4cfd9978e2751b8efa5fa3abfa669b1af74e721c8199c2c5681d945f9efc29af

Analysis

max time kernel
600s
max time network
603s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
18-04-2024 17:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample
Size

18KB
MD5

04ae4356f5a97d84c603cd91a711837c
SHA1

68609391fd55cbfe68fe64eb7a242841b060e3fd
SHA256

4cfd9978e2751b8efa5fa3abfa669b1af74e721c8199c2c5681d945f9efc29af
SHA512

d0ec5bbe2a07fab3a1f128121e9a398edcdd0898017ee4eb5e51bc4b811f49bf206b5f68ad5ded90d73c2a0509457a7dad5bfb27899dd734498529ce2d8de30c
SSDEEP

192:Hl9WSskCBuYbqxPqxKBzNBuBUt0Wjw+QQLDEpR/dZ:TWvRYaxK5HMEL8T

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 2 IoCs

Processes:

Vortax Setup.exeVortax.exe

pid process

4888 Vortax Setup.exe
3044 Vortax.exe
Loads dropped DLL 4 IoCs

Processes:

Vortax Setup.exe

pid process

4888 Vortax Setup.exe
4888 Vortax Setup.exe
4888 Vortax Setup.exe
4888 Vortax Setup.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

pid	process
4888	Vortax Setup.exe
3044	Vortax.exe

pid	process
4888	Vortax Setup.exe
4888	Vortax Setup.exe
4888	Vortax Setup.exe
4888	Vortax Setup.exe

Drops file in Program Files directory 64 IoCs

Processes:

Vortax Setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Vortax\pt-BR\System.Windows.Forms.Primitives.resources.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\pt-BR\UIAutomationTypes.resources.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\ja\System.Xaml.resources.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\ko\ReachFramework.resources.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\pt-BR\Microsoft.VisualBasic.Forms.resources.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Reflection.TypeExtensions.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Runtime.Serialization.Formatters.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Windows.Forms.Design.Editors.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\Vortax.exe	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\es\System.Xaml.resources.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\System.ValueTuple.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\zh-Hans\WindowsFormsIntegration.resources.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Data.Common.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Diagnostics.EventLog.Messages.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\vcruntime140_cor3.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\es\System.Windows.Forms.resources.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\zh-Hant\System.Windows.Input.Manipulations.resources.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Formats.Tar.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Reflection.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Web.HttpUtility.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\pl\System.Windows.Controls.Ribbon.resources.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\ru\WindowsFormsIntegration.resources.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Net.Ping.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Security.Cryptography.Encoding.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\cs\System.Windows.Forms.Design.resources.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\ru\PresentationFramework.resources.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\clretwrc.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\clrjit.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\ja\UIAutomationProvider.resources.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\tr\PresentationUI.resources.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Runtime.Serialization.Primitives.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Security.Cryptography.OpenSsl.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\de\WindowsFormsIntegration.resources.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\ru\System.Xaml.resources.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Linq.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\es\PresentationCore.resources.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\it\System.Windows.Forms.resources.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Security.AccessControl.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Security.Cryptography.Csp.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\cs\ReachFramework.resources.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\de\UIAutomationProvider.resources.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\System.ComponentModel.EventBasedAsync.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Runtime.Handles.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Security.Permissions.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\it\System.Windows.Forms.Design.resources.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\cs\UIAutomationProvider.resources.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\pt-BR\ReachFramework.resources.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\PresentationFramework-SystemCore.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Reflection.Extensions.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Runtime.Intrinsics.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Runtime.Numerics.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\cs\Microsoft.VisualBasic.Forms.resources.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\ru\System.Windows.Forms.Design.resources.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\zh-Hant\PresentationCore.resources.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Net.Http.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Xml.Serialization.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\fr\UIAutomationProvider.resources.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\tr\WindowsBase.resources.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\Microsoft.DiaSymReader.Native.amd64.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Net.Http.Json.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Xaml.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\System.IO.MemoryMappedFiles.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\ko\System.Windows.Controls.Ribbon.resources.dll	Vortax Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Configuration.dll	Vortax Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133579370202752840"	chrome.exe

NTFS ADS 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Vortax Setup.exe:Zone.Identifier chrome.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4528 chrome.exe
4528 chrome.exe
696 chrome.exe
696 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

4528 chrome.exe
4528 chrome.exe
4528 chrome.exe
4528 chrome.exe
4528 chrome.exe
4528 chrome.exe
4528 chrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Vortax Setup.exe:Zone.Identifier	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

Processes:

chrome.exe

pid	process
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

Vortax Setup.exe

pid process

4888 Vortax Setup.exe

pid	process
4888	Vortax Setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4528 wrote to memory of 2976	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 2976	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 3188	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 3188	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 3188	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 3188	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 3188	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 3188	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 3188	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 3188	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 3188	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 3188	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 3188	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 3188	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 3188	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 3188	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 3188	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 3188	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 3188	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 3188	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 3188	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 3188	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 3188	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 3188	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 3188	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 3188	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 3188	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 3188	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 3188	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 3188	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 3188	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 3188	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 3188	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 3184	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 3184	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 1644	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 1644	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 1644	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 1644	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 1644	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 1644	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 1644	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 1644	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 1644	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 1644	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 1644	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 1644	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 1644	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 1644	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 1644	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 1644	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 1644	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 1644	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 1644	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 1644	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 1644	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 1644	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 1644	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 1644	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 1644	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 1644	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 1644	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 1644	4528	chrome.exe	chrome.exe
PID 4528 wrote to memory of 1644	4528	chrome.exe	chrome.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sample
1⤵
PID:1328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fffc47bab58,0x7fffc47bab68,0x7fffc47bab78
2⤵
PID:2976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1832,i,16603157022274421077,12240719570003522495,131072 /prefetch:2
2⤵
PID:3188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1832,i,16603157022274421077,12240719570003522495,131072 /prefetch:8
2⤵
PID:3184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1832,i,16603157022274421077,12240719570003522495,131072 /prefetch:8
2⤵
PID:1644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1832,i,16603157022274421077,12240719570003522495,131072 /prefetch:1
2⤵
PID:896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3164 --field-trial-handle=1832,i,16603157022274421077,12240719570003522495,131072 /prefetch:1
2⤵
PID:1508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3524 --field-trial-handle=1832,i,16603157022274421077,12240719570003522495,131072 /prefetch:1
2⤵
PID:1344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4376 --field-trial-handle=1832,i,16603157022274421077,12240719570003522495,131072 /prefetch:8
2⤵
PID:2208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4532 --field-trial-handle=1832,i,16603157022274421077,12240719570003522495,131072 /prefetch:8
2⤵
PID:3640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4536 --field-trial-handle=1832,i,16603157022274421077,12240719570003522495,131072 /prefetch:8
2⤵
PID:2328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4604 --field-trial-handle=1832,i,16603157022274421077,12240719570003522495,131072 /prefetch:8
2⤵
PID:2516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1832,i,16603157022274421077,12240719570003522495,131072 /prefetch:8
2⤵
PID:5064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4912 --field-trial-handle=1832,i,16603157022274421077,12240719570003522495,131072 /prefetch:1
2⤵
PID:4884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4748 --field-trial-handle=1832,i,16603157022274421077,12240719570003522495,131072 /prefetch:1
2⤵
PID:3268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3408 --field-trial-handle=1832,i,16603157022274421077,12240719570003522495,131072 /prefetch:8
2⤵
PID:1408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1832,i,16603157022274421077,12240719570003522495,131072 /prefetch:8
2⤵
PID:4140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2836 --field-trial-handle=1832,i,16603157022274421077,12240719570003522495,131072 /prefetch:1
2⤵
PID:4796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4740 --field-trial-handle=1832,i,16603157022274421077,12240719570003522495,131072 /prefetch:1
2⤵
PID:3432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1832,i,16603157022274421077,12240719570003522495,131072 /prefetch:8
2⤵
PID:4808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5232 --field-trial-handle=1832,i,16603157022274421077,12240719570003522495,131072 /prefetch:8
2⤵
PID:5072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5292 --field-trial-handle=1832,i,16603157022274421077,12240719570003522495,131072 /prefetch:8
2⤵
PID:2648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 --field-trial-handle=1832,i,16603157022274421077,12240719570003522495,131072 /prefetch:8
2⤵
- NTFS ADS
PID:3456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4892 --field-trial-handle=1832,i,16603157022274421077,12240719570003522495,131072 /prefetch:8
2⤵
PID:4572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5468 --field-trial-handle=1832,i,16603157022274421077,12240719570003522495,131072 /prefetch:8
2⤵
PID:1952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 --field-trial-handle=1832,i,16603157022274421077,12240719570003522495,131072 /prefetch:8
2⤵
PID:660

C:\Users\Admin\Downloads\Vortax Setup.exe
"C:\Users\Admin\Downloads\Vortax Setup.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:4888

C:\Program Files (x86)\Vortax\Vortax.exe
"C:\Program Files (x86)\Vortax\Vortax.exe"
3⤵
- Executes dropped EXE
PID:3044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4368 --field-trial-handle=1832,i,16603157022274421077,12240719570003522495,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:696

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1596

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D8
1⤵
PID:4988

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Vortax\System.Collections.Concurrent.dll
Filesize
42KB

MD5
e333c1c966b8ce80a625f368f35fba36

SHA1
2d959860d45072b9787532fc81065d1ff7415a0e

SHA256
2a50f12f0bf8c064548c2fbfb81b5cb16c9ba4aa7cd0045202374e12af8c60dd

SHA512
c4eabc4172ceb924549aef3a70753958d9ca16999b68529e44977de4a85944942b3c9b86634e19028b66498a25fa924157aff51829e739e4004e44635f322250

Download Submit
C:\Program Files (x86)\Vortax\System.Memory.dll
Filesize
14KB

MD5
4a0db51e10574c752a23728fe7a4ebdc

SHA1
4e196367f2a7b7b1dabef22246e515d2867a067a

SHA256
f50a1add7bb1bfa454a2b35b337bb8b9d13ea5955bf92028d0c46a6ff4be0fd8

SHA512
97c9ceed39176680e22224b44dc7a4742092dec90dc981deaf36556ec446160de79a2b5c243ac28e2adca816cbb640deab16a029c2c62042eb424f3db6b194c5

Download Submit
C:\Program Files (x86)\Vortax\System.Private.CoreLib.dll
Filesize
190KB

MD5
abe13aae02df3c45407dbfcfe9147593

SHA1
9938840d177d1b0478c0535c8a487e4d296ce06f

SHA256
aaad56586a420ca52fe625554177304530d673b5dc1f3de3b36b45d21e5392bc

SHA512
e565ca365fc9c2dc0ac8d39999723d9e9629b3283d80e23b8afdef7c5d94a0cb97fb4ff4b9361d84a4eb979bc3fa6e211cac775b43d874e98d2e0108e36d7f04

Download Submit
C:\Program Files (x86)\Vortax\System.Security.Cryptography.Primitives.dll
Filesize
15KB

MD5
777ac34f9d89c6e4753b7a7b3be4ca29

SHA1
27e4bd1bfd7c9d9b0b19f3d6008582b44c156443

SHA256
6703e8d35df4b6389f43df88cc35fc3b3823fb3a7f04e5eb540b0af39f5fa622

SHA512
a791fa27b37c67ace72956680c662eb68f053fa8c8f4205f6ed78ecb2748d27d9010a8de94669d0ee33a8fca885380f8e6cfad9f475b07f60d34cdcb02d57439

Download Submit
C:\Program Files (x86)\Vortax\Vortax.exe
Filesize
308KB

MD5
aa6ea1381097f6e1201a10a0de1029f5

SHA1
23b162c564b54fdc6fa2a4e56401bcb0ad98b6ac

SHA256
d1240769ed4c6dd4603a00f1e05b0ec4c1b2951661bd478c1e10954ab3123924

SHA512
584155f235b8567a5356307bc139e82df049f49bd9c4c07baa346fa8afb7be7e6f0afd1eec024bcebf5a7c416934f692d183a2977e8a38666652ccc1c124ff40

Download Submit
C:\Program Files (x86)\Vortax\clrjit.dll
Filesize
190KB

MD5
061cf5200c270dde7a1418a26240481b

SHA1
02c6b76048418eaa35729954f8823a337105f662

SHA256
bdac5d6c5984cf255f5e3cfa8e5be1b9df9574561e763a81ad24d64799541f10

SHA512
944b391541896a2f6d2a95bb03e8c91312679c50926f24ff3f3a2c07a551de3677aefe4175aff47355613de91279c633098e9c4f855be4b407e0f7e7bacf107a

Download Submit
C:\Program Files (x86)\Vortax\clrjit.dll
Filesize
128KB

MD5
e6d7ec298f264875c7e41d4d63ca4251

SHA1
2479c1d3d2fcddcce3c4c0ab8f302309eff525f2

SHA256
9fccd9eb5d2791dfef93c1c60555c8b15cf37ed887e784387053cb2fa572e504

SHA512
408a7f84cbcc829eb0edbf28f8986ae526e72208920ef1d7f51a8e6e3554ab5dbd555ed6edce17083e408784a8f1292633aafb61c7cb530226d34d6ad742b1f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
cd09c7a4f0d93697a3ad5b46206d288a

SHA1
653d3fa89183e056ae438ebdce420117fa7678a8

SHA256
f9ae5074e3e38d5a441f6f583e253939df77d621c65a41a1e32bf7603c5a3e37

SHA512
cdc2b9de23ba0115019ad1972924c602590e06fb25aaecb18124f2c63befe219e3cac1a9314f1b7ed6cccf6b6e42707fe7cac2046a97966b3b93ad62548adf5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
336B

MD5
9c2b33b33e9cf631d3ae516b4c5457fd

SHA1
88de8d99ef154fb5fc91be16d62d20ecc8bcc116

SHA256
b28f76ad150d2682e5281d15297737389565ff9ddf8f41d2bf5afa4cbcef6d5a

SHA512
461e8fa6c2ea5da0527fbf84b8fd69103d321034e7b94e95825a6a8af361a3e729623d9b55f15c5ddb42912f9700169414138172717e3585b881041c141d365d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
a144edbddea423c43072f9941fb3c384

SHA1
0c792f2810b8b6c03015bdc27afd1b5b44e4cf30

SHA256
0f21e937ac0b51e90889dd1377509e1a142ae8d461f2ab5917f973797dd4954c

SHA512
6ee71755194f0c8c9887087214ec06e1564225b3438acfc6344e636e87173db8e9edcb9f0845d67d78e2dbdab9037809c5be7df3f570ca70dfc8e7150cd320b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
81e5abd2ec3c265e64d9bc0740a82991

SHA1
2c0a36e975bdb570e2b91abe411e5ece2a1852a7

SHA256
7136151edd82b4cad48df6e6043e47c94a993dafc3472dd4d1337645095929d2

SHA512
7f2159261d1defc29f201f7041f5a1b98bf4debfe0b43496c6c03fdcf323a28c013e3d7ab2a801f34e8e60b1777bbb440c6ba1d491799af8b85509fbbdb45210

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1017B

MD5
793bd2bafd8b77a2f3ac6d69440cb570

SHA1
99de83d05ef97c84798878bab6b7b098f2bb6fcb

SHA256
8fcc2e19b6eb98429cfe98582da10c56df3bb5247d507093527cb1fd00701895

SHA512
2aa6c669af7abd8f41866c727c8563493447c3c7ca3d649c3f37c8d4fefea5992125ac8c9fb2fe37040d0825825b9aaa88ce54043ab14f283b51c6a9e2f149ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
22797070e007f122be4d813fcd556060

SHA1
00765d03f62d77f41e4ee97763b04dcc7ab234b6

SHA256
7ff97d1fd5958bbf202a986c05597eaed8d36b40bf1657f58c6d78542e0ea545

SHA512
52191a4ccc8bef8685bdcafbfd9512eb31e707e0868924f4f976018e9398bfc03005f08a002f007a3fcd2a3bebe9c778be30aaccbe660622698afd92716bd57b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
63be167f35ae9686b58fe90527266902

SHA1
dcedfdab8f4b5bf62b5c57ceeec936722f930e1a

SHA256
b52379dfd982e72f0f07599d08b91c7b1a76392550e1093b347e2f7d31331447

SHA512
38bd023a48249b444d5a1d2858c9e08ad1f7496b15b3820dd7ec2250621f69a29e6c16683a40c2f6379a809fc97aed8fbde8c84efb7be0e27280dc18826e1c50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
55b3cfec2fffdf3ce6a11518729ad950

SHA1
73aea007e1fdde3bcfd6aa95ddbcf24328c0a90c

SHA256
cc28b09ffe225448c7f279d9852724533c9fec467f86d845466827ec275796de

SHA512
ec99aef36f7678eb6ed1f93dd621ab32bcdea3b21f52b4bf19abcf7a9f03c56e81e4c777584fac679edfb65b8f8948375eb1948ded678bfb30f609be6b9cbb1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
7e47969375d4c07fc8ece62289f1fd56

SHA1
1036ae0342d9717173b7f44572a51b2575fea6a8

SHA256
039877e074d59b87cf9dd19e61e3d0417d406b10da72057859809935c8f6a9aa

SHA512
f744c57e7b3746b441b4b62b200f3174c18211b34f3e08748cb447009ca1b2419e612949b900c936064caf0f3d7dcd93b7234251edfc19a13d64d46162e27098

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
520B

MD5
582dd5eb7076d4657d4ad6d14c449bea

SHA1
899a71a21114961a2a30b2a062745c50a2f7acf4

SHA256
9a7d6e07ea8c7f6475812c06772b30e8166128ac56bebe8acfcb405c270f37f0

SHA512
0e6698c4a00d2c33783ac9238a1422212556c546452b2713aa4cfea80141570164ec3607540c96ff957cd6859c05250d77a7d489886aaf889e0e91fd429563d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
c75b68bd2eca9686d7d34a63c865891b

SHA1
4c2fa2bdd0e399fd763f3b6c59b2e2e869d94900

SHA256
ff57f78ded63a5ba6a315eaebe23be77e324ac64f75b22311167d27e85986d33

SHA512
ea91d04f2acf77533ed5c1d107b00cf0be50ff896adab88795cb9a1867b904b2e09157c5be790ce17d8e52633231d5a4b538cdcd4550c03293d84aa664fe4656

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
7b913bbe7bb3d7ae38ecc989dd78b51e

SHA1
2b1c3d8056140e09bffbd076641493ed64b7a53b

SHA256
e6fa938e7f8a31e9475484c891f2d56861f224e994baa1e3d4f35f34f7629074

SHA512
2556f8f53655111626d5bf1ee76967ee5a83a2488fbedd63eccca8821e9b60eaa3d499264e4e3e71eeaedba190aa68d44ef618ad66956babf756c46d23cc515f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
5e2daddaad9367cbf6b316928f539f54

SHA1
26f53a6f524211ce159ccc80e63067b41d274073

SHA256
e8779816653fd0d9c56c8ef489acbd1283741f255277dd883276cb60278a4937

SHA512
05585d77cfb3b926c6ab820f5537ccc3ddfe9c38921911cbc0799d90dc92a64c8eebfa39c7fbf4f0093468dbafbb1481129d5813c0b2026a8b764851457bf163

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
993650bd0bb21d34bd2ef32edbea5023

SHA1
625458baac68b2486e06a354e4cb6b1e66cb3362

SHA256
4c1b5ce41de5f2bb948c8e74d3eefd9eebf1e531764c6a4dd86eb37720e4c145

SHA512
9da08346d6685cc2604ec3d3560cbe44f9bdb6856c7a7f055d6575baefc9c889d18e085486f82eafe01b6d8af86c72345296a9e7b5ccc4ffb42084aae8f68f22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
7ac17758322ea89ef361cb78ee4230fa

SHA1
793a32eb52c623646f3c878d818dbcb7d8f3b8ae

SHA256
24e24b7d4b49da8a1bfdedac3d0a3d8e670b2731f4bed995e2eed62657c208ea

SHA512
4b70669b18e16a2bb8feb42f77a5f560b9d6fa6e1db0f5e16f69d937e11de574670b3699951ac5e8e16034efb01a48881b7c969896311b22695752ee483605a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
7a66c1b60af3611f82a8096f5e8aa634

SHA1
b1cee8e5c72e1fac61e17874d3839753d5fefa67

SHA256
85c87553bec97bcba1b964987910e281929fafe40a45c67194517161ce7ebbd9

SHA512
e89a5661ff6356a9e3999964670b6e93e8d83f5c039a575550a9104f6874ec667261212478e134f3fa76ecda14b440877ba040e88225614d5a8389cbab482b75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
252KB

MD5
a3d1f18b7d6115ab4f982a9af765c176

SHA1
65ae17979ad4c17c1e433c8c69f55b237fb594bd

SHA256
e56e85dfda9f405799003fcebea58ab8b448ef8035fd9f51f7197b61b4fd521d

SHA512
806422342e3672aaf4fbd45dae7126f51b35ae463a68c9ea03bdfff0c79dc8ab638806ab76aa6c6bd98b33194f46548bf247e91727426caf5c857eb07758d443

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
83KB

MD5
6349f3bbdfac95af9365feecec6f0ef9

SHA1
a65cfbfb54a8c78e96ef6d9425779f5a53f1fa14

SHA256
0328a2e296f9df635353849f1308f7652bb65fe2ad60e564eca4a707584e1c08

SHA512
12d8d1e2d7923b6c60caf882c38e53bd0768fc8ca4c7902ddc2bdc3d1b526e564822774d304e08b9774abe7eddb9dd7c771ed4319a3cd708bbd80e1c5509ccc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
88KB

MD5
a6ebc09655d4e54e1025c4aebc025bb3

SHA1
71b5d4e2b910d7f19941f2d68aac133ee2b1269c

SHA256
fd9bc4d31058ddc610a106e8161d1365b06097f139198a90acbee3661f26ec99

SHA512
2860b1d2ccd9b6130a9b2b59b22ac217a449861994538d5482a89babc11628769e41bcb64298a29f6f8bbfa51b21b87493168e4315b83b80b4d5ae0d359a15a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
103KB

MD5
3c49950a6664c95aa93e64264f5346ed

SHA1
1f898aa4842a798a328a8cff945d6ea544230b8e

SHA256
ab06a4715be293b25763bd41d26cd27f68a5224f799d159f29723ec1e1ecfdd1

SHA512
04b44c427986c6335737eeca09f455f6cedd658f173e7fe51ac66201e137fb565352818bfcc004e6d5af422a32f5462214ef8db06dceda2a55adc8922b2894ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5f2c39.TMP
Filesize
82KB

MD5
37bd4048cc5cfd03b29d2d91ea497433

SHA1
1362da797ec12f043ab367178f12417b79cd918e

SHA256
b7278d636afd651e18b4d7e44920c2570d8ba6ae14fdc2db267a597cdc805d04

SHA512
ebe6180da93ee3dd09329a8666349e19529c19bf4c8b110ba15c13533045926c33af3f4bb0304dc3a6ffbb414e5eaa175279ed1c21c35cdf01548eca81d6f9ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstFD56.tmp\InstallOptions.dll
Filesize
15KB

MD5
d095b082b7c5ba4665d40d9c5042af6d

SHA1
2220277304af105ca6c56219f56f04e894b28d27

SHA256
b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c

SHA512
61fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstFD56.tmp\LangDLL.dll
Filesize
5KB

MD5
50016010fb0d8db2bc4cd258ceb43be5

SHA1
44ba95ee12e69da72478cf358c93533a9c7a01dc

SHA256
32230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e

SHA512
ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstFD56.tmp\System.dll
Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstFD56.tmp\ioSpecial.ini
Filesize
1KB

MD5
1aaa7f52477107bc1e6a730b3e78a04c

SHA1
e89985b01615ac090d214a39498cd6cb5c1f8086

SHA256
f6dd4db606514f1119f41b348183fceb5d32f3777d97bce93e56cfb1046f2094

SHA512
e8d0d08c66164d4666e7bbbfad9d75df327ffea79ca380c90df8bc4ee0493971fbf094d096c712843f1f15b08fe6df20d63aebef998f66d43fd36e1835022a15

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstFD56.tmp\ioSpecial.ini
Filesize
1KB

MD5
34582553c5e27d5c38372c856333d641

SHA1
7e5f0b824d72ae07c6cb74cd8f51418deb44c74e

SHA256
fb20f073e08ef4f0d19f3184b9454e8d3b51e48ace2f54304eb69f39fa6a1228

SHA512
07dd508b5515f2b7d76ea93e20d8f7e0c23e793dfbac2008af754a04b860a6e82da815233501128247af05a36fdfc4ccd7483ce7c6c7920c176c3d866ed0313c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstFD56.tmp\ioSpecial.ini
Filesize
1KB

MD5
f414b8f9db8394caeec8e124aa1903c1

SHA1
8ee21c4ebb5610c13ca282bfcbfbdcbd67e7e86e

SHA256
0f73e4a6bb559801168ebf80a2d53c179a89dabe4e5572d9658051b253e5c368

SHA512
f3b8d7f2518c745ca0f6db6cc09ba387a96e4fa21fd5b4e3b4b957e874a5e1918ec136b6a3da186be8e5bad617daa8ef3a7c9be45af6bcb8bfa3602a626e46e5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Vortax Setup.exe
Filesize
47.3MB

MD5
710b366b55790f4a97ef64f0dcb6ddc6

SHA1
73500f6ec57fcfee7e08ffcb7bda90b66f0c0564

SHA256
3f1f50b78d6f43505e52a66f9ac007e306c9d7dad5dc460321adcd275d780797

SHA512
a3eacb2d86ada99d1387fb0285ebcce13dc0af571ac8d86a09b9e29dafe77d2032fffde304d198feca0ca4c55b793ec1f50f60f369418cf5b608d2e6094b478d

Download Submit
C:\Users\Admin\Downloads\Vortax Setup.exe:Zone.Identifier
Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
\??\pipe\crashpad_4528_WOUUHUVMZOSPJMZA
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit