a792876d62995f88303e0e13f396e2693c7ef0f2e8ae75cfdc5eb66df37f0809

Analysis

max time kernel
152s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
16/02/2023, 00:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Vortex-1-1-7-8-1675857943.exe
Size

142.4MB
MD5

6dd375395ddfc49e0d9056a0857d43db
SHA1

dd83215608a1f6b29fdc74a3d4087160f005c944
SHA256

a792876d62995f88303e0e13f396e2693c7ef0f2e8ae75cfdc5eb66df37f0809
SHA512

e21b193d63238ac041142af801cbfd86a79487fd9d9bec2d74092f7e8cab22f28b18608dc2d794ea328358ba2e2fd44cd23b55a673763fa3735a3e3b6830a46e
SSDEEP

3145728:TaTXCpjPchCb5KtFf5HhvC0HWwB0B9VGN/Jj+7RO1NnrkOLVuBUrC:WYjEhCb5K5Hhv/WlK/JjcRO1JrnYqO

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	Vortex.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	Vortex.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	Vortex.exe

Executes dropped EXE 6 IoCs

pid	Process
3320	Vortex.exe
3156	Vortex.exe
536	Vortex.exe
1244	Vortex.exe
2176	Vortex.exe
2532	dotnetprobe.exe

Loads dropped DLL 51 IoCs

pid	Process
4128	Vortex-1-1-7-8-1675857943.exe
4128	Vortex-1-1-7-8-1675857943.exe
4128	Vortex-1-1-7-8-1675857943.exe
4128	Vortex-1-1-7-8-1675857943.exe
4128	Vortex-1-1-7-8-1675857943.exe
4128	Vortex-1-1-7-8-1675857943.exe
4128	Vortex-1-1-7-8-1675857943.exe
4128	Vortex-1-1-7-8-1675857943.exe
4128	Vortex-1-1-7-8-1675857943.exe
4128	Vortex-1-1-7-8-1675857943.exe
4128	Vortex-1-1-7-8-1675857943.exe
4128	Vortex-1-1-7-8-1675857943.exe
4128	Vortex-1-1-7-8-1675857943.exe
3320	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe
3156	Vortex.exe
536	Vortex.exe
3156	Vortex.exe
3156	Vortex.exe
3156	Vortex.exe
3156	Vortex.exe
3156	Vortex.exe
1244	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe
2176	Vortex.exe
2176	Vortex.exe
2176	Vortex.exe
2176	Vortex.exe
2176	Vortex.exe
2176	Vortex.exe
2176	Vortex.exe
2176	Vortex.exe
2176	Vortex.exe
2176	Vortex.exe
2176	Vortex.exe
2176	Vortex.exe
2176	Vortex.exe
2176	Vortex.exe
2176	Vortex.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\assets\css\bootstrap\bootstrap\_glyphicons.scss	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\bundledPlugins\game-torchlight2\info.json	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\bundledPlugins\game-untitledgoose\util.ts	Vortex-1-1-7-8-1675857943.exe
File opened for modification	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\fomod-installer\node_modules\async\dist	Vortex-1-1-7-8-1675857943.exe
File opened for modification	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\vortexmt\build\Release	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\assets\css\bootstrap\bootstrap\mixins\_progress-bar.scss	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\bundledPlugins\game-gardenpaws\info.json	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\bundledPlugins\game-xcom2\index.js	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\bundledPlugins\modtype-bepinex\info.json	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\bundledPlugins\game-nehrim\index.js	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\bundledPlugins\game-totalwarthreekingdoms\info.json	Vortex-1-1-7-8-1675857943.exe
File opened for modification	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\bundledPlugins\gamebryo-archive-check	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\fomod-installer\ModInstallerIPC\Properties\launchSettings.json	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\assets\css\bootstrap\bootstrap\_pager.scss	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\bundledPlugins\game-subnauticabelowzero\gameart.jpg	Vortex-1-1-7-8-1675857943.exe
File opened for modification	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\bundledPlugins\game-untitledgoose	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\fomod-installer\dist\System.Runtime.Caching.dll	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\bundledPlugins\game-falloutnv\fo3edit.png	Vortex-1-1-7-8-1675857943.exe
File opened for modification	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\bundledPlugins\game-sw-kotor	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\bundledPlugins\theme-switcher\themes\compact\variables.scss	Vortex-1-1-7-8-1675857943.exe
File opened for modification	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\7z-bin	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\fomod-installer\node_modules\async\anyLimit.js	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\bundledPlugins\game-witcher3\collections\collections.ts	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\fomod-installer\dist\System.Management.dll	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\fomod-installer\dist\ru\System.ServiceModel.Federation.resources.dll	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\harmony-patcher\VortexHarmonyIPC\Templates\IPCObject.json	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\bundledPlugins\game-divinityoriginalsin2\info.json	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\bundledPlugins\game-spyroreignitedtrilogy\common.js	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\fomod-installer\node_modules\async\dist\async.js	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\fomod-installer\dist\XmlScript.deps.json	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\bundledPlugins\game-witcher3\modLimitPatch.ts	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\fomod-installer\node_modules\async\seq.js	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\locales\ja.pak	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\bundledPlugins\game-baldursgate3\index.tsx	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\fomod-installer\dist\System.Data.OleDb.dll	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\harmony-patcher\VortexHarmonyInstaller\Resources\ildasm.exe	Vortex-1-1-7-8-1675857943.exe
File opened for modification	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\harmony-patcher\VortexUnity	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\assets\css\style.scss	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\assets\css\vortex\dropzone.scss	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\bundledPlugins\game-codevein\migrations.ts	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\bundledPlugins\game-untitledgoose\index.ts	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\bundledPlugins\game-witcher3\collections\util.js	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\fomod-installer\dist\pt-BR\Microsoft.CodeAnalysis.resources.dll	Vortex-1-1-7-8-1675857943.exe
File opened for modification	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\assets\css\vortex	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\bundledPlugins\game-stardewvalley\util.js	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\fomod-installer\Utils\Collections\ThreadSafeObservableList.cs	Vortex-1-1-7-8-1675857943.exe
File opened for modification	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\bundledPlugins\game-mount-and-blade2\views	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\fomod-installer\node_modules\async\race.js	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\assets\css\loadingScreen.scss	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\bundledPlugins\game-mount-and-blade2\views\Settings.js	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\fomod-installer\node_modules\async\cargo.js	Vortex-1-1-7-8-1675857943.exe
File opened for modification	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\bundledPlugins\game-rimworld	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\bundledPlugins\game-sims3\gameart.jpg	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\bundledPlugins\game-witcher3\util.ts	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\fomod-installer\dist\pl\System.Web.Services.Description.resources.dll	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\harmony-patcher\VortexHarmonyInstaller\Util\ILoggableMod.cs	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\bundledPlugins\mo-import\mo-import.scss	Vortex-1-1-7-8-1675857943.exe
File opened for modification	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\bundledPlugins\modtype-dragonage	Vortex-1-1-7-8-1675857943.exe
File opened for modification	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\bundledPlugins\fnis-integration	Vortex-1-1-7-8-1675857943.exe
File opened for modification	C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\harmony-patcher\VortexHarmonyIPC\Templates	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\locales\hu.pak	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\locales\lv.pak	Vortex-1-1-7-8-1675857943.exe
File opened for modification	C:\Program Files\Black Tree Gaming Ltd\Vortex\chrome_100_percent.pak	Vortex-1-1-7-8-1675857943.exe
File created	C:\Program Files\Black Tree Gaming Ltd\Vortex\locales\da.pak	Vortex-1-1-7-8-1675857943.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Vortex.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Vortex.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Vortex.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Vortex.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Vortex.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Vortex.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\nxm\shell\open\command	Vortex.exe
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\nxm\shell	Vortex.exe
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\nxm\shell\open	Vortex.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\nxm\shell\open\command\ = "\"C:\\Program Files\\Black Tree Gaming Ltd\\Vortex\\Vortex.exe\" \"-d\" \"%1\""	Vortex.exe
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\nxm	Vortex.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\nxm\URL Protocol	Vortex.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\nxm\ = "URL:nxm"	Vortex.exe

Suspicious behavior: EnumeratesProcesses 38 IoCs

pid	Process
4128	Vortex-1-1-7-8-1675857943.exe
4128	Vortex-1-1-7-8-1675857943.exe
4128	Vortex-1-1-7-8-1675857943.exe
4128	Vortex-1-1-7-8-1675857943.exe
4128	Vortex-1-1-7-8-1675857943.exe
4128	Vortex-1-1-7-8-1675857943.exe
3320	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe
2176	Vortex.exe
2176	Vortex.exe
2176	Vortex.exe
2176	Vortex.exe
2176	Vortex.exe
2176	Vortex.exe
2176	Vortex.exe
2176	Vortex.exe
2176	Vortex.exe
2176	Vortex.exe
2176	Vortex.exe
2176	Vortex.exe
2176	Vortex.exe
2176	Vortex.exe
2176	Vortex.exe
2176	Vortex.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	4128	Vortex-1-1-7-8-1675857943.exe
Token: SeShutdownPrivilege	3320	Vortex.exe
Token: SeCreatePagefilePrivilege	3320	Vortex.exe
Token: SeShutdownPrivilege	3320	Vortex.exe
Token: SeCreatePagefilePrivilege	3320	Vortex.exe
Token: SeShutdownPrivilege	3320	Vortex.exe
Token: SeCreatePagefilePrivilege	3320	Vortex.exe
Token: SeShutdownPrivilege	3320	Vortex.exe
Token: SeCreatePagefilePrivilege	3320	Vortex.exe
Token: SeShutdownPrivilege	3320	Vortex.exe
Token: SeCreatePagefilePrivilege	3320	Vortex.exe
Token: SeShutdownPrivilege	3320	Vortex.exe
Token: SeCreatePagefilePrivilege	3320	Vortex.exe
Token: SeShutdownPrivilege	3320	Vortex.exe
Token: SeCreatePagefilePrivilege	3320	Vortex.exe
Token: SeShutdownPrivilege	3320	Vortex.exe
Token: SeCreatePagefilePrivilege	3320	Vortex.exe
Token: SeShutdownPrivilege	3320	Vortex.exe
Token: SeCreatePagefilePrivilege	3320	Vortex.exe
Token: SeShutdownPrivilege	3320	Vortex.exe
Token: SeCreatePagefilePrivilege	3320	Vortex.exe
Token: SeShutdownPrivilege	3320	Vortex.exe
Token: SeCreatePagefilePrivilege	3320	Vortex.exe
Token: SeShutdownPrivilege	3320	Vortex.exe
Token: SeCreatePagefilePrivilege	3320	Vortex.exe
Token: SeShutdownPrivilege	3320	Vortex.exe
Token: SeCreatePagefilePrivilege	3320	Vortex.exe
Token: SeShutdownPrivilege	3320	Vortex.exe
Token: SeCreatePagefilePrivilege	3320	Vortex.exe
Token: SeShutdownPrivilege	3320	Vortex.exe
Token: SeCreatePagefilePrivilege	3320	Vortex.exe
Token: SeShutdownPrivilege	3320	Vortex.exe
Token: SeCreatePagefilePrivilege	3320	Vortex.exe
Token: SeShutdownPrivilege	3320	Vortex.exe
Token: SeCreatePagefilePrivilege	3320	Vortex.exe
Token: SeShutdownPrivilege	3320	Vortex.exe
Token: SeCreatePagefilePrivilege	3320	Vortex.exe
Token: SeShutdownPrivilege	3320	Vortex.exe
Token: SeCreatePagefilePrivilege	3320	Vortex.exe
Token: SeShutdownPrivilege	3320	Vortex.exe
Token: SeCreatePagefilePrivilege	3320	Vortex.exe
Token: SeShutdownPrivilege	3320	Vortex.exe
Token: SeCreatePagefilePrivilege	3320	Vortex.exe
Token: SeShutdownPrivilege	3320	Vortex.exe
Token: SeCreatePagefilePrivilege	3320	Vortex.exe
Token: SeShutdownPrivilege	3320	Vortex.exe
Token: SeCreatePagefilePrivilege	3320	Vortex.exe
Token: SeShutdownPrivilege	3320	Vortex.exe
Token: SeCreatePagefilePrivilege	3320	Vortex.exe
Token: SeShutdownPrivilege	3320	Vortex.exe
Token: SeCreatePagefilePrivilege	3320	Vortex.exe
Token: SeShutdownPrivilege	3320	Vortex.exe
Token: SeCreatePagefilePrivilege	3320	Vortex.exe
Token: SeShutdownPrivilege	3320	Vortex.exe
Token: SeCreatePagefilePrivilege	3320	Vortex.exe
Token: SeShutdownPrivilege	3320	Vortex.exe
Token: SeCreatePagefilePrivilege	3320	Vortex.exe
Token: SeShutdownPrivilege	3320	Vortex.exe
Token: SeCreatePagefilePrivilege	3320	Vortex.exe
Token: SeShutdownPrivilege	3320	Vortex.exe
Token: SeCreatePagefilePrivilege	3320	Vortex.exe
Token: SeShutdownPrivilege	3320	Vortex.exe
Token: SeCreatePagefilePrivilege	3320	Vortex.exe
Token: SeShutdownPrivilege	3320	Vortex.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
3320	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
3320	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe
3320	Vortex.exe

Suspicious use of WriteProcessMemory 50 IoCs

description	pid	Process	procid_target
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 3156	3320	Vortex.exe	96
PID 3320 wrote to memory of 536	3320	Vortex.exe	98
PID 3320 wrote to memory of 536	3320	Vortex.exe	98
PID 3320 wrote to memory of 1244	3320	Vortex.exe	99
PID 3320 wrote to memory of 1244	3320	Vortex.exe	99
PID 3320 wrote to memory of 4068	3320	Vortex.exe	100
PID 3320 wrote to memory of 4068	3320	Vortex.exe	100
PID 4068 wrote to memory of 1032	4068	cmd.exe	102
PID 4068 wrote to memory of 1032	4068	cmd.exe	102
PID 3320 wrote to memory of 2176	3320	Vortex.exe	106
PID 3320 wrote to memory of 2176	3320	Vortex.exe	106
PID 2176 wrote to memory of 2532	2176	Vortex.exe	108
PID 2176 wrote to memory of 2532	2176	Vortex.exe	108

C:\Users\Admin\AppData\Local\Temp\Vortex-1-1-7-8-1675857943.exe
"C:\Users\Admin\AppData\Local\Temp\Vortex-1-1-7-8-1675857943.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4128

C:\Program Files\Black Tree Gaming Ltd\Vortex\Vortex.exe
"C:\Program Files\Black Tree Gaming Ltd\Vortex\Vortex.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3320
- C:\Program Files\Black Tree Gaming Ltd\Vortex\Vortex.exe
  "C:\Program Files\Black Tree Gaming Ltd\Vortex\Vortex.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Vortex" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1776,i,16730947651888861056,11167498365532663206,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3156
- C:\Program Files\Black Tree Gaming Ltd\Vortex\Vortex.exe
  "C:\Program Files\Black Tree Gaming Ltd\Vortex\Vortex.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Vortex" --mojo-platform-channel-handle=2008 --field-trial-handle=1776,i,16730947651888861056,11167498365532663206,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:536
- C:\Program Files\Black Tree Gaming Ltd\Vortex\Vortex.exe
  "C:\Program Files\Black Tree Gaming Ltd\Vortex\Vortex.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Vortex" --app-path="C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --js-flags=--max-old-space-size=4096 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=7548 --field-trial-handle=1776,i,16730947651888861056,11167498365532663206,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /q /s /c "fsutil dirty query %systemdrive%"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4068
- - C:\Windows\system32\fsutil.exe
    fsutil dirty query C:
    3⤵
    PID:1032
- C:\Program Files\Black Tree Gaming Ltd\Vortex\Vortex.exe
  "C:\Program Files\Black Tree Gaming Ltd\Vortex\Vortex.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Vortex" --app-path="C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar" --no-sandbox --no-zygote --node-integration-in-worker --js-flags=--max-old-space-size=4096 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=7148 --field-trial-handle=1776,i,16730947651888861056,11167498365532663206,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2176
- - C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\assets\dotnetprobe.exe
    "C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\assets\dotnetprobe.exe"
    3⤵
    - Executes dropped EXE
    PID:2532

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Black Tree Gaming Ltd\Vortex\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\LICENSES.chromium.html

Filesize
6.3MB

MD5
34999967f735b07e9cbcf6c397cea4db

SHA1
8001fcdd6ce0c6e5a3d91fd45e4c9726fa67f3e4

SHA256
c5a05048505c00af46c75fb5ca22057f09dce001eada3a756c3839d59011758f

SHA512
b6c2f722b6551231801e453bba8f9593d9f1a82edb305869ee07ef77f286968eb6ad5db1abbe750e88c8af973c362ee161aa5c591ea04ff39e4f4b34e6fa4baf

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\Vortex.exe

Filesize
147.1MB

MD5
1525b06913f704e2017a2ca17c7390ec

SHA1
95248d4fbb0de0e2e69f3b166c82199b77d6c45d

SHA256
7018021cde9a103c6817d7993b89cd8522a97390361c00a6a33987cd61b8bef4

SHA512
9a2c8e60734fff8f5f1ccdf4dd35023d740231225b92f903f149d1445fc3667ff34fe7e6938c76a81229fe7cb345a6a1ec72ad7908b6b0c00da68e815363ce67

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\Vortex.exe

Filesize
147.1MB

MD5
1525b06913f704e2017a2ca17c7390ec

SHA1
95248d4fbb0de0e2e69f3b166c82199b77d6c45d

SHA256
7018021cde9a103c6817d7993b89cd8522a97390361c00a6a33987cd61b8bef4

SHA512
9a2c8e60734fff8f5f1ccdf4dd35023d740231225b92f903f149d1445fc3667ff34fe7e6938c76a81229fe7cb345a6a1ec72ad7908b6b0c00da68e815363ce67

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\chrome_100_percent.pak

Filesize
126KB

MD5
44a69827d4aa75426f3c577af2f8618e

SHA1
7bdd115425b05414b64dcdb7d980b92ecd3f15b3

SHA256
bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b

SHA512
5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\chrome_200_percent.pak

Filesize
175KB

MD5
9c379fc04a7bf1a853b14834f58c9f4b

SHA1
c105120fd00001c9ebdf2b3b981ecccb02f8eefb

SHA256
b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48

SHA512
f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\d3dcompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\ffmpeg.dll

Filesize
2.6MB

MD5
ed8f4c34e43f20c78fcb2f8a1592ab51

SHA1
8494ac5b85991ab0217676249f894bcd7eff11b5

SHA256
24a896a9b63d116c2da72928cbbffff4934bf0ce1ec3e99d53493cd776e3a07b

SHA512
db677c21ba9c70e08b76a5eeefbc452565301fe0722e5320f5f3f17662e5f33ae92cb79d701270d2fe0b20b1478c4b057f1e9e3b2e4301912bd846caf8c37ec2

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\ffmpeg.dll

Filesize
2.6MB

MD5
ed8f4c34e43f20c78fcb2f8a1592ab51

SHA1
8494ac5b85991ab0217676249f894bcd7eff11b5

SHA256
24a896a9b63d116c2da72928cbbffff4934bf0ce1ec3e99d53493cd776e3a07b

SHA512
db677c21ba9c70e08b76a5eeefbc452565301fe0722e5320f5f3f17662e5f33ae92cb79d701270d2fe0b20b1478c4b057f1e9e3b2e4301912bd846caf8c37ec2

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\icudtl.dat

Filesize
10.0MB

MD5
cf9421b601645bda331c7136a0a9c3f8

SHA1
9950d66df9022f1caa941ab0e9647636f7b7a286

SHA256
8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5

SHA512
bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\libEGL.dll

Filesize
464KB

MD5
439861fc5d1dc9aa1deb42bfe7c97bb7

SHA1
58a79d22e8a8d152a456114c844f6f7e4a82c134

SHA256
c813ee6b4e4f81f32f4fed86497cd751fdb4c19b0b718c61aed06f0760f511db

SHA512
31c11364c8174fe289c99d8a467b1e03e92cb3b2557beb94da6359df5c9c366b30b50350d1b5a321c6a4048641720c3756fad0c1625c7fc1adde4dbde312e727

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\libGLESv2.dll

Filesize
7.0MB

MD5
81d090c7823b55120df7b74325ab6ff7

SHA1
d7a870b2e43d5f15a72267f05ea2b52ac0f8b3bc

SHA256
5b9cbbf9797d8281ac01dbe49372160040b86be1d5906ee2e4ee87ce17de5eb9

SHA512
9812c0736afff9283a34ac796b83a91367b768e1f359dbf4390b2f4339535e26ec426f7bae2d2bfa0c29e547ab060bc95199fd4b9c1e01a079ca5b5acd7ef729

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\locales\af.pak

Filesize
327KB

MD5
c9312ff081e600e5fb4483b46ddd7c23

SHA1
1ff05a6a06cc73caf2d7545a3821d90c228ac0af

SHA256
b1987cdcbb8d76598422aa1739a246ed6690dc1b211f950fcbf2f040491ed7a8

SHA512
20c136b44770aa0e06259687656675a3e14310ea4e8ba214726b216bc1bcad6026267bf0132cbca642c0b5c49293386d0a1bd93ba40e1c33b648ae70416e8898

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\locales\am.pak

Filesize
531KB

MD5
e8bac983607c5432f789afdacdda42ac

SHA1
95c26f47f7102be338263fd7f7e365632651f22e

SHA256
ee363b88697a26d486c77bbf05f5f7f62d4b40c235e1d85e11448083070576f7

SHA512
5e26f40c8dc088d21b9b6a01041ece3bd4b2899ee33fdd85be995545c7a24860fdc9c672da8c9345a08891e0bac04ccf4d65de543f4cfba0bab0ae3fb32354c7

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\locales\ar.pak

Filesize
574KB

MD5
d1d99f4f2045531edc47d37a367402bd

SHA1
825385e524ece779c641a4ce2a57d14ff126d509

SHA256
bfa2a3c3ebb3c6afbca42cb70b4da8f997068d511cf40ee8a952a893b8f9d7cd

SHA512
4255b02c19ed373d711068a2d4639d462372071cc2aadb6afce459d9fe19bda21ffcbf1604e4937617cd5fee996f9b3786be1c2bed4dc4919d849c7a988a6ac0

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\locales\bg.pak

Filesize
608KB

MD5
96372403a9ded96f3a699262029a4580

SHA1
07069b20fe303f6eef1fb6c8c0a19266a0c705c9

SHA256
6c10b64d31e0dc2c4befc6703ac17343ca473b4350cfb3c6e01833f505b69590

SHA512
0df60fe13818f0c3c6838e77686c5de9fa03b97cbf0943f7a2a4ae2f3a0890d3d64b3a7652d8c81c23de876ac92e4c6b71d584fb106c3520c96ef76ba30250fd

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\locales\bn.pak

Filesize
780KB

MD5
cb203032925be270222dc2c20fe771e2

SHA1
2f2f20bbbd07ee01cc996247bd9c2f40037dff80

SHA256
297d52b252df0912490ddf26fa58706895e70c2a0f3f09d0dc756706720095ef

SHA512
052be75c51051949c84216566b462733b61026ba74e212b000cbed7d93cb852e74ae83d64d2eaadc3093af4265b6783184cf8e0368a75e077d4b75daba40f9b4

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\locales\ca.pak

Filesize
371KB

MD5
de21c7d001b771d4d59e2acfdd67dd44

SHA1
ef5870e9cf34416edbec6aa76a6feb77b70b9acf

SHA256
78bbee9bf6c95d239418037fd4660d081ebc0f369e727e613b6b652e380e6dd0

SHA512
3276a84a4b4d90b47789a7ce6a3ae34afec187145a438fbdb7f398152b182e97ba10acda4941456ea2387c03c101bc2b1716a8950897ea3be180b3d8c073902e

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\locales\cs.pak

Filesize
377KB

MD5
3e2c49143f4718ddd9c1c74f8599fac2

SHA1
7cce45de66a3895c3493b998fef7bedf045b29e2

SHA256
08e40f5efc616cdc0588fb4b1a706d997c69d17ddaf97eb91a4aabafaa11cee6

SHA512
a849ca0d09e0d4c025d9de6c8008c13e13581961c321f53a552deeaa210db891914386fd51673615aec8b5d8d68a921a968db5d0fe447963892ceb0948861e3d

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\locales\da.pak

Filesize
342KB

MD5
f3a47e259c59de0aabef03e6b5a263ca

SHA1
c45bd961c8bb84331d652f4399675b365f5dfe23

SHA256
13c9583127d9d723801c946039e60f72dbbde898dd23fb9f675b9e299d0ce72a

SHA512
4249456e572403249580905f1b4b4471b6a8d84c6c71201c42adc862d4e0d33f957ae1057109e900a10a029a8dfc45257b0e0e283ad9eca21a30498a0795eff2

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\locales\de.pak

Filesize
367KB

MD5
cfc9d90273c31ccf66d81739aa76306a

SHA1
ecab570041654b147b3dd118829e2f7ae668f840

SHA256
8bd127d689be65e45bb8d2a2ff66698200da97835809c6b56ec9e2929b70618a

SHA512
c9a5058b34c4045ff1b7ae25f1f47bff14d06b3a97b7b1f30da65618ca7aeb0638d79f4e1cea4773cd92d9dfa7f9d2203e5734d0cfe11ee2d2a460d6cec18380

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\locales\el.pak

Filesize
664KB

MD5
8f5a15560710db2af852512b7298b93e

SHA1
30a13ebef10108effbad8c24b680228660658415

SHA256
bc07e403272a4d65305fe24a827404d7b931d01cda547f8c07a840d19e591430

SHA512
e3cedc0eaa82b10a68a40aca8ec1379a6bb924766e1c5abd97e39c621dcbc195d6c1ff80921c2320f0f1c87d160bc2a6258108399876339e5104f98d90a861de

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\locales\en-GB.pak

Filesize
299KB

MD5
05ac84aa6987eb1f55021b6fba56d364

SHA1
58cb66bba3af0c6cc742488ccc342d33fc118660

SHA256
e1e357c853eed83fb6c4133f8f4df377a8eda4fe6f0e55395f21c5ab6e38faa8

SHA512
c615e1eb01412c5e2c0402242d442a6cf08965318d1c0d261ca5bc6df9acba5efa2c87ade20e1e4740d2239ea56d1ce4d3fc7a4c3eabe81b876ecb364b3e91b6

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\locales\en-US.pak

Filesize
302KB

MD5
3fef69b20e6f9599e9c2369398e571c0

SHA1
92be2b65b62938e6426ab333c82d70d337666784

SHA256
a99bd31907bbdc12bdfbff7b9da6ddd850c273f3a6ece64ee8d1d9b6ef0c501c

SHA512
3057edfb719c07972fd230514ac5e02f88b04c72356fa4a5e5291677dcbab03297942d5ecdc62c8e58d0088aed4d6ea53806c01f0ea622942feb06584241ad2d

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\locales\es-419.pak

Filesize
366KB

MD5
13c6d0a268545541f325375d431b41ae

SHA1
5f5c41348f00c5e5539d261c2b76ae6e3ec7af83

SHA256
943fa8774ade38d57349a5d27869097a782bc06bd34c40864a85ba829457d127

SHA512
09cbb2b21304ca8afa8b760b738adb5422e83550085f1aed8e8590eeef04a2b0e131e1ead6723c3e85383630c483d7720e55f71305ff4821d7822fe6d7aa4252

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\locales\es.pak

Filesize
367KB

MD5
c8086dc25cf0a3c978b2c3b37edf8d67

SHA1
7b6d2ce8b3cc5a33ab2bcd23114fe65ccc568e7a

SHA256
11ef2c0229c1fe1c10be08e3d5f36c973bc3c272f37b40e05c534a118757461b

SHA512
230e6999a6fea1df3b2708eb331a2c25ca53677b3453745ff9cc7fbbc013b69148af5609166720255a2db7e63b25e2d0c599fb07057a6b47bf61f63ea9db9e01

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\locales\et.pak

Filesize
330KB

MD5
054865950b3b9e8312a7f9490268eaca

SHA1
28b0176112eddb7af58386b4f8aed4a49b9a2661

SHA256
3599e7138a24a31839da877cc9718b9c0c9522437ea93a6222a119080f108d14

SHA512
bfc72f19ad1a52c0da82409accb33a27b2844ed29010207268c7d695ad7562a8867a87b70ac50142909b50b81a5c84d6f6a43968353ae7a72bc042aea8cbb59f

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\locales\fa.pak

Filesize
535KB

MD5
c27431f2de37b9643b83e383f7eae5a8

SHA1
16d068d9738e1aa9b94658299a4eac3972520864

SHA256
bb28ad47e95aefaa2d8d7b6a7f449f9707cfadbcd4c21bad8bd8a6578108d2cd

SHA512
4ccc46dc7756ea0e60e6d278bcac1262a54ba03742fd0eb4d9f1f962486394fa56491844871dacb4cb0501c6f594334d3f23f3db82bfdfa1f938e1ae609d6600

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\locales\fi.pak

Filesize
338KB

MD5
aac0554a39bb1ae91e2ed4246e04c30e

SHA1
031785024765eda1534fd9504eccbe1b471ae618

SHA256
df8cefa4831fc2fdf817dd6d49a6373edee4f51f23cf990c690e72ce348f69bb

SHA512
a6afc9464047c75157dcb8ece086c1c5bf4dccb48d33da24e35c43110f300cfea503c4cca093f3d4bcc7a0fdcb306138da5be288ef646881b625751e40d93689

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\locales\fil.pak

Filesize
379KB

MD5
f989a7215cac1e3fb4759e5fba9aef67

SHA1
5ecf35f160e1f8242b3bca163673e24cf6d77403

SHA256
448bc8eae353c188ffaa4c2466956598ad807f0f0aae7f12e1bc59584e1aac2d

SHA512
b872beb5b1c2702f4eae616f633318b4575f573c06a3f1f0f1e1ab83585a52caf2f3c788c0c3a0d499c381fb7f06a3ea355b8686ded2ed1e392662f2746db01f

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\locales\fr.pak

Filesize
395KB

MD5
13968778147dad5af68fdb7464ca517c

SHA1
42abb9873c472a82d400e6896e90731b7cae06b5

SHA256
7af39af49846fba6d6b8ee18b2a212f1323ebc1cff1af0053194d01d8d5433f6

SHA512
c1f54ccf4f82e158173d9db8464adca64a88f8ddee23afbb51d80535b4f25f138dac16a337504ca3ff8c3dbe9aff05ecc2aaa40afe8d77bbbd4f141b07e39100

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\resources.pak

Filesize
5.2MB

MD5
f6dd61d802bfe64545deaf4c93eb6db9

SHA1
96be1ec4723a6dc2b1dc6e073a7dab026443b1fb

SHA256
f7fdde9650504d8872a7aa2b68e1f5b3cedd100ded1e19e44c2b6282eb637813

SHA512
33585e7f19222e43926bad8cdbf36bfd395feb4d043f524f82053920405afd933eec4d294b6558409ee9419c977553e513549470638532dc19bb93296387cf76

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar

Filesize
151.9MB

MD5
c62932e167a0ba711458bc0cbcc56f5b

SHA1
3d4a44ef7ba4d615c1ca3c684bd668fb7237fc07

SHA256
94cbcdfd22e08d2dff378d1dfa7f9f7a6ff880ae201559d9b0ce6c1f037beaa5

SHA512
5a483a13ebaf93f9002805e919f5443dfebacec63d904ae1c54913f7b8c72a44acc411d05d735b5b320ff4bff4c29d460da46c07c887ddc8862b7458227f44fc

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\assets\md5sums.csv

Filesize
150KB

MD5
2bf99d713f8c4c15dea02aa243625543

SHA1
cb469a4778223e3bb4fbce69781cdddb3d3310e6

SHA256
66a6b90a56948e7e1b35bb013af26dcc36ad047e7b977394ea9b1596f17c5e5d

SHA512
79d7583d4ed4f6d817a532ac4cdbba511ffbc25659dd8da22572ea3b03a63e388595d9ca7a8282723195847d7fb71e2f1d80cd8a6f948dc3cbe1b04a07809d13

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\7z-bin\index.js

Filesize
191B

MD5
0c5fe85591510c1532b7da551be210fa

SHA1
62ad11c00bccd5a5254d8d2200d7b0ce462966ec

SHA256
c61a67b9dd5e3c51d07f57c6954944d47121e5ad66440a822fcc0481d5dd0e3a

SHA512
ac88afde942959aca4af63bddafa2f55fa9e606e3c144ff4b9cc8c9338336da205d7294fbd41337852c37c5ba7978368c238cbea70b4b440d76026aa4c530417

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\7z-bin\package.json

Filesize
198B

MD5
8b150c7b7d7fff36fefd42645a41e74f

SHA1
95ebb72f6eb3ba06be19074135dfa58e43553d83

SHA256
56c47cac6ab98c337a31055b6ba0fb1d6d03f0e4f0e42cc444bf64eec98774aa

SHA512
160ef991e757cdebdc911148969f8e9938e41bafe0f3fb43f0feb656bdced98af7cec9efd2b1bf996f5a1a9aa07a7a2f017d6271269294696b56f6fd5c097a60

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\json-socket\lib\json-socket.js

Filesize
6KB

MD5
25642656f98e4c18304451c54bdf58a2

SHA1
f9423ea5b8101b6532d9b4b34ca81db4efbacd4a

SHA256
8fde3d8feb1725cfdc28ef4dbecd09347648b8e96232a523a414221d08cab62b

SHA512
e99528b46fb7d15613f33b511b96b23f0db088fa3a6b4fd6248a3e903c9eaf2cd1238f341e731d9a9bd1d10850198c9f0d46ca3dc89255acd8f2696d1ff6209b

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\json-socket\package.json

Filesize
664B

MD5
8e6a8d23b6ff4abef95cbcdd293ffa13

SHA1
6078121d9d703e17bf05275a6c21b7d0b0c6c6a6

SHA256
678939237f10850ed9eec4b5dd0f89043fe890353c1eadeff063dd9ddf4a2d43

SHA512
78ea0898b8ad52b802ff257591e249ef1bbb9208a1e252158f0b7c094018adf7730439ef1a3dc2cdc9b38978331e06747c84c4092d53bb6c81bc78e683806aab

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\leveldown\prebuilds\win32-x64\node.napi.node

Filesize
486KB

MD5
3bf27df572281823a301471650246c01

SHA1
9970f7dbc8b5a70710771226b3ca3b90699a9169

SHA256
a5e7f1970623d39f7a51d512726b0a6a113d8ab0acb117758bfc9a3f407882f7

SHA512
2c3a5c158849f00b7197b068f0637d5f75307e2e33862faf2c813fd40bcf532addd4cde13720c4f248e5e76d1d0d7c5766029f9f5013c75492662a9466ab83be

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\leveldown\prebuilds\win32-x64\node.napi.node

Filesize
486KB

MD5
3bf27df572281823a301471650246c01

SHA1
9970f7dbc8b5a70710771226b3ca3b90699a9169

SHA256
a5e7f1970623d39f7a51d512726b0a6a113d8ab0acb117758bfc9a3f407882f7

SHA512
2c3a5c158849f00b7197b068f0637d5f75307e2e33862faf2c813fd40bcf532addd4cde13720c4f248e5e76d1d0d7c5766029f9f5013c75492662a9466ab83be

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\libxmljs\build\Release\xmljs.node

Filesize
2.6MB

MD5
256bf65db90b9c9cb01e83b6ae5cce79

SHA1
847b82659a685a252c58e8c435ff4ee3ac210ece

SHA256
94042297d86f79305b957fe4ae335b5b717eae0c583ae6bd423332d5d4cc1d0f

SHA512
935e047ea69b4694b6301cf9e60015359c7b56476682132a75f8d01b4ca21ec76688d61afdb5da6c6d659496fa02e4394980952aca00fb62bf809ab0701878fd

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\libxmljs\build\Release\xmljs.node

Filesize
2.6MB

MD5
256bf65db90b9c9cb01e83b6ae5cce79

SHA1
847b82659a685a252c58e8c435ff4ee3ac210ece

SHA256
94042297d86f79305b957fe4ae335b5b717eae0c583ae6bd423332d5d4cc1d0f

SHA512
935e047ea69b4694b6301cf9e60015359c7b56476682132a75f8d01b4ca21ec76688d61afdb5da6c6d659496fa02e4394980952aca00fb62bf809ab0701878fd

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\winapi-bindings\build\Release\winapi.node

Filesize
1000KB

MD5
b2321d90b85d868e4f080f52c2f5e43c

SHA1
f412235b4a13aa55851cd2bd7b3cab7d538ca49e

SHA256
2a3a6a9eaa9b6c1a93008e2d97db1aed5e7e9e3c92b93c16dbb154d8fd7a315b

SHA512
53c44668773918bd4ad4e12173343cde4006853a7597e763cdbaca6652bdd535d33c6a80adb888518c2d54bf3f957f5212d506e3c04cf82aeb4c929d9a477c7c

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\winapi-bindings\build\Release\winapi.node

Filesize
1000KB

MD5
b2321d90b85d868e4f080f52c2f5e43c

SHA1
f412235b4a13aa55851cd2bd7b3cab7d538ca49e

SHA256
2a3a6a9eaa9b6c1a93008e2d97db1aed5e7e9e3c92b93c16dbb154d8fd7a315b

SHA512
53c44668773918bd4ad4e12173343cde4006853a7597e763cdbaca6652bdd535d33c6a80adb888518c2d54bf3f957f5212d506e3c04cf82aeb4c929d9a477c7c

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\xxhash-addon\build\Release\addon.node

Filesize
1.1MB

MD5
7a5a5e95ea912293986fb90853728bdf

SHA1
4dd41434c442e7abbb133a8ca057874442ab30f2

SHA256
1ab4fed32819096a339a669902bd6c8d232d97873ca913ccf9d8ea1a487abe34

SHA512
0935768539b01716ce5e0e0b6bc2815b36b2c2a12fbd2091539b672975fe0bc2453800761e2c87100a7f527db8993f7f1b606a58f56bbd4b7743e8d13c60bdf4

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\xxhash-addon\build\Release\addon.node

Filesize
1.1MB

MD5
7a5a5e95ea912293986fb90853728bdf

SHA1
4dd41434c442e7abbb133a8ca057874442ab30f2

SHA256
1ab4fed32819096a339a669902bd6c8d232d97873ca913ccf9d8ea1a487abe34

SHA512
0935768539b01716ce5e0e0b6bc2815b36b2c2a12fbd2091539b672975fe0bc2453800761e2c87100a7f527db8993f7f1b606a58f56bbd4b7743e8d13c60bdf4

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\snapshot_blob.bin

Filesize
410KB

MD5
c5d06bf7a12109e49dce962b6888f051

SHA1
63189d373271fd89079b4f55d035b7746f96ff00

SHA256
ece191beef3b53272a925c1f5e8c02a0dc78b00559799d27a0665fc480380b3c

SHA512
622854c9310ccd84dd100ced5eb3ba3d52f75dc68597cfb550b9b84e3798bbb90d39a41d3f9fa7b0fa58654e2ba0ac657d70b8dd89677126d39889abf9e0c008

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\v8_context_snapshot.bin

Filesize
710KB

MD5
4d582d568efb15b489a15be358d9a68f

SHA1
295393f0707d04ed60ebda8ea7c0297c411c7f33

SHA256
ea2ea0f97ac908fd127a423f505241ebf4acea0ba5d02635cae40f7cd9c2f464

SHA512
ed8a6af3d51904020abc8e8f3e734ccbf1663d8bd3c0f526e1d69ebfdf47b6061fcf3660b70239ba755f1273f6c608054d6dccd3721a4bcd81e7e9f3a3c7daf9

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\vk_swiftshader.dll

Filesize
4.8MB

MD5
472154d0979b4739e41aa8466614d64b

SHA1
e9d3add13719e8ba50d43b12106f5c3379b639ed

SHA256
603d9d976f4cd88779bdf1ddc2d9e4501594ae4d5f0af2604dad3b5548a0d0b4

SHA512
11e6912184b9bf3fb24f6a794cb3a477032e61ab8dd007a157957dc4f9cde433c1a1d4e07b95407bd8e31e4a71b2f9d33f3d6b2a5432bf0e8cd7f506e99a1dd8

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Program Files\Black Tree Gaming Ltd\Vortex\vulkan-1.dll

Filesize
858KB

MD5
76ad266333e1c7f6ba11818fab5196ba

SHA1
fea39f5ac85b4067074f9cee8e4638480d04708e

SHA256
21ea31d7d8e035f60a529d53c9eb11ae2eff0ae7d2f5cad7169fac73b54d5951

SHA512
217f48142b87311d573fb7457bb12a637c099ef99a281a27dcb9d5d2b7cd385737b204d421e1f94ea1ee7f4a24a1fe39d8d4393531ac1bb8b0456a46b94d59c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9986.tmp\AccessControl.dll

Filesize
15KB

MD5
d74bb4447af48da081c7d9b499f3a023

SHA1
dadf6e140e6fd8e49a1851cc144bb022e0adb185

SHA256
5fd5d8aec97cffaad9b7df6371b348d436cf1401e86fab614dc4cb8575428e52

SHA512
9a15de5c6b08914f5e5bbc1c318fb0e84da28a316cf51ccddca8dfb64cd67b7ad06acac307b41d5086a0740055d327007ff890807d6853bb2e767179a3b3d758

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9986.tmp\AccessControl.dll

Filesize
15KB

MD5
d74bb4447af48da081c7d9b499f3a023

SHA1
dadf6e140e6fd8e49a1851cc144bb022e0adb185

SHA256
5fd5d8aec97cffaad9b7df6371b348d436cf1401e86fab614dc4cb8575428e52

SHA512
9a15de5c6b08914f5e5bbc1c318fb0e84da28a316cf51ccddca8dfb64cd67b7ad06acac307b41d5086a0740055d327007ff890807d6853bb2e767179a3b3d758

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9986.tmp\AccessControl.dll

Filesize
15KB

MD5
d74bb4447af48da081c7d9b499f3a023

SHA1
dadf6e140e6fd8e49a1851cc144bb022e0adb185

SHA256
5fd5d8aec97cffaad9b7df6371b348d436cf1401e86fab614dc4cb8575428e52

SHA512
9a15de5c6b08914f5e5bbc1c318fb0e84da28a316cf51ccddca8dfb64cd67b7ad06acac307b41d5086a0740055d327007ff890807d6853bb2e767179a3b3d758

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9986.tmp\AccessControl.dll

Filesize
15KB

MD5
d74bb4447af48da081c7d9b499f3a023

SHA1
dadf6e140e6fd8e49a1851cc144bb022e0adb185

SHA256
5fd5d8aec97cffaad9b7df6371b348d436cf1401e86fab614dc4cb8575428e52

SHA512
9a15de5c6b08914f5e5bbc1c318fb0e84da28a316cf51ccddca8dfb64cd67b7ad06acac307b41d5086a0740055d327007ff890807d6853bb2e767179a3b3d758

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9986.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9986.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9986.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9986.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9986.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9986.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9986.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9986.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9986.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/4128-143-0x0000000002AB1000-0x0000000002AB4000-memory.dmp

Filesize
12KB

Download