hxxps://archive[.]org/details/sapphire-v6-ofx-collection

Analysis

max time kernel
434s
max time network
434s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
22/08/2024, 00:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://archive.org/details/sapphire-v6-ofx-collection

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	msedge.exe
Key created	\Registry\User\S-1-5-21-131918955-2378418313-883382443-1000_Classes\NotificationData	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\sapphire-v6-keygen.7z:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
5632	msedge.exe
5632	msedge.exe
5784	msedge.exe
5784	msedge.exe
1960	identity_helper.exe
1960	identity_helper.exe
3880	msedge.exe
3880	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
572	msedge.exe
572	msedge.exe
2368	msedge.exe
2368	msedge.exe
3880	msedge.exe
3880	msedge.exe
1352	msedge.exe
1352	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1244	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeRestorePrivilege	1244	7zFM.exe
Token: 35	1244	7zFM.exe
Token: SeRestorePrivilege	2844	7zG.exe
Token: 35	2844	7zG.exe
Token: SeSecurityPrivilege	2844	7zG.exe
Token: SeSecurityPrivilege	2844	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
2516	OpenWith.exe
1352	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5784 wrote to memory of 3752	5784	msedge.exe	80
PID 5784 wrote to memory of 3752	5784	msedge.exe	80
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5864	5784	msedge.exe	83
PID 5784 wrote to memory of 5632	5784	msedge.exe	84
PID 5784 wrote to memory of 5632	5784	msedge.exe	84
PID 5784 wrote to memory of 1016	5784	msedge.exe	85
PID 5784 wrote to memory of 1016	5784	msedge.exe	85
PID 5784 wrote to memory of 1016	5784	msedge.exe	85
PID 5784 wrote to memory of 1016	5784	msedge.exe	85
PID 5784 wrote to memory of 1016	5784	msedge.exe	85
PID 5784 wrote to memory of 1016	5784	msedge.exe	85
PID 5784 wrote to memory of 1016	5784	msedge.exe	85
PID 5784 wrote to memory of 1016	5784	msedge.exe	85
PID 5784 wrote to memory of 1016	5784	msedge.exe	85
PID 5784 wrote to memory of 1016	5784	msedge.exe	85
PID 5784 wrote to memory of 1016	5784	msedge.exe	85
PID 5784 wrote to memory of 1016	5784	msedge.exe	85
PID 5784 wrote to memory of 1016	5784	msedge.exe	85
PID 5784 wrote to memory of 1016	5784	msedge.exe	85
PID 5784 wrote to memory of 1016	5784	msedge.exe	85
PID 5784 wrote to memory of 1016	5784	msedge.exe	85
PID 5784 wrote to memory of 1016	5784	msedge.exe	85
PID 5784 wrote to memory of 1016	5784	msedge.exe	85
PID 5784 wrote to memory of 1016	5784	msedge.exe	85
PID 5784 wrote to memory of 1016	5784	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://archive.org/details/sapphire-v6-ofx-collection
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xdc,0x118,0x7fff3be13cb8,0x7fff3be13cc8,0x7fff3be13cd8
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7160 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6852 /prefetch:8
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7016 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1320 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6812 /prefetch:8
  2⤵
  PID:5396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4644 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7536 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7872 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8180 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7524 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7752 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1244 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17285557530061727936,3286509470796896852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7600 /prefetch:1
  2⤵
  PID:5004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2820

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4008

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2516

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:1244
- C:\Program Files\7-Zip\7zG.exe
  "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\sapphire-v6-keygen\" -ad -an -ai#7zMap8490:96:7zEvent2058
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e681bda746d695b173a54033103efa8

SHA1
ae07be487e65914bb068174b99660fb8deb11a1d

SHA256
fee5f7377e5ca213c1d8d7827b788723d0dd2538e7ce3f35581fc613fde834c2

SHA512
0f4381c769d4ae18ff3ac93fd97e8d879043b8ec825611db27f08bd44c08babc1710672c3f93435a61e40db1ccbf5b74c6363aaaf5f4a7fc95a6a7786d1aced8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f081a02d8bbd5d800828ed8c769f5d9

SHA1
978d807096b7e7a4962a001b7bba6b2e77ce419a

SHA256
a7645e1b16115e9afec86efa139d35d5fecc6c5c7c59174c9901b4213b1fae0e

SHA512
7f3045f276f5bd8d3c65a23592419c3b98f1311c214c8e54a4dfe09122a08afb08ab7967b49bd413bc748ce6363658640bc87958d5e0a78974680a8f9beadf44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7b8cabf1-27ce-49ed-bca2-7c26921eda80.tmp

Filesize
6KB

MD5
1a370382b4306a2d7da976ba3f86b6f8

SHA1
b4b8854a811a020a13901d5286a7846383f5e957

SHA256
b2e7f07a84e92f1766ee8e9503bb06ef59d3d3e5c5d20849c5fcbd3d4ce5b8ef

SHA512
31978782396c23a7055097b18c85d33f38f5d0360fdfbfecfce1ece978eaa12c19a393de08ceb3ab7cf88d6bc458eb7770330057856e55ffdcb31f9ba1235b5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
958e72d173944595320c1377b3015e44

SHA1
ba650126f7d4e739dd399fe8e2ab9939df2e359d

SHA256
0f26af205e088a2d95b5bf8a01905d6beca0acaedca901c6dfab31dfa114ac0b

SHA512
684a460c6f17bfc866d5d3ddd8486f068bb48ddebcc08c99a8117658a9a562fa4e982cd3ea64dcaca2336cd670d058d4be49de477cfe56b7db02014bdef00acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
27KB

MD5
158a0cc3b8390b268676b3fc3644dbe3

SHA1
bf06cf6e7d96d7808b0c245be28d79c6b963a5e0

SHA256
544c11dc585731e0fb13a885e55fe671f69b9d1adb7d7f9ab3b63d5cd1886b48

SHA512
d41616ba3fd2bafd80926c890621b0bb2b0e50e7625badc6e25d86b26eefa7526451b9f0d3777c54c4cf383cb87e5e2361294b79edf19e9f514d72c4cc0d100b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
33KB

MD5
c586a6a53d419257ef16c5e5b97c78cb

SHA1
ba50ceff947b2c00659bbc21028fd236cfd5aaec

SHA256
5c4d4d1d474678333a9a224feec6cad3ca14651461f0ef0edf7baabddb1b05bf

SHA512
a1b67d105154a2e8630ab7b427c5c3ad2eac3132ce0dd61a9f78c5092743208e20f6dea1c57898c7c69449544cceda5760edf9d3908b4d41e67261eb1a4f933e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
40KB

MD5
56e6be029d77f578e709c24b614846c9

SHA1
489c375c9f3497c386174d83cad05129e537ba2f

SHA256
25f1d7fee2bd9cf97933b907f627a6ff47534b2ad58fb99676f17b472fb1cbba

SHA512
efe69b930590d01364af98e68539d8bda4538ca7becb19b8b38f6ad6838c3f42778bd5625afb6f76c12aa360b6d3a13d42419bc0a198cd4c043852130a90e8bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
259KB

MD5
e21d8f1c196a57173bf3b85e2cb8279e

SHA1
a3bb410be6b5e2f1f12a423f9662011739680e18

SHA256
95e92c13822c17886386e3568491352233b56f6d5c807ad50a35f2bd2d9681e7

SHA512
896034b43740fa75018a7cdab4c4f95038ff13cc711ae9e19a934782b491898ac2d1732c4fec7745923756fb02f714d4cefbef26e3409c48695b0ffaf7eaabc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
1.1MB

MD5
ed17889ca9502da5eaf9928e91768c03

SHA1
b5055a80867f037ced09919f379d126d28cc0746

SHA256
370a655474c6e935d5c3622f37f005e862318a02e47cc8d4f2ec3de23a001be7

SHA512
b737802be52f90564716281c378e9512c57b02a12ffaeac1862405764ee78147bbad802365ebd850cfc58b61c76d0a01c269977c86a77eac0e7475a78b006711

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
212KB

MD5
2257803a7e34c3abd90ec6d41fd76a5a

SHA1
f7a32e6635d8513f74bd225f55d867ea56ae4803

SHA256
af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174

SHA512
e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
8999edd5ec1af85609b918a4096055f8

SHA1
42eedcf1664704a7afa5d9d032c47081f65985cf

SHA256
2b2e4de055500be23f2cdde9a0436018d17d60a11519d587de0d8dd6f8a98e01

SHA512
156d5427351597aa8d14abd7a3e91ec1115f88c5fa9b4d942b5745dbdc166c9ecde4071733de69cf9e77bc8523a7fd1464fdfc7ad323e2933054cfc776e332ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
83475a87ad1fa91238db700cf43d1c41

SHA1
7ecea6a40962dd457c91a6c4200ecd37d3157e54

SHA256
9de714cb44576cd2c115d87a777eef311641a2b96afe63006a9dbdbb491c39b7

SHA512
44bb24220171ec75d1c53c1675f59beccbf03bbb859060b6b885c27f1b64f6f5a963fc99fe1931b9e709c78bd522db89c191eba3aa12d9a35972e476852962ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
3e269e76ce55b57c8fd7775668fe8c10

SHA1
be7a73a5f8a0f0baf25e8188b0c3bb3dbed6e37a

SHA256
ab47b38029a2ca146341945ae5e8fbfe1e192633caf22dfb1ed64afba5810063

SHA512
60716b24909d6429215c5e1cee60aee10c89ca6f880f662e04766ec72c196d1dad3316dfb0b20da8b498941ccf0e2c6b805496ae0fea1ec07f52191a9a3c83d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
34c4bf02009ab7ffae9c8afb722638f7

SHA1
51008fc53f566a53a8a584cf7131d793f8cd09a3

SHA256
4970427b38ef5ad50632dd3eca09c929151c00452680ef4914f661109f121f00

SHA512
786e3b8cd1163b263798641ae52bc59d3c46e41f1f3cfe89c9ce36ee1c509637a6e45dba05fc5db94c419231b29aba9c53ab08b51d31b090ad0412cd018a8076

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ce33ae4dbb23d5e6feeea1c8d8c3ce6f

SHA1
e7303d515bc42147a1d0742b1f03d81a79951667

SHA256
dc3b4d19cb2da0eab2b442d00664c12b09395974ddd2acb798dc7d14b15869d8

SHA512
a99725aa4663eb4d71a8b71b4b029c8df281e655f6f4ff93c5875245469b0364029a06b448f0e309636ced57345897324bc63b49901272a75ef4d55c126c894c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
facca4f769ab6866180db9ce7e5e8ffe

SHA1
9b5c63a95dcc1893d14e03b4c88b4cc61e087f8e

SHA256
bb7cd9ece1d53d1a30f89c89a4c854bbb2e02b3a55e7ae3b0b41660d7fd71656

SHA512
cc9ca4b3e251b07fcbfab4f42bca37786114bcdc75ef9d80e055689ecc674895ce98203e8969d442d13d8eeb91b0dfd45d765f50cb34d16729f4913d9e680665

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
495B

MD5
8d7b47df5f32407f0cf1ce550ccb4a2b

SHA1
73153f5b193f5fc2fd13e35ab4ba0e94c6e8184c

SHA256
28e8b3a10d12cb07d050ba8b8924e5563281458c5b9f5031a561674634c28195

SHA512
15250ac5f14104eb1884b4ab0a271db3b8c442b50c4cfb83d8504f488f76ad3e3f8030ca0fc8d9add2577cd436f1c6838a0e615b1aa806e1f7dcfe3d86d4af5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
414B

MD5
032d404439c48c53103d6fc683f8fd11

SHA1
ca06556f449a85462aec607bbc4301c2935cb984

SHA256
882ea21117882605849d1f06ead82b747c6704a69b0ca443ec11954447e555e6

SHA512
f58308a5bf67e48bdb741cd02e3cbeaee4d8037e6af6a501b7f1d277b181b26b766f65c54f8b25d4a652c191661b7bbc38d4e029d2b0cd27a6c6311d43ba2899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
35b13dcb0855eaf1171f0dd314f2f13b

SHA1
caee69f21c478cb1938c2f986192e5421be8fb2c

SHA256
ab4aa69229b1581be589fd0d68199ba8db323be8b4fc5ccc433d3427d5fcee1d

SHA512
d700cc1a13f7800e50c14baf973694e412ea077079a20d6cd87ef4692fe79ab34ddb75a5342869391c621300a19689ed52579bf7b06018cac0902c6a1554ff02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
dee647f4b0a2b895671f034e061b897a

SHA1
d83c3efd820b90d11842e5d5fbf9bd1a61d4de51

SHA256
1c757f326d626d2270889df2a22a3940c89857843ffc34ff59211118ec6c4919

SHA512
3ead8e17c37f76cabc089a554e5c6b01c79593fd92bc9cb28514a69a22eaa08312ba0f3b23a944ccc0f9adac643c3c8c2d010b50ab513dcdf1671954954c32b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
414B

MD5
3cac9c660f19deb6dff2eba04996a882

SHA1
274c17b58c75f87d5c606650680680f086821b86

SHA256
cd826b357b004fd3ea63979c39d9f275f7650f23166e71c13c105fc036b9c476

SHA512
dfb4df33559121f6c7c674bad052048152ee90e0f0f053779528c270d675956ac0414a9d9b2df24d0f36e87b2cde92521790307b25e5babee41195854783dd35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
495B

MD5
223812f90c10c2d2e6c9c3130661a30f

SHA1
2c25558db9d5d6a54e08522d1161dac9050df047

SHA256
271a5e728b405bc9dedf138ba6658e0531a07dd7e70b8f13d8355339a7d23457

SHA512
ff5f41d3d74b65f4b732e40609217efc8d7164ae47ed9e48261ea17aefa41db12e5959319b5673e7cce0cf92c67c886f27ed4867a19859e1234bebdb48713346

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
58da8a070d298b5f53234e284e48b9ca

SHA1
44e260d1ecca88f5b21ec60452f99051d7fb1327

SHA256
dadc6f703c110671c5140c832a651384348609844872ffa143138b3d82ae9979

SHA512
d99ecc182defe5207a87bf9aa234772a1bd2a864868a633e38b6c14a1f736dd6f1ca0b1a14b4b82d96a20cf6a2cf36777c5e7fb80e232a6c286272fe00424048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
27ee4012909c933c5820b7a450bb8bae

SHA1
a3bbeef566224b6a675b9e4b7d198df56fd1a2a8

SHA256
1db62841cfa80f7443ea3887bc06cbe880c73218ad621aa75d336cf01e8b8b80

SHA512
06f0b498dd2961c24073bb304e5ba59db82251ea95a5f4ca64d5f041f8fe0dcaff30ec27486ebd92300d14bb79e3e02e9d3c03dc1546254cbaa15cd315588026

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c8fc9fe7448f1a8bf80880de6f81b2b1

SHA1
68b8906f6513ebe9e020ab1cfcee28a6efaf852a

SHA256
a881c1ef48de8af60c53035edfad91591a0b7076b19ae0b5f4271362f30d1906

SHA512
bf45d5994e296d8f46851eac878cb5cb404ecddc8a570a4deb659da389e039f34613ecb1754ebea344618ca28595f88d119852df0be71c18fc1afcddf7ac67d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
58d76bae10db23eafc7709843214aa30

SHA1
0dbe10dfe1401b630804016cd33cb8beb7b0898a

SHA256
e1e694f0babacad21c85001a8141a0d8bf6a99b43615e71cb0b5ed97f5234fdb

SHA512
ec05a7c43c9eb5133b1196b173062d6a76dd18fc8384801c507ff193b251873e1e953ebed96652dc95be666acf5c1c2408d3c53404b74d652626369c68aa93f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
01fd167aab36f9a8ca9015ede927dc17

SHA1
789d804b405980fe40e1764e4e62eec41f483a72

SHA256
84836e9c59ff848313614909713a5f79945efe7a628707a8b7afd1f847a60c9d

SHA512
a6517e755ceebc342c0321a62f1a918bd527e46f07254015298ff459a4eb775f6308dccf585db4698bc8888ed2aecfbb6a638982aa3926429bd1afe08236d04f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a9c88062810257a80a596fceeb9d9347

SHA1
82e519a10a8abc1da040978dab0d86b0f5eac399

SHA256
674c005b102e6ced30265cf321be535cdd6f76b28453b169c5888b1b61fcbe70

SHA512
22746ad803465727369e7442dc90d599daf513a84dbe0c7bdbecc3585e4413d60b4d2c0d83429390ddb74c04ee43f5ac437725becfccb0fd44d085c97e98ccf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
61b835b4f747c7c9a1ffbbbb662a916d

SHA1
fa0a668ac0d95aaa65044799ae329675ff896d07

SHA256
83205b8175be2ba4105f3899fae4ed618e7071a7c0012a580110b8445afc5530

SHA512
4a5c3f059ce8bc51227e76b68e9424cae6cc682a8396c154d12bf141b81c67fbfd27cc10f44c0ab82b7f9bae19d9643117be83c27b3bec0fa03d37b67df4ab83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f6fbbb3f6ff7fe2a34efc5e9e01e1cd1

SHA1
f832605fef8ed0e13ee59c407738733d401e5b71

SHA256
092f64d41dfb05326aa1fcfc49bcaf9f61ab95b81a53acd1e0c43f00a682aa9b

SHA512
62ab002754caf4b40018c54179fefb6917eff2f7009d92a20757df39d83229dbd8f9b3a2ac220a418fb1bedfdadbb218fe2c1330277e034d7c8ec209fa2eaaca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
434bf4e8b5a35c66e575a1997a0b9934

SHA1
ef71a31af2a60e2ead03fba08e7c19ea0e3cc231

SHA256
708639a6d494fd76c848f3cfb55d60bd5ecf8cbdff2ba46677d5ed5fe253ef12

SHA512
52f1709ebbc9e45b27384f57343ae8ab77031382b1e4dc7fa6164c1ebf7fc1abac69bb3f9143ade4182dc84174d92a940c41e7966a2100e4e65a449fa2040269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5c6691.TMP

Filesize
48B

MD5
0c35a70430d98724660a2438c5cd671b

SHA1
e85147c6e1a107bf776bf4dc8e4ceb1566bed4d5

SHA256
5d193e484790701b36a98f3b3bd424efc3c171a8f6aaf96dff77cf0ae5a7541b

SHA512
63733761def0940630af818c178c77051c0195d68243487546491d1a22981a55aefd955f35727ced5c0e1a0bf22c5c914e352f10757e0e0b5df1afc6406048d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
444a62d2abf3ccc83af1da6c9c6de088

SHA1
a0e6502f645c67a36edcedbe7c94c50d1ca46c52

SHA256
4e88b6a350502639e25be03fbe1e2cd4b4e7ae7148793320d4c17869cf81ee90

SHA512
49832026ba6e2f9e92f10ed930d4c03bb7cf76dcd78c85eb983871d0d3bb8d3f31b78e01e45947ee86987907e79687a077ae35e3fa110b1da39db2fce35891c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
708B

MD5
c3b01d89007e70eb9c878b74b1da0036

SHA1
bcc2bfe1caa7df4b69e24279438471e87d18030e

SHA256
77e799d7116ec44ec0b4affca80a5f6f9b6a10bd55996236b6a5ab68da814b4b

SHA512
fc433c5afc6b24623cb91b80dff0d9251007219bf67ae4012a30d5fc34e4accbb433d6b8f001d8c0dc1c2a934a5335deb4971fef08a981331d0aa0f70aed100e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
708B

MD5
2fbd862c4024860cbf86237c73d4e74b

SHA1
7ffb0c4d3189534c52cbf4f1b9c8d1941dc3db86

SHA256
17d759be47f58c7181bcb80f0f821fda10491ac5d2ac0140376b7ac6dc986749

SHA512
2d4aae432dd076f71acf2f95e675efe2eca94625b164d5f6d4ad722c9ce8a60981e6494e7e7d0ed54358ec69201709ad0393cceb7a1aeb3f2e7b34b11a545fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
875B

MD5
2b3bfc8309708fd106d566554b3b9733

SHA1
3c09ff54fb3a6b563c43bfe14ead8da7059e2055

SHA256
0271887024417b40b2f5038ba0dc19e5b65c7ad20d4fa7c93f20f1b4031a24a6

SHA512
61444d426f18de85bde8e3fdecbf0dd84b5f1b5bb6419907303104acebe3f041a8621256d608ae0b422a193dcc0bf0715f786844e4aff178d3675e21a6c9103d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7e5b13ad09dda12f888d1316debf4d7e

SHA1
bfbd5c4e8347fb01bb07fc16ae482fa6c21a8ed1

SHA256
5f4ef675c18940e914fb9960edf8506f0b9135c2b14c31567eaf3e2c9ec888a1

SHA512
a97e5280c6f225ae0551ebdf44bcba6d44a78e5ec7ddb7da6df4d9928159a1506bf721420a317533ad243ebebb4e8d302d0e1c17796b49eba562743170c71232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8addf8cc70c15ad6369fbb26d352fb82

SHA1
40ffc98035849d442f3c67c3ddb8a149b5c737d2

SHA256
28767e547f7d0478a5f64e5f68eb5472e9be7c09ac93473f7994529132dc32e2

SHA512
d9fb8c3fa9530a85438d886b10c47ba3fee13ab06f90509c799a96b6a1c652e64a97e024eca97954930192185754d720c20c6dd0d804c52529fdecc36ae46d7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
5937265aa0fd82b9b18156101c99f2d8

SHA1
0f3cbc40c4a73e565d9d98c1f39d46415a758e39

SHA256
af74bb5be512c2e8b0899a9e8e82ae22fcaf7a2154394e091e977c2f836ef0c2

SHA512
29a1ebdcca7598f0599c6a9abac823d44cd601a8b099442ad8d49ae54c28fa0c027b7184a9eeb5370476bf1a9e8b6fec632401fa9ff58f9bc9b42798b6396b3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
1cd5cdbd846890bae1fa50a5f7d05902

SHA1
caea0f2809f18345594f0bd9c41d76972fbbf135

SHA256
67ab71e7b8846a70402a268facaf051cbccdb9dbed382e1bf93d7cc60ed26ba8

SHA512
22bc485ceb8aebb7985784ec27ada171f78ccdd53970022121bca83520004c6e6f284da4e975104176f673eefe98df0128bb2e8d8a024adb158ea28a52425bf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
1fa59bfd83241de943d7d0f0fe778807

SHA1
dd50bae3c1af9b6fd213bb08bda381198a45f60f

SHA256
f61125b1e8072ebde6031e50d471c98ca634b67c276445e5a421b6db453cc43b

SHA512
113991fc989e03b41ae702b7fe92db12a7ffaa06b88997ce6c8641a1c0f13c496ffd4fdea6b66bd9f2858b99b96a3e397705fa28e1fd00b8e09c0d3c1723f56b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
9a0447767ff342d6ac09632f58112fb8

SHA1
caef0cf9c924d49d9a6d6fe8551c74b22fff80a3

SHA256
99aad43f660fdf8a446a75fd92e4e204384de065fa1587d8534d0634fd5a4536

SHA512
0d0a374fe720fdf2a168374f7ad27fdf0539488004f03c8f7352e6e055e25879b99b85c13b55a979f25c903e551370bfc47d35306c6cebc3103abc1d4037569a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
29badb91b3e76aa287a826092df167a1

SHA1
5190f45c54f542a2919ff3b7aa2a36acf4e0d2d6

SHA256
4be05b6a390d18f5694e8a55a39e2a2e9c2ee150d1e7a3388a1eedfffcfac590

SHA512
48bd3db968cbe20de85ca79cef64d58ab0d070403fb90bbc23a69b317fc540468e94f2c7c272fe83bb620d9990aa7a3a164f7f2fe414943d036ad85bd68d493c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
708B

MD5
1b13bc1448ebb5c3298699833a0a7517

SHA1
27df1bcc14d14569060066e3dc26b8536d546c15

SHA256
beda58762affde66da7f8c1792126d03a6ab4a68dabee10cb0abe46b60abd69e

SHA512
e28b57e0a6593e6b3a3ee333717e1986c3abeca30ece591db0f8989361f23ae5033789d7140f2ef5689a639f1ed3ec9ba2dbff95b54b1caae086671bbd682168

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
708B

MD5
7fd5df2a280364a849390726a94da6a3

SHA1
c38e5f5f1d32f2e4305792a3711cc05e1208fcf9

SHA256
bc3f349a7486abf695fbfcd07388173facc3dfd5b760eae8c471a5d240dc08e6

SHA512
6ec51b71aa576aa6e99d8ff6c4b6aa3a55bff323fdb07c4eb9452f7e1894dbb04ddc24a1706fa4adffb7a5650be1775a9950f29d3a1a0f8c7a86ddf1cd4ad1c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580f0e.TMP

Filesize
540B

MD5
8afb01a541d57fde2528a5cc1e4121de

SHA1
a861e735b776c08d4ebdeb3bcfe4d10b5e49a104

SHA256
686e06fc8e8f761ba1a7bf227c13f5d66b551ff84a08a5d8709e3569aa59baa0

SHA512
259db64c89ff27f5c76285c2413b330c4d472164a75585f3dd6ba3238e18a41e4e44d8015dc10f2810657b2a80ea126e77512bfe368c78ad1a2c6990efeb73d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ec236e486f2972c3f1116df50a7809f3

SHA1
c0ac122c2be12f96691bc875b3cd2b4d176840cb

SHA256
5c4894287569fbdb69103b1981bf69c9095f455748eeba6a5b0a0e56cabfc3f0

SHA512
e1d55b066d6e8e6bcb3b88272d3ccd7c5a97ba7f152bf652af9943db81b506118e3b883a6acf0923e12a5184e3ee39bb1078e1e89a61b33e7cd1bf97e2548357

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0d3f3c514da99fc875d34c9b49b706b3

SHA1
d4a1f86bb3fc557b9b64bc44413174475be8acdf

SHA256
757b9c428e2a2ce3afc34dddf3a9fab6735c91e31b1405311614efe3d424e0a2

SHA512
ae90cc2b0fccf8d64efd23516cee939a85ebec8f714cf63a8cdeff9b30d983f03cb5b5386913db83896752a807d901b79fcad4b35e3c8240fa66055c3ed75d64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
81405d240fd546e18a782cb07ef1d2a9

SHA1
1490013f2e1015391dbc75966a4fce1e56204436

SHA256
a19fa089f489902806cccbfd4a1e2f68a484cb8fc673eb2a5c0a80a0fd12feaf

SHA512
b05449264d0219f64d9dff7605b2e288eed25a954931907cba77691a08f49a75ee5f364abbd4d78e79d2e87adf3857499d118c069cb575c63c6d199af4ea3062

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
baee23801675f3537bf1639c0ac17619

SHA1
bc2a4f2360f8d3d98491c7e8bceedbfdf925a143

SHA256
253cb94180858ae82c420689f903652377829e8e567d3174a7f4f18220009859

SHA512
0e761f339a5555326aa3f8cdf11c65c6b68b2dbf2c79f3b568426820c47f353a3e2cb05625e05f355d91b4d5e05882c34273c8933a115b1ce2510cfc49ecafbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
02e398125b0fbceb3a1407ced0266e43

SHA1
528db159ba27e4384d058d3f1ae25a09800ce889

SHA256
41c250ae98aac4e060acdcd3e1a30af66c1774e9716726cc86db74cba2ac41e3

SHA512
a7fede3f1b913b40e1ddd9b15afc6a8549757749466bf9c01998696ae3f8a1f8303eaab402029f279858e374fe5c47e78493bc717f3be2648cf3b346643ec032

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b6c8c5666cc800f069a6ad1bc0de59f6

SHA1
1ea10d6537a99eec5ac9ae59a0ff9415e4c4ba62

SHA256
29e135f98e85ad17255f50fb23a4d771abc2aa7139e5c16d2a3bb8d890d57b2e

SHA512
758f95e3fcbcde8b08e9f8d09844655a24d67b605691a973b63b438220219782400bf852f1dec7590b9413ddf32c38043a39d7bd6837d9e93b2b71f98e16bfd1

Download Submit
C:\Users\Admin\Downloads\sapphire-v6-keygen.7z

Filesize
41KB

MD5
7d8f58705d90a542a2d5b4686d29c542

SHA1
0f25642b68c972554a1fa32c84555c71706ea837

SHA256
8078d0125f98162bbf76046cad61f9f1154de70712499099142bdb3c82cc7456

SHA512
ebd6fe1771b8ce600cabacf0fe7b43c9e26bddeb64ea56258b1558d2621957703289a46f1aee27f16a983656b724ed775f971ce49c23e13a5c5aea774ec6ece6

Download Submit
C:\Users\Admin\Downloads\sapphire-v6-keygen.7z:Zone.Identifier

Filesize
340B

MD5
50c2d9ff76ef4c25c7a0c84511b7d25f

SHA1
e53b04208d599f6fafc472b2f21c4e96056fb8a8

SHA256
b56aa9084f19dab6b286ecae69cb4a7e5736f622ca78eb01e958788ce1494968

SHA512
06b256a6fd82033d93ef101e775179b15bace58ad2c0983510965ddd0cb180af47585922b767d5194ead63234758144893a062f7e84904553b75c7c3088dc0b3

Download Submit
C:\Users\Admin\Downloads\sapphire-v6-keygen\k3yg3n para cualquier versión de la v6\genarts_keygen_2013_1.1.exe

Filesize
91KB

MD5
5d0699c40c857bea2538fa022331d497

SHA1
d2082efd0cf05e7e6adccd3dea26590bd4f2ee49

SHA256
e6d216a7fd8deee641d26949ebdd27aa19ddc146dc98c3edca9995d4d3f7345d

SHA512
92a1c4c3cc38bd88c89400e30e694534455db06a2a4fc42f5c537c1f62543a047603711340d5566cf1f878408d55d44bed961e199e8a397b7bcc379339d2502f

Download Submit