hijackloader | 1b11e004c2aa485726e6ab8572d0701b78927c2f80d489b82194dcb0cb990877

Analysis

max time kernel
266s
max time network
260s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
17-05-2024 21:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample
Size

18KB
MD5

f1a85807e472b3501f49b64b0b115841
SHA1

d8e6dd4cd443a366f82628fcf5fa09936ed2806c
SHA256

1b11e004c2aa485726e6ab8572d0701b78927c2f80d489b82194dcb0cb990877
SHA512

c7b3f241ad7daedd318fa6e407703e3368069ebf0064e1e71de868c354fa534f7187a26516b5b425f690db4cd7396066b407242a732790f50debf67b3dff7d30
SSDEEP

192:Ol9HSRnYCBuLbqxPqxKBzuB5BUk0Wjw+W98DEpR/fEZ:cH+nlYrxK52Uj88nO

Score

10^/10

hijackloader stealc vor16 discovery execution loader spyware stealer

Malware Config

Extracted

Family

stealc

Botnet

vor16

http://89.105.198.134

Attributes

url_path
/244cbe83570df263.php

Signatures

Detects HijackLoader (aka IDAT Loader) 3 IoCs

Processes:

resource	yara_rule
behavioral1/memory/4604-1090-0x0000000000400000-0x0000000000691000-memory.dmp	family_hijackloader
behavioral1/memory/4604-1091-0x0000000000400000-0x0000000000691000-memory.dmp	family_hijackloader
behavioral1/memory/1424-1164-0x00007FF6C9560000-0x00007FF6C96BF000-memory.dmp	family_hijackloader

HijackLoader
HijackLoader is a multistage loader first seen in 2023.
loader hijackloader
Stealc
Stealc is an infostealer written in C++.
stealer stealc
Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
execution

PowerShell
T1059.001

Processes:

powershell.exepowershell.exepowershell.exepowershell.exe

pid process

3560 powershell.exe
2696 powershell.exe
744 powershell.exe
2564 powershell.exe
Downloads MZ/PE file

pid	process
3560	powershell.exe
2696	powershell.exe
744	powershell.exe
2564	powershell.exe

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

Processes:

resource	yara_rule
C:\Program Files (x86)\Vortax\Vortax.dll	net_reactor

Executes dropped EXE 4 IoCs

Processes:

Vorion App Setup.exeVortax.exesnss1.exesnss2.exe

pid process

992 Vorion App Setup.exe
3368 Vortax.exe
4604 snss1.exe
1424 snss2.exe

Loads dropped DLL 58 IoCs

Processes:

Vorion App Setup.exeVortax.exeexplorer.exe

pid	process
992	Vorion App Setup.exe
992	Vorion App Setup.exe
992	Vorion App Setup.exe
992	Vorion App Setup.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
3368	Vortax.exe
4716	explorer.exe
4716	explorer.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Suspicious use of SetThreadContext 2 IoCs

Processes:

snss1.exesnss2.exe

description pid process target process

PID 4604 set thread context of 5060 4604 snss1.exe cmd.exe
PID 1424 set thread context of 1184 1424 snss2.exe cmd.exe

description	pid	process	target process
PID 4604 set thread context of 5060	4604	snss1.exe	cmd.exe
PID 1424 set thread context of 1184	1424	snss2.exe	cmd.exe

Drops file in Program Files directory 64 IoCs

Processes:

Vorion App Setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Vortax\System.IO.IsolatedStorage.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Text.Encoding.Extensions.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\it\System.Windows.Controls.Ribbon.resources.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\ko\UIAutomationTypes.resources.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\pt-BR\PresentationFramework.resources.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Globalization.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\zh-Hant\System.Windows.Input.Manipulations.resources.dll	Vorion App Setup.exe
File opened for modification	C:\Program Files (x86)\Vortax\Vortax website.url	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.ComponentModel.EventBasedAsync.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Data.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Security.Cryptography.ProtectedData.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Security.SecureString.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\es\WindowsBase.resources.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Web.HttpUtility.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\ja\System.Xaml.resources.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\ru\UIAutomationClientSideProviders.resources.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.IO.FileSystem.AccessControl.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Text.Encoding.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\fr\UIAutomationClientSideProviders.resources.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\zh-Hans\PresentationFramework.resources.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Net.Sockets.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\de\PresentationFramework.resources.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\it\System.Xaml.resources.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\Microsoft.Win32.Primitives.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.IO.Compression.Brotli.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\pt-BR\System.Windows.Forms.resources.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\ru\WindowsBase.resources.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\zh-Hans\System.Xaml.resources.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\pl\ReachFramework.resources.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\ru\UIAutomationProvider.resources.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\zh-Hant\UIAutomationClient.resources.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Buffers.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Management.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\Accessibility.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\pt-BR\PresentationCore.resources.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.ComponentModel.Annotations.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Security.Cryptography.OpenSsl.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\PresentationFramework-SystemCore.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.ObjectModel.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Reflection.Extensions.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Runtime.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\es\WindowsFormsIntegration.resources.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\pt-BR\System.Windows.Controls.Ribbon.resources.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\ru\System.Windows.Controls.Ribbon.resources.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Collections.Immutable.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Resources.Reader.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Runtime.Serialization.Xml.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\it\System.Windows.Forms.Primitives.resources.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Windows.Extensions.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\ja\UIAutomationTypes.resources.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\ru\UIAutomationTypes.resources.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Memory.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Runtime.Numerics.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Security.Claims.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Security.Cryptography.Csp.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\wpfgfx_cor3.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\de\UIAutomationTypes.resources.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.Threading.ThreadPool.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\ko\System.Windows.Controls.Ribbon.resources.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\ko\WindowsBase.resources.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\tr\PresentationUI.resources.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\zh-Hans\PresentationCore.resources.dll	Vorion App Setup.exe
File created	C:\Program Files (x86)\Vortax\System.ComponentModel.dll	Vorion App Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

explorer.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	explorer.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	explorer.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133604567339952571"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 35 IoCs

Processes:

chrome.exechrome.exepowershell.exepowershell.exepowershell.exepowershell.exesnss1.execmd.exeexplorer.exesnss2.execmd.exe

pid	process
2024	chrome.exe
2024	chrome.exe
1776	chrome.exe
1776	chrome.exe
2564	powershell.exe
2564	powershell.exe
2564	powershell.exe
3560	powershell.exe
3560	powershell.exe
3560	powershell.exe
2696	powershell.exe
2696	powershell.exe
2696	powershell.exe
744	powershell.exe
744	powershell.exe
744	powershell.exe
4604	snss1.exe
4604	snss1.exe
4604	snss1.exe
5060	cmd.exe
5060	cmd.exe
5060	cmd.exe
5060	cmd.exe
4716	explorer.exe
4716	explorer.exe
1424	snss2.exe
1424	snss2.exe
1424	snss2.exe
1424	snss2.exe
1424	snss2.exe
1424	snss2.exe
1424	snss2.exe
1424	snss2.exe
1184	cmd.exe
1184	cmd.exe

Suspicious behavior: MapViewOfSection 4 IoCs

Processes:

snss1.execmd.exesnss2.execmd.exe

pid process

4604 snss1.exe
5060 cmd.exe
1424 snss2.exe
1184 cmd.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

2024 chrome.exe
2024 chrome.exe
2024 chrome.exe
2024 chrome.exe
2024 chrome.exe
2024 chrome.exe

pid	process
4604	snss1.exe
5060	cmd.exe
1424	snss2.exe
1184	cmd.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

Processes:

chrome.exeVorion App Setup.exesnss2.exe

pid	process
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
992	Vorion App Setup.exe
1424	snss2.exe

Suspicious use of SendNotifyMessage 25 IoCs

Processes:

chrome.exesnss2.exe

pid	process
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
1424	snss2.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

snss1.exe

pid process

4604 snss1.exe
4604 snss1.exe

pid	process
4604	snss1.exe
4604	snss1.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2024 wrote to memory of 2752	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 2752	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 4876	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 4876	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 4876	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 4876	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 4876	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 4876	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 4876	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 4876	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 4876	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 4876	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 4876	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 4876	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 4876	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 4876	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 4876	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 4876	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 4876	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 4876	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 4876	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 4876	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 4876	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 4876	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 4876	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 4876	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 4876	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 4876	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 4876	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 4876	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 4876	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 4876	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 4876	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3356	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3356	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 548	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 548	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 548	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 548	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 548	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 548	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 548	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 548	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 548	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 548	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 548	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 548	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 548	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 548	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 548	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 548	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 548	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 548	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 548	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 548	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 548	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 548	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 548	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 548	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 548	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 548	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 548	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 548	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 548	2024	chrome.exe	chrome.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sample
1⤵
PID:4744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0x44,0x108,0x7ff869d0ab58,0x7ff869d0ab68,0x7ff869d0ab78
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1892,i,5600189675457008222,4451913105158355044,131072 /prefetch:2
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1892,i,5600189675457008222,4451913105158355044,131072 /prefetch:8
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1892,i,5600189675457008222,4451913105158355044,131072 /prefetch:8
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1892,i,5600189675457008222,4451913105158355044,131072 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1892,i,5600189675457008222,4451913105158355044,131072 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4464 --field-trial-handle=1892,i,5600189675457008222,4451913105158355044,131072 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4620 --field-trial-handle=1892,i,5600189675457008222,4451913105158355044,131072 /prefetch:8
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4760 --field-trial-handle=1892,i,5600189675457008222,4451913105158355044,131072 /prefetch:8
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=1892,i,5600189675457008222,4451913105158355044,131072 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=1892,i,5600189675457008222,4451913105158355044,131072 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4740 --field-trial-handle=1892,i,5600189675457008222,4451913105158355044,131072 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3972 --field-trial-handle=1892,i,5600189675457008222,4451913105158355044,131072 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1652 --field-trial-handle=1892,i,5600189675457008222,4451913105158355044,131072 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3936 --field-trial-handle=1892,i,5600189675457008222,4451913105158355044,131072 /prefetch:8
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3116 --field-trial-handle=1892,i,5600189675457008222,4451913105158355044,131072 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1120 --field-trial-handle=1892,i,5600189675457008222,4451913105158355044,131072 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4452 --field-trial-handle=1892,i,5600189675457008222,4451913105158355044,131072 /prefetch:8
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4980 --field-trial-handle=1892,i,5600189675457008222,4451913105158355044,131072 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5220 --field-trial-handle=1892,i,5600189675457008222,4451913105158355044,131072 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1892,i,5600189675457008222,4451913105158355044,131072 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5192 --field-trial-handle=1892,i,5600189675457008222,4451913105158355044,131072 /prefetch:8
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4876 --field-trial-handle=1892,i,5600189675457008222,4451913105158355044,131072 /prefetch:8
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1892,i,5600189675457008222,4451913105158355044,131072 /prefetch:8
  2⤵
  PID:4620
- C:\Users\Admin\Downloads\Vorion App Setup.exe
  "C:\Users\Admin\Downloads\Vorion App Setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious use of FindShellTrayWindow
  PID:992
- - C:\Program Files (x86)\Vortax\Vortax.exe
    "C:\Program Files (x86)\Vortax\Vortax.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3368
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:2564
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:3560
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:2696
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:744
  - - C:\Users\Admin\AppData\Local\Temp\190e2231-957d-49a6-8812-35185434be60\snss1.exe
      "C:\Users\Admin\AppData\Local\Temp\190e2231-957d-49a6-8812-35185434be60\snss1.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: MapViewOfSection
      Suspicious use of SetWindowsHookEx
      PID:4604
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\SysWOW64\cmd.exe
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: MapViewOfSection
        
        PID:5060
      - C:\Windows\SysWOW64\explorer.exe
        
        C:\Windows\SysWOW64\explorer.exe
        6⤵
        Loads dropped DLL
        Checks processor information in registry
        Suspicious behavior: EnumeratesProcesses
        
        PID:4716
  - - C:\Users\Admin\AppData\Local\Temp\190e2231-957d-49a6-8812-35185434be60\snss2.exe
      "C:\Users\Admin\AppData\Local\Temp\190e2231-957d-49a6-8812-35185434be60\snss2.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: MapViewOfSection
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:1424
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\SysWOW64\cmd.exe
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: MapViewOfSection
        
        PID:1184
      - C:\Windows\SysWOW64\explorer.exe
        
        C:\Windows\SysWOW64\explorer.exe
        6⤵
        
        PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2484 --field-trial-handle=1892,i,5600189675457008222,4451913105158355044,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1776

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3156

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e8 0x4e4
1⤵
PID:4912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Vortax\System.Collections.Concurrent.dll

Filesize
270KB

MD5
38d21e067d7673194a84cced59066ac8

SHA1
e64362176f714b23603f3a67f1e741f12e35a832

SHA256
483130bfd1e57a0cbfd8a4f3c6e2353ac3f246276f9476c83cca1cadbc47ef47

SHA512
3fa6f78ff0cb527a8e82261549f24a8609d005821ac5c5e7257670dffd55472a134af3ef78d73779758303ae5a90728181cd4caebc871c5cfa4c309141201baf

Download Submit
C:\Program Files (x86)\Vortax\System.Collections.dll

Filesize
254KB

MD5
92063926c04f2e4bf5b5fde16542831d

SHA1
e7be34eaff2d3d8796911d21f1fdbb93bf231dec

SHA256
9193aaef3ea8f19408f88c25fcaf5880e7836d1c35028d7e4077f6090b083541

SHA512
e855ee37980d1da2d143ee39133b05fff81937e529cffe74433e73088549daabd3abadbf05f3765bf3ffffd50313f0ed966efec0eb244d7363241affd73cc29f

Download Submit
C:\Program Files (x86)\Vortax\System.IO.FileSystem.dll

Filesize
15KB

MD5
35e27f4c681085a4b096826ee8ea4f53

SHA1
cf3ea4304e5558c8fdd4422e4d72509cd91ea719

SHA256
7bd41c6b12b73e6e90476f2d56db8581664abe07e7ab9bf2917bb254ed1d75ad

SHA512
1f9e6519ff29524e57cb0b3576ab118014293aade8f30027ef44b1f29a8e9a54e7bcb3b288a92dba996053b16016807d93fa9f44f2c43666ddc6425ddd7ae4b9

Download Submit
C:\Program Files (x86)\Vortax\System.Memory.dll

Filesize
154KB

MD5
7e999da530c21a292cec8a642127b8c8

SHA1
6585d0260ae98bab2ad1eaba0f9cfe8ebb8a0b3f

SHA256
3af25e0c81c1462d0db86f55c4e5fd8c048c70685f9a566d29d499bc46935fb4

SHA512
a18b6649b5c2f9f96bf639863df9faad436759200a64f91fb2d955f33c71ce4b2d5798be982f692a247ac864d8acb63fb731b31c06333e5c7d9a9c895ecd6451

Download Submit
C:\Program Files (x86)\Vortax\System.Private.CoreLib.dll

Filesize
12.6MB

MD5
805cf170e27dd31219a6b873c17dce88

SHA1
ac90fa4690a8b54b6248dcb4c41a2c9a74547667

SHA256
ba7e61a00e7a4634b5c5a79b83126f75580ceec235c613000c3efbc01826cad0

SHA512
fa946aae906b66cb5570155a1c77340f2b6d4efb9be16068da03a8f1c5b5f37ad847d65cd1416017db19375dc6a72670300da4c766e6d9bb1a00374f492bd866

Download Submit
C:\Program Files (x86)\Vortax\System.Private.Xml.Linq.dll

Filesize
394KB

MD5
60ed8b2bffc748d6a2a1fed8fa923368

SHA1
be411429b9a649a495124558c5e5d95a83525d58

SHA256
0b63cebb991d1911a607993ea5b4639f34a2b0b381a73973542db2d3591e9f90

SHA512
b0a4ac2aa96d827258bb30f098512741ad3f93585e05ceae0255e15cd8dc9ab8048788902c1eb32a813e9c69c8a923200a716b4e00f579c22a0b425665e575f8

Download Submit
C:\Program Files (x86)\Vortax\System.Private.Xml.dll

Filesize
7.6MB

MD5
46aebfbd6d7e74d4d558da62d7600d25

SHA1
9c1cd44ab8b5e283967427e91cbddddfc0c2bf5a

SHA256
834e304221e742a831be5c5178892258e689eae35b730172e74161af2785aab9

SHA512
9c4499d174a988cc3830aafcc42f79defff37b16198f49cf5d2dc86f88809fcb44e0c300351f813d46addf9998f64448c50213f1721c6a307aad21c205db1524

Download Submit
C:\Program Files (x86)\Vortax\System.Runtime.InteropServices.dll

Filesize
94KB

MD5
49c86e36b713e2b7daeb7547cede45fb

SHA1
75fe38864362226d2cce32b2c25432b1fd18ba37

SHA256
756de3f5f2e07b478ac046a0ac976b992ef6bc653a1be2bb1e28524a4ff8d67d

SHA512
a9bd42b626158c540be04f8d392620daba544a55b7438d6caefe93b9df10ec2219f28959c4e0d706a86b92008275de94dfdf19de730787cdacf46d99fc45e3a9

Download Submit
C:\Program Files (x86)\Vortax\System.Runtime.dll

Filesize
42KB

MD5
53501b2f33c210123a1a08a977d16b25

SHA1
354e358d7cf2a655e80c4e4a645733c3db0e7e4d

SHA256
1fc86ada2ec543a85b8a06a9470a7b5aaa91eb03cfe497a32cd52a1e043ea100

SHA512
9ef3b47ddd275de9dfb5ded34a69a74af2689ebcb34911f0e4ffef9e2faf409e2395c7730bce364b5668b2b3b3e05a7b5998586563fb15e22c223859b2e77796

Download Submit
C:\Program Files (x86)\Vortax\System.Security.Cryptography.Algorithms.dll

Filesize
17KB

MD5
8f3b379221c31a9c5a39e31e136d0fda

SHA1
e57e8efe5609b27e8c180a04a16fbe1a82f5557d

SHA256
c99c6b384655e1af4ae5161fe9d54d95828ae17b18b884b0a99258f1c45aa388

SHA512
377f4e611a7cf2d5035f4622c590572031a476dd111598168acea1844aaa425c0fe012c763fbc16290c7b32c6c7df7b2563c88227e3dbc5d2bd02250c9d368d9

Download Submit
C:\Program Files (x86)\Vortax\System.Security.Cryptography.Csp.dll

Filesize
15KB

MD5
c7f55dbc6f5090194c5907054779e982

SHA1
efa17e697b8cfd607c728608a3926eda7cd88238

SHA256
16bc1f72938d96deca5ce031a29a43552385674c83f07e4f91d387f5f01b8d0a

SHA512
ae0164273b04afdec2257ae30126a8b44d80ee52725009cc917d28d09fcfb19dfbbb3a817423e98af36f773015768fed9964331d992ad1830f6797b854c0c355

Download Submit
C:\Program Files (x86)\Vortax\System.Security.Cryptography.Primitives.dll

Filesize
15KB

MD5
777ac34f9d89c6e4753b7a7b3be4ca29

SHA1
27e4bd1bfd7c9d9b0b19f3d6008582b44c156443

SHA256
6703e8d35df4b6389f43df88cc35fc3b3823fb3a7f04e5eb540b0af39f5fa622

SHA512
a791fa27b37c67ace72956680c662eb68f053fa8c8f4205f6ed78ecb2748d27d9010a8de94669d0ee33a8fca885380f8e6cfad9f475b07f60d34cdcb02d57439

Download Submit
C:\Program Files (x86)\Vortax\System.Security.Cryptography.dll

Filesize
2.0MB

MD5
75f18d3666eb009dd86fab998bb98710

SHA1
b273f135e289d528c0cfffad5613a272437b1f77

SHA256
4582f67764410785714a30fa05ffaaad78fe1bc8d4689889a43c2af825b2002e

SHA512
9e110e87e00f42c228729e649903ad649b962ae28900d486ee8f96c47acca094dbace608f9504745abf7e69597cdef3c6b544b5194703882a0a7f27b011fa8d5

Download Submit
C:\Program Files (x86)\Vortax\Vortax.dll

Filesize
393KB

MD5
db0a77e84caa01503bea132d7e5ef2f8

SHA1
161661df701e4011570cafb8305f218fa4ac3e50

SHA256
41d023a22c052a1d37bda1f34b8cb73d088fcf6abaf00695360f0a3a8d985239

SHA512
02207090569315f79a5d1f35f39e80cf8b05c87c336da8b52f02cdae4732b7acc3f98f1333986c91ea3f09f054efb09605a1427ba2fe23d90e119797b3984574

Download Submit
C:\Program Files (x86)\Vortax\Vortax.exe

Filesize
308KB

MD5
aa6ea1381097f6e1201a10a0de1029f5

SHA1
23b162c564b54fdc6fa2a4e56401bcb0ad98b6ac

SHA256
d1240769ed4c6dd4603a00f1e05b0ec4c1b2951661bd478c1e10954ab3123924

SHA512
584155f235b8567a5356307bc139e82df049f49bd9c4c07baa346fa8afb7be7e6f0afd1eec024bcebf5a7c416934f692d183a2977e8a38666652ccc1c124ff40

Download Submit
C:\Program Files (x86)\Vortax\clrjit.dll

Filesize
1.7MB

MD5
8b81a3f0521b10e9de59507fe8efd685

SHA1
0516ff331e09fbd88817d265ff9dd0b647f31acb

SHA256
0759c8129bc761fe039e1cacb92c643606591cb8149a2ed33ee16babc9768dcb

SHA512
ea11c04b92a76957dcebe9667bef1881fc9afa0f8c1547e23ada8125aa9e40d36e0efaf5749da346ba40c66da439cbd15bf98453e1f8dab4fe1efd5618fdc176

Download Submit
C:\Program Files (x86)\Vortax\coreclr.dll

Filesize
4.8MB

MD5
9369162a572d150dca56c7ebcbb19285

SHA1
81ce4faeecbd9ba219411a6e61d3510aa90d971d

SHA256
871949a2ec19c183ccdacdea54c7b3e43c590eaf445e1b58817ee1cb3ce366d5

SHA512
1eb5eb2d90e3dd38023a3ae461f717837ce50c2f9fc5e882b0593ab81dae1748bdbb7b9b0c832451dfe3c1529f5e1894a451365b8c872a8c0a185b521dbcd16b

Download Submit
C:\Program Files (x86)\Vortax\hostfxr.dll

Filesize
342KB

MD5
16532d13721ba4eac3ca60c29eefb16d

SHA1
f058d96f8e93b5291c07afdc1d891a8cc3edc9a0

SHA256
5aa15c6119b971742a7f824609739198a3c7c499370ed8b8df5a5942f69d9303

SHA512
9da30d469b4faed86a4bc62617b309f34e6bda66a3021b4a27d197d4bcb361f859c1a7c0aa2d16f0867ad93524b62a5f4e5ae5cf082da47fece87fc3d32ab100

Download Submit
C:\Program Files (x86)\Vortax\hostpolicy.dll

Filesize
388KB

MD5
a7e9ed205cf16318d90734d184f220d0

SHA1
10de2d33e05728e409e254441e864590b77e9637

SHA256
02c8dbe7bf1999352fc561cb35b51c6a88c881a4223c478c91768fdaf8e47b62

SHA512
3ecbaf20946e27d924a38c5a2bf11bac7b678b8c4ebf6f436c923ea935982500e97f91d0e934b7fd6b1fc2a2fd34e7d7b31dbbe91314a218724b3b2fd64c4052

Download Submit
C:\Program Files (x86)\Vortax\mscorrc.dll

Filesize
133KB

MD5
53e03d5e3bffa02fbc7fb1420ac8e858

SHA1
36c44c9ff39815aa167f341c286c5cd1514f771f

SHA256
23a433398be5135222ee14bb1de6334e7b22bad1a38664a83f1cf19dfbddd960

SHA512
f6aca16b90f6b4efa413dc9a8f1d05e83c1e3791b2cb988f9bce69d5272a0077c1edcae4111a494d166b5e3ab4e25956dead4e93ee1e43417c2b7bb082292170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
5344c81227ac62ca9e1e3719a5ce3eae

SHA1
f7f15bda65e190757d39d8e756c12d720a20f701

SHA256
06aa12cab3fb9f26ac71be2b0b9740c4d2d06a14a29f8c61b281faf6c28d08b5

SHA512
e2b1bb98f15cd6ab97986b1882c1a3d581a9ced23c3fe953e1e6e81851c3be668ace7f99ecb4659989cf12e07df17b2215189578bbbe42f506e39d769fee6b87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
434a3c7f3c4f559e35f94972c69f530b

SHA1
ba92dece666e614dca2eba8422c2720607e633f8

SHA256
4772632ca72b3a812bb9a65c946817ddc0760ea683e6a9b94146d9753270174d

SHA512
d0706866d426b66f190aac5bb944d26a1bf91259a536f6e868928692d4e8ea3551cf9378c89fd754c6e1bd0812724be0b75a2e2ed9571b637fe28b4bb462dad0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
d698c5c06cffb5b6643e21b9846ff6df

SHA1
7e1e5c00df46fa58dee5aba3a85fda2a9625a452

SHA256
65b2022f829714b507896e9bfa4f38d4ae54c3fee252938fb86f9e0e91aefdb8

SHA512
721e9bcfa360ce1451261974dbf288737e6e693df3e4412068d342efa60ea4e6d0fcbd71739843dc02d83cee0a215dc895329c0966d490ecb15d24a5eb32cf07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b24630c206f8864248e6ca7abe0faf3a

SHA1
45924312cbf13d437d3929475e89d7aadbd97ab7

SHA256
d7e7dc2a911588d66e171de1e22ab2a4c572868ac6529548b92dadd7b00861a5

SHA512
114fbb570674846fbb9c3d5f64f8b72fe6338e2f36d6ab39b2aa8fb5e08a26a5728fff4295e7d9270aade7f163a1f3d4285972158c43e604cf6d48b935ea127e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
e6490e091eddc7205f5d5ee851fae552

SHA1
2a166e25259a94537f012f1dd30503f32ccc31bf

SHA256
826c8b5df1225ac22ee7c05b01095e27c52fed049bc242ac375cd7243f98fc26

SHA512
80bcc2041db710f44a6c8f4aca627bd6fda2847591c4b775b446e5c3019157201ed1e6233fd91d81b3ee1c127c4727a83e1e01c7700a155d9deaf8b7448f0551

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5e855d8dbd4cbb6f7cf941bc1e2156a6

SHA1
2129cef28884f36788e4ce106fdcbc63e73d35f7

SHA256
bc337d2947a0aae9a877a8c397c67b960941291f1cd74515c1c1bf1cbdeabb7a

SHA512
b76be4cb55df97c8f361e3ac6a59de263b89e3ceddc1af377ae624f6a6e23e0c8f293553949da1376e2e5811d08254ed29872efaae1fe54df3c7049e50b8cd01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c5a5de5de0e5b110a86ffe7033ab7919

SHA1
a83983b5d96ffb4a6c428a78190ffeb4873f8bad

SHA256
51f463ee47dc626c6099178334cbeff7202049c0c9b0e5b50c3230b749de447d

SHA512
e1121605c7f952b0bd939234dfab790a05b177c50e48015ee4651622088f533c26d0e17697fe01abd05d2cc99506fea7bac6ed008403f0973d4525b142cc88a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
fc767c1d0070129f224e4b8fbce26888

SHA1
07a81c4433cf6671eb3f59d5fe549d3fbf58ca86

SHA256
6d9593bb4acaf23e5f27c9b3242c6d6eb635b5d6307dcbaedef6b697dfe41392

SHA512
6325e1fd65476bdce137aa7077b002e49b28a2504756b7b26d9e2f9cd52831765f744d81d8bb1c3b5662e8c9b917ecca3d40b7782e894851ca84c472e38ef4a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bbf63107f8d233d5e3a91d8ed3fef00d

SHA1
1ccc23b3e3ecc8d8239bef4d74051a7483a44311

SHA256
b074470534f4717d808649f1d4cc0c1c053fe90037080eb4fd457f419361beaf

SHA512
572085997cbbf2ff59f1f64e287194883defbc2e72250eb4a836a403c8dfc19357537d6da76cff9df7832f74e6a4d60892af94be85fce428a8f8a9346267f3ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2ce421c7fc7c3fb2634e978eb3987263

SHA1
bd26bfc60a322b877690c8bba2ff556d7774e2f2

SHA256
399ea57e18ebb552a8a31f9bb8828cea679c626be9914d58edcec52228d0c269

SHA512
10224e6b176c74935a937c10a207007dea04f679963f6da71f138754c57a7b0aa9ca8f7d8f2b82382015f9cf384f4a9e04f28e0b27f1b2e1ae89a6761e4d26f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ef5aa9ce42d01bc219ec0835bf7956a6

SHA1
d4ce5b25998210b8027d33a4dec9924714228724

SHA256
2d9f12687d9145fa2d3aa0baea31b897d483d0fc737a6621a1e3b0cc32673183

SHA512
d17c1247567412667c1c8e2dec112eedf12a18448658a9afc4cb0e247f778b311b3ecee61d9e617ff168a7a5b1d9ac96532091b74768a59893f210eb64cec5d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
0cb71dfef6ad10aaf6d8294a735d2e41

SHA1
926ccff20d0990a15eab2df4df6966a80fd5fb1d

SHA256
f0c898ab608e046a699f566857117e5efbbacd5c8245e3e916811f2b723b448c

SHA512
5a0b4b41f28bbcf0acba65d1b2ae20d721e17406f8b18d15bfd8637320c7f9893b3c848e05229603358c5b1ac4939ab45bcb4fb4a905507a2960fbf5d54bae2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
0ddb5a39724816e1e0eed9b138517fb4

SHA1
e001a646f0f75e80593e24a468f478e530fadedf

SHA256
1027a8d7487a57ff6122b3983aea6296f7b31b71411fb49eef8611f092590a74

SHA512
aae73496ecafc3dd229664b20a242607c7bbfad7f33fa263a5eff8a251b7b67ecddd6e444d971b8fcb1fb508d7cab1addc1d2484624b6fd450188898ce04aea0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
89KB

MD5
5facb1975f18e24f6a2bb1f6db915567

SHA1
2209f1dc5c82516a663b2f7871ebad9b011b3fbe

SHA256
10c9e1e89b60885af3f38f13e465cfbd70e0693cb9d892050af149ff4844ec43

SHA512
e788dfc3279e383766ea6e37ad1979ef6b692f66aea39c2f74286ba1f06276ef0a81008e18b5c1e2ae044aa5b91836135d42631c5c257a94c291d2d4cc6f87fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
f70b7526a530712b871c88c2a121275c

SHA1
6dbdddf85a98a0e955425ff09b223e74aa41b492

SHA256
18c94e94eeb4bd00378d51032c03f4e3e39a7822efda70bf8940187dbd6d12e2

SHA512
ef1f8cb3e2e8579aa3f8eab74f51378df4a0128617537d992f5ce313b53990cec2c2cfb4631c15839f300ebdeac0fd5cc926d7974a04f89fb63d868ab2ba875e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58725c.TMP

Filesize
88KB

MD5
d24ec82d9996d7b0ffec0c222ace7fe4

SHA1
ee9a5f95c1c5a44ba212d04ff927311d6b2b2adc

SHA256
1e61f5716cf36cd6c8916aa50945b29971398af23a3e38641f7af4f5dd1101d7

SHA512
9c1219a263f943ac06dcb4300b8632b848b716391a873cc3d5c22591a1a35d9f880059c7741236d91b96c75de3619095129a32c0b12c9b5ee02aab498a48dcbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\fb3614a5-a152-465c-bd5a-d6320306cd23.tmp

Filesize
95KB

MD5
92c865980bdc95d0e273c053c233558b

SHA1
649c21305365ad8422c8ec0e516ea4750aa88204

SHA256
8d75923eb050819b073fba7b9386018d5f5549615b2e9301ac5070c7c88ed927

SHA512
0be7cf3d69a2cea78d8fe9f99bed68c71550d7f2943c9f93d39a85e2f6a1c167665d59355b02813e5b7fccebbeaae4d110e89f60d9fae8dae377eeb5643cc5e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_sxenbrqj.3xc.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj334D.tmp\InstallOptions.dll

Filesize
15KB

MD5
d095b082b7c5ba4665d40d9c5042af6d

SHA1
2220277304af105ca6c56219f56f04e894b28d27

SHA256
b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c

SHA512
61fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj334D.tmp\LangDLL.dll

Filesize
5KB

MD5
50016010fb0d8db2bc4cd258ceb43be5

SHA1
44ba95ee12e69da72478cf358c93533a9c7a01dc

SHA256
32230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e

SHA512
ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj334D.tmp\System.dll

Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj334D.tmp\ioSpecial.ini

Filesize
1KB

MD5
fe238947d14116d2fd63d1b7c9b33332

SHA1
18b84571ea2cb48ad681a7606e3958f367f7f6f0

SHA256
cf90ed412c9ef6988b83dd2da93b9aeaf478e597abe035bc4fa1e98eabbbbb27

SHA512
ccab57a6a036fdc33233825f62be0e746a444b8c7fc0bb80b3264e644fdccbaf6b4a70fa7cf4587e3027c3f90de404298d35097277f8cfc09841104c748fd498

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj334D.tmp\ioSpecial.ini

Filesize
1KB

MD5
ab114ba92c4bb8451bd4d8b5ee0bd325

SHA1
ba3c4d0c1fe4e79dc1717f6b10b42f6d4039dbf5

SHA256
1f1285c5660011ff34f71c475c6b2dc4f51e228311a2b1f62ffb7d0e8e53ea0b

SHA512
9e9fda94a170747505f6760047b5c0195024f60054032984544c503f15d3902eb6b835bf7f9274154dccde5178a751c3c43aa09656200412d571ed88da9749f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj334D.tmp\ioSpecial.ini

Filesize
1KB

MD5
7b21a619714c763fb6da410bf9c6664e

SHA1
e0ab824eb8f7f8024537e9bde21419c6679b6aed

SHA256
2d426b410acfe67cc23ea4ed1df67c1c12a0575381e2615deebee3a2885715e5

SHA512
132f04eec37928e734b7d6b44d28145e730e78ea0415355be83a476daecd17cde58a49912448d97603fec4407ccb1117dd1f9108af2c05643b629f7a37c22601

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Vorion App Setup.exe

Filesize
47.3MB

MD5
cab622641242a6f2fcbb8a1ae2698fd2

SHA1
9d56b54643706787c16f0cae4e9e565c1e1a49ec

SHA256
f3176e0859ba92049dcd57685c1b5f49b97183ff49fcc79f2ce4ad2b31d2d843

SHA512
324ad8a7669d15ef19d0c1d7b362d17f2118414b4e8672921fe45994db0425200a38e26fc4c169ecb19f7c4aa8233fc5dfd32c3cb32e600cc031139d0e530cf1

Download Submit
\??\pipe\crashpad_2024_TTNAHZAIXRWZVYYQ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1184-1169-0x0000000074E00000-0x0000000074F7B000-memory.dmp

Filesize
1.5MB

Download
memory/1184-1168-0x00007FF8881B0000-0x00007FF8883A5000-memory.dmp

Filesize
2.0MB

Download
memory/1392-1182-0x0000000000030000-0x000000000009E000-memory.dmp

Filesize
440KB

Download
memory/1392-1172-0x00007FF8881B0000-0x00007FF8883A5000-memory.dmp

Filesize
2.0MB

Download
memory/1392-1171-0x0000000000030000-0x000000000009E000-memory.dmp

Filesize
440KB

Download
memory/1424-1164-0x00007FF6C9560000-0x00007FF6C96BF000-memory.dmp

Filesize
1.4MB

Download
memory/1424-1165-0x00007FF8696F0000-0x00007FF869862000-memory.dmp

Filesize
1.4MB

Download
memory/1424-1166-0x00007FF8696F0000-0x00007FF869862000-memory.dmp

Filesize
1.4MB

Download
memory/2564-1036-0x0000027977050000-0x0000027977072000-memory.dmp

Filesize
136KB

Download
memory/4604-1092-0x0000000074800000-0x000000007497B000-memory.dmp

Filesize
1.5MB

Download
memory/4604-1094-0x0000000074800000-0x000000007497B000-memory.dmp

Filesize
1.5MB

Download
memory/4604-1093-0x00007FF8881B0000-0x00007FF8883A5000-memory.dmp

Filesize
2.0MB

Download
memory/4604-1091-0x0000000000400000-0x0000000000691000-memory.dmp

Filesize
2.6MB

Download
memory/4604-1090-0x0000000000400000-0x0000000000691000-memory.dmp

Filesize
2.6MB

Download
memory/4716-1101-0x00000000009F0000-0x0000000000C2C000-memory.dmp

Filesize
2.2MB

Download
memory/4716-1103-0x0000000061E00000-0x0000000061EF3000-memory.dmp

Filesize
972KB

Download
memory/4716-1148-0x00000000009F0000-0x0000000000C2C000-memory.dmp

Filesize
2.2MB

Download
memory/4716-1162-0x00000000009F0000-0x0000000000C2C000-memory.dmp

Filesize
2.2MB

Download
memory/4716-1100-0x00007FF8881B0000-0x00007FF8883A5000-memory.dmp

Filesize
2.0MB

Download
memory/4716-1099-0x00000000009F0000-0x0000000000C2C000-memory.dmp

Filesize
2.2MB

Download
memory/5060-1096-0x00007FF8881B0000-0x00007FF8883A5000-memory.dmp

Filesize
2.0MB

Download
memory/5060-1097-0x0000000074800000-0x000000007497B000-memory.dmp

Filesize
1.5MB

Download