hxxps://sapphire-project[.]ru/installer/Sapphire%20Changer[.]rar

Analysis

max time kernel
67s
max time network
143s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 13:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sapphire-project.ru/installer/Sapphire%20Changer.rar

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2928	chrome.exe
2928	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1592	7zFM.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeRestorePrivilege	1592	7zFM.exe
Token: 35	1592	7zFM.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
1592	7zFM.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 1780	2928	chrome.exe	28
PID 2928 wrote to memory of 1780	2928	chrome.exe	28
PID 2928 wrote to memory of 1780	2928	chrome.exe	28
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2540	2928	chrome.exe	30
PID 2928 wrote to memory of 2692	2928	chrome.exe	31
PID 2928 wrote to memory of 2692	2928	chrome.exe	31
PID 2928 wrote to memory of 2692	2928	chrome.exe	31
PID 2928 wrote to memory of 2712	2928	chrome.exe	32
PID 2928 wrote to memory of 2712	2928	chrome.exe	32
PID 2928 wrote to memory of 2712	2928	chrome.exe	32
PID 2928 wrote to memory of 2712	2928	chrome.exe	32
PID 2928 wrote to memory of 2712	2928	chrome.exe	32
PID 2928 wrote to memory of 2712	2928	chrome.exe	32
PID 2928 wrote to memory of 2712	2928	chrome.exe	32
PID 2928 wrote to memory of 2712	2928	chrome.exe	32
PID 2928 wrote to memory of 2712	2928	chrome.exe	32
PID 2928 wrote to memory of 2712	2928	chrome.exe	32
PID 2928 wrote to memory of 2712	2928	chrome.exe	32
PID 2928 wrote to memory of 2712	2928	chrome.exe	32
PID 2928 wrote to memory of 2712	2928	chrome.exe	32
PID 2928 wrote to memory of 2712	2928	chrome.exe	32
PID 2928 wrote to memory of 2712	2928	chrome.exe	32
PID 2928 wrote to memory of 2712	2928	chrome.exe	32
PID 2928 wrote to memory of 2712	2928	chrome.exe	32
PID 2928 wrote to memory of 2712	2928	chrome.exe	32
PID 2928 wrote to memory of 2712	2928	chrome.exe	32

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://sapphire-project.ru/installer/Sapphire%20Changer.rar
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6c49758,0x7fef6c49768,0x7fef6c49778
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1380,i,3100319934246244304,14373949798009819164,131072 /prefetch:2
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1380,i,3100319934246244304,14373949798009819164,131072 /prefetch:8
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1380,i,3100319934246244304,14373949798009819164,131072 /prefetch:8
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2264 --field-trial-handle=1380,i,3100319934246244304,14373949798009819164,131072 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2280 --field-trial-handle=1380,i,3100319934246244304,14373949798009819164,131072 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1136 --field-trial-handle=1380,i,3100319934246244304,14373949798009819164,131072 /prefetch:2
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2932 --field-trial-handle=1380,i,3100319934246244304,14373949798009819164,131072 /prefetch:8
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3504 --field-trial-handle=1380,i,3100319934246244304,14373949798009819164,131072 /prefetch:8
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3508 --field-trial-handle=1380,i,3100319934246244304,14373949798009819164,131072 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3872 --field-trial-handle=1380,i,3100319934246244304,14373949798009819164,131072 /prefetch:8
  2⤵
  PID:2956
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Sapphire Changer.rar"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:1592
- - C:\Users\Admin\AppData\Local\Temp\7zO83628687\Skinchanger.exe
    "C:\Users\Admin\AppData\Local\Temp\7zO83628687\Skinchanger.exe"
    3⤵
    PID:2364

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7400c366c8f146fd33a1f1bc4fce21e

SHA1
70f09aaa33717d71c78e9f394ee366dfb59cb7bf

SHA256
d6a4d8804b2d9d4d1ef0ecb283062ae66f772a2edb93a9ede68c64d1521f0fe0

SHA512
9ed36a79cf9b1d6ccafebbcc9546b593544edb5d4f09a10437c00c4f0d4564ac98adafa3ab29ea68b48ae6e50f8d0646b7290dffc8710e445231d7d016a319c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
cf9223fe81dc27f40d7e43c75ab59238

SHA1
8339339906487ed265a090e9cc6446b54f204189

SHA256
63f8aa1aa46f53c7492590c97738db8116030508cddf53e6e53899d95e3a1a49

SHA512
2842af3c22247420d26a9f34f663597c9ac8f06115dc8de1bf9dbd05e5aa514d8d8786b4ec3915ea142035f1f796d5b5106d071a9f3ab71ae4244c18aeab19fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d15d30b04d167057c224ce4a8ce3ef29

SHA1
5cc4d9e89fba63f58c435657518dd0b3489ffe94

SHA256
2b92fd4348861c3d9d633d412cdccf83fc0eea3e3ce365c442096caa93e941e4

SHA512
5760b8b358e0b3cdb1b472ba3555728438e9631180fec063fb141573cfce25c87489701b5a0121f102518b6643c77135c9dfaeab7736e4ee9547000747a669a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
81ec6674560f52f803d3ca99d2372b81

SHA1
9eac931dd465925fe9e2899c4c1db9b88f98087a

SHA256
7f8472ee858f9bfa42028a2c0c174be2b21890f9d122cd16c36dc42ebb32586f

SHA512
ec69cab352e94e046104e76f17b56274961e5cce2a51d521ef03040984b1d022b13bde9311fdf381bc0c407d68996cd38d36884d92e244af3cd57aa3c5f30d5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2c9e389229685aad8b3f7ddb62d8aaea

SHA1
807c181e9aa9d4e275e2febc80d985365c75c9b7

SHA256
9cb4c873a6cce4986954f919badb1dff2d4f97c28709212b073840a490ccdacd

SHA512
386c7e61dbcae2b0d08410b8f2dcdb87062c106996d227470f3161ae30aabb1a5faa7844c20e955bcac428930bd56bdfea2415f5165f51fe989802b7a09c61da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
adc42d5b69da459ad43b3cef55c72a90

SHA1
8cd30f23f220d29a33a356dd28e02df10fbe25d3

SHA256
dbb82d19dd3a5ee32579d009a39033984eb4379ad554936825eb8f1475d695f1

SHA512
2aff3d7791d37c753ffa3ac56819dcda04a0571050bf97e20e575a85ff48d45c44e3852d9096aa62bed5b78e5eccdc8b55f286753a5e226e8336ffb48d9ed2c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO83628687\Skinchanger.exe

Filesize
1.3MB

MD5
e31988b2c4f91978565a3f40e2f8268d

SHA1
a4377f28ea1b111dc7d3e38839b4010c7de47965

SHA256
5114938165dda775cca070a72bd2380cb93bb15af60b08fdc6cde2348dc2026f

SHA512
d3d9f83ab35de6bd02c60a031e4d2bc6ced6e6e35bba105dc6e838fd686cf1d870100b2663cc5c9d487d3b4a69660d187731df15012ada7a7a8edf9511a6c94b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab51DA.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar63BC.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\Downloads\Sapphire Changer.rar.crdownload

Filesize
845KB

MD5
4e4ca1f409c21096b911aa3d8e6e3b70

SHA1
488093b24c7f196b0f7fa98bbb2f8e674831d226

SHA256
978efa63ca32998b5a889d60604a653590715f301bb304bb4ee4b228083fe8d9

SHA512
1ea319c5208a633a772a9282e56b0753e6e9311e033f6bc969b332bdd7aaae265ab7c48d0846cf49654e3574c92404fc0c6304b6b8a584a476bce241f79f83c8

Download Submit