hxxps://drive[.]google[.]com/drive/folders/1ktWEYaYMR4wRZHohT4RtiOkmIjRuKlf2

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
26-09-2024 07:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1ktWEYaYMR4wRZHohT4RtiOkmIjRuKlf2

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4160	Sapphire Plugins.exe
3004	Sapphire Plugins.tmp

Loads dropped DLL 1 IoCs

pid	Process
3004	Sapphire Plugins.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
9	drive.google.com
5	drive.google.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\GenArts\SapphireOFX\stamps\smoke\is-A6BAU.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-U6KH5.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Resources\is-EC4B9.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Resources\is-2BF5N.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Resources\Sapphire\is-BPGAS.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\lensflares\is-9S4UC.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-A73RH.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\film-stains\is-TGF4H.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-2NBP6.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Resources\is-EOOH1.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\hairs\is-52V3S.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-GG13K.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-PGRCL.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-5V3S4.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-M1J80.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\lensflares\is-EII4D.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\lensflares\is-LRQ2D.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-M1D6S.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\hairline-cracks\is-KI0D9.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\hairs\is-ONM9E.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-A4D2J.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Resources\is-RSTHP.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Resources\is-L79K7.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\lensflares\is-11I6M.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-7MH33.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.CUDA.em64t\is-03186.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-B8TC2.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-OKK9H.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-4CEIL.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-IQL6P.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-KB37Q.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-IBP98.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Resources\is-IIFLP.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Resources\Sapphire\is-27AU6.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-GK0EE.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-QS9S9.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-VC3QM.tmp	Sapphire Plugins.tmp
File opened for modification	C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\Half.dll	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-GSI04.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-BP9GC.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-NE6AR.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-HPMOT.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-FBOM8.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\film-stains\is-62466.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-UT1LO.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Resources\is-5OE97.tmp	Sapphire Plugins.tmp
File opened for modification	C:\Program Files\GenArts\SapphireOFX\pylib\qt4_plugins\bearer\qnativewifibearer4.dll	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-BL73K.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-USKEH.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-AKVVK.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Resources\is-MP0KU.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\lensflares\is-QE510.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\glares\is-KAE7C.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-A2CGG.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Resources\is-GSQP3.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\qt4_plugins\iconengines\is-EEQF8.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-ITI31.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-OR6FS.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-VAGJ2.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-HDHPU.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\film-stains\is-4KDJL.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\hairs\is-4RO3T.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-8HMEJ.tmp	Sapphire Plugins.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-8KAUD.tmp	Sapphire Plugins.tmp

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sapphire Plugins.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sapphire Plugins.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GenArtsGPZ\ = "GenArts Preset Pack"	Sapphire Plugins.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GenArtsGPZ\DefaultIcon	Sapphire Plugins.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GenArtsGPZ\shell\open	Sapphire Plugins.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GenArtsGPZ\shell\open\command\ = "\"C:\\Program Files\\GenArts\\SapphireOFX\\preset-browser\\preset-browser.exe\" \"%1\""	Sapphire Plugins.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.gpz	Sapphire Plugins.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.gpz\ = "GenArtsGPZ"	Sapphire Plugins.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GenArtsGPZ	Sapphire Plugins.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GenArtsGPZ\DefaultIcon\ = "C:\\Program Files\\GenArts\\SapphireOFX\\preset-browser\\preset-browser.exe,0"	Sapphire Plugins.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GenArtsGPZ\shell\open\command	Sapphire Plugins.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GenArtsGPZ\shell	Sapphire Plugins.tmp

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 153319.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 40 IoCs

pid	Process
3148	msedge.exe
3148	msedge.exe
4224	msedge.exe
4224	msedge.exe
2664	identity_helper.exe
2664	identity_helper.exe
612	msedge.exe
612	msedge.exe
3004	Sapphire Plugins.tmp
3004	Sapphire Plugins.tmp
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4376	taskmgr.exe
Token: SeSystemProfilePrivilege	4376	taskmgr.exe
Token: SeCreateGlobalPrivilege	4376	taskmgr.exe
Token: 33	4376	taskmgr.exe
Token: SeIncBasePriorityPrivilege	4376	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
3004	Sapphire Plugins.tmp
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1828	AcroRd32.exe
1828	AcroRd32.exe
1828	AcroRd32.exe
1828	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4224 wrote to memory of 4220	4224	msedge.exe	82
PID 4224 wrote to memory of 4220	4224	msedge.exe	82
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3352	4224	msedge.exe	83
PID 4224 wrote to memory of 3148	4224	msedge.exe	84
PID 4224 wrote to memory of 3148	4224	msedge.exe	84
PID 4224 wrote to memory of 4460	4224	msedge.exe	85
PID 4224 wrote to memory of 4460	4224	msedge.exe	85
PID 4224 wrote to memory of 4460	4224	msedge.exe	85
PID 4224 wrote to memory of 4460	4224	msedge.exe	85
PID 4224 wrote to memory of 4460	4224	msedge.exe	85
PID 4224 wrote to memory of 4460	4224	msedge.exe	85
PID 4224 wrote to memory of 4460	4224	msedge.exe	85
PID 4224 wrote to memory of 4460	4224	msedge.exe	85
PID 4224 wrote to memory of 4460	4224	msedge.exe	85
PID 4224 wrote to memory of 4460	4224	msedge.exe	85
PID 4224 wrote to memory of 4460	4224	msedge.exe	85
PID 4224 wrote to memory of 4460	4224	msedge.exe	85
PID 4224 wrote to memory of 4460	4224	msedge.exe	85
PID 4224 wrote to memory of 4460	4224	msedge.exe	85
PID 4224 wrote to memory of 4460	4224	msedge.exe	85
PID 4224 wrote to memory of 4460	4224	msedge.exe	85
PID 4224 wrote to memory of 4460	4224	msedge.exe	85
PID 4224 wrote to memory of 4460	4224	msedge.exe	85
PID 4224 wrote to memory of 4460	4224	msedge.exe	85
PID 4224 wrote to memory of 4460	4224	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1ktWEYaYMR4wRZHohT4RtiOkmIjRuKlf2
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd956346f8,0x7ffd95634708,0x7ffd95634718
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2766508684990517454,15755051836052153441,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,2766508684990517454,15755051836052153441,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,2766508684990517454,15755051836052153441,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2766508684990517454,15755051836052153441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2766508684990517454,15755051836052153441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2766508684990517454,15755051836052153441,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2766508684990517454,15755051836052153441,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2766508684990517454,15755051836052153441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2766508684990517454,15755051836052153441,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,2766508684990517454,15755051836052153441,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3428 /prefetch:8
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2766508684990517454,15755051836052153441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2104,2766508684990517454,15755051836052153441,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6176 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2766508684990517454,15755051836052153441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2766508684990517454,15755051836052153441,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,2766508684990517454,15755051836052153441,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:612
- C:\Users\Admin\Downloads\Sapphire Plugins.exe
  "C:\Users\Admin\Downloads\Sapphire Plugins.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4160
- - C:\Users\Admin\AppData\Local\Temp\is-V5T56.tmp\Sapphire Plugins.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-V5T56.tmp\Sapphire Plugins.tmp" /SL5="$80248,131644444,216064,C:\Users\Admin\Downloads\Sapphire Plugins.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2766508684990517454,15755051836052153441,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4876 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1448

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:4376

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1828
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4856
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1981F18DA95D707EF5331E05B9D29C9B --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1544
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=DB5291FD8904388EFE2856BA490094D6 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=DB5291FD8904388EFE2856BA490094D6 --renderer-client-id=2 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4520
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B78BE5D4E641CC2FDAE1BC74C3AB09DB --mojo-platform-channel-handle=2320 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4388
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DEFAAD8DF0F7F1B21E6C037E0958EDB9 --mojo-platform-channel-handle=2308 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1848
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=707A68ED1798770610FB2A6E6B0AA5BF --mojo-platform-channel-handle=2476 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.CUDA.em64t\GenArts.Sapphire.CUDA.em64t.manifest

Filesize
1KB

MD5
b5a72bffa3da3050e5ba5fb833a67f36

SHA1
f1a51651f519e43f307a1889e999287b02165c33

SHA256
a9251446b1c878bf5d6cb16514ed65878c308fab2d23a6d96f9b417843106be0

SHA512
b49b011b76bda78464da10ebd996818b7bf174eb91ed7e7998a1bac37eef900dbb696cde6c0b5edf25de1e3aa8df1a33ada6f5e17e9543ef86ebbeb6b57207af

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.CUDA.em64t\cudart64_42_9.dll

Filesize
603KB

MD5
387718d578c4286f1bf51a3d82846469

SHA1
76ec07fcfb98157b1aad33410abaca25a39d8e9a

SHA256
ff3b4532892452ff6c1dd30ff3035b4ba65cd6732e999b79b184d0ada57ce7b9

SHA512
5ef5f622650c70bc6c7576b8a315de0d0ff1f8c970016a2342ab47818a2f9dded89ead9565c538fd07adc4c0a935c285d1e654ac4600f82180ae5420c615be11

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.CUDA.em64t\cufft64_42_9.dll

Filesize
30.0MB

MD5
37a85987dd557a998b6a035e1b5c3975

SHA1
3e52bd3a3f940b505643b150b16c46afda5a3637

SHA256
2b4bc518b787d971eb54dfb736b511f8075e59cd06d22056015e4853fd402ebe

SHA512
0ac0826493154b85dd901962b345c8fd78fba14ac602d0990ce0d1d157a49213257aac03a2d7bcc808ffdf8092035fa9bf21c5d2cdfd51be674691eb9e00cadb

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.MMD.em64t\GenArts.Sapphire.MMD.em64t.manifest

Filesize
827B

MD5
6a55431031507344d98891e3e53de9f2

SHA1
27492b5bf2f2b7f6fbd43ded5e93907d768a99aa

SHA256
dd53e5cfeff4623d333c72d53ac9d3287f3af3b01f3f188a94fdc1f91ff79ea5

SHA512
d41898485205e96e2d87ad0f769be0138a9415eb3a41b0eee2a8fd93142dfbfbed99ee750a04454f2d4fbdb340e3ddac5f4607299a0d2d8887ac3cdebc1e5236

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\GenArts.Sapphire.OpenImageIO.em64t.manifest

Filesize
7KB

MD5
8f38bc3b1d745bee99bf9ea1897ae8a1

SHA1
5d0f49bcd9fe613f77e52582cd80c8755d2419a5

SHA256
ffd4f4aa8a23fda4bc2ed6a86f76ebfd2fbc7ac91985514556319882c97f2c1b

SHA512
e75fdcbe2d1b53cfcd077c783c49a609a2730377b5434d8564fa8750490175feb0526f7150b22a3bfd5bf25c9cae116814d202e7e64c5175c4fcd223076dee89

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\Half.dll

Filesize
267KB

MD5
fbac25c0b8e0ecac26701732186e2aab

SHA1
4d308a378a3e5c49c1f3d7463a630134447eb288

SHA256
e0440b09e2c0fcd6c4a8586214bd77c1bfbab8f8197ba5bb712e34d18f105361

SHA512
1b22ad99e7cc217174386157052dc44a5ef76f5d39a0fbd01dc92123376d7fc090a6e7d30604caa21fda57d9617b4d83c17420130f93005f053ec52c0d4f7ee5

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\Iex.dll

Filesize
70KB

MD5
4775b483a40d7be3c1cc6cc649217883

SHA1
37b1c1b139e9fc812cd93c1cd6f0c9246f415c09

SHA256
188138837433e58f3d3aed8a68f15358d273a40647b18f33cb3753196c14c6e2

SHA512
b2a781b3eccc98cf89837b00c334687eb0028dbaf2b0552ae552ae433649673e45d54f4d1c4752afab2e1c1761115d01bea993ae2f00afa57340783d56bfdd65

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\IlmImf.dll

Filesize
2.8MB

MD5
a6c4e045736cb5862916478a7bb056e9

SHA1
2251ddbcd7052fe2b29293c0ddbd455ebf095c5e

SHA256
c58388f05e0508481090698428f0da35866431d520abf44fc666bbe80bf1c8dd

SHA512
e49ae82e7616f766706ef0703c2df95a401682816dd1f66a44c38f76bef34f11802a24dba7cf8f5f3e98966c485130d257525687407f99ef621f6718d9b7c8e9

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\IlmThread.dll

Filesize
34KB

MD5
7b6dc47c70c218561843858bf64893e1

SHA1
0135bb42011104a1565b52195b6d0d6082cba822

SHA256
fc0042bc5fc8d71622ddc4678056c0cde8edf3098301384deaa2c2707f47b91c

SHA512
5dd23fff642d59f99b28260e324ca007d4722469544a957a0bddd6aed7f45b8a0e84d9188e964348e77410db64315202cf8b910dd273755de504415dc3d7f8ea

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\Imath.dll

Filesize
80KB

MD5
5e074eb83e455fde86bc86e9b63a6956

SHA1
1820b0b922bb0a7af74c2cec5489780b7443aaed

SHA256
1aaee6a1e08d840e8c0df5e1715bcb290b8275ccbd59c1fa1d1e2d0f76cb4948

SHA512
827bf0843aeff73aec6c2f331327fbe156f7dacfab18e0366f3f507616f0cbd8ea7dbce1989749a7b3cdd7b5d18aea3bf03092318baa0e9ae4ea58233c9d6ee9

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\OpenImageIO.dll

Filesize
2.1MB

MD5
a3bd42b4381a5519faf2013c602a1089

SHA1
b89ced0039714c28230d836cdfd29ac8ed60fe74

SHA256
20217dd71973303d099a1f2507e2347005955dbfe9d6a9b7cfc2cd4475ca33ab

SHA512
2b7c37d37084a2b41bcd8576b90e6d9104bb967bd0feee4d4f260fd8561744a474ada55586384d3fdea2c29c762c8ee8d8081443151cf74af7b103510fd4d35d

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\boost_chrono-vc100-mt-1_59.dll

Filesize
26KB

MD5
5f2016866a26df64fe4e99a55c307f42

SHA1
dc3e70a41ba05b4df03a7059ef6975145b2971cd

SHA256
a330e6a86316e51d542c1d2f24c0bc6d1979628afb1d6c56a2da98657b3ae738

SHA512
44ab5d3ac26a35adb2d1aa65f20e1c6da03430555d3cd004a342c1047fcbc4e6925c78a8d570476b8e92a203f91e06f7e154881654419aff941506fa2f399ca6

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\boost_filesystem-vc100-mt-1_59.dll

Filesize
116KB

MD5
56a0db57f0672452bc7b022d92f6558a

SHA1
6423a3f2621f018ebe543ae6a65624856204ce00

SHA256
b46483932bda734acb0d08ee81aeaa878959e5bcbd5ac592aacf80e5bbd30083

SHA512
eacf35cb00b1ceb80e8f1275e883ad0e923e1b5f9a604fcc37b7e9aa6b6ac86239d67b99f4680c12fce04a1c5c3eec03ab7417aa02111708a471f9f0e8ff21db

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\boost_regex-vc100-mt-1_59.dll

Filesize
761KB

MD5
b4530e924bf5794fafdc0cd537a1c2b8

SHA1
8839adab8bb4b47a6fb5685121449e9331522a37

SHA256
086f74e07b6da1fd815b337a7c2af638bcf441c645b947a66daa0e12933d5405

SHA512
eb6f1f4793965b327ef7e3da05ef0ef10e0b8ba328883a98c45df0f488ff4fdfeb3dfcf74a80da1472eae512634d529606f3359937a6db91142e3dc71172e651

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\boost_system-vc100-mt-1_59.dll

Filesize
17KB

MD5
e72aa14a7a91e438a7a33e8e322c19a0

SHA1
9cf1266577282ed3e6fedcc3dd12c27b7f781d3f

SHA256
e0d117dd303447ef8785f13629a395af2b07925008098491141e213a687fc673

SHA512
7d43d6307039e7dc9ec3d343eb6ea6931c863d6bca1dbfc9e2ca13e1edab02eee2561e62600495007b3bed2fc775df374a81ffdcbfa14f6cf6e4c57828e3657b

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\boost_thread-vc100-mt-1_59.dll

Filesize
98KB

MD5
782615cdd4c62d533569cefac7ac0075

SHA1
3294c8d1d0ba2d08fc66e7540c21d016a8bc53e9

SHA256
794e5b72081e7a9c3015e21ce6b2429ce00d7dac6917a6e3375ec79c5920304e

SHA512
27ee63c2dfc264d235d0693cf2ebfc96162f8ccf8b7cf9854ec64580122e59315d4dfa602b4d74cf798ed668ec627e79d7b84a0b84ced76b5cf4f7c90439a0f3

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\libpng16.dll

Filesize
168KB

MD5
f98a96e7cbfa97a1fa132be2da651e5d

SHA1
e4a25f477e4d704d40d01fc5d8e81d134f134feb

SHA256
f8df7c7595affe8a6244fdfb659c65666065631cafaeef154f7cd5a8edf94902

SHA512
76b840a4eaa926fc7a1e701eb21c5339d194528e95fdab7bd5c99a80853cb8208021378eb4fda7063659b5f65684c224f8dc9abc4fb32a67adf5e2376212bc92

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\libtiff.dll

Filesize
595KB

MD5
627ba450c9c2d4bf0f14a60b7e88fb8e

SHA1
5f36d356346e58dfad7081561c14fd77e790dc5c

SHA256
adf2403a8e8dcd6740fd3b4d9a4738344020a539f3323cda4864681c511f6ef7

SHA512
ade9a41a6f82dc0eee8b80315344d8193ab51cb97451e989b2f102a6a17320967b1e2d2195956b246fee3d6149a4dbb732fe93d9508471791e07aa5a4d8c0df2

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\openjpeg.dll

Filesize
122KB

MD5
fe1722806d3785fb9c56789f1cc8d1a2

SHA1
9e08a99a33eee7dd182580d2a3e77b9fb00c3a5e

SHA256
1c18c935d88c76f5371aa1ef890c21f36bd22b19f6aa6f492adf17761747c2d1

SHA512
9bbd82dcd6b6b5fcb7fc514ae26cd17fe15f3d82e4a6d0197c3d8aa41ceefe4555fa94bdc838c53f8bdf496d20ff3742d7e61c63abec2e22689dbef4c2bdc418

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\zlib1.dll

Filesize
76KB

MD5
525ebeea6d83439aa536bbc10631eefe

SHA1
f62647437bf92beac1bc28d734fafa7a053af987

SHA256
e5b51b8112f2b7bc5a0567e849df1fea8b470b2669dab03a4c4564592fbddd59

SHA512
5b4749e19ca7cff7c35c838b4c5915bb3bb8e1378cab328420f9105650e195da902965e2d477e9a6f628707e5edb5a1ed3b8ed1fa105223d8fd03e5a875cc1f9

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.mocha.em64t\GenArts.Sapphire.mocha.em64t.manifest

Filesize
832B

MD5
4236cfe0aca3ecf09cf2ece471302df5

SHA1
abcc3b0d9c4c54d55e8204f95a5a6226bed03418

SHA256
b9b9135321de2d48341d5a7004f54a3ecb7c4d32f4bfed6ba45e1d9e88d7e589

SHA512
6f8175f5b72fe0a2975b366305a57c12ebc69716c73497773826ff17e7ada9958ea99b2eec774e85244d103e3b7955336bc19a7eaa94129326148f2b9640f20d

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.mocha.em64t\mocha4bcc.dll

Filesize
36.0MB

MD5
dbe5265adcdd266132f9822a71dc225b

SHA1
8f512d8b0b2c38029dbcb3cfe23895ee2a93916a

SHA256
36ae13a378b28edc13d63e63b66195dbad1f476f079d3dd9b0d18cb0751ff266

SHA512
21074b3dcef72951a46474a40a58cdb8889130ba61e4b782e11c5be441c5043cd0a9c9fdf34974c9b88544813535717086a90b3f8df82eb0eba0db3772af4dff

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\Sapphire.ofx

Filesize
36.4MB

MD5
866058d09d96024dc40e4d12b6539c97

SHA1
42eef750d6dfee6a165228a74062be69c6cc6d17

SHA256
210dbd0360d79c6b76d9d54c462730ad790d1ffa92e877fddbec835469871d90

SHA512
ce42f6ea17bc9e88df3ce8910224f56cb642e013447538bbd5856118268767ae23dafbf785f7f0d5c4c5a1354f79601ba1a87a0ceb000e87919ab1d7ae7ff91f

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\_renderlib.pyd

Filesize
1.0MB

MD5
5d4e4c88544a21df144a0190db1d4d59

SHA1
e6f3bd731de425d334e5b54eeeb1c10b8f6bfde5

SHA256
c36acdde7b7fa84f567c337c4a19802412c68adb4a73aa1f5abaa7d2648ab24f

SHA512
0749e4555dfa5dfb4e4f2e65df5bc7c3955a6883078b0d5ac62822ee317bc4a6ab9584dfe708edaf1df46de81049b72f7b6814430894774fed7a90f5e6c6b689

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\mocha-wrapper.exe

Filesize
592KB

MD5
c3e092e0011e6c13b547f65845c9e8fe

SHA1
20f6078eac80414c073e212f1b640d86eb022cba

SHA256
cf271b5d71212a30e08494ce0dd9c0b6397d661776c58363d27a8ca562863177

SHA512
9fd373c7a77ec9bfb01ae21bb12fe4031f1972ff56db96ae58e0fd75d3907627352d26eebd75f72070ea77393cffe9f72c4691e8eae039ebf42c6008aa208123

Download Submit
C:\Program Files\GenArts\SapphireOFX\flare-editor\is-9KEQC.tmp

Filesize
1KB

MD5
e36f541a32a036a9ae7cfbc61c53b75b

SHA1
c7f0ecfb307c55b6c7d7e8607c409a65fb109962

SHA256
87c5cdf831b890dfb5f61ec55323228ea999b6188c617ec68c61fa7673bda1c0

SHA512
f86a797f267784118b4f13fa93d5d0a12d4d528b74b37e474344c27e4fa090537914b6de7ebf35c4bebb35f825549d176698ae117e531035903b9b40fd868b7f

Download Submit
C:\Program Files\GenArts\SapphireOFX\flare-editor\is-N4R4O.tmp

Filesize
25KB

MD5
de4b8d3970e99b3ee0f5cc7a7d653fff

SHA1
8df91d531ed75ee3e9329552f89147432a3e31a0

SHA256
b073268969316922438806cc95a89dd7fe1e69d4f3c7d7e08aa7abe6184979a1

SHA512
2f76c7a53d096db044a52a29836879e35d28023061e9762a2f20e6ab3029cf4ff6ca88f37dba84fd4aa38fac489dad191ea42d9dcf21d51c5e366962ffb81fdd

Download Submit
C:\Program Files\GenArts\SapphireOFX\flare-editor\is-N74TK.tmp

Filesize
1KB

MD5
13d8cce78035229d5435dc959e3757e3

SHA1
97f0c18359ec55df8f7a6a535e835f312045e99e

SHA256
d53ebf4fb14d2e7d1ee98803cfe00b4b8df42adf6ea5d05b3b2d55606edf27d9

SHA512
1b364580e95750ed768d7c3eca812d52f8b340ca4ebbce4e0a1b46dae7d31d8fb1dcd889cb93ee27a99827dd3184e828557b49a17ccb00d76f282c6de5ed33a2

Download Submit
C:\Program Files\GenArts\SapphireOFX\lib64\GenArts.Sapphire.MMD.em64t\libmmd.dll

Filesize
3.2MB

MD5
66700db697342f7412eef592ef66d8e1

SHA1
a99dd3e98d23ff743369d0482d9112f938c7ecfd

SHA256
75ccbde18ceba3024f8633e8c8151a2e87420cd73511041428a1a83a4fae5535

SHA512
4c5faf0746aad88a320fbdaa392ba03db5aa3872dc8cb15843c5db8f9eb01cfd9c4fd351897317b5fafbf2f81806bdae13a4179d4fdea1b20b5ab6231850ea37

Download Submit
C:\Program Files\GenArts\SapphireOFX\preset-browser\Include\is-2HBAJ.tmp

Filesize
20KB

MD5
606c8ee81dd87502ec1d483b045e3270

SHA1
a5e9ff0ebf89d050fad47a7c56a7a46d13f93a85

SHA256
8e1613e5363a1ec22228acea618af74ba5cb6d6fd91dcc9d4a8e8ef40f1da2b6

SHA512
872fe3eca539ef6f728119896457facc927bc897c4b243bcc9b9e4b7f3a77364b1daed0a986ee11a468b171f58b36feeaf4d194a5918a519109fae1c9ddafa91

Download Submit
C:\Program Files\GenArts\SapphireOFX\pylib\is-HUU86.tmp

Filesize
147KB

MD5
5c8a7e4d173c34d7a43158c1204cb1e6

SHA1
1ca74bb3d4dfa1a68433cb69b164667fc78e32e9

SHA256
70dc54d2f44a9c53c3a71e2326f2acc5ea0f4ad08f65bc2670d4f6694e7ed300

SHA512
f81e62da05bf207c1920cd54c802b403929be73b3db550f2c030c6f5590d5091ad5e79e820dd0c652daaa8bda2be25e23db76b95a9458b078e1bbed3d0ab861c

Download Submit
C:\Program Files\GenArts\SapphireOFX\pylib\is-JI02F.tmp

Filesize
378B

MD5
a55ab44e1a5c551941d471fc34169327

SHA1
146bc86a300403fa123d17bd0790a6af731f2805

SHA256
7ddf5efb1bc2c0b1a73ce27c0cbf7b89a293d811ee3ec2c65c93571a9c8e4b57

SHA512
db0e682b6bb3738d5dc0bc9c9da0d96e2a724249838d81e8c401b010de470a202a1fe8daa132f4d33f20be87cfae5acc5f6cd88d2372701f06923dc35b3980bd

Download Submit
C:\Program Files\GenArts\SapphireOFX\pylib\is-LDPVI.tmp

Filesize
58KB

MD5
23cceec35684b71f509f516d78237f6d

SHA1
115346144e9c20e163c3d773f1f55695d4b604d7

SHA256
71a80a296a6512ce75ac8ae9700a6e39d5a127885c9ecd48bfe842373836cf2d

SHA512
8945eae7540f0cec1d34cad110db250171de1cda24eb886ae92438fd691776f1ea77801e45633d3b8f1c475351a545708bcbafcff184d33796a6644252b055e8

Download Submit
C:\Program Files\GenArts\SapphireOFX\update-check\is-OF3KD.tmp

Filesize
388KB

MD5
70bdfe56b66584357eb10cef1ddbdf20

SHA1
16fb712ac63915bd6b821f67fbb3c25113e631b2

SHA256
497519a8f7a755435af588a4de659d01600c5251f132db3864242bf57cc50fc4

SHA512
2d63cff6ccdd35288ff3207dfce3f9aebb1f92ab42fe8bd68701ec31c700b400fcf4bf8c1a42edee1d0bd6375b898bb408ec40aad13c051af71825523df90dec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
36KB

MD5
973c884f785d200279557944f7c0d92c

SHA1
48ce24715264ba966aba67b5064e72b2ea4cea19

SHA256
3e10d43747945da40eee95cf926c1b181c50e1e05b2c634e7f10989af553698c

SHA512
5a758942c0243ce5cc132655c799d2f70761c3f1945b4db1f0855e9bd2663321709f796898ce9d1ec6c495a6623d85932d5c15e299d17f780c54adfd3345ba36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c23f511fdda535159e87d22af4c868d4

SHA1
07b26da4315c548e0b8f1b970c1f22787d7e71d6

SHA256
89253d60f0bc47e73701867ee6c5d620bffd2f8b6597a2b9ad7192e41605b770

SHA512
f45651c59e3fcc9cb8a168cd7d22f04a519c0117ec8a83dfb163a0c268bac7e30d38f5a5003df011b9927fa56be7ba7c174f0c380c0feb07644b47fd51b11622

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c279e0c937a27c9a848a629a3f749e99

SHA1
7fdc4d09bb2b896eebcd74fa0a64526b5f314152

SHA256
46374674d7fcaabb6274688a1ae64385bc888a7523877e7298ef361f1b5a9175

SHA512
549b5ccca817523da15f83bf4025cf39caf921c30cac5913650a7ebfb5cec327effc58b750cd1c1811d948883bcd8daa87c0d364fbd03b18aa076af5b892860f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
ed6cb76d28a40267b38395e1ba20dc40

SHA1
16c800928e2588fbc10ee244dcc79ae4a2004d88

SHA256
0e73e32bbdde0ddcf3ceec1ac4cdfdd3630a4a035be61451692ee7289790d7b2

SHA512
a0d3e5b574161676a5e4d3801b37a721c751886fbc310616112769a1ada9837b35897998d12fe392790e097612d1bbc61eb750a4e3c9c29b872f20a01b262c0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b83a08d0e5352a1de3f6db63cd14a774

SHA1
024b11894fdc6588a83ca1ebc37d1c7972b9c605

SHA256
4631c5b316cece63f9d8853b28eb7dafc29a17a08844d540719f3b5ae7ea3bc6

SHA512
e43453313115fbf7524db16a12a8f14018124264cda38bfbbc959dd6328d30d803765f4631947e78abcb2a4fbfbde652a6d02dfb205ce8243624d45383c0c1d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1f28304afcc06d20ea13d4339f9d43c7

SHA1
411f45bcbc9736a48f2ebae095e37f05a0cce386

SHA256
2fd00482af15b0aa85ebd261faff8a1ae9b7172f85e4c7a0b26d120d8670ce54

SHA512
3a625ebd27d7ffcea96ce18ef48c2a233c19ded6cf20539bfab111e9646f74bc6ec1107b1a3d24356d186c8cf15d48c1e474e6eb572471f182a6cde571d6492d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5f3d54745d4d800df5463e222d910e69

SHA1
e4cf2f8cf9563b42b10f76bfe6e26903ce24008b

SHA256
cfa48781eaf3971d061afeaa90a97d5e7604597f17af5491e373aca888a9f6c4

SHA512
65811bae8c137e3e32354af99d7685cd941d2b8d9cd5ff04c462d8580ddf566647ab2671c8b357f478e27ffa85665bc3e5f6e5c595131adad6c601a6e1350dd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3ebceaef10eafbea7182ad142c9c52ce

SHA1
e8bb29d58dcd014dee89b6fd25319302bcb6f940

SHA256
da506f1309a1934e670a5b4f40a8c86dec63ae615b04df80dd310aac9b05fd39

SHA512
39cc6b54bc3384b70c36423fcef511933912cbbbd439e1d718e992347cdaede4bdad59b20b058f9f0bf589598f053a17f3cde5f9f00f91937e46f64361cd3a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c806f20e4164c12a7ab9a464cbec12c1

SHA1
14858411a5c14ca7fafce44d1d16a63d5f08b2df

SHA256
1b5809d12b4de8a46bc9779f36571e502df33add4f9cd6d2773f47c3b3d92e3a

SHA512
ffa82c9072f70b7963d90e345012ee352c740c37eb657ddbd67d06f09333ff4b2885921b2e1bd2471c6add0f1719e449c6937c1e179864227e9b28d0c1da3b92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
92009b9e5dc7bf5f9fab6537dee88ab9

SHA1
e368459c9a00601c584e0a230c2fab93a79eb110

SHA256
c07a5b0136958c1f69373f4ff92438b756a3b9f111661e3d7155303bf70fed06

SHA512
e03b173d1a139ce1d3395b90fd6ffe7bd3aee3c8f31e4f6ec6fe6dd1f6cc54f9adec24c8dd63bd44f551334fbf967cb48b29e2cf7e3b9bc93dbda29f75df13b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587c01.TMP

Filesize
1KB

MD5
8143245123256f040a118780d9bf93f9

SHA1
a86702d0af101f3b5b0834f9ce65c402f2b9f158

SHA256
64f83d5f8ab999229efc7518683d664f50669828d1e22fa3b6a87c3565a24967

SHA512
c3fa6e56a8ca00c16edd8c397f3e2a31969ee37053ea02037594f14dde5b90006b65e8598b9bd51d4588a4b816527638539c16a490c4737f42b81a4293f39761

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\aaa602ba-8275-4212-97d3-5c89fa2c5403.tmp

Filesize
4KB

MD5
025e000455a3bc741cf66be0a9cf5164

SHA1
a2f65a6228c5da6b040c6e5979bb0dfc7aa5a374

SHA256
3e1236eb8963750542b6eba6d33e64564f8748fbd1242f833f17b102486a31f9

SHA512
ab2787b694ade08f3374e42191c15a2d230a2726d86f60e89aceaec7dc1a77d7998a9a50a7c490e3bac6d38a28d60c68990f452d41ca9d0bc48f41ed4f034e3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ae77b8d875f36d63bc5a4c01b0182326

SHA1
e58a1a5bcbb839222128da86ae149ecf070c6e9f

SHA256
e14c139f30ddd80486455feed708fd13a90e573daa189e81beb373e3f1cdd7f7

SHA512
4b09aa43c7bd69dcc825a25950d13031a1db17d83ba146c78b0212b36091574e08b2180c79d1e6d46360f35475b43163d43b162c1e3be7583686f018dc1cff32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f2a1b024bccd71497abbf2cd1287d352

SHA1
994f1e4c750860ac2bd1ca7a46460e042a42f886

SHA256
b21c6c1060c402b326e775dd9bac9cf4d849001bc05c4c5fa7d1fff47f7b2f7a

SHA512
0b4abd39aef60711bf93b4489456f8a52d09b58ddb48363d2871eeed405152aa9ff1867e9c87f320258e2c648d69b67b6fd18298d24353bc98a89f33dcda3be0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1f22a4507dc2ca323c2f3595cdfbf06c

SHA1
5b7f1b8784d083867c3d760a860079b1354ba68d

SHA256
f97033ebc1ac6d0a5a044b11efbc8d3363d89d194fa46816776cd09384457b9d

SHA512
39f82b86459e1019327fa9a60c4c95f99f8bf975fe63630cce6da0fc7556d68ddd471bbd9ea7392accc3bae5c0b86d6fc381688ee3807d713869ee52ad562c97

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-BDS65.tmp\_isetup\_iscrypt.dll

Filesize
2KB

MD5
a69559718ab506675e907fe49deb71e9

SHA1
bc8f404ffdb1960b50c12ff9413c893b56f2e36f

SHA256
2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

SHA512
e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-V5T56.tmp\Sapphire Plugins.tmp

Filesize
1.2MB

MD5
2f1a7607115dac9fcca176d2071c94d2

SHA1
ce9f91a52474f8cfe01bf524e06be9a6d4563f4a

SHA256
b728af04252b23902174847900a05147415668b18acb2b8913c41e329b53d3d2

SHA512
dea4bd7a8dd7b2846dfe6081b2c7f2ba85879d4a9369aa6cd4aef2ca3a0623abb4840e2a30f30650701e484cb2aa57fb08ebd1fbde86f606e4ee05760750ecc5

Download Submit
memory/3004-10510-0x0000000000400000-0x0000000000544000-memory.dmp

Filesize
1.3MB

Download
memory/3004-7064-0x0000000000400000-0x0000000000544000-memory.dmp

Filesize
1.3MB

Download
memory/3004-2557-0x0000000000400000-0x0000000000544000-memory.dmp

Filesize
1.3MB

Download
memory/4160-205-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/4160-10511-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/4160-2450-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/4376-10545-0x000001D5635B0000-0x000001D5635B1000-memory.dmp

Filesize
4KB

Download
memory/4376-10549-0x000001D5635B0000-0x000001D5635B1000-memory.dmp

Filesize
4KB

Download
memory/4376-10548-0x000001D5635B0000-0x000001D5635B1000-memory.dmp

Filesize
4KB

Download
memory/4376-10547-0x000001D5635B0000-0x000001D5635B1000-memory.dmp

Filesize
4KB

Download
memory/4376-10546-0x000001D5635B0000-0x000001D5635B1000-memory.dmp

Filesize
4KB

Download
memory/4376-10543-0x000001D5635B0000-0x000001D5635B1000-memory.dmp

Filesize
4KB

Download
memory/4376-10544-0x000001D5635B0000-0x000001D5635B1000-memory.dmp

Filesize
4KB

Download
memory/4376-10537-0x000001D5635B0000-0x000001D5635B1000-memory.dmp

Filesize
4KB

Download
memory/4376-10539-0x000001D5635B0000-0x000001D5635B1000-memory.dmp

Filesize
4KB

Download
memory/4376-10538-0x000001D5635B0000-0x000001D5635B1000-memory.dmp

Filesize
4KB

Download