-409f-a77e-a2064716e55b\snss1.exe"C:\Users\Admin\AppData\Local\Temp\d1ac5cb9-412e-409f-a77e-a2064716e55b\snss1.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe5⤵
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\d1ac5cb9-412e-409f-a77e-a2064716e55b\snss2.exe"C:\Users\Admin\AppData\Local\Temp\d1ac5cb9-412e-409f-a77e-a2064716e55b\snss2.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe5⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=3612,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=3416 /prefetch:31⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=7784,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=6012 /prefetch:81⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Vortax\Accessibility.dllFilesize
20KB
MD5fb554f9fe0b91f135d26ac6459cfd6f2
SHA1b1269a2c28bded872b14fe70b69484631ef3a65d
SHA256929ea150ad45b7c7dd5427461fbec44d43b67c08081f59b42b6abf570feae271
SHA5128dffde6cddfc59ec380111fd36048126559e1f1e080c081ca0d09021bb23d6888e93e1659c7b3a8fa46f76602b03cf3e638ec1a80fba79e51648dcb32362e10c
-
C:\Program Files (x86)\Vortax\Microsoft.Win32.Primitives.dllFilesize
15KB
MD5300c95ff95b52e8a02fec6bfcfa58225
SHA1b646f89fcd463ad5c19889b4fea40540568b780c
SHA256f1b40565e5c4c41da810aee5b7d2272a0906e88f796812435aa5ed712bcac40c
SHA5129bfe0eb6eea98b2d35aa42986a273ec82424143965e173b32bb4b7e5537580a027940a6952a45fc54f0b665e871deb2a95651106c2f24c7de3b3d3cd2dec7e89
-
C:\Program Files (x86)\Vortax\System.Collections.Concurrent.dllFilesize
270KB
MD538d21e067d7673194a84cced59066ac8
SHA1e64362176f714b23603f3a67f1e741f12e35a832
SHA256483130bfd1e57a0cbfd8a4f3c6e2353ac3f246276f9476c83cca1cadbc47ef47
SHA5123fa6f78ff0cb527a8e82261549f24a8609d005821ac5c5e7257670dffd55472a134af3ef78d73779758303ae5a90728181cd4caebc871c5cfa4c309141201baf
-
C:\Program Files (x86)\Vortax\System.Collections.Specialized.dllFilesize
102KB
MD5cc26e9e30ffab763a1e54c0ef3713382
SHA1c3be6646b7a4576ebd7729dbf4dccbd1fc159d51
SHA2560cbabb81eae22f4c07c6c846054d207ae3f25da15649eb7fa29e4e2cecd24db4
SHA512c8e57fb70cfa7667f9a5484c99eedd0bf34004ee26e9642e99a6b90624caa804af571d8aaafa7e9b121550af58205f8ed197b4ddb928210d394ff0b4c1897149
-
C:\Program Files (x86)\Vortax\System.Collections.dllFilesize
254KB
MD592063926c04f2e4bf5b5fde16542831d
SHA1e7be34eaff2d3d8796911d21f1fdbb93bf231dec
SHA2569193aaef3ea8f19408f88c25fcaf5880e7836d1c35028d7e4077f6090b083541
SHA512e855ee37980d1da2d143ee39133b05fff81937e529cffe74433e73088549daabd3abadbf05f3765bf3ffffd50313f0ed966efec0eb244d7363241affd73cc29f
-
C:\Program Files (x86)\Vortax\System.ComponentModel.EventBasedAsync.dllFilesize
46KB
MD5333639248121fb67d18323613a8203ea
SHA10cee5f7d46596239b833b3b30dccde27b0136959
SHA2564c97d7bc0742faaa52ba86018b040aac44ddfc88a5835f9e6a659e03b4558999
SHA512714fcb7299abcb26100b5f4103834c11c58f535ee9853fca2bcb22f43a3d1e7608d6ccae2dcc93d1687a4f1c8b521afe683d537f70f858681e62fff2d79c4acb
-
C:\Program Files (x86)\Vortax\System.ComponentModel.Primitives.dllFilesize
78KB
MD51c59c00ab0850af4b4d2bafd6be47db3
SHA14c6185b2f42987e25a5fdf2aa30cf4150de25d5b
SHA256133ec34432ab8fa4f63ade636193864b6a62a089a0c98d746f5532c8a52f437b
SHA5128425c02c4afb274e862e4ed5dd1c766ebfa1bcf5bf59018d86238014a52603331a8b7c1e233f5a1f22171e90132ddd585db0d2561ff2cd287d703397afdff4b1
-
C:\Program Files (x86)\Vortax\System.ComponentModel.TypeConverter.dllFilesize
726KB
MD5f6f78df8a3ef64639ac0cb7de24ed66b
SHA1384422c0ceb6bb6870c4f7d9074e9c78d33e4c0c
SHA25688129c110d748f7c8ef8a923f68cd26d39e0505b49bf5cc10cbd23b92f1a00a3
SHA512ed63f75e3477196b5308c42f259c0294a29ef5edf6eb0df4f8268be3f0495b9cfd8ca3467bc1574db142571c368940468bb84d14c26aaccacd6eee66ddd98403
-
C:\Program Files (x86)\Vortax\System.Diagnostics.FileVersionInfo.dllFilesize
46KB
MD51daf75cc369569182bbdb664eb8cb4c7
SHA1ec0ff43694f0027a469d31221b591bff2ef29d69
SHA25692ae8401342fd8484e749c65a7726a0f5bff69346ad4e96026bfa063ff567b8b
SHA5129d0ee9b59354f721136a1631e46d395b763f755b212e44daea5c62a91b4c5edfd218587c8aa56db27f7efc7b9678c59ea822964f279a7837aa5e12f46be4e79b
-
C:\Program Files (x86)\Vortax\System.Diagnostics.TraceSource.dllFilesize
142KB
MD5fe6a4b96e144131788108c8396a849eb
SHA140e6e5d03cfe036645ae854d5a2262faec6bed32
SHA25622365ee4e3ba3c991d495e41f92e29bf6ddb38a48c44f55651271b80ee62b6d1
SHA51261644c0e970dd6a6ff697b110bf99962931dd94deda5a966ea0fded3d23cba7433b802656295e04f1a95421774ea3c838f0a642d26b5e46ae6c05becb52eb7f1
-
C:\Program Files (x86)\Vortax\System.Drawing.Common.dllFilesize
1.5MB
MD5e4715322db624dc52947a42ac67757ab
SHA1ba0b0850142ecc3910927d6f2e5781b896d7d442
SHA25675b1e772a4355145364121af00e5b5cf06c7212aa53d662fdc996bc11e8092a9
SHA5123c86d44eb209a3a1f2001968a2b139e532a0513fd2decff04aa1bf8b30b6202c70fc0e7ac8b22ace563023671259cd74cf65062132e7f1b97d3580621686b05a
-
C:\Program Files (x86)\Vortax\System.Drawing.Primitives.dllFilesize
130KB
MD5b5ca10a41cc865048491f617678722a9
SHA1afe171d9d676b78983b802e18ef8e00927073c64
SHA256cbe9fbb1d1e4850460854474ffd8c01ddcc756dcb33a86d1674c0cb2e2a0b026
SHA5122afdce56b7eec6deb82f8b2d5ec3029b5a0ee1e8bbf2e0ff9a0a5310bf265ddcdf63660546b4dbcc3c5fb0cba3cbb94f2408fe5cb4d14dbe0e74aba6dd5a2192
-
C:\Program Files (x86)\Vortax\System.IO.FileSystem.dllFilesize
15KB
MD535e27f4c681085a4b096826ee8ea4f53
SHA1cf3ea4304e5558c8fdd4422e4d72509cd91ea719
SHA2567bd41c6b12b73e6e90476f2d56db8581664abe07e7ab9bf2917bb254ed1d75ad
SHA5121f9e6519ff29524e57cb0b3576ab118014293aade8f30027ef44b1f29a8e9a54e7bcb3b288a92dba996053b16016807d93fa9f44f2c43666ddc6425ddd7ae4b9
-
C:\Program Files (x86)\Vortax\System.Memory.dllFilesize
154KB
MD57e999da530c21a292cec8a642127b8c8
SHA16585d0260ae98bab2ad1eaba0f9cfe8ebb8a0b3f
SHA2563af25e0c81c1462d0db86f55c4e5fd8c048c70685f9a566d29d499bc46935fb4
SHA512a18b6649b5c2f9f96bf639863df9faad436759200a64f91fb2d955f33c71ce4b2d5798be982f692a247ac864d8acb63fb731b31c06333e5c7d9a9c895ecd6451
-
C:\Program Files (x86)\Vortax\System.Private.CoreLib.dllFilesize
12.6MB
MD5805cf170e27dd31219a6b873c17dce88
SHA1ac90fa4690a8b54b6248dcb4c41a2c9a74547667
SHA256ba7e61a00e7a4634b5c5a79b83126f75580ceec235c613000c3efbc01826cad0
SHA512fa946aae906b66cb5570155a1c77340f2b6d4efb9be16068da03a8f1c5b5f37ad847d65cd1416017db19375dc6a72670300da4c766e6d9bb1a00374f492bd866
-
C:\Program Files (x86)\Vortax\System.Private.Xml.Linq.dllFilesize
394KB
MD560ed8b2bffc748d6a2a1fed8fa923368
SHA1be411429b9a649a495124558c5e5d95a83525d58
SHA2560b63cebb991d1911a607993ea5b4639f34a2b0b381a73973542db2d3591e9f90
SHA512b0a4ac2aa96d827258bb30f098512741ad3f93585e05ceae0255e15cd8dc9ab8048788902c1eb32a813e9c69c8a923200a716b4e00f579c22a0b425665e575f8
-
C:\Program Files (x86)\Vortax\System.Private.Xml.dllFilesize
7.6MB
MD546aebfbd6d7e74d4d558da62d7600d25
SHA19c1cd44ab8b5e283967427e91cbddddfc0c2bf5a
SHA256834e304221e742a831be5c5178892258e689eae35b730172e74161af2785aab9
SHA5129c4499d174a988cc3830aafcc42f79defff37b16198f49cf5d2dc86f88809fcb44e0c300351f813d46addf9998f64448c50213f1721c6a307aad21c205db1524
-
C:\Program Files (x86)\Vortax\System.Runtime.InteropServices.dllFilesize
94KB
MD549c86e36b713e2b7daeb7547cede45fb
SHA175fe38864362226d2cce32b2c25432b1fd18ba37
SHA256756de3f5f2e07b478ac046a0ac976b992ef6bc653a1be2bb1e28524a4ff8d67d
SHA512a9bd42b626158c540be04f8d392620daba544a55b7438d6caefe93b9df10ec2219f28959c4e0d706a86b92008275de94dfdf19de730787cdacf46d99fc45e3a9
-
C:\Program Files (x86)\Vortax\System.Runtime.dllFilesize
42KB
MD553501b2f33c210123a1a08a977d16b25
SHA1354e358d7cf2a655e80c4e4a645733c3db0e7e4d
SHA2561fc86ada2ec543a85b8a06a9470a7b5aaa91eb03cfe497a32cd52a1e043ea100
SHA5129ef3b47ddd275de9dfb5ded34a69a74af2689ebcb34911f0e4ffef9e2faf409e2395c7730bce364b5668b2b3b3e05a7b5998586563fb15e22c223859b2e77796
-
C:\Program Files (x86)\Vortax\System.Security.Cryptography.Algorithms.dllFilesize
17KB
MD58f3b379221c31a9c5a39e31e136d0fda
SHA1e57e8efe5609b27e8c180a04a16fbe1a82f5557d
SHA256c99c6b384655e1af4ae5161fe9d54d95828ae17b18b884b0a99258f1c45aa388
SHA512377f4e611a7cf2d5035f4622c590572031a476dd111598168acea1844aaa425c0fe012c763fbc16290c7b32c6c7df7b2563c88227e3dbc5d2bd02250c9d368d9
-
C:\Program Files (x86)\Vortax\System.Security.Cryptography.Csp.dllFilesize
15KB
MD5c7f55dbc6f5090194c5907054779e982
SHA1efa17e697b8cfd607c728608a3926eda7cd88238
SHA25616bc1f72938d96deca5ce031a29a43552385674c83f07e4f91d387f5f01b8d0a
SHA512ae0164273b04afdec2257ae30126a8b44d80ee52725009cc917d28d09fcfb19dfbbb3a817423e98af36f773015768fed9964331d992ad1830f6797b854c0c355
-
C:\Program Files (x86)\Vortax\System.Security.Cryptography.Primitives.dllFilesize
15KB
MD5777ac34f9d89c6e4753b7a7b3be4ca29
SHA127e4bd1bfd7c9d9b0b19f3d6008582b44c156443
SHA2566703e8d35df4b6389f43df88cc35fc3b3823fb3a7f04e5eb540b0af39f5fa622
SHA512a791fa27b37c67ace72956680c662eb68f053fa8c8f4205f6ed78ecb2748d27d9010a8de94669d0ee33a8fca885380f8e6cfad9f475b07f60d34cdcb02d57439
-
C:\Program Files (x86)\Vortax\System.Security.Cryptography.dllFilesize
2.0MB
MD575f18d3666eb009dd86fab998bb98710
SHA1b273f135e289d528c0cfffad5613a272437b1f77
SHA2564582f67764410785714a30fa05ffaaad78fe1bc8d4689889a43c2af825b2002e
SHA5129e110e87e00f42c228729e649903ad649b962ae28900d486ee8f96c47acca094dbace608f9504745abf7e69597cdef3c6b544b5194703882a0a7f27b011fa8d5
-
C:\Program Files (x86)\Vortax\System.Threading.Thread.dllFilesize
15KB
MD572d839e793c4f3200d4c5a6d4aa28d20
SHA1fbc25dd97b031a6faddd7e33bc500719e8eead19
SHA25684c9a95609878542f00fe7da658f62d1a6943a43e6346af80d26bcff069a4dbd
SHA512a414cd9d7cf6a04709f3bdbef0295349b845a8301171ed6394e97b9993f35816383b958736c814f91c359a783cca86ee04802856486d4b4e0ab90a45da39db1d
-
C:\Program Files (x86)\Vortax\System.Threading.dllFilesize
82KB
MD532aa6e809d0ddb57806c6c23b584440e
SHA16bd651b9456f88a28f7054af475031afe52b7b64
SHA256e8d1f5c422ee0ba3b235b22028ab92dc77c1ff9774edc0b940cad7224a30ba7d
SHA512fe43b3d6ed5c37d59a44636d3c7522a88d83e6ec074bf69d3cbb6e5454fdd8f0523ea10fdf6fd452cbd0e2fc159cf9d03dfad6b30e80e400e7f1773b5a2e8632
-
C:\Program Files (x86)\Vortax\System.Windows.Forms.Primitives.dllFilesize
2.9MB
MD58129c2d72bcba8b50576e7c43e558832
SHA1f4892f78d2496f3a2e1fa2380ff68fbeb62e2dca
SHA2565794a3996a0b4ab9cb13f3de0f87d50462615a7d0eb1d243d9324a682c1b58cb
SHA51240fafbf9590d2b2c8f487f44708e9e97ddce03b1487be5c7cb3d4c92bdb7100a98aebada379f63003f0dd9d447ee2b0b9dfa0b057320ac05f7f77b31c5ffa97d
-
C:\Program Files (x86)\Vortax\System.Windows.Forms.dllFilesize
12.9MB
MD5a51632facb386d55cc3bc1f0822e4222
SHA159144c26183277304933fd8bb5da7d363fcc11fa
SHA256efc52dbbef5202d9ff424d7adc6e2249b66450a5fd5414891776fc617b00123e
SHA5122a8d8e2ee8168e6f79476616385320f463ebc161c7393db2b18a7d35ca0111c5100b83954c5eabfe32b12cac3dbfdc514271dde4cc4468dd26235eb7020d9c14
-
C:\Program Files (x86)\Vortax\Vortax.dllFilesize
393KB
MD5db0a77e84caa01503bea132d7e5ef2f8
SHA1161661df701e4011570cafb8305f218fa4ac3e50
SHA25641d023a22c052a1d37bda1f34b8cb73d088fcf6abaf00695360f0a3a8d985239
SHA51202207090569315f79a5d1f35f39e80cf8b05c87c336da8b52f02cdae4732b7acc3f98f1333986c91ea3f09f054efb09605a1427ba2fe23d90e119797b3984574
-
C:\Program Files (x86)\Vortax\Vortax.exeFilesize
308KB
MD5aa6ea1381097f6e1201a10a0de1029f5
SHA123b162c564b54fdc6fa2a4e56401bcb0ad98b6ac
SHA256d1240769ed4c6dd4603a00f1e05b0ec4c1b2951661bd478c1e10954ab3123924
SHA512584155f235b8567a5356307bc139e82df049f49bd9c4c07baa346fa8afb7be7e6f0afd1eec024bcebf5a7c416934f692d183a2977e8a38666652ccc1c124ff40
-
C:\Program Files (x86)\Vortax\clrjit.dllFilesize
1.7MB
MD58b81a3f0521b10e9de59507fe8efd685
SHA10516ff331e09fbd88817d265ff9dd0b647f31acb
SHA2560759c8129bc761fe039e1cacb92c643606591cb8149a2ed33ee16babc9768dcb
SHA512ea11c04b92a76957dcebe9667bef1881fc9afa0f8c1547e23ada8125aa9e40d36e0efaf5749da346ba40c66da439cbd15bf98453e1f8dab4fe1efd5618fdc176
-
C:\Program Files (x86)\Vortax\coreclr.dllFilesize
4.8MB
MD59369162a572d150dca56c7ebcbb19285
SHA181ce4faeecbd9ba219411a6e61d3510aa90d971d
SHA256871949a2ec19c183ccdacdea54c7b3e43c590eaf445e1b58817ee1cb3ce366d5
SHA5121eb5eb2d90e3dd38023a3ae461f717837ce50c2f9fc5e882b0593ab81dae1748bdbb7b9b0c832451dfe3c1529f5e1894a451365b8c872a8c0a185b521dbcd16b
-
C:\Program Files (x86)\Vortax\hostfxr.dllFilesize
342KB
MD516532d13721ba4eac3ca60c29eefb16d
SHA1f058d96f8e93b5291c07afdc1d891a8cc3edc9a0
SHA2565aa15c6119b971742a7f824609739198a3c7c499370ed8b8df5a5942f69d9303
SHA5129da30d469b4faed86a4bc62617b309f34e6bda66a3021b4a27d197d4bcb361f859c1a7c0aa2d16f0867ad93524b62a5f4e5ae5cf082da47fece87fc3d32ab100
-
C:\Program Files (x86)\Vortax\hostpolicy.dllFilesize
388KB
MD5a7e9ed205cf16318d90734d184f220d0
SHA110de2d33e05728e409e254441e864590b77e9637
SHA25602c8dbe7bf1999352fc561cb35b51c6a88c881a4223c478c91768fdaf8e47b62
SHA5123ecbaf20946e27d924a38c5a2bf11bac7b678b8c4ebf6f436c923ea935982500e97f91d0e934b7fd6b1fc2a2fd34e7d7b31dbbe91314a218724b3b2fd64c4052
-
C:\Program Files (x86)\Vortax\mscorrc.dllFilesize
133KB
MD553e03d5e3bffa02fbc7fb1420ac8e858
SHA136c44c9ff39815aa167f341c286c5cd1514f771f
SHA25623a433398be5135222ee14bb1de6334e7b22bad1a38664a83f1cf19dfbddd960
SHA512f6aca16b90f6b4efa413dc9a8f1d05e83c1e3791b2cb988f9bce69d5272a0077c1edcae4111a494d166b5e3ab4e25956dead4e93ee1e43417c2b7bb082292170
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent StateFilesize
3KB
MD5bfe6118145542fd0bc5767cb30c8705b
SHA1478f3be82c7cd04c2147b8367df9baa01fae278f
SHA256a4c8bcd319f29325962b01c5435d100e900e782ee8f85406f7c4c3d8e8063fbc
SHA512e4208a32261d8dadfce9944a304b790a3e613e42ef3df2fdf17422754971da888fd429597abeca36e045d37d8ead91669f338ae6293c60eed04cdb2c61d3ab3a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent StateFilesize
3KB
MD53a2e8f952286cc5dd680a7d4baf62d11
SHA143e0542c713970d8dfa474944d0d51340fffeaad
SHA25658ef7d088a0b086820d91f70c9941bb26e9f7938f33d9a88a34067e0fd280722
SHA512c41bf6566af453b2aa37d48413f5d5df9a5fff5458aea180064ec5b0aa2f2566172efa0af5efaceaa1374fec4fd60f46dc3740966e4c15bee776910f8982dafc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent StateFilesize
3KB
MD57c3ab3e03b99985547b6ab57e6fbcd06
SHA13a336fbc3c220156122baa3303f8ffd3cda10cca
SHA256c5fb04af8a8bbac0619428ddb7556b4a14da365f658d6b71666f3ec768a5747a
SHA512ce601ea11693dbcb23fcd66fe11b7301933c7a32fd6593e4680f621c98ac92efba52521e96dab598106fd67a6a31fe29fb67c474e5f4f37bd5d6abd1e44b16f2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch DictionariesFilesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jneoec1y.job.ps1Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
C:\Users\Admin\AppData\Local\Temp\nsg92C2.tmp\InstallOptions.dllFilesize
15KB
MD5d095b082b7c5ba4665d40d9c5042af6d
SHA12220277304af105ca6c56219f56f04e894b28d27
SHA256b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c
SHA51261fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9
-
C:\Users\Admin\AppData\Local\Temp\nsg92C2.tmp\LangDLL.dllFilesize
5KB
MD550016010fb0d8db2bc4cd258ceb43be5
SHA144ba95ee12e69da72478cf358c93533a9c7a01dc
SHA25632230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e
SHA512ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233
-
C:\Users\Admin\AppData\Local\Temp\nsg92C2.tmp\System.dllFilesize
12KB
MD54add245d4ba34b04f213409bfe504c07
SHA1ef756d6581d70e87d58cc4982e3f4d18e0ea5b09
SHA2569111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706
SHA5121bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d
-
C:\Users\Admin\AppData\Local\Temp\nsg92C2.tmp\ioSpecial.iniFilesize
1KB
MD5c398a297e363bb83e8b881e2ca3f05be
SHA1629f44692b4779b5e3bea54fb3dbc121e020cf88
SHA2565a30de679a69b72f2dabdb2a380d518b1160b32bb45165a471c616b4026c888c
SHA512183bfd33dfd4760a10dba40463d6b02635b8bc1d959b2a87c18c99866096a557efa19e26969b1bcdedda1faebb10a60b2a63fd4a24a0e1a7fed50941de58b613
-
C:\Users\Admin\AppData\Local\Temp\nsg92C2.tmp\ioSpecial.iniFilesize
1KB
MD52b7db8d56b635b6538cddd9373f0b42b
SHA1d1a437699cafa837a06c7dfec1a74da62db4f9c4
SHA256cd51f5f7a53cb61e111dad3afcb8b7ef116705857d6e2644c104f68f4e66c016
SHA512da0f4db7974154a6fe4b154a28a2a0d8824ff35c262ea87f2c7d558d218fbe7197897a9f68366756fe46634c92865caada3c90e641276ad5699afad9cdc83305
-
C:\Users\Admin\AppData\Local\Temp\nsg92C2.tmp\ioSpecial.iniFilesize
1KB
MD569fcd4bbc760fd7063de050529963912
SHA10f0bf5876899f859cc053c95bd42bc00401e673c
SHA25655a266ee80ba08a063d998a9a19da05e0e5252bbd04f2a9c0eb066651fc6bc7d
SHA51287a5aaa098a77167a1881a7b20b28483cf995818d4e6f92a9b3ba3b5c025098da51b44cb1a6a3768648aaa6aad92627d492c1fe2e399ba518d3303a41fb5f2e8
-
C:\Users\Admin\AppData\Local\Temp\nsg92C2.tmp\ioSpecial.iniFilesize
1KB
MD5007587be20d71128a42005a7e2dee8da
SHA1ce3ade4bda4bb66c17259e3812f01c060b5dcdef
SHA256885084ace625dcc3274d10118770272445443a7c0d47eb4179c58de135b8b579
SHA512f2d06479f4be113d19479fa33df8bd463997a7b73931272cb3e361132a748cfb8dd3139faa0e96236b52ad3b4cbd516f749d2256dbed065a7ca009afeff5d4a4
-
memory/376-865-0x00007FFCAD370000-0x00007FFCAD4E2000-memory.dmpFilesize
1.4MB
-
memory/376-864-0x00007FFCAD370000-0x00007FFCAD4E2000-memory.dmpFilesize
1.4MB
-
memory/376-863-0x00007FF65F090000-0x00007FF65F606000-memory.dmpFilesize
5.5MB
-
memory/952-871-0x00007FFCCF470000-0x00007FFCCF665000-memory.dmpFilesize
2.0MB
-
memory/952-870-0x0000000000A00000-0x0000000000A6F000-memory.dmpFilesize
444KB
-
memory/952-881-0x0000000000A00000-0x0000000000A6F000-memory.dmpFilesize
444KB
-
memory/952-878-0x0000000075B50000-0x0000000075D65000-memory.dmpFilesize
2.1MB
-
memory/952-875-0x0000000003ED0000-0x00000000042D0000-memory.dmpFilesize
4.0MB
-
memory/952-874-0x0000000003ED0000-0x00000000042D0000-memory.dmpFilesize
4.0MB
-
memory/952-872-0x0000000000A00000-0x0000000000A6F000-memory.dmpFilesize
444KB
-
memory/1960-777-0x00007FFCCF470000-0x00007FFCCF665000-memory.dmpFilesize
2.0MB
-
memory/1960-778-0x0000000074B20000-0x0000000074C9B000-memory.dmpFilesize
1.5MB
-
memory/1960-775-0x0000000000A60000-0x0000000000ED3000-memory.dmpFilesize
4.4MB
-
memory/1960-776-0x0000000074B20000-0x0000000074C9B000-memory.dmpFilesize
1.5MB
-
memory/2212-780-0x00007FFCCF470000-0x00007FFCCF665000-memory.dmpFilesize
2.0MB
-
memory/2212-781-0x0000000074B20000-0x0000000074C9B000-memory.dmpFilesize
1.5MB
-
memory/2724-883-0x00000000028A0000-0x0000000002CA0000-memory.dmpFilesize
4.0MB
-
memory/2724-879-0x0000000000B70000-0x0000000000B79000-memory.dmpFilesize
36KB
-
memory/2724-884-0x00007FFCCF470000-0x00007FFCCF665000-memory.dmpFilesize
2.0MB
-
memory/2724-886-0x0000000075B50000-0x0000000075D65000-memory.dmpFilesize
2.1MB
-
memory/3196-735-0x00000159FE290000-0x00000159FE2B2000-memory.dmpFilesize
136KB
-
memory/3336-783-0x0000000000010000-0x000000000024D000-memory.dmpFilesize
2.2MB
-
memory/3336-856-0x0000000000010000-0x000000000024D000-memory.dmpFilesize
2.2MB
-
memory/3336-784-0x00007FFCCF470000-0x00007FFCCF665000-memory.dmpFilesize
2.0MB
-
memory/3336-788-0x0000000061E00000-0x0000000061EF3000-memory.dmpFilesize
972KB
-
memory/3336-787-0x0000000000010000-0x000000000024D000-memory.dmpFilesize
2.2MB
-
memory/3336-785-0x0000000000010000-0x000000000024D000-memory.dmpFilesize
2.2MB
-
memory/4028-868-0x00000000751B0000-0x000000007532B000-memory.dmpFilesize
1.5MB
-
memory/4028-867-0x00007FFCCF470000-0x00007FFCCF665000-memory.dmpFilesize
2.0MB