hxxps://drive[.]google[.]com/drive/folders/1ktWEYaYMR4wRZHohT4RtiOkmIjRuKlf2

Analysis

max time kernel
69s
max time network
69s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09-08-2024 16:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1ktWEYaYMR4wRZHohT4RtiOkmIjRuKlf2

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
780	Sapphire Plugins.exe
64	Sapphire Plugins.tmp

Loads dropped DLL 1 IoCs

pid	Process
64	Sapphire Plugins.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
6	drive.google.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\GenArts\SapphireOFX\lib64\GenArts.Sapphire.OpenImageIO.em64t\OpenImageIO.dll	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\hairs\is-L932U.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\scratches\is-FCMHA.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-OJIPN.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Resources\is-U1TNN.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-R27FC.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\film-stains\is-0OH4R.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\film-stains\is-NIRMR.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-241EL.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-HFQ3I.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-TFQS4.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-O9LKI.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\film-stains\is-UORCD.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\hairs\is-O6R0H.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Resources\is-K5JOJ.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\qt4_plugins\graphicssystems\is-K8G79.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\lensflares\is-HIMV2.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-F8V3R.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-G8I1G.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-NLML1.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\film-stains\is-064F9.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-KLS8V.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\is-EGVOD.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-BIGE4.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\pavement-cracks\is-MDSB3.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Resources\is-H9J20.tmp	Sapphire Plugins.tmp
File opened for modification	C:\Program Files\GenArts\SapphireOFX\preset-browser\preset-browser.exe	Sapphire Plugins.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Resources\is-KP94N.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Resources\is-GFAFQ.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\lensflares\is-U3KCM.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-6POFU.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\film-stains\is-HMUN0.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\film-stains\is-BM3IK.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\hairs\is-975UL.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-APM1J.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-ADO8A.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\lensflares\is-LVG2G.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Resources\is-52J37.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-7SSAH.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\is-61SEQ.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\lensflares\is-A0T0B.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-1B9OC.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\film-stains\is-M399H.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\paint-spray\is-4QLKF.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-E1JVB.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-VKI46.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\qt4_plugins\accessible\is-6DBJ0.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\hairs\is-F36GN.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-9N8K6.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Resources\is-5QOPB.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-RD127.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Resources\Sapphire\is-DO3K3.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Resources\is-VQGI7.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\clouds\is-8J1AN.tmp	Sapphire Plugins.tmp
File opened for modification	C:\Program Files\GenArts\SapphireOFX\pylib\qt4_plugins\imageformats\qmng4.dll	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\lensflares\is-BPNM8.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\paint-splatters\is-L3979.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\paint-splatters\is-P1UA8.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\plaster\is-NCTQ4.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-AO4VA.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Resources\is-S8B8Q.tmp	Sapphire Plugins.tmp
File opened for modification	C:\Program Files\GenArts\SapphireOFX\pylib\QtCore4.dll	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\film-stains\is-63SC4.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\film-stains\is-ACV2N.tmp	Sapphire Plugins.tmp

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sapphire Plugins.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sapphire Plugins.tmp

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133676935752060125"	chrome.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.gpz\ = "GenArtsGPZ"	Sapphire Plugins.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GenArtsGPZ\shell\open	Sapphire Plugins.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GenArtsGPZ\ = "GenArts Preset Pack"	Sapphire Plugins.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GenArtsGPZ\DefaultIcon	Sapphire Plugins.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GenArtsGPZ\DefaultIcon\ = "C:\\Program Files\\GenArts\\SapphireOFX\\preset-browser\\preset-browser.exe,0"	Sapphire Plugins.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GenArtsGPZ\shell\open\command	Sapphire Plugins.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GenArtsGPZ\shell	Sapphire Plugins.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GenArtsGPZ\shell\open\command\ = "\"C:\\Program Files\\GenArts\\SapphireOFX\\preset-browser\\preset-browser.exe\" \"%1\""	Sapphire Plugins.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.gpz	Sapphire Plugins.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GenArtsGPZ	Sapphire Plugins.tmp

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2556	chrome.exe
2556	chrome.exe
64	Sapphire Plugins.tmp
64	Sapphire Plugins.tmp

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2556	chrome.exe
2556	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
64	Sapphire Plugins.tmp

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2556 wrote to memory of 3416	2556	chrome.exe	84
PID 2556 wrote to memory of 3416	2556	chrome.exe	84
PID 2556 wrote to memory of 3652	2556	chrome.exe	85
PID 2556 wrote to memory of 3652	2556	chrome.exe	85
PID 2556 wrote to memory of 3652	2556	chrome.exe	85
PID 2556 wrote to memory of 3652	2556	chrome.exe	85
PID 2556 wrote to memory of 3652	2556	chrome.exe	85
PID 2556 wrote to memory of 3652	2556	chrome.exe	85
PID 2556 wrote to memory of 3652	2556	chrome.exe	85
PID 2556 wrote to memory of 3652	2556	chrome.exe	85
PID 2556 wrote to memory of 3652	2556	chrome.exe	85
PID 2556 wrote to memory of 3652	2556	chrome.exe	85
PID 2556 wrote to memory of 3652	2556	chrome.exe	85
PID 2556 wrote to memory of 3652	2556	chrome.exe	85
PID 2556 wrote to memory of 3652	2556	chrome.exe	85
PID 2556 wrote to memory of 3652	2556	chrome.exe	85
PID 2556 wrote to memory of 3652	2556	chrome.exe	85
PID 2556 wrote to memory of 3652	2556	chrome.exe	85
PID 2556 wrote to memory of 3652	2556	chrome.exe	85
PID 2556 wrote to memory of 3652	2556	chrome.exe	85
PID 2556 wrote to memory of 3652	2556	chrome.exe	85
PID 2556 wrote to memory of 3652	2556	chrome.exe	85
PID 2556 wrote to memory of 3652	2556	chrome.exe	85
PID 2556 wrote to memory of 3652	2556	chrome.exe	85
PID 2556 wrote to memory of 3652	2556	chrome.exe	85
PID 2556 wrote to memory of 3652	2556	chrome.exe	85
PID 2556 wrote to memory of 3652	2556	chrome.exe	85
PID 2556 wrote to memory of 3652	2556	chrome.exe	85
PID 2556 wrote to memory of 3652	2556	chrome.exe	85
PID 2556 wrote to memory of 3652	2556	chrome.exe	85
PID 2556 wrote to memory of 3652	2556	chrome.exe	85
PID 2556 wrote to memory of 3652	2556	chrome.exe	85
PID 2556 wrote to memory of 3020	2556	chrome.exe	86
PID 2556 wrote to memory of 3020	2556	chrome.exe	86
PID 2556 wrote to memory of 4272	2556	chrome.exe	87
PID 2556 wrote to memory of 4272	2556	chrome.exe	87
PID 2556 wrote to memory of 4272	2556	chrome.exe	87
PID 2556 wrote to memory of 4272	2556	chrome.exe	87
PID 2556 wrote to memory of 4272	2556	chrome.exe	87
PID 2556 wrote to memory of 4272	2556	chrome.exe	87
PID 2556 wrote to memory of 4272	2556	chrome.exe	87
PID 2556 wrote to memory of 4272	2556	chrome.exe	87
PID 2556 wrote to memory of 4272	2556	chrome.exe	87
PID 2556 wrote to memory of 4272	2556	chrome.exe	87
PID 2556 wrote to memory of 4272	2556	chrome.exe	87
PID 2556 wrote to memory of 4272	2556	chrome.exe	87
PID 2556 wrote to memory of 4272	2556	chrome.exe	87
PID 2556 wrote to memory of 4272	2556	chrome.exe	87
PID 2556 wrote to memory of 4272	2556	chrome.exe	87
PID 2556 wrote to memory of 4272	2556	chrome.exe	87
PID 2556 wrote to memory of 4272	2556	chrome.exe	87
PID 2556 wrote to memory of 4272	2556	chrome.exe	87
PID 2556 wrote to memory of 4272	2556	chrome.exe	87
PID 2556 wrote to memory of 4272	2556	chrome.exe	87
PID 2556 wrote to memory of 4272	2556	chrome.exe	87
PID 2556 wrote to memory of 4272	2556	chrome.exe	87
PID 2556 wrote to memory of 4272	2556	chrome.exe	87
PID 2556 wrote to memory of 4272	2556	chrome.exe	87
PID 2556 wrote to memory of 4272	2556	chrome.exe	87
PID 2556 wrote to memory of 4272	2556	chrome.exe	87
PID 2556 wrote to memory of 4272	2556	chrome.exe	87
PID 2556 wrote to memory of 4272	2556	chrome.exe	87
PID 2556 wrote to memory of 4272	2556	chrome.exe	87
PID 2556 wrote to memory of 4272	2556	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/drive/folders/1ktWEYaYMR4wRZHohT4RtiOkmIjRuKlf2
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd8,0x104,0x7ffade90cc40,0x7ffade90cc4c,0x7ffade90cc58
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,9269663716334094694,15942241508847710712,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,9269663716334094694,15942241508847710712,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,9269663716334094694,15942241508847710712,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2528 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,9269663716334094694,15942241508847710712,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,9269663716334094694,15942241508847710712,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4848,i,9269663716334094694,15942241508847710712,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4864 /prefetch:8
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4884,i,9269663716334094694,15942241508847710712,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5116 /prefetch:8
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4856,i,9269663716334094694,15942241508847710712,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5212,i,9269663716334094694,15942241508847710712,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4592 /prefetch:8
  2⤵
  PID:1592
- C:\Users\Admin\Downloads\Sapphire Plugins.exe
  "C:\Users\Admin\Downloads\Sapphire Plugins.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:780
- - C:\Users\Admin\AppData\Local\Temp\is-323M3.tmp\Sapphire Plugins.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-323M3.tmp\Sapphire Plugins.tmp" /SL5="$120040,131644444,216064,C:\Users\Admin\Downloads\Sapphire Plugins.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    PID:64

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4880

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.CUDA.em64t\GenArts.Sapphire.CUDA.em64t.manifest

Filesize
1KB

MD5
b5a72bffa3da3050e5ba5fb833a67f36

SHA1
f1a51651f519e43f307a1889e999287b02165c33

SHA256
a9251446b1c878bf5d6cb16514ed65878c308fab2d23a6d96f9b417843106be0

SHA512
b49b011b76bda78464da10ebd996818b7bf174eb91ed7e7998a1bac37eef900dbb696cde6c0b5edf25de1e3aa8df1a33ada6f5e17e9543ef86ebbeb6b57207af

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.CUDA.em64t\cudart64_42_9.dll

Filesize
603KB

MD5
387718d578c4286f1bf51a3d82846469

SHA1
76ec07fcfb98157b1aad33410abaca25a39d8e9a

SHA256
ff3b4532892452ff6c1dd30ff3035b4ba65cd6732e999b79b184d0ada57ce7b9

SHA512
5ef5f622650c70bc6c7576b8a315de0d0ff1f8c970016a2342ab47818a2f9dded89ead9565c538fd07adc4c0a935c285d1e654ac4600f82180ae5420c615be11

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.CUDA.em64t\cufft64_42_9.dll

Filesize
30.0MB

MD5
37a85987dd557a998b6a035e1b5c3975

SHA1
3e52bd3a3f940b505643b150b16c46afda5a3637

SHA256
2b4bc518b787d971eb54dfb736b511f8075e59cd06d22056015e4853fd402ebe

SHA512
0ac0826493154b85dd901962b345c8fd78fba14ac602d0990ce0d1d157a49213257aac03a2d7bcc808ffdf8092035fa9bf21c5d2cdfd51be674691eb9e00cadb

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.MMD.em64t\GenArts.Sapphire.MMD.em64t.manifest

Filesize
827B

MD5
6a55431031507344d98891e3e53de9f2

SHA1
27492b5bf2f2b7f6fbd43ded5e93907d768a99aa

SHA256
dd53e5cfeff4623d333c72d53ac9d3287f3af3b01f3f188a94fdc1f91ff79ea5

SHA512
d41898485205e96e2d87ad0f769be0138a9415eb3a41b0eee2a8fd93142dfbfbed99ee750a04454f2d4fbdb340e3ddac5f4607299a0d2d8887ac3cdebc1e5236

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\GenArts.Sapphire.OpenImageIO.em64t.manifest

Filesize
7KB

MD5
8f38bc3b1d745bee99bf9ea1897ae8a1

SHA1
5d0f49bcd9fe613f77e52582cd80c8755d2419a5

SHA256
ffd4f4aa8a23fda4bc2ed6a86f76ebfd2fbc7ac91985514556319882c97f2c1b

SHA512
e75fdcbe2d1b53cfcd077c783c49a609a2730377b5434d8564fa8750490175feb0526f7150b22a3bfd5bf25c9cae116814d202e7e64c5175c4fcd223076dee89

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\Half.dll

Filesize
267KB

MD5
fbac25c0b8e0ecac26701732186e2aab

SHA1
4d308a378a3e5c49c1f3d7463a630134447eb288

SHA256
e0440b09e2c0fcd6c4a8586214bd77c1bfbab8f8197ba5bb712e34d18f105361

SHA512
1b22ad99e7cc217174386157052dc44a5ef76f5d39a0fbd01dc92123376d7fc090a6e7d30604caa21fda57d9617b4d83c17420130f93005f053ec52c0d4f7ee5

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\Iex.dll

Filesize
70KB

MD5
4775b483a40d7be3c1cc6cc649217883

SHA1
37b1c1b139e9fc812cd93c1cd6f0c9246f415c09

SHA256
188138837433e58f3d3aed8a68f15358d273a40647b18f33cb3753196c14c6e2

SHA512
b2a781b3eccc98cf89837b00c334687eb0028dbaf2b0552ae552ae433649673e45d54f4d1c4752afab2e1c1761115d01bea993ae2f00afa57340783d56bfdd65

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\IlmThread.dll

Filesize
34KB

MD5
7b6dc47c70c218561843858bf64893e1

SHA1
0135bb42011104a1565b52195b6d0d6082cba822

SHA256
fc0042bc5fc8d71622ddc4678056c0cde8edf3098301384deaa2c2707f47b91c

SHA512
5dd23fff642d59f99b28260e324ca007d4722469544a957a0bddd6aed7f45b8a0e84d9188e964348e77410db64315202cf8b910dd273755de504415dc3d7f8ea

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\Imath.dll

Filesize
80KB

MD5
5e074eb83e455fde86bc86e9b63a6956

SHA1
1820b0b922bb0a7af74c2cec5489780b7443aaed

SHA256
1aaee6a1e08d840e8c0df5e1715bcb290b8275ccbd59c1fa1d1e2d0f76cb4948

SHA512
827bf0843aeff73aec6c2f331327fbe156f7dacfab18e0366f3f507616f0cbd8ea7dbce1989749a7b3cdd7b5d18aea3bf03092318baa0e9ae4ea58233c9d6ee9

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\OpenImageIO.dll

Filesize
2.1MB

MD5
a3bd42b4381a5519faf2013c602a1089

SHA1
b89ced0039714c28230d836cdfd29ac8ed60fe74

SHA256
20217dd71973303d099a1f2507e2347005955dbfe9d6a9b7cfc2cd4475ca33ab

SHA512
2b7c37d37084a2b41bcd8576b90e6d9104bb967bd0feee4d4f260fd8561744a474ada55586384d3fdea2c29c762c8ee8d8081443151cf74af7b103510fd4d35d

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\boost_chrono-vc100-mt-1_59.dll

Filesize
26KB

MD5
5f2016866a26df64fe4e99a55c307f42

SHA1
dc3e70a41ba05b4df03a7059ef6975145b2971cd

SHA256
a330e6a86316e51d542c1d2f24c0bc6d1979628afb1d6c56a2da98657b3ae738

SHA512
44ab5d3ac26a35adb2d1aa65f20e1c6da03430555d3cd004a342c1047fcbc4e6925c78a8d570476b8e92a203f91e06f7e154881654419aff941506fa2f399ca6

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\boost_filesystem-vc100-mt-1_59.dll

Filesize
116KB

MD5
56a0db57f0672452bc7b022d92f6558a

SHA1
6423a3f2621f018ebe543ae6a65624856204ce00

SHA256
b46483932bda734acb0d08ee81aeaa878959e5bcbd5ac592aacf80e5bbd30083

SHA512
eacf35cb00b1ceb80e8f1275e883ad0e923e1b5f9a604fcc37b7e9aa6b6ac86239d67b99f4680c12fce04a1c5c3eec03ab7417aa02111708a471f9f0e8ff21db

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\boost_regex-vc100-mt-1_59.dll

Filesize
761KB

MD5
b4530e924bf5794fafdc0cd537a1c2b8

SHA1
8839adab8bb4b47a6fb5685121449e9331522a37

SHA256
086f74e07b6da1fd815b337a7c2af638bcf441c645b947a66daa0e12933d5405

SHA512
eb6f1f4793965b327ef7e3da05ef0ef10e0b8ba328883a98c45df0f488ff4fdfeb3dfcf74a80da1472eae512634d529606f3359937a6db91142e3dc71172e651

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\boost_system-vc100-mt-1_59.dll

Filesize
17KB

MD5
e72aa14a7a91e438a7a33e8e322c19a0

SHA1
9cf1266577282ed3e6fedcc3dd12c27b7f781d3f

SHA256
e0d117dd303447ef8785f13629a395af2b07925008098491141e213a687fc673

SHA512
7d43d6307039e7dc9ec3d343eb6ea6931c863d6bca1dbfc9e2ca13e1edab02eee2561e62600495007b3bed2fc775df374a81ffdcbfa14f6cf6e4c57828e3657b

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\boost_thread-vc100-mt-1_59.dll

Filesize
98KB

MD5
782615cdd4c62d533569cefac7ac0075

SHA1
3294c8d1d0ba2d08fc66e7540c21d016a8bc53e9

SHA256
794e5b72081e7a9c3015e21ce6b2429ce00d7dac6917a6e3375ec79c5920304e

SHA512
27ee63c2dfc264d235d0693cf2ebfc96162f8ccf8b7cf9854ec64580122e59315d4dfa602b4d74cf798ed668ec627e79d7b84a0b84ced76b5cf4f7c90439a0f3

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\is-68TK2.tmp

Filesize
2.8MB

MD5
a6c4e045736cb5862916478a7bb056e9

SHA1
2251ddbcd7052fe2b29293c0ddbd455ebf095c5e

SHA256
c58388f05e0508481090698428f0da35866431d520abf44fc666bbe80bf1c8dd

SHA512
e49ae82e7616f766706ef0703c2df95a401682816dd1f66a44c38f76bef34f11802a24dba7cf8f5f3e98966c485130d257525687407f99ef621f6718d9b7c8e9

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\libpng16.dll

Filesize
168KB

MD5
f98a96e7cbfa97a1fa132be2da651e5d

SHA1
e4a25f477e4d704d40d01fc5d8e81d134f134feb

SHA256
f8df7c7595affe8a6244fdfb659c65666065631cafaeef154f7cd5a8edf94902

SHA512
76b840a4eaa926fc7a1e701eb21c5339d194528e95fdab7bd5c99a80853cb8208021378eb4fda7063659b5f65684c224f8dc9abc4fb32a67adf5e2376212bc92

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\libtiff.dll

Filesize
595KB

MD5
627ba450c9c2d4bf0f14a60b7e88fb8e

SHA1
5f36d356346e58dfad7081561c14fd77e790dc5c

SHA256
adf2403a8e8dcd6740fd3b4d9a4738344020a539f3323cda4864681c511f6ef7

SHA512
ade9a41a6f82dc0eee8b80315344d8193ab51cb97451e989b2f102a6a17320967b1e2d2195956b246fee3d6149a4dbb732fe93d9508471791e07aa5a4d8c0df2

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\openjpeg.dll

Filesize
122KB

MD5
fe1722806d3785fb9c56789f1cc8d1a2

SHA1
9e08a99a33eee7dd182580d2a3e77b9fb00c3a5e

SHA256
1c18c935d88c76f5371aa1ef890c21f36bd22b19f6aa6f492adf17761747c2d1

SHA512
9bbd82dcd6b6b5fcb7fc514ae26cd17fe15f3d82e4a6d0197c3d8aa41ceefe4555fa94bdc838c53f8bdf496d20ff3742d7e61c63abec2e22689dbef4c2bdc418

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\zlib1.dll

Filesize
76KB

MD5
525ebeea6d83439aa536bbc10631eefe

SHA1
f62647437bf92beac1bc28d734fafa7a053af987

SHA256
e5b51b8112f2b7bc5a0567e849df1fea8b470b2669dab03a4c4564592fbddd59

SHA512
5b4749e19ca7cff7c35c838b4c5915bb3bb8e1378cab328420f9105650e195da902965e2d477e9a6f628707e5edb5a1ed3b8ed1fa105223d8fd03e5a875cc1f9

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.mocha.em64t\GenArts.Sapphire.mocha.em64t.manifest

Filesize
832B

MD5
4236cfe0aca3ecf09cf2ece471302df5

SHA1
abcc3b0d9c4c54d55e8204f95a5a6226bed03418

SHA256
b9b9135321de2d48341d5a7004f54a3ecb7c4d32f4bfed6ba45e1d9e88d7e589

SHA512
6f8175f5b72fe0a2975b366305a57c12ebc69716c73497773826ff17e7ada9958ea99b2eec774e85244d103e3b7955336bc19a7eaa94129326148f2b9640f20d

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.mocha.em64t\mocha4bcc.dll

Filesize
36.0MB

MD5
dbe5265adcdd266132f9822a71dc225b

SHA1
8f512d8b0b2c38029dbcb3cfe23895ee2a93916a

SHA256
36ae13a378b28edc13d63e63b66195dbad1f476f079d3dd9b0d18cb0751ff266

SHA512
21074b3dcef72951a46474a40a58cdb8889130ba61e4b782e11c5be441c5043cd0a9c9fdf34974c9b88544813535717086a90b3f8df82eb0eba0db3772af4dff

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\Sapphire.ofx

Filesize
36.4MB

MD5
866058d09d96024dc40e4d12b6539c97

SHA1
42eef750d6dfee6a165228a74062be69c6cc6d17

SHA256
210dbd0360d79c6b76d9d54c462730ad790d1ffa92e877fddbec835469871d90

SHA512
ce42f6ea17bc9e88df3ce8910224f56cb642e013447538bbd5856118268767ae23dafbf785f7f0d5c4c5a1354f79601ba1a87a0ceb000e87919ab1d7ae7ff91f

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\_renderlib.pyd

Filesize
1.0MB

MD5
5d4e4c88544a21df144a0190db1d4d59

SHA1
e6f3bd731de425d334e5b54eeeb1c10b8f6bfde5

SHA256
c36acdde7b7fa84f567c337c4a19802412c68adb4a73aa1f5abaa7d2648ab24f

SHA512
0749e4555dfa5dfb4e4f2e65df5bc7c3955a6883078b0d5ac62822ee317bc4a6ab9584dfe708edaf1df46de81049b72f7b6814430894774fed7a90f5e6c6b689

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\mocha-wrapper.exe

Filesize
592KB

MD5
c3e092e0011e6c13b547f65845c9e8fe

SHA1
20f6078eac80414c073e212f1b640d86eb022cba

SHA256
cf271b5d71212a30e08494ce0dd9c0b6397d661776c58363d27a8ca562863177

SHA512
9fd373c7a77ec9bfb01ae21bb12fe4031f1972ff56db96ae58e0fd75d3907627352d26eebd75f72070ea77393cffe9f72c4691e8eae039ebf42c6008aa208123

Download Submit
C:\Program Files\GenArts\SapphireOFX\flare-editor\is-D0B0I.tmp

Filesize
1KB

MD5
e36f541a32a036a9ae7cfbc61c53b75b

SHA1
c7f0ecfb307c55b6c7d7e8607c409a65fb109962

SHA256
87c5cdf831b890dfb5f61ec55323228ea999b6188c617ec68c61fa7673bda1c0

SHA512
f86a797f267784118b4f13fa93d5d0a12d4d528b74b37e474344c27e4fa090537914b6de7ebf35c4bebb35f825549d176698ae117e531035903b9b40fd868b7f

Download Submit
C:\Program Files\GenArts\SapphireOFX\flare-editor\is-HN0K6.tmp

Filesize
25KB

MD5
de4b8d3970e99b3ee0f5cc7a7d653fff

SHA1
8df91d531ed75ee3e9329552f89147432a3e31a0

SHA256
b073268969316922438806cc95a89dd7fe1e69d4f3c7d7e08aa7abe6184979a1

SHA512
2f76c7a53d096db044a52a29836879e35d28023061e9762a2f20e6ab3029cf4ff6ca88f37dba84fd4aa38fac489dad191ea42d9dcf21d51c5e366962ffb81fdd

Download Submit
C:\Program Files\GenArts\SapphireOFX\flare-editor\preview-pane.css

Filesize
1KB

MD5
13d8cce78035229d5435dc959e3757e3

SHA1
97f0c18359ec55df8f7a6a535e835f312045e99e

SHA256
d53ebf4fb14d2e7d1ee98803cfe00b4b8df42adf6ea5d05b3b2d55606edf27d9

SHA512
1b364580e95750ed768d7c3eca812d52f8b340ca4ebbce4e0a1b46dae7d31d8fb1dcd889cb93ee27a99827dd3184e828557b49a17ccb00d76f282c6de5ed33a2

Download Submit
C:\Program Files\GenArts\SapphireOFX\lib64\GenArts.Sapphire.MMD.em64t\libmmd.dll

Filesize
3.2MB

MD5
66700db697342f7412eef592ef66d8e1

SHA1
a99dd3e98d23ff743369d0482d9112f938c7ecfd

SHA256
75ccbde18ceba3024f8633e8c8151a2e87420cd73511041428a1a83a4fae5535

SHA512
4c5faf0746aad88a320fbdaa392ba03db5aa3872dc8cb15843c5db8f9eb01cfd9c4fd351897317b5fafbf2f81806bdae13a4179d4fdea1b20b5ab6231850ea37

Download Submit
C:\Program Files\GenArts\SapphireOFX\preset-browser\Include\is-59UGA.tmp

Filesize
20KB

MD5
606c8ee81dd87502ec1d483b045e3270

SHA1
a5e9ff0ebf89d050fad47a7c56a7a46d13f93a85

SHA256
8e1613e5363a1ec22228acea618af74ba5cb6d6fd91dcc9d4a8e8ef40f1da2b6

SHA512
872fe3eca539ef6f728119896457facc927bc897c4b243bcc9b9e4b7f3a77364b1daed0a986ee11a468b171f58b36feeaf4d194a5918a519109fae1c9ddafa91

Download Submit
C:\Program Files\GenArts\SapphireOFX\pylib\is-5LNUR.tmp

Filesize
378B

MD5
a55ab44e1a5c551941d471fc34169327

SHA1
146bc86a300403fa123d17bd0790a6af731f2805

SHA256
7ddf5efb1bc2c0b1a73ce27c0cbf7b89a293d811ee3ec2c65c93571a9c8e4b57

SHA512
db0e682b6bb3738d5dc0bc9c9da0d96e2a724249838d81e8c401b010de470a202a1fe8daa132f4d33f20be87cfae5acc5f6cd88d2372701f06923dc35b3980bd

Download Submit
C:\Program Files\GenArts\SapphireOFX\pylib\is-IVPNN.tmp

Filesize
147KB

MD5
5c8a7e4d173c34d7a43158c1204cb1e6

SHA1
1ca74bb3d4dfa1a68433cb69b164667fc78e32e9

SHA256
70dc54d2f44a9c53c3a71e2326f2acc5ea0f4ad08f65bc2670d4f6694e7ed300

SHA512
f81e62da05bf207c1920cd54c802b403929be73b3db550f2c030c6f5590d5091ad5e79e820dd0c652daaa8bda2be25e23db76b95a9458b078e1bbed3d0ab861c

Download Submit
C:\Program Files\GenArts\SapphireOFX\pylib\is-Q8P9V.tmp

Filesize
58KB

MD5
23cceec35684b71f509f516d78237f6d

SHA1
115346144e9c20e163c3d773f1f55695d4b604d7

SHA256
71a80a296a6512ce75ac8ae9700a6e39d5a127885c9ecd48bfe842373836cf2d

SHA512
8945eae7540f0cec1d34cad110db250171de1cda24eb886ae92438fd691776f1ea77801e45633d3b8f1c475351a545708bcbafcff184d33796a6644252b055e8

Download Submit
C:\Program Files\GenArts\SapphireOFX\update-check\is-G5DKQ.tmp

Filesize
388KB

MD5
70bdfe56b66584357eb10cef1ddbdf20

SHA1
16fb712ac63915bd6b821f67fbb3c25113e631b2

SHA256
497519a8f7a755435af588a4de659d01600c5251f132db3864242bf57cc50fc4

SHA512
2d63cff6ccdd35288ff3207dfce3f9aebb1f92ab42fe8bd68701ec31c700b400fcf4bf8c1a42edee1d0bd6375b898bb408ec40aad13c051af71825523df90dec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a41c5087f9650c7a53b3222f7ea82b04

SHA1
644dfe87b4f7ae76438ed4ea174b4d5533f51c7c

SHA256
1d9e1e5f7dc31ac43ec494ad716091abb9486a7847d4cc6666825ddf718ba825

SHA512
1de31ac458682ac8b6640eb7c267adeb6bb2c38a35baecdc05475f37edafdc6dd47b9055f3658e3e66522ecc557c7d821c8f239993f3cc0d907e1e016fde4262

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
28KB

MD5
bfb4ad144233248db8f0b493c9f53943

SHA1
75f204ac49008ca945d35db03568db5ffa2ee27d

SHA256
57819395af403b8697d446c0ef64388fd0f4b33af5647bf8a79d0616cd903393

SHA512
0f5f4ffdc046a81da203998f22ce0f156036b3c14646faa1b1c30d6bd0cf5138b70b3d5ac60b2b6eed36d2beadc108b78119f757bea84705ac71a8f1b3d4dd6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ba2fa40854514b496514b55a25bccc48

SHA1
dd55bed1fa31106d0e445d324b44ae94f0f0ed4a

SHA256
37f4812be503293ad7326b6d10b96119c5228b05028b66d9d515d9de7421c14c

SHA512
7a7c1260216f0c817a978a7070dd4eaabc2d51b443f9689d81f351487f8007a0d47165eaa845589e779c742d2cf16c89bef9aef0ba682525d023a17268887cec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4984f97374e837a558526a4320b6ea50

SHA1
1c67bd01a70e3a649c084927627f081bbf0e79c7

SHA256
5b1d91088ab24864b3a389761bfdd991daccd61624d89d08a3b5dc9a8f8301e7

SHA512
4eace87047db88d158a557db4f2060b39a71d9fc6b838c3a94b799314b0f99ef088d72790aeebf76da92b7b3b705752122935e428b37acc3ef59eb84cc70efa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5ca58483f2f19681dbbdb0527562b092

SHA1
d2cf7fa6b0bdb55bd22d704a6a4001b6ad2ab91b

SHA256
6ac34e425d68660ed875fda18e00db038ece2b7cee0452a1b7dc3fd658d3604f

SHA512
753a56534bc9dee304f68860deddabb558c7a7a55c900f74af5d38bb233d2a51c57d78a48d0be4cfe984ef59ac72b867b0ee1437a697bda8b9323d750346ef4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a22bf034df493e698d7a388e481e4099

SHA1
76b6625823ff5866684edd2cd293785978804e42

SHA256
018e0ac7d77d94bbdbb4e337fcda0b89966279262f7283db3d2d27bc8e9b1f47

SHA512
1b2e103f8aa11d934ce55fa285c621c319a82bedc5df8f850e472cf5700127c902cc88d6c3bee7fe2444ef701c448cef0870f066929c82aa09f7fddb8b152121

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e192ac0bf9c3dfe2c19438dab9e964d3

SHA1
babdaed1203ce9b72feeef4cdb1522c5676394fd

SHA256
8be7d6fc92acaf87f593b8e96995def9e1816852ff7b754b3898ced2400bda3a

SHA512
2eac422f1229ae8a47fbe3346196399139c8e3e9d1d42330151ccac80f720d04f7fa9ec70be916d19f052383f5a7151faaac61c19b6fa23c0418f23757a78fa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e7c010513be13c9ed98d060f9a1e5328

SHA1
b01162ebc68f96d701528e5c65b9369396d150b3

SHA256
e7ac08b47b2c5c3360e7a2525c1fd23f8c1ee06a9f62f5a30bc07e1e7f6df96b

SHA512
cc1d846af125885ece7b25e96fe0c2e169e61c344d7784353f0bab750c8a71738b06662615f0510fdb1e1fb984d1be6404922af142dcaab508c25ca22e0814c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
33d32badc03336b285b56e8a6ba73863

SHA1
e05933aac2fc1af07fe595b7b8ad91e9246407c3

SHA256
b7f4b3dca0bac179a51824a3747e27705a4288fb6285cd3c35599ea4c19673f5

SHA512
a90252ae8449d0b8f79a7a32014d1049c5c7e44eab24c1446ae82c187760cb876d1e2739fe276015e8a06cb4bbc7965b912ba63f7ed389becfbdcfd52f1c2c49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
e4bb47e5011face2abe26203bf83503d

SHA1
aacc4f43214e25be3ad3d0da85b1a19d3627ee2e

SHA256
2d8fab4ffaa7e95ae707df5afafd37cec4c0e191b6c4e91b40e51d9172ed13c9

SHA512
3cff099759071aca5c319409984954d3987ba965b06bc11462943c11140205ac54d1b767ee276b07f987db1fd0dfabe1362ddb5f2cbe2a39928b67fe57e34763

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
cf88d8ba337688d0733b3b30d7729b9d

SHA1
69f7067f8c0e5535f92f0966c269df99cddf8198

SHA256
9cd6cc7401e607a1094f428ecfbd64440efe1dd79bf774405245aad0ae50193e

SHA512
43b19249645d10c021e052452a7cff9b2ae9619e0df0afa7d3061f43253a0bcc1185a6d4b057e0301c910803cda829124b0725a9b77a941ca69c139382da23a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-323M3.tmp\Sapphire Plugins.tmp

Filesize
1.2MB

MD5
2f1a7607115dac9fcca176d2071c94d2

SHA1
ce9f91a52474f8cfe01bf524e06be9a6d4563f4a

SHA256
b728af04252b23902174847900a05147415668b18acb2b8913c41e329b53d3d2

SHA512
dea4bd7a8dd7b2846dfe6081b2c7f2ba85879d4a9369aa6cd4aef2ca3a0623abb4840e2a30f30650701e484cb2aa57fb08ebd1fbde86f606e4ee05760750ecc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4AMMT.tmp\_isetup\_iscrypt.dll

Filesize
2KB

MD5
a69559718ab506675e907fe49deb71e9

SHA1
bc8f404ffdb1960b50c12ff9413c893b56f2e36f

SHA256
2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

SHA512
e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

Download Submit
memory/64-9464-0x0000000000400000-0x0000000000544000-memory.dmp

Filesize
1.3MB

Download
memory/64-2533-0x0000000000400000-0x0000000000544000-memory.dmp

Filesize
1.3MB

Download
memory/64-199-0x0000000000400000-0x0000000000544000-memory.dmp

Filesize
1.3MB

Download
memory/64-4628-0x0000000000400000-0x0000000000544000-memory.dmp

Filesize
1.3MB

Download
memory/64-10484-0x0000000000400000-0x0000000000544000-memory.dmp

Filesize
1.3MB

Download
memory/780-949-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/780-192-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/780-10485-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/780-194-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download