hxxps://drive[.]google[.]com/drive/folders/1n9ndhSOQgoSuQWMzXwfRqEsD_-fybzHa

Analysis

max time kernel
187s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16-11-2024 04:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1n9ndhSOQgoSuQWMzXwfRqEsD_-fybzHa

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
4372	sapphire-ofx-install-11.0.1-CE.exe
2692	sapphire-ofx-install-11.0.1-CE.exe
3628	sapphire-ofx-install-11.0.1-CE.tmp
2188	sapphire-ofx-install-11.0.1-CE.tmp

Loads dropped DLL 2 IoCs

pid	Process
2188	sapphire-ofx-install-11.0.1-CE.tmp
3628	sapphire-ofx-install-11.0.1-CE.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	drive.google.com
9	drive.google.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\GenArts\SapphireOFX\mocha-data\is-KA0NB.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\lensflares\is-1LQBG.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-0AUH9.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\film-stains\is-VS80K.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\hairline-cracks\is-D7OCL.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\hairline-cracks\is-A206U.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-0FLSI.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\hairs\is-62NPS.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-HM038.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-JN3K6.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-P29P3.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-30KTL.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\hairs\is-A6NQT.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-SJKVL.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Resources\Sapphire\is-5T546.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-4CH26.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-GMH5U.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Resources\is-VBSB4.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-7Q33O.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-BFIRJ.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-HMF36.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-AI893.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-UQNI3.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-CDT6U.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\lib64\GenArts.Sapphire.OpenImageIO.em64t\is-B6M1T.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-2F3O0.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\is-09UFB.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-3BGAT.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-L1743.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Resources\is-FIQS1.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-DAL0G.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Resources\is-JVNI4.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\glares\is-3NMVB.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-LVQCC.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-1FL0J.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-LS5U5.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-DQD47.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-INB2F.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-6DV23.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Resources\is-OCHLC.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\preset-browser\Include\is-NLI6S.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-SD8TT.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-7JTOJ.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-NJ9UI.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\hairs\is-C8GCH.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\lib64\GenArts.Sapphire.OpenImageIO.em64t\is-4F0N1.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-NRFND.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-8B2D2.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-H32QC.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-MDG67.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-GLT20.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\hairs\is-KDSFP.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Resources\is-B4HQB.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-RIOQK.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\qt4_plugins\bearer\is-GFAK6.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-8FJ9U.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-D4E99.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-F6LG0.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-QMBLE.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-DD13P.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\stamps\film-stains\is-CFIGU.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-QDKT9.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\pylib\is-H4SH5.tmp	sapphire-ofx-install-11.0.1-CE.tmp
File created	C:\Program Files\GenArts\SapphireOFX\docs\is-GQ06V.tmp	sapphire-ofx-install-11.0.1-CE.tmp

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sapphire-ofx-install-11.0.1-CE.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sapphire-ofx-install-11.0.1-CE.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sapphire-ofx-install-11.0.1-CE.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sapphire-ofx-install-11.0.1-CE.tmp

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133762035261437600"	chrome.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GenArtsGPZ	sapphire-ofx-install-11.0.1-CE.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GenArtsGPZ\DefaultIcon\ = "C:\\Program Files\\GenArts\\SapphireOFX\\preset-browser\\preset-browser.exe,0"	sapphire-ofx-install-11.0.1-CE.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GenArtsGPZ\shell\open\command\ = "\"C:\\Program Files\\GenArts\\SapphireOFX\\preset-browser\\preset-browser.exe\" \"%1\""	sapphire-ofx-install-11.0.1-CE.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.gpz	sapphire-ofx-install-11.0.1-CE.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.gpz\ = "GenArtsGPZ"	sapphire-ofx-install-11.0.1-CE.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GenArtsGPZ\ = "GenArts Preset Pack"	sapphire-ofx-install-11.0.1-CE.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GenArtsGPZ\DefaultIcon	sapphire-ofx-install-11.0.1-CE.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GenArtsGPZ\shell\open\command	sapphire-ofx-install-11.0.1-CE.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GenArtsGPZ\shell	sapphire-ofx-install-11.0.1-CE.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GenArtsGPZ\shell\open	sapphire-ofx-install-11.0.1-CE.tmp

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 556534.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
2036	msedge.exe
2036	msedge.exe
2980	msedge.exe
2980	msedge.exe
4688	identity_helper.exe
4688	identity_helper.exe
3340	msedge.exe
3340	msedge.exe
2188	sapphire-ofx-install-11.0.1-CE.tmp
2188	sapphire-ofx-install-11.0.1-CE.tmp
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2188	sapphire-ofx-install-11.0.1-CE.tmp
2980	msedge.exe
4168	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 396	2980	msedge.exe	83
PID 2980 wrote to memory of 396	2980	msedge.exe	83
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2152	2980	msedge.exe	84
PID 2980 wrote to memory of 2036	2980	msedge.exe	85
PID 2980 wrote to memory of 2036	2980	msedge.exe	85
PID 2980 wrote to memory of 3056	2980	msedge.exe	86
PID 2980 wrote to memory of 3056	2980	msedge.exe	86
PID 2980 wrote to memory of 3056	2980	msedge.exe	86
PID 2980 wrote to memory of 3056	2980	msedge.exe	86
PID 2980 wrote to memory of 3056	2980	msedge.exe	86
PID 2980 wrote to memory of 3056	2980	msedge.exe	86
PID 2980 wrote to memory of 3056	2980	msedge.exe	86
PID 2980 wrote to memory of 3056	2980	msedge.exe	86
PID 2980 wrote to memory of 3056	2980	msedge.exe	86
PID 2980 wrote to memory of 3056	2980	msedge.exe	86
PID 2980 wrote to memory of 3056	2980	msedge.exe	86
PID 2980 wrote to memory of 3056	2980	msedge.exe	86
PID 2980 wrote to memory of 3056	2980	msedge.exe	86
PID 2980 wrote to memory of 3056	2980	msedge.exe	86
PID 2980 wrote to memory of 3056	2980	msedge.exe	86
PID 2980 wrote to memory of 3056	2980	msedge.exe	86
PID 2980 wrote to memory of 3056	2980	msedge.exe	86
PID 2980 wrote to memory of 3056	2980	msedge.exe	86
PID 2980 wrote to memory of 3056	2980	msedge.exe	86
PID 2980 wrote to memory of 3056	2980	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1n9ndhSOQgoSuQWMzXwfRqEsD_-fybzHa
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xa4,0x108,0x7ff9a7b946f8,0x7ff9a7b94708,0x7ff9a7b94718
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,9281568252600353573,18104307334480534351,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,9281568252600353573,18104307334480534351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,9281568252600353573,18104307334480534351,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9281568252600353573,18104307334480534351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9281568252600353573,18104307334480534351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9281568252600353573,18104307334480534351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,9281568252600353573,18104307334480534351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,9281568252600353573,18104307334480534351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9281568252600353573,18104307334480534351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9281568252600353573,18104307334480534351,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9281568252600353573,18104307334480534351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9281568252600353573,18104307334480534351,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,9281568252600353573,18104307334480534351,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9281568252600353573,18104307334480534351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2156,9281568252600353573,18104307334480534351,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,9281568252600353573,18104307334480534351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3340
- C:\Users\Admin\Downloads\sapphire-ofx-install-11.0.1-CE.exe
  "C:\Users\Admin\Downloads\sapphire-ofx-install-11.0.1-CE.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4372
- - C:\Users\Admin\AppData\Local\Temp\is-2O879.tmp\sapphire-ofx-install-11.0.1-CE.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-2O879.tmp\sapphire-ofx-install-11.0.1-CE.tmp" /SL5="$D02E2,131644444,216064,C:\Users\Admin\Downloads\sapphire-ofx-install-11.0.1-CE.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:3628
- C:\Users\Admin\Downloads\sapphire-ofx-install-11.0.1-CE.exe
  "C:\Users\Admin\Downloads\sapphire-ofx-install-11.0.1-CE.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2692
- - C:\Users\Admin\AppData\Local\Temp\is-JUHBA.tmp\sapphire-ofx-install-11.0.1-CE.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-JUHBA.tmp\sapphire-ofx-install-11.0.1-CE.tmp" /SL5="$90112,131644444,216064,C:\Users\Admin\Downloads\sapphire-ofx-install-11.0.1-CE.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    PID:2188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff99891cc40,0x7ff99891cc4c,0x7ff99891cc58
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1784,i,10885561502833975737,11026211149667484304,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1740 /prefetch:2
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1892,i,10885561502833975737,11026211149667484304,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1920 /prefetch:3
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,10885561502833975737,11026211149667484304,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2284 /prefetch:8
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,10885561502833975737,11026211149667484304,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3264,i,10885561502833975737,11026211149667484304,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4608,i,10885561502833975737,11026211149667484304,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4544,i,10885561502833975737,11026211149667484304,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4908 /prefetch:8
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5008,i,10885561502833975737,11026211149667484304,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5016 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5032,i,10885561502833975737,11026211149667484304,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5040,i,10885561502833975737,11026211149667484304,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4500,i,10885561502833975737,11026211149667484304,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4452,i,10885561502833975737,11026211149667484304,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3736,i,10885561502833975737,11026211149667484304,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5036 /prefetch:2
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5276,i,10885561502833975737,11026211149667484304,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:612

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2328

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.CUDA.em64t\GenArts.Sapphire.CUDA.em64t.manifest

Filesize
1KB

MD5
b5a72bffa3da3050e5ba5fb833a67f36

SHA1
f1a51651f519e43f307a1889e999287b02165c33

SHA256
a9251446b1c878bf5d6cb16514ed65878c308fab2d23a6d96f9b417843106be0

SHA512
b49b011b76bda78464da10ebd996818b7bf174eb91ed7e7998a1bac37eef900dbb696cde6c0b5edf25de1e3aa8df1a33ada6f5e17e9543ef86ebbeb6b57207af

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.CUDA.em64t\cudart64_42_9.dll

Filesize
603KB

MD5
387718d578c4286f1bf51a3d82846469

SHA1
76ec07fcfb98157b1aad33410abaca25a39d8e9a

SHA256
ff3b4532892452ff6c1dd30ff3035b4ba65cd6732e999b79b184d0ada57ce7b9

SHA512
5ef5f622650c70bc6c7576b8a315de0d0ff1f8c970016a2342ab47818a2f9dded89ead9565c538fd07adc4c0a935c285d1e654ac4600f82180ae5420c615be11

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.CUDA.em64t\cufft64_42_9.dll

Filesize
30.0MB

MD5
37a85987dd557a998b6a035e1b5c3975

SHA1
3e52bd3a3f940b505643b150b16c46afda5a3637

SHA256
2b4bc518b787d971eb54dfb736b511f8075e59cd06d22056015e4853fd402ebe

SHA512
0ac0826493154b85dd901962b345c8fd78fba14ac602d0990ce0d1d157a49213257aac03a2d7bcc808ffdf8092035fa9bf21c5d2cdfd51be674691eb9e00cadb

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.MMD.em64t\GenArts.Sapphire.MMD.em64t.manifest

Filesize
827B

MD5
6a55431031507344d98891e3e53de9f2

SHA1
27492b5bf2f2b7f6fbd43ded5e93907d768a99aa

SHA256
dd53e5cfeff4623d333c72d53ac9d3287f3af3b01f3f188a94fdc1f91ff79ea5

SHA512
d41898485205e96e2d87ad0f769be0138a9415eb3a41b0eee2a8fd93142dfbfbed99ee750a04454f2d4fbdb340e3ddac5f4607299a0d2d8887ac3cdebc1e5236

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\GenArts.Sapphire.OpenImageIO.em64t.manifest

Filesize
7KB

MD5
8f38bc3b1d745bee99bf9ea1897ae8a1

SHA1
5d0f49bcd9fe613f77e52582cd80c8755d2419a5

SHA256
ffd4f4aa8a23fda4bc2ed6a86f76ebfd2fbc7ac91985514556319882c97f2c1b

SHA512
e75fdcbe2d1b53cfcd077c783c49a609a2730377b5434d8564fa8750490175feb0526f7150b22a3bfd5bf25c9cae116814d202e7e64c5175c4fcd223076dee89

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\Half.dll

Filesize
267KB

MD5
fbac25c0b8e0ecac26701732186e2aab

SHA1
4d308a378a3e5c49c1f3d7463a630134447eb288

SHA256
e0440b09e2c0fcd6c4a8586214bd77c1bfbab8f8197ba5bb712e34d18f105361

SHA512
1b22ad99e7cc217174386157052dc44a5ef76f5d39a0fbd01dc92123376d7fc090a6e7d30604caa21fda57d9617b4d83c17420130f93005f053ec52c0d4f7ee5

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\Iex.dll

Filesize
70KB

MD5
4775b483a40d7be3c1cc6cc649217883

SHA1
37b1c1b139e9fc812cd93c1cd6f0c9246f415c09

SHA256
188138837433e58f3d3aed8a68f15358d273a40647b18f33cb3753196c14c6e2

SHA512
b2a781b3eccc98cf89837b00c334687eb0028dbaf2b0552ae552ae433649673e45d54f4d1c4752afab2e1c1761115d01bea993ae2f00afa57340783d56bfdd65

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\IlmImf.dll

Filesize
2.8MB

MD5
a6c4e045736cb5862916478a7bb056e9

SHA1
2251ddbcd7052fe2b29293c0ddbd455ebf095c5e

SHA256
c58388f05e0508481090698428f0da35866431d520abf44fc666bbe80bf1c8dd

SHA512
e49ae82e7616f766706ef0703c2df95a401682816dd1f66a44c38f76bef34f11802a24dba7cf8f5f3e98966c485130d257525687407f99ef621f6718d9b7c8e9

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\IlmThread.dll

Filesize
34KB

MD5
7b6dc47c70c218561843858bf64893e1

SHA1
0135bb42011104a1565b52195b6d0d6082cba822

SHA256
fc0042bc5fc8d71622ddc4678056c0cde8edf3098301384deaa2c2707f47b91c

SHA512
5dd23fff642d59f99b28260e324ca007d4722469544a957a0bddd6aed7f45b8a0e84d9188e964348e77410db64315202cf8b910dd273755de504415dc3d7f8ea

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\Imath.dll

Filesize
80KB

MD5
5e074eb83e455fde86bc86e9b63a6956

SHA1
1820b0b922bb0a7af74c2cec5489780b7443aaed

SHA256
1aaee6a1e08d840e8c0df5e1715bcb290b8275ccbd59c1fa1d1e2d0f76cb4948

SHA512
827bf0843aeff73aec6c2f331327fbe156f7dacfab18e0366f3f507616f0cbd8ea7dbce1989749a7b3cdd7b5d18aea3bf03092318baa0e9ae4ea58233c9d6ee9

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\OpenImageIO.dll

Filesize
2.1MB

MD5
a3bd42b4381a5519faf2013c602a1089

SHA1
b89ced0039714c28230d836cdfd29ac8ed60fe74

SHA256
20217dd71973303d099a1f2507e2347005955dbfe9d6a9b7cfc2cd4475ca33ab

SHA512
2b7c37d37084a2b41bcd8576b90e6d9104bb967bd0feee4d4f260fd8561744a474ada55586384d3fdea2c29c762c8ee8d8081443151cf74af7b103510fd4d35d

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\boost_chrono-vc100-mt-1_59.dll

Filesize
26KB

MD5
5f2016866a26df64fe4e99a55c307f42

SHA1
dc3e70a41ba05b4df03a7059ef6975145b2971cd

SHA256
a330e6a86316e51d542c1d2f24c0bc6d1979628afb1d6c56a2da98657b3ae738

SHA512
44ab5d3ac26a35adb2d1aa65f20e1c6da03430555d3cd004a342c1047fcbc4e6925c78a8d570476b8e92a203f91e06f7e154881654419aff941506fa2f399ca6

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\boost_filesystem-vc100-mt-1_59.dll

Filesize
116KB

MD5
56a0db57f0672452bc7b022d92f6558a

SHA1
6423a3f2621f018ebe543ae6a65624856204ce00

SHA256
b46483932bda734acb0d08ee81aeaa878959e5bcbd5ac592aacf80e5bbd30083

SHA512
eacf35cb00b1ceb80e8f1275e883ad0e923e1b5f9a604fcc37b7e9aa6b6ac86239d67b99f4680c12fce04a1c5c3eec03ab7417aa02111708a471f9f0e8ff21db

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\boost_system-vc100-mt-1_59.dll

Filesize
17KB

MD5
e72aa14a7a91e438a7a33e8e322c19a0

SHA1
9cf1266577282ed3e6fedcc3dd12c27b7f781d3f

SHA256
e0d117dd303447ef8785f13629a395af2b07925008098491141e213a687fc673

SHA512
7d43d6307039e7dc9ec3d343eb6ea6931c863d6bca1dbfc9e2ca13e1edab02eee2561e62600495007b3bed2fc775df374a81ffdcbfa14f6cf6e4c57828e3657b

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\boost_thread-vc100-mt-1_59.dll

Filesize
98KB

MD5
782615cdd4c62d533569cefac7ac0075

SHA1
3294c8d1d0ba2d08fc66e7540c21d016a8bc53e9

SHA256
794e5b72081e7a9c3015e21ce6b2429ce00d7dac6917a6e3375ec79c5920304e

SHA512
27ee63c2dfc264d235d0693cf2ebfc96162f8ccf8b7cf9854ec64580122e59315d4dfa602b4d74cf798ed668ec627e79d7b84a0b84ced76b5cf4f7c90439a0f3

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\is-UUPRN.tmp

Filesize
761KB

MD5
b4530e924bf5794fafdc0cd537a1c2b8

SHA1
8839adab8bb4b47a6fb5685121449e9331522a37

SHA256
086f74e07b6da1fd815b337a7c2af638bcf441c645b947a66daa0e12933d5405

SHA512
eb6f1f4793965b327ef7e3da05ef0ef10e0b8ba328883a98c45df0f488ff4fdfeb3dfcf74a80da1472eae512634d529606f3359937a6db91142e3dc71172e651

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\libpng16.dll

Filesize
168KB

MD5
f98a96e7cbfa97a1fa132be2da651e5d

SHA1
e4a25f477e4d704d40d01fc5d8e81d134f134feb

SHA256
f8df7c7595affe8a6244fdfb659c65666065631cafaeef154f7cd5a8edf94902

SHA512
76b840a4eaa926fc7a1e701eb21c5339d194528e95fdab7bd5c99a80853cb8208021378eb4fda7063659b5f65684c224f8dc9abc4fb32a67adf5e2376212bc92

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\libtiff.dll

Filesize
595KB

MD5
627ba450c9c2d4bf0f14a60b7e88fb8e

SHA1
5f36d356346e58dfad7081561c14fd77e790dc5c

SHA256
adf2403a8e8dcd6740fd3b4d9a4738344020a539f3323cda4864681c511f6ef7

SHA512
ade9a41a6f82dc0eee8b80315344d8193ab51cb97451e989b2f102a6a17320967b1e2d2195956b246fee3d6149a4dbb732fe93d9508471791e07aa5a4d8c0df2

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\openjpeg.dll

Filesize
122KB

MD5
fe1722806d3785fb9c56789f1cc8d1a2

SHA1
9e08a99a33eee7dd182580d2a3e77b9fb00c3a5e

SHA256
1c18c935d88c76f5371aa1ef890c21f36bd22b19f6aa6f492adf17761747c2d1

SHA512
9bbd82dcd6b6b5fcb7fc514ae26cd17fe15f3d82e4a6d0197c3d8aa41ceefe4555fa94bdc838c53f8bdf496d20ff3742d7e61c63abec2e22689dbef4c2bdc418

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.OpenImageIO.em64t\zlib1.dll

Filesize
76KB

MD5
525ebeea6d83439aa536bbc10631eefe

SHA1
f62647437bf92beac1bc28d734fafa7a053af987

SHA256
e5b51b8112f2b7bc5a0567e849df1fea8b470b2669dab03a4c4564592fbddd59

SHA512
5b4749e19ca7cff7c35c838b4c5915bb3bb8e1378cab328420f9105650e195da902965e2d477e9a6f628707e5edb5a1ed3b8ed1fa105223d8fd03e5a875cc1f9

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.mocha.em64t\GenArts.Sapphire.mocha.em64t.manifest

Filesize
832B

MD5
4236cfe0aca3ecf09cf2ece471302df5

SHA1
abcc3b0d9c4c54d55e8204f95a5a6226bed03418

SHA256
b9b9135321de2d48341d5a7004f54a3ecb7c4d32f4bfed6ba45e1d9e88d7e589

SHA512
6f8175f5b72fe0a2975b366305a57c12ebc69716c73497773826ff17e7ada9958ea99b2eec774e85244d103e3b7955336bc19a7eaa94129326148f2b9640f20d

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\GenArts.Sapphire.mocha.em64t\mocha4bcc.dll

Filesize
36.0MB

MD5
dbe5265adcdd266132f9822a71dc225b

SHA1
8f512d8b0b2c38029dbcb3cfe23895ee2a93916a

SHA256
36ae13a378b28edc13d63e63b66195dbad1f476f079d3dd9b0d18cb0751ff266

SHA512
21074b3dcef72951a46474a40a58cdb8889130ba61e4b782e11c5be441c5043cd0a9c9fdf34974c9b88544813535717086a90b3f8df82eb0eba0db3772af4dff

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\Sapphire.ofx

Filesize
36.4MB

MD5
866058d09d96024dc40e4d12b6539c97

SHA1
42eef750d6dfee6a165228a74062be69c6cc6d17

SHA256
210dbd0360d79c6b76d9d54c462730ad790d1ffa92e877fddbec835469871d90

SHA512
ce42f6ea17bc9e88df3ce8910224f56cb642e013447538bbd5856118268767ae23dafbf785f7f0d5c4c5a1354f79601ba1a87a0ceb000e87919ab1d7ae7ff91f

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\_renderlib.pyd

Filesize
1.0MB

MD5
5d4e4c88544a21df144a0190db1d4d59

SHA1
e6f3bd731de425d334e5b54eeeb1c10b8f6bfde5

SHA256
c36acdde7b7fa84f567c337c4a19802412c68adb4a73aa1f5abaa7d2648ab24f

SHA512
0749e4555dfa5dfb4e4f2e65df5bc7c3955a6883078b0d5ac62822ee317bc4a6ab9584dfe708edaf1df46de81049b72f7b6814430894774fed7a90f5e6c6b689

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Sapphire.ofx.bundle\Contents\Win64\mocha-wrapper.exe

Filesize
592KB

MD5
c3e092e0011e6c13b547f65845c9e8fe

SHA1
20f6078eac80414c073e212f1b640d86eb022cba

SHA256
cf271b5d71212a30e08494ce0dd9c0b6397d661776c58363d27a8ca562863177

SHA512
9fd373c7a77ec9bfb01ae21bb12fe4031f1972ff56db96ae58e0fd75d3907627352d26eebd75f72070ea77393cffe9f72c4691e8eae039ebf42c6008aa208123

Download Submit
C:\Program Files\GenArts\SapphireOFX\flare-editor\is-77KQ7.tmp

Filesize
1KB

MD5
e36f541a32a036a9ae7cfbc61c53b75b

SHA1
c7f0ecfb307c55b6c7d7e8607c409a65fb109962

SHA256
87c5cdf831b890dfb5f61ec55323228ea999b6188c617ec68c61fa7673bda1c0

SHA512
f86a797f267784118b4f13fa93d5d0a12d4d528b74b37e474344c27e4fa090537914b6de7ebf35c4bebb35f825549d176698ae117e531035903b9b40fd868b7f

Download Submit
C:\Program Files\GenArts\SapphireOFX\flare-editor\is-ECKCG.tmp

Filesize
25KB

MD5
de4b8d3970e99b3ee0f5cc7a7d653fff

SHA1
8df91d531ed75ee3e9329552f89147432a3e31a0

SHA256
b073268969316922438806cc95a89dd7fe1e69d4f3c7d7e08aa7abe6184979a1

SHA512
2f76c7a53d096db044a52a29836879e35d28023061e9762a2f20e6ab3029cf4ff6ca88f37dba84fd4aa38fac489dad191ea42d9dcf21d51c5e366962ffb81fdd

Download Submit
C:\Program Files\GenArts\SapphireOFX\flare-editor\is-KFE7D.tmp

Filesize
1KB

MD5
13d8cce78035229d5435dc959e3757e3

SHA1
97f0c18359ec55df8f7a6a535e835f312045e99e

SHA256
d53ebf4fb14d2e7d1ee98803cfe00b4b8df42adf6ea5d05b3b2d55606edf27d9

SHA512
1b364580e95750ed768d7c3eca812d52f8b340ca4ebbce4e0a1b46dae7d31d8fb1dcd889cb93ee27a99827dd3184e828557b49a17ccb00d76f282c6de5ed33a2

Download Submit
C:\Program Files\GenArts\SapphireOFX\lib64\GenArts.Sapphire.MMD.em64t\libmmd.dll

Filesize
3.2MB

MD5
66700db697342f7412eef592ef66d8e1

SHA1
a99dd3e98d23ff743369d0482d9112f938c7ecfd

SHA256
75ccbde18ceba3024f8633e8c8151a2e87420cd73511041428a1a83a4fae5535

SHA512
4c5faf0746aad88a320fbdaa392ba03db5aa3872dc8cb15843c5db8f9eb01cfd9c4fd351897317b5fafbf2f81806bdae13a4179d4fdea1b20b5ab6231850ea37

Download Submit
C:\Program Files\GenArts\SapphireOFX\preset-browser\Include\is-NLI6S.tmp

Filesize
20KB

MD5
606c8ee81dd87502ec1d483b045e3270

SHA1
a5e9ff0ebf89d050fad47a7c56a7a46d13f93a85

SHA256
8e1613e5363a1ec22228acea618af74ba5cb6d6fd91dcc9d4a8e8ef40f1da2b6

SHA512
872fe3eca539ef6f728119896457facc927bc897c4b243bcc9b9e4b7f3a77364b1daed0a986ee11a468b171f58b36feeaf4d194a5918a519109fae1c9ddafa91

Download Submit
C:\Program Files\GenArts\SapphireOFX\pylib\is-62IQ6.tmp

Filesize
378B

MD5
a55ab44e1a5c551941d471fc34169327

SHA1
146bc86a300403fa123d17bd0790a6af731f2805

SHA256
7ddf5efb1bc2c0b1a73ce27c0cbf7b89a293d811ee3ec2c65c93571a9c8e4b57

SHA512
db0e682b6bb3738d5dc0bc9c9da0d96e2a724249838d81e8c401b010de470a202a1fe8daa132f4d33f20be87cfae5acc5f6cd88d2372701f06923dc35b3980bd

Download Submit
C:\Program Files\GenArts\SapphireOFX\pylib\is-EVOMF.tmp

Filesize
58KB

MD5
23cceec35684b71f509f516d78237f6d

SHA1
115346144e9c20e163c3d773f1f55695d4b604d7

SHA256
71a80a296a6512ce75ac8ae9700a6e39d5a127885c9ecd48bfe842373836cf2d

SHA512
8945eae7540f0cec1d34cad110db250171de1cda24eb886ae92438fd691776f1ea77801e45633d3b8f1c475351a545708bcbafcff184d33796a6644252b055e8

Download Submit
C:\Program Files\GenArts\SapphireOFX\pylib\is-JCIDU.tmp

Filesize
147KB

MD5
5c8a7e4d173c34d7a43158c1204cb1e6

SHA1
1ca74bb3d4dfa1a68433cb69b164667fc78e32e9

SHA256
70dc54d2f44a9c53c3a71e2326f2acc5ea0f4ad08f65bc2670d4f6694e7ed300

SHA512
f81e62da05bf207c1920cd54c802b403929be73b3db550f2c030c6f5590d5091ad5e79e820dd0c652daaa8bda2be25e23db76b95a9458b078e1bbed3d0ab861c

Download Submit
C:\Program Files\GenArts\SapphireOFX\update-check\is-745OO.tmp

Filesize
388KB

MD5
70bdfe56b66584357eb10cef1ddbdf20

SHA1
16fb712ac63915bd6b821f67fbb3c25113e631b2

SHA256
497519a8f7a755435af588a4de659d01600c5251f132db3864242bf57cc50fc4

SHA512
2d63cff6ccdd35288ff3207dfce3f9aebb1f92ab42fe8bd68701ec31c700b400fcf4bf8c1a42edee1d0bd6375b898bb408ec40aad13c051af71825523df90dec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
eb9b1e4c3b0ac03cb2e0b767c9ca7134

SHA1
89c27d6626d2517b1868cdc249e13ff043fe7c61

SHA256
1e4ad33ef315ec08aab892f2f66e85bd3ce443f34094874b79adf89079c8ec34

SHA512
c9d4bdda4710c7988bcbaf2f65b455cc8e7edf99330af9b200468e67ee135ceec577f5d5828ea5a5a6963ee3764e9a01aa77778a8e13c80b9f9cf53bd59f247b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
503766d5e5838b4fcadf8c3f72e43605

SHA1
6c8b2fa17150d77929b7dc183d8363f12ff81f59

SHA256
c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9

SHA512
5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1a85404a7471d402_0

Filesize
19KB

MD5
201d416479b42fe6e6a42d0557ed026d

SHA1
1d9ee34c9fc7bbd1e371392ed082be4824adcd8e

SHA256
ba0317de5d42620b66b955ccf0938ae973c4f8690c94c511810708d9f8cf39c7

SHA512
830bb6aa4566a8108c69aa19391f41c58de71d21e496840e0dd08722d63cf04e1af325d36b176eedc929b35e8049661169fd32d96214ca7b850d4e94b0456eea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a7f7807b6ecc52a9_0

Filesize
280B

MD5
a902ace9b73f23d194232360e73fd6d8

SHA1
c56c8b3e1412ddaeeea9ac490dcec23f5441fce1

SHA256
784cc83478ad6622b04eecdb69d24ed08e2bd5faa7e4ba821d1255133dda47ad

SHA512
91b130c36cd872e6e06a17a2e401b505e2b5e426c33368a4e699e2c35f496581c1712dba38ce75612b28e701ce5d88b84941e6419951961cdb855215924f834c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
216d832207f679269ec707170694be4a

SHA1
25b72a3f14cc010850ea635a1841876775c7fd9a

SHA256
450cc54c3333bd9d4d51c34efb87fdcd3bb0f44e870815782992462eae5923b6

SHA512
99065b7b1dbd6930beb5b94dd945eacce9207c8d49d3926039fcea7d28edb7922ee6ff7dcd7f1d69c28e74a08825706561d9c06f4862e6a1a9bab71ee45e6778

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
0ca129a652fc4bb22dcb0ef3a2dec228

SHA1
3f5ce365e5ae3bec3c89161505b87b4b2a279e81

SHA256
ce8c970b7d6a7367cbff9ae7e760d10da8a16ec4f388197b5224265bcda9e42d

SHA512
3089d90b3594e612e77cea775c0f56a184e6d2ac69e2a2bb6f043547084bf6e39df32403d4908911f16f7e7307daedf596caf9cd251ae8c8201eef04b32cf780

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ef4e71ba30ef9f16112dcb4273fc5134

SHA1
85ef62b0d7c9a500c2cbef4dadbae79da9710469

SHA256
0356a2ae873885132547d7abe05610ae32bdc1eba3ddcd167a98e07530560587

SHA512
d705526c26a11619609779daadd3cde772f06b561ba4cd097c2d0ec4fa3bbf00bd74cf191f260b75347a99d20963946454ad2ea6f434d5bef0ae3522b7d4aa43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2cdaca10addc6374124338ece91a091e

SHA1
8ee7a21cca48d178393253eb96d028c3798d4145

SHA256
e36398fd4749222e857528596ce810b6e5c9f087941082d643d890dd99584100

SHA512
f3eb33e4e09bcd6369acb80a7ce5a8f4ffb96d039aa090bcf596522666cb0e6a502f6e6310d9cc8c19230dc364d5b9afba2dd606781291af161cf0d8086fd1b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c5cb245a2edecbe626ab5b9407640746

SHA1
82600e604a69a4c575fe130bffe696cf759f7fdd

SHA256
5399e3c973043c6ab045ebcfda97f023a18886716a9de3df63caf7ecd70bb4a2

SHA512
ce309baf21ae427dbc58145058e3196f267358cd01f82885bdfdf6f417e67dc07a7142990b3f7a9e3593cf103d2ee5ff81be488a5e829390a9fbe4795985843e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
62c03f581a7b23941ef39d196071e78d

SHA1
d1bf17f20d920cd0924b98f62aa73facc465e9ad

SHA256
66120288bb8d580e22e3c9c2e4eb250da41498efb97d6adb634631e845b03f63

SHA512
aa6346aab1ce65cc14907b51506f3c8fa3d6cfa490c3eecdbbe9f0623353daa946a24a4074f2029726b43a76afb55c402428aef0159aee3bce544ef6e5385949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c200a23aaeefb26f5ac4ac85f4964ef6

SHA1
22caeb17e4f695827b6b12ac586de3c2d818efcf

SHA256
8d8cc8b39a19f871f16626f3ba952f674a6f0e59c46d8098fbec5a89857c7376

SHA512
5425d1b8f4b7a77acf27f5b09d7f915589abf5d4aef12c2704a6da5658ddcd360fc1f734f2bf7b159daeeda61be238ce7e9a11f1a971822c147bc8f942d9daf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cb156c920c08360f7bbb08afd9f4b41d

SHA1
88f795cccd5b07dad5880496c0cc31ed40a1cee0

SHA256
990affa6417a52c6c50623006517870086eff7ee702036a6c9f7036ac8df5ccb

SHA512
7cd9e54af094d321b1a289699bf2fcc45bcd52534c888e900127da81ce8e760b69f4f35ed5ea48390941c4a2bbc714bf2a70ed05fd8dbf882a5fdc8acd4f05d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cd441457e916ef546ee8ac829b17741f

SHA1
823d04dca3bafe96abe56129796147156552b827

SHA256
7129525b2d0335ebd08914d017603734bc7854436aff1f7a400e68825ba915d8

SHA512
b01c93be1a51b62eeb1196e51ddc66b797de7d4f3c6160249bc58f0f0e36f39d8a9cf83db7d0bdade390f5a33a9eed81a79780071163b0cfcdc78f79b5ac9bf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c81208ed953b95f1979a1eb08a9566cf

SHA1
e18d7b2fa83375269fd733269af5a424d1d33254

SHA256
e86c121069e65f71bce88f0b052691a21c0ce2342fa0a995fb100e3628f9fde0

SHA512
82a64f92837fff31dea849781bcfe87f8b2c80e11816953cfbdcdcbecd84a2c63a1bc4881a143a8532a7b5728980bfa0244a91a122c11ed612c1f6f6c6507d61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
dec1a2fc2fdb3f0e38459c1bc0d7bb60

SHA1
275feda09ef34811f5e9f02dddfef71aa7a1d605

SHA256
3be13978aa7a155e17557aaee0fa367efef3ec0099a56e1bab106abc94871346

SHA512
32d2fb907b6051ddbfa7a99da7352d57174b0d04d583f84a051d14d3baf3a2ee38e833be0b5115aa64794ce4e67c463454110e6e653b78c14873d649c2851823

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
10c3717b1ea1be60a2c7d85ba9db72d2

SHA1
231764fa022be600c3a15861491df8ee833e56c8

SHA256
1373d943554b397c5d0917d39d48e09317d40f35e62a5e99a5c9dcd7311b8e93

SHA512
815222f87fd7da4e9c5b8f4ec1c2a1e7f4c58e1632d61207cd4e52efa0a92665148ca946eaddad3fc21eccbc5e5a481c851690882a540e7c195b27e1c32d0b98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
765ddc4758256a2be03c28f95cce59d8

SHA1
1bcfee5da75d1ef1013c64ff1911718ad5858ce6

SHA256
3f8aec4f5be0b43784b9ef405a916bdc3ae798aaea876a6cb9d578aec5d631a4

SHA512
9ef598c42669dfaef55ea7788a3ddfe148e6533ff746c80a857d712a9114bee0cf688e421e74ad6c1867a7ed4aa7c39ec1b545b6d49525360f759a1403a41b5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
db16d91828503ed6cd5197515a6b4eb1

SHA1
44a0d0c32999175469600fdf61f6e2a70541b32e

SHA256
004fe486abdcaef042dfb4b26fcd086a56027ce55ce79494aa2025f896be8941

SHA512
00de835a99c76bbed5f026965db1060b457aa9c344df474addda7fbec2d252be4b91861645928607f0f31d7894b82761e3965931a7f349e09520074899262693

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\21586885-26b5-4b2d-9ffc-ab1831aa6413.tmp

Filesize
10KB

MD5
2f028a38004963775276f009104e57d0

SHA1
0f638c6ce11d3bce94ae7ae1f5402dbde60ff1c9

SHA256
dc2b02db4db7a45eed221111c0a0099abc23d08aefd004e89357bde6f8223b4c

SHA512
9d9f071fb594710d6efb4f3e75339777361177c8b731452ceb75ff552f4bf7145ad88a469e655d6940124da415c43339f19cfb50d5717e056ecc6bac0db0fbcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\95955cd1-d38a-43be-bc09-1e69200a78c0.tmp

Filesize
1KB

MD5
e08b2bb314fbbca10a7a109b57ceac19

SHA1
da813e6ed3dffc8cc302627b57bb653cad7b0759

SHA256
d77ab7d3fbe47a48b70998334db66de49c6b1862040bc3a17b8a218f2dce08e6

SHA512
59d78c3e9cbb3624eb8aa3418cb36e5d53c0d9503b027e84dbd9d9ee11e00a0dcca64c214c04a1a142b8170275b6913b636974636d402cd51f5f5069ad556737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
25KB

MD5
9222217ea98c35e71acd00dfe056b030

SHA1
42fc786d7b865bdba84117ff15357fada69d3b35

SHA256
1bbd4cf227b3645dccb3d9e3e03736d4e7612326ef09126cf18fccf00b1aac4f

SHA512
7aaaa2031579bdbc89a31201613e26f4a1b67998cafc0d2372438beb22f11ba0bcc13d41c6d6e074b3e5a8d87a15dee42747b796c92d619549e83bb117362780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d40a96e873a69e57fe9ae4b7068ce6b8

SHA1
a67173b9cd3c935a2340d3a0a9a198e215ddcd89

SHA256
caaa77ba4a60c3d5b14f1f2f993b43f4debea8aa798fbb1ea226473425d25125

SHA512
553ab92f560396d7977f48674a82da627c4a8a0b4eaaa36b967a8c73828ff27ab28e5deed48fbb488a924d44c5947349773dbedfa01d68d30f86a27f52258b55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
9eb1d83b9ac19ef8b834d1f1506597e2

SHA1
16cfdefe144ae9a253fe3ab89d88528746690942

SHA256
04447a72a5489c4313b5b8eb77bfeed71a1eeaaf9f07c1150c23ab286f7bd755

SHA512
143e00ae5eb5800eafff8f53b88ce6cf8e9525ec6b7283be8a8e0c5296fda8abacea856196ba84a599325f0f42cf6921ebd43f501c8dd70072edd33ef43116a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
f6bfa0e469378956f0f630bacbe5e9f4

SHA1
1c6a893624b1bc2c226aa4bd62521fd1b198256a

SHA256
e92fe7e28ad58433dddae0f71fc3e81a6608492d26fb648e4eb45dbba498a37c

SHA512
e23a9b16861d1aeefc0e6de65dd65ed02df04f5b11e0f68c8454b182e2d4d2831da00c961cc2b830750405acfbd04d001f1b8c5f8037e221959113515cb9901c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
48e055c89d07ad4121e528e21ba3cffc

SHA1
25fdff38f3a5284ed57828773fd7fa3e46ed22ab

SHA256
15a0cd3bd18808b53a3eda87b273ab3d6e32aa17cae784ef6cc49614c19432a1

SHA512
173d0ce34702f85bf2d63c3b37bb8301c2b3a1de343c90cd66bf5f0f98145c97be13d40d0d9af9901fe54b7e0077bdae1aa5ba696de18d805e39872268951919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9c5118efa24fd70e2a1ba10f014550e2

SHA1
8e4fb642f033ee07cb185c02e2869ca046888090

SHA256
0b3d433ea31465d1dcd9fbd94b9b190f255cea6d772d9d11a167d19b9bbaf2f2

SHA512
97ea6355c8bee7cda49bfafe7f0f8dda46d44d72c2f604993e32553ef8b594313b5cc4983f845ff5cd9131fdee1719c23d23a5a773213fa43245bc23a12c2401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
65ac04dc105c6bc19734d820d4493bfd

SHA1
e98e429c0de50c7168a6d67678cbabb58f7a4b13

SHA256
14845aef11b4bfdc653c2374a03c9b320aeccfdf666ed8ffdf6914d878665f93

SHA512
df350cd5a1b82578cf4e843ac433b07d3f73be517b0799f2fd19d53341472ad156fef680a8c7d23be73c3129dce5239f3a6d13ab15f2dee12346754f4056a99d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a47e994685bf09e8c86290a1c8f5c393

SHA1
4f08c2681f6166481d53887c441f46e35581adbd

SHA256
b52f5191846d2e6c6a4612ac941d5e322e2d6da6838ac72035300aaf4b38f875

SHA512
c102b5aa5465b1133c479448418344eff0117109db02e47b75f1a001f05f3fd8e5f1e6c62aceb117d4a1f9019575759a4f65081cd7beb956d06c030410aea908

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a89820a007ce2839c9d81cd0269b2ca0

SHA1
d3424f6210444afc4778a1c492e8910492b93b8b

SHA256
1b508ac54ddeccd4ee374cde61920a77614022615b3b8e432f163f20c0a9e882

SHA512
8616f78ab5a75bd629abe50ee46141acb0253adf5efc21d82a26e5b843117baacf889317df9f1c26ade8e6ed209737b5929c0bacc09e4f21f6a25c253966638c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fb58.TMP

Filesize
1KB

MD5
a1a14332e2deb5834af4c7ff34bc00ac

SHA1
a20d06977b0cf862f7bc63ee6e20f9b9e02b30d0

SHA256
f3b6e0ff71d1694ce73897343b98f3eb4186619ab7a20a602e8262ef8f4a04a2

SHA512
0f0c88801990b39837c8c36c705e605277707926b393cf4dec4640eb068040ebff514327b10bc9d778c50d73994f8e347906574906195c248d483674a527fb8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7029ae8ad9e5efd0461f6174d466698a

SHA1
d64719ea56dad8064d636aba6c194034c82ac26c

SHA256
597212dffb9f1cf4a56773f1a02affe7911c892773eeb88779dc0c7be9b8c13b

SHA512
d330d3329dc805b06caf3e3df406496cde45fcfded7bc407a45a1cdb59ae7779d6bbd3d9762d6b19a7507818d684922fdc4bbc5163bafae283ee26f3abe0db6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7bb89f99e5704bdb3afca1dfc4781104

SHA1
59d1608c2beafc5c54caf475c302399200112cad

SHA256
0c701b639a43f4145ca2253a19d1a051a1096120202238372e6c408336db36ba

SHA512
2ce4f4f119bef45878bee684f636e63aec96456172a9e9387bcf7ac10dadad299842209fb3af634351a4f330a056c52f37d421397ecfd7efb0c0f707cf6e9838

Download Submit
C:\Users\Admin\AppData\Local\Temp\179a194f-96c5-4ffa-9973-7b857f684eba.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2O879.tmp\sapphire-ofx-install-11.0.1-CE.tmp

Filesize
1.2MB

MD5
2f1a7607115dac9fcca176d2071c94d2

SHA1
ce9f91a52474f8cfe01bf524e06be9a6d4563f4a

SHA256
b728af04252b23902174847900a05147415668b18acb2b8913c41e329b53d3d2

SHA512
dea4bd7a8dd7b2846dfe6081b2c7f2ba85879d4a9369aa6cd4aef2ca3a0623abb4840e2a30f30650701e484cb2aa57fb08ebd1fbde86f606e4ee05760750ecc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-V3DOG.tmp\_isetup\_iscrypt.dll

Filesize
2KB

MD5
a69559718ab506675e907fe49deb71e9

SHA1
bc8f404ffdb1960b50c12ff9413c893b56f2e36f

SHA256
2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

SHA512
e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4168_593534342\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4168_593534342\b0d2c4c8-aec2-4792-acb7-77f390f0f7ad.tmp

Filesize
132KB

MD5
da75bb05d10acc967eecaac040d3d733

SHA1
95c08e067df713af8992db113f7e9aec84f17181

SHA256
33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2

SHA512
56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

Download Submit
memory/2188-10582-0x0000000000400000-0x0000000000544000-memory.dmp

Filesize
1.3MB

Download
memory/2188-319-0x0000000000400000-0x0000000000544000-memory.dmp

Filesize
1.3MB

Download
memory/2188-2845-0x0000000000400000-0x0000000000544000-memory.dmp

Filesize
1.3MB

Download
memory/2188-4996-0x0000000000400000-0x0000000000544000-memory.dmp

Filesize
1.3MB

Download
memory/2188-10579-0x0000000000400000-0x0000000000544000-memory.dmp

Filesize
1.3MB

Download
memory/2692-273-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2692-232-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2692-10583-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/3628-318-0x0000000000400000-0x0000000000544000-memory.dmp

Filesize
1.3MB

Download
memory/3628-2840-0x0000000000400000-0x0000000000544000-memory.dmp

Filesize
1.3MB

Download
memory/4372-272-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/4372-230-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download