483df81431af3aa7eb9d2822d1e7c8e569a00aa83948337971f811ceeb4b4469

Analysis

max time kernel
206s
max time network
201s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 18:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

SceneBuilder-11.0.0.msi
Size

84.5MB
MD5

d2771f90cdb505219e2b1fecd1a6f227
SHA1

511594a506970bc9cb9562ecdf061d2c346a35eb
SHA256

483df81431af3aa7eb9d2822d1e7c8e569a00aa83948337971f811ceeb4b4469
SHA512

55602261721d14e39e19f9dc9447e0cc21948fe2363149794ed3a91a48d02a8af1e8e0c13fbb136ea7977152ad30ccf0e5ec2cb078bc6b15871f17deafed266f
SSDEEP

1572864:cErLBjU3EXdGlrktwExfPfZNO0vew7s56pxYQsdSJUmJmCWo2wx0LX+O:drLyGUktFHZ1vMQsAvJYEx0LX

Score

6^/10

Malware Config

Signatures

Blocklisted process makes network request 3 IoCs

flow	pid	Process
7	3272	msiexec.exe
8	3272	msiexec.exe
10	3272	msiexec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe

Drops file in System32 directory 18 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SYSTEM32\dll\ntdll.pdb	SceneBuilder.exe
File opened for modification	C:\Windows\SYSTEM32\ntdll.pdb	SceneBuilder.exe
File opened for modification	C:\Windows\SYSTEM32\jvm.pdb	SceneBuilder.exe
File opened for modification	C:\Windows\SYSTEM32\symbols\dll\jvm.pdb	SceneBuilder.exe
File opened for modification	C:\Windows\SYSTEM32\dll\ntdll.pdb	SceneBuilder.exe
File opened for modification	C:\Windows\SYSTEM32\dll\ucrtbase.pdb	SceneBuilder.exe
File opened for modification	C:\Windows\SYSTEM32\kernel32.pdb	SceneBuilder.exe
File opened for modification	C:\Windows\SYSTEM32\ntdll.pdb	SceneBuilder.exe
File opened for modification	C:\Windows\SYSTEM32\symbols\dll\ntdll.pdb	SceneBuilder.exe
File opened for modification	C:\Windows\SYSTEM32\ucrtbase.pdb	SceneBuilder.exe
File opened for modification	C:\Windows\SYSTEM32\DLL\kernel32.pdb	SceneBuilder.exe
File opened for modification	C:\Windows\SYSTEM32\symbols\DLL\kernel32.pdb	SceneBuilder.exe
File opened for modification	C:\Windows\SYSTEM32\symbols\dll\ntdll.pdb	SceneBuilder.exe
File opened for modification	C:\Windows\SYSTEM32\ntdll.pdb	SceneBuilder.exe
File opened for modification	C:\Windows\SYSTEM32\symbols\dll\ntdll.pdb	SceneBuilder.exe
File opened for modification	C:\Windows\SYSTEM32\dll\ntdll.pdb	SceneBuilder.exe
File opened for modification	C:\Windows\SYSTEM32\dll\jvm.pdb	SceneBuilder.exe
File opened for modification	C:\Windows\SYSTEM32\symbols\dll\ucrtbase.pdb	SceneBuilder.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\SceneBuilder\runtime\bin\jsound.dll	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\legal\java.scripting\COPYRIGHT	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\bin\api-ms-win-core-util-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\bin\awt.dll	msiexec.exe
File opened for modification	C:\Program Files\SceneBuilder\runtime\bin\server\dll\ntdll.pdb	SceneBuilder.exe
File created	C:\Program Files\SceneBuilder\runtime\bin\j2pcsc.dll	msiexec.exe
File created	C:\Program Files\SceneBuilder\api-ms-win-core-localization-l1-2-0.dll	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\legal\java.xml\bcel.md	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\legal\javafx.swing\ASSEMBLY_EXCEPTION	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\legal\jdk.crypto.ec\COPYRIGHT	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\bin\api-ms-win-core-memory-l1-1-0.dll	msiexec.exe
File opened for modification	C:\Program Files\SceneBuilder\runtime\bin\symbols\DLL\kernel32.pdb	SceneBuilder.exe
File created	C:\Program Files\SceneBuilder\runtime\bin\freetype.dll	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\legal\java.security.sasl\COPYRIGHT	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\conf\security\policy\limited\exempt_local.policy	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\include\jni.h	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\legal\java.xml\dom.md	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\legal\jdk.jlink\COPYRIGHT	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\lib\security\cacerts	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\bin\javac.exe	msiexec.exe
File created	C:\Program Files\SceneBuilder\SceneBuilder.ico	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\bin\rmi.dll	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\legal\java.xml\COPYRIGHT	msiexec.exe
File opened for modification	C:\Program Files\SceneBuilder\app\symbols\dll\ntdll.pdb	SceneBuilder.exe
File opened for modification	C:\Program Files\SceneBuilder\app\ntdll.pdb	SceneBuilder.exe
File created	C:\Program Files\SceneBuilder\runtime\legal\java.datatransfer\COPYRIGHT	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\lib\jvm.cfg	msiexec.exe
File opened for modification	C:\Program Files\SceneBuilder\runtime\bin\server\DLL\kernel32.pdb	SceneBuilder.exe
File created	C:\Program Files\SceneBuilder\runtime\legal\java.scripting\LICENSE	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\legal\jdk.compiler\LICENSE	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\legal\jdk.scripting.nashorn.shell\LICENSE	msiexec.exe
File opened for modification	C:\Program Files\SceneBuilder\app\jvm.pdb	SceneBuilder.exe
File created	C:\Program Files\SceneBuilder\runtime\legal\javafx.web\ASSEMBLY_EXCEPTION	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\legal\java.desktop\colorimaging.md	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\conf\security\policy\limited\default_US_export.policy	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\legal\javafx.media\ADDITIONAL_LICENSE_INFO	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\bin\api-ms-win-core-file-l1-2-0.dll	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\legal\java.xml\xalan.md	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\bin\api-ms-win-crt-string-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\bin\javafx_font.dll	msiexec.exe
File created	C:\Program Files\SceneBuilder\api-ms-win-core-datetime-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\legal\java.sql\COPYRIGHT	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\legal\java.xml.crypto\santuario.md	msiexec.exe
File opened for modification	C:\Program Files\SceneBuilder\runtime\bin\dll\ucrtbase.pdb	SceneBuilder.exe
File created	C:\Program Files\SceneBuilder\runtime\bin\jabswitch.exe	msiexec.exe
File created	C:\Program Files\SceneBuilder\api-ms-win-crt-utility-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\legal\jdk.internal.ed\LICENSE	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\legal\java.compiler\LICENSE	msiexec.exe
File created	C:\Program Files\SceneBuilder\api-ms-win-crt-environment-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\legal\jdk.unsupported\COPYRIGHT	msiexec.exe
File created	C:\Program Files\SceneBuilder\app\hs_err_pid1492.log	SceneBuilder.exe
File opened for modification	C:\Program Files\SceneBuilder\symbols\dll\ucrtbase.pdb	SceneBuilder.exe
File created	C:\Program Files\SceneBuilder\runtime\bin\prism_sw.dll	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\legal\jdk.crypto.cryptoki\pkcs11cryptotoken.md	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\legal\jdk.jpackager.runtime\ADDITIONAL_LICENSE_INFO	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\bin\kinit.exe	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\legal\java.logging\COPYRIGHT	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\bin\api-ms-win-core-heap-l1-1-0.dll	msiexec.exe
File opened for modification	C:\Program Files\SceneBuilder\runtime\bin\symbols\dll\ntdll.pdb	SceneBuilder.exe
File created	C:\Program Files\SceneBuilder\runtime\include\jdwpTransport.h	msiexec.exe
File opened for modification	C:\Program Files\SceneBuilder\runtime\bin\server\symbols\DLL\kernel32.pdb	SceneBuilder.exe
File created	C:\Program Files\SceneBuilder\runtime\legal\javafx.controls\ADDITIONAL_LICENSE_INFO	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\legal\jdk.jlink\LICENSE	msiexec.exe
File created	C:\Program Files\SceneBuilder\runtime\lib\jawt.lib	msiexec.exe

Drops file in Windows directory 31 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\{4E29896F-34C7-4377-AF64-CA5D11AE0D07}\DesktopIcon.exe	msiexec.exe
File created	C:\Windows\Installer\{4E29896F-34C7-4377-AF64-CA5D11AE0D07}\StartMenuIcon.exe	msiexec.exe
File created	C:\Windows\Installer\e57b47d.msi	msiexec.exe
File created	C:\Windows\Installer\e57b47b.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{4E29896F-34C7-4377-AF64-CA5D11AE0D07}	msiexec.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1110_none_792d1c772443f647\symbols\dll\jvm.pdb	SceneBuilder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1110_none_792d1c772443f647\ucrtbase.pdb	SceneBuilder.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB69E.tmp	msiexec.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1110_none_792d1c772443f647\dll\jvm.pdb	SceneBuilder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1110_none_792d1c772443f647\dll\ucrtbase.pdb	SceneBuilder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1110_none_792d1c772443f647\dll\ntdll.pdb	SceneBuilder.exe
File opened for modification	C:\Windows\Installer\e57b47b.msi	msiexec.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1110_none_792d1c772443f647\symbols\dll\ntdll.pdb	SceneBuilder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1110_none_792d1c772443f647\kernel32.pdb	SceneBuilder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1110_none_792d1c772443f647\DLL\kernel32.pdb	SceneBuilder.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1110_none_792d1c772443f647\ntdll.pdb	SceneBuilder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1110_none_792d1c772443f647\symbols\dll\ucrtbase.pdb	SceneBuilder.exe
File created	C:\Windows\Installer\{4E29896F-34C7-4377-AF64-CA5D11AE0D07}\DesktopIcon.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBA87.tmp	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1110_none_792d1c772443f647\ntdll.pdb	SceneBuilder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1110_none_792d1c772443f647\symbols\dll\ntdll.pdb	SceneBuilder.exe
File opened for modification	C:\Windows\Installer\{4E29896F-34C7-4377-AF64-CA5D11AE0D07}\StartMenuIcon.exe	msiexec.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1110_none_792d1c772443f647\jvm.pdb	SceneBuilder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1110_none_792d1c772443f647\symbols\DLL\kernel32.pdb	SceneBuilder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1110_none_792d1c772443f647\dll\ntdll.pdb	SceneBuilder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1110_none_792d1c772443f647\symbols\dll\ntdll.pdb	SceneBuilder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1110_none_792d1c772443f647\ntdll.pdb	SceneBuilder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1110_none_792d1c772443f647\dll\ntdll.pdb	SceneBuilder.exe

Executes dropped EXE 3 IoCs

pid	Process
4824	SceneBuilder.exe
1492	SceneBuilder.exe
2976	SceneBuilder.exe

Loads dropped DLL 64 IoCs

pid	Process
3540	MsiExec.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe
4824	SceneBuilder.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000f3f59b11877f515c0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000f3f59b110000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900f3f59b11000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1df3f59b11000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000f3f59b1100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	SceneBuilder.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	SceneBuilder.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	SceneBuilder.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	SceneBuilder.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	SceneBuilder.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	SceneBuilder.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22\52C64B7E	msiexec.exe

Modifies registry class 22 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F69892E47C437734FA46ACD511EAD070\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F69892E47C437734FA46ACD511EAD070\SourceList\Media\1 = ";"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F69892E47C437734FA46ACD511EAD070	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F69892E47C437734FA46ACD511EAD070\SourceList\Net	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F69892E47C437734FA46ACD511EAD070\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F69892E47C437734FA46ACD511EAD070\Version = "184549376"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F69892E47C437734FA46ACD511EAD070\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F69892E47C437734FA46ACD511EAD070\SourceList\PackageName = "SceneBuilder-11.0.0.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F69892E47C437734FA46ACD511EAD070\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F69892E47C437734FA46ACD511EAD070\DefaultFeature	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F69892E47C437734FA46ACD511EAD070\ProductName = "SceneBuilder"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1A9B55358D745EF4E8C316DB5B0F39DE\F69892E47C437734FA46ACD511EAD070	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F69892E47C437734FA46ACD511EAD070\Clients = 3a0000000000	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F69892E47C437734FA46ACD511EAD070\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1A9B55358D745EF4E8C316DB5B0F39DE	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F69892E47C437734FA46ACD511EAD070\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F69892E47C437734FA46ACD511EAD070\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F69892E47C437734FA46ACD511EAD070\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F69892E47C437734FA46ACD511EAD070\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F69892E47C437734FA46ACD511EAD070\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F69892E47C437734FA46ACD511EAD070	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F69892E47C437734FA46ACD511EAD070\PackageCode = "ABCE2AEF224114E4A88916429E49EA0A"	msiexec.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4872	msiexec.exe
4872	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3272	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3272	msiexec.exe
Token: SeSecurityPrivilege	4872	msiexec.exe
Token: SeCreateTokenPrivilege	3272	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	3272	msiexec.exe
Token: SeLockMemoryPrivilege	3272	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3272	msiexec.exe
Token: SeMachineAccountPrivilege	3272	msiexec.exe
Token: SeTcbPrivilege	3272	msiexec.exe
Token: SeSecurityPrivilege	3272	msiexec.exe
Token: SeTakeOwnershipPrivilege	3272	msiexec.exe
Token: SeLoadDriverPrivilege	3272	msiexec.exe
Token: SeSystemProfilePrivilege	3272	msiexec.exe
Token: SeSystemtimePrivilege	3272	msiexec.exe
Token: SeProfSingleProcessPrivilege	3272	msiexec.exe
Token: SeIncBasePriorityPrivilege	3272	msiexec.exe
Token: SeCreatePagefilePrivilege	3272	msiexec.exe
Token: SeCreatePermanentPrivilege	3272	msiexec.exe
Token: SeBackupPrivilege	3272	msiexec.exe
Token: SeRestorePrivilege	3272	msiexec.exe
Token: SeShutdownPrivilege	3272	msiexec.exe
Token: SeDebugPrivilege	3272	msiexec.exe
Token: SeAuditPrivilege	3272	msiexec.exe
Token: SeSystemEnvironmentPrivilege	3272	msiexec.exe
Token: SeChangeNotifyPrivilege	3272	msiexec.exe
Token: SeRemoteShutdownPrivilege	3272	msiexec.exe
Token: SeUndockPrivilege	3272	msiexec.exe
Token: SeSyncAgentPrivilege	3272	msiexec.exe
Token: SeEnableDelegationPrivilege	3272	msiexec.exe
Token: SeManageVolumePrivilege	3272	msiexec.exe
Token: SeImpersonatePrivilege	3272	msiexec.exe
Token: SeCreateGlobalPrivilege	3272	msiexec.exe
Token: SeBackupPrivilege	4536	vssvc.exe
Token: SeRestorePrivilege	4536	vssvc.exe
Token: SeAuditPrivilege	4536	vssvc.exe
Token: SeBackupPrivilege	4872	msiexec.exe
Token: SeRestorePrivilege	4872	msiexec.exe
Token: SeRestorePrivilege	4872	msiexec.exe
Token: SeTakeOwnershipPrivilege	4872	msiexec.exe
Token: SeBackupPrivilege	4384	srtasks.exe
Token: SeRestorePrivilege	4384	srtasks.exe
Token: SeSecurityPrivilege	4384	srtasks.exe
Token: SeTakeOwnershipPrivilege	4384	srtasks.exe
Token: SeRestorePrivilege	4872	msiexec.exe
Token: SeTakeOwnershipPrivilege	4872	msiexec.exe
Token: SeBackupPrivilege	4384	srtasks.exe
Token: SeRestorePrivilege	4384	srtasks.exe
Token: SeSecurityPrivilege	4384	srtasks.exe
Token: SeTakeOwnershipPrivilege	4384	srtasks.exe
Token: SeRestorePrivilege	4872	msiexec.exe
Token: SeTakeOwnershipPrivilege	4872	msiexec.exe
Token: SeRestorePrivilege	4872	msiexec.exe
Token: SeTakeOwnershipPrivilege	4872	msiexec.exe
Token: SeRestorePrivilege	4872	msiexec.exe
Token: SeTakeOwnershipPrivilege	4872	msiexec.exe
Token: SeRestorePrivilege	4872	msiexec.exe
Token: SeTakeOwnershipPrivilege	4872	msiexec.exe
Token: SeRestorePrivilege	4872	msiexec.exe
Token: SeTakeOwnershipPrivilege	4872	msiexec.exe
Token: SeRestorePrivilege	4872	msiexec.exe
Token: SeTakeOwnershipPrivilege	4872	msiexec.exe
Token: SeRestorePrivilege	4872	msiexec.exe
Token: SeTakeOwnershipPrivilege	4872	msiexec.exe
Token: SeRestorePrivilege	4872	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3272	msiexec.exe
3272	msiexec.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 4872 wrote to memory of 4384	4872	msiexec.exe	97
PID 4872 wrote to memory of 4384	4872	msiexec.exe	97
PID 4872 wrote to memory of 3540	4872	msiexec.exe	99
PID 4872 wrote to memory of 3540	4872	msiexec.exe	99
PID 4872 wrote to memory of 3540	4872	msiexec.exe	99

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\SceneBuilder-11.0.0.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3272

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4872
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4384
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding B2E47379CF812F4578B766D05B10C286
  2⤵
  - Loads dropped DLL
  PID:3540

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:4536

C:\Program Files\SceneBuilder\SceneBuilder.exe
"C:\Program Files\SceneBuilder\SceneBuilder.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
PID:4824

C:\Program Files\SceneBuilder\SceneBuilder.exe
"C:\Program Files\SceneBuilder\SceneBuilder.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Executes dropped EXE
- Checks processor information in registry
PID:1492

C:\Program Files\SceneBuilder\SceneBuilder.exe
"C:\Program Files\SceneBuilder\SceneBuilder.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Executes dropped EXE
- Checks processor information in registry
PID:2976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57b47c.rbs

Filesize
53KB

MD5
0207ee4dd409740f2210cfc898bd69d4

SHA1
32f6bac4377443075c22e5db523caa388c4844c9

SHA256
3bf5b3e930d071131c9fa521019a2455c033b10ced8b95a3829632a14c2d0d74

SHA512
2937d922b5dbd8454a721e0cb874700edf1e0c6a65778a87eddc0d67d41b61aa1421a87b4599ad970a9f5906c14ec8a984565bb84680a2811ea5f889a474823e

Download Submit
C:\Program Files\SceneBuilder\SceneBuilder.exe

Filesize
297KB

MD5
eff64f703171aa1fe3a293824f1ee510

SHA1
36853b63a8a381161b939f109913d125ae8d182e

SHA256
52c141285919d50371cce16b97bbf37e3fd3150a711acd85e96fd24bf097860b

SHA512
3cc75a145e0ce50652311275b0b51f30fe242b46c94908eded8cbb3d1071e8d55c46137379bd1aa707667e28577b39a94e31f5cfae7095ec3328921227a57c26

Download Submit
C:\Program Files\SceneBuilder\api-ms-win-core-console-l1-1-0.dll

Filesize
18KB

MD5
5a75a7940bc8762e41dafcce9c07628b

SHA1
1ca449c744b11ab4459a4bd7e11f8d2740c62436

SHA256
4aaf273c4cb1d93b8c8686843ffbc577d31e1c010e02ae8e72478c5b52dda06d

SHA512
2e8ea9e61bce4f5520aabb4e34d113d59f253ae890ae337167d4eb4f73452bb1a12342cd8e22ff5d20d18d18d492e45b029b5fc934d7a3c76f4c00cdc414ba9a

Download Submit
C:\Program Files\SceneBuilder\api-ms-win-core-datetime-l1-1-0.dll

Filesize
18KB

MD5
b7300d7a31bc0c3abb631f1951cc103a

SHA1
1d510c44e16251bcfbc6050fc8e0d602b4dc40d0

SHA256
a580c502170462431a197954eada3a2b92cddda8e77d489475a8fa6da0000349

SHA512
05101c69906ca7ae1a00ad9a03ee94bef08bb6d8b7879e5d9e03edd49ff7b3345bdbac361e6bf46962b662756118e5430c848956031c28ed3e379c88ad025430

Download Submit
C:\Program Files\SceneBuilder\api-ms-win-core-debug-l1-1-0.dll

Filesize
18KB

MD5
b65d571875079332c81963ff98e62ab3

SHA1
dc68643c467610c27b7d522277dcad8be773239a

SHA256
b83a794600a47be935cc562ace7a4d531083c76fcc8ac6424d008f1034eedf96

SHA512
d8414b4473a5d5eae26b424b26c9bf9b7f3eae0bc6d5aeaacf687df71360cd4c9df12ca47d894470242f2fa6de361f19e9c2a36b56290ddd192cc76a646a2e7b

Download Submit
C:\Program Files\SceneBuilder\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
18KB

MD5
cb34f8d3a8c9038e14172e2b09c5a91b

SHA1
9a4748d8b30337ecf020b1171e016d7ba0690fd9

SHA256
3975ca725ae8f6f635560329ee00e214f58d6a2c9e8d355756481f92c068cd43

SHA512
c34ae4345daa3843f41e2f70820e803eaf6aaba647c4892a63232d4bac187c53cb54b02744027b77579744ef8024bd21e68e7e744321b99abb89575940e81f69

Download Submit
C:\Program Files\SceneBuilder\api-ms-win-core-file-l1-1-0.dll

Filesize
21KB

MD5
b9a429a9ffb3c3309222e6a8fc7a0ada

SHA1
b632d18582c8dd658b32d460d7f539c0ef4967a4

SHA256
d62e2dcb011f08b416addaa11d07fc295427f57ca31b0098a71cc7ed6fe2e95e

SHA512
8b082c164c8179717a9e554e0231c5ba39c57590c44b2b2f6c0149f4d26252939a634224032a4c5cfa123af0e180c137998398058cc3ff300e2d054c66c17648

Download Submit
C:\Program Files\SceneBuilder\api-ms-win-core-file-l1-2-0.dll

Filesize
18KB

MD5
31e207b01e67b6563d2cf9110d06a1d2

SHA1
f12832e055c0f0d70fc44b4cb0215c17aa948332

SHA256
6b31a206c051815be9f7b366d2a9d2464747a56888a7307a924ecdac558271e1

SHA512
8a19324c8719ad6e7509de44fe79c6614c064daa47c4206a2b6ba4124b45bc4d8785cd51b8877c9ae5a1e0768ee1bba8f98e8d8c17b700aa8dadbd2801035a92

Download Submit
C:\Program Files\SceneBuilder\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
f2d12342c68e51aa748d4937f3ec7ded

SHA1
22368cebce89feb929004f73bd0f7236f7050e36

SHA256
6ba964ad55822f55eea14f73a48deb164b337639a82da677fc6efc1c539fe81e

SHA512
1e1440c97237716a6ac63e038d932edd0e7962230bfd6956b8aafa378b344daf92da696f0d1a57b0d71fef3722296b0d02f59b0fc9551e7944c445cc6b2b26a4

Download Submit
C:\Program Files\SceneBuilder\api-ms-win-core-handle-l1-1-0.dll

Filesize
18KB

MD5
b9f26ef46b152fa6cdca3c64d30bd230

SHA1
3a8d178f69f3b1414d59402ae16d128ce8910ad3

SHA256
69ebc1072b678643a9e64ff6455cc02880da4b542e45f93d6d479fccfb73c07d

SHA512
7c11601f27b4ca51c3761c47e8928ea467de4bdd3a9e928fdca3cde056ca71688bfe71103bebeb4b52884cf1fb8fc408091901639802b087621e6e878a115529

Download Submit
C:\Program Files\SceneBuilder\app\SceneBuilder.cfg

Filesize
491B

MD5
a8810e80d3146d9a6a9f7f2aa42b4633

SHA1
979ea017138fa1e2e0d2ad36b1f1f8d8732fff79

SHA256
935b3e91ddbff44d92dc0d24ffb67385a50e0c668fc038f3c7bf0d56ccac566d

SHA512
343c03f6f4009d2ab9f2c2a0114641cca324b747e0da2d51bdbf4d5219636f0bc75e47a5d2fbc08f3304a8a54e978ba178660132b7499744121e5f441048cb8c

Download Submit
C:\Program Files\SceneBuilder\app\scenebuilder-11.0.0-all.jar

Filesize
1.6MB

MD5
1936330ed96358a14447761aa1304da2

SHA1
56de04ebd42e3a89bcc591120857387cd3737c62

SHA256
ad8a7013faba903261fa0b18c5fac9c79186b7fd94f841f6ed5d45032106de94

SHA512
1dd9357a7f7b42bb5ce6a2f7eebe37b911f341a8a205226c6af61b4930a4f0aca6514c74d2d828c2f83007409addec464ab6447119e072319d3ec1819e4b7d13

Download Submit
C:\Program Files\SceneBuilder\jpackager.dll

Filesize
199KB

MD5
0407c322937fde120a0933dc6d64a502

SHA1
6d7c5022539e1de32d9660ee05d8c018b7049b71

SHA256
6ee68dfcb4631ab402d0a8df9e38d9f48219e68ebc7e463198809dbcd92624ad

SHA512
99f5c048fcc1607249adaf4e1268538848971c19303c99c26ea0c17fd9cbe25521be411bfa18bee61a90c8ffc19de930b8a48bc352ccf1f28cd404c93fcc173e

Download Submit
C:\Program Files\SceneBuilder\msvcp140.dll

Filesize
671KB

MD5
2fe42eb09647f5ac31dd7e125105ef73

SHA1
fd886fbe78eaafeb474167d32656605d78b3af2a

SHA256
7f8ad9e98c15e78618188cf44dde2f39baff577e02a91eaa66d23c7662d12fd1

SHA512
87aef5bc3d0dd481307b95c80ca10f3e0bd7d36859971652ebd9e02da71104488fa378a936627fc0a7cc486f4b0aacd07028897311d087260b1be44fd034f263

Download Submit
C:\Program Files\SceneBuilder\runtime\bin\java.dll

Filesize
150KB

MD5
c95ed170fe8b640ec0426685f139a577

SHA1
d1cfd32cebe6ab9bbc076b2f99f0e00f24679f13

SHA256
1668fd9ca35c9f3fb03d1d5241bb9dd2e77361c9f69466aca2d071436b9ad4d8

SHA512
b1a8c2c2c568e3d9b4fe3769693ba6d53c7e299560257743c88f2f052e9ab77493f30620a80c5c19acc237a3190bd0f2d0c6c892ad8450aea36c3aae2cb1ebdc

Download Submit
C:\Program Files\SceneBuilder\runtime\bin\jimage.dll

Filesize
30KB

MD5
94b7d157fab9b034cc56bb9671d211ae

SHA1
fdf2a482e7b283cebf0f457db05ab5a9bee1061e

SHA256
bbcbb06a880e2841bf3d1a792dc4f62f5741b14af857e9f7b1d0938655bb5ff3

SHA512
478922409e2548038b4e61246e283dca9e5555c9bf2328812a3792210f019553855b5b5ca58fb0a2edb0a8f8737b45e022b31cb941dfd0787ce8a683fea753df

Download Submit
C:\Program Files\SceneBuilder\runtime\bin\jli.dll

Filesize
240KB

MD5
86c15b992084b4931632bd621864ec19

SHA1
aee92fe6014bf02925429f3a21898110e6024fa3

SHA256
57023e6f13836d4f0d5be90598ca6d69ac12098804e1678cd0ea158469a9f421

SHA512
0a81e0e23a0b32e0219bec23cdd341c03364415bcc14c98ba2f3b4b178e87d3fdfb66d2f2b216ea25cb3fd51a467daa9de532b4065093e751804b79a7fd5775f

Download Submit
C:\Program Files\SceneBuilder\runtime\bin\net.dll

Filesize
89KB

MD5
37b91c71d551916d951fe9a6faf5b42d

SHA1
9193a9a0a2291f2deaddfd6a87a1ac6c1306583f

SHA256
c2ac7d891aedbe0a4a219aad324b26dba1fb29fa66e87b12c200d078aff2d9d1

SHA512
6a88b06a41b70c276b21fdaf00d335f919025339f2b9091f76f0671b62310a324a53357e91c9b08c6d33708799bed650d3d707ae32a59d0d7160c80153e0bd5b

Download Submit
C:\Program Files\SceneBuilder\runtime\bin\nio.dll

Filesize
62KB

MD5
c5f95ffd20899c725fa1d0e2c3e67954

SHA1
7db635bfd3b6d69de35c8643ba245fd71765d406

SHA256
e89e330799c03c06288aae1d43a34bacad229a3c724e9b66e1aa6fb98aed90f0

SHA512
0ef8b88dc2b5892fd531b633fd8254178c61f1ea80c994abc5152cfa1be6fd7d38c2f511d15634d540a6c67a03afeb569a6219ec7d37600536c3d1d9941f3a00

Download Submit
C:\Program Files\SceneBuilder\runtime\bin\server\jvm.dll

Filesize
768KB

MD5
efdd68173021e13cf66aeaf68201ab64

SHA1
38dd3c80ea9a0fc0259e7f2ad898e05b92a612b6

SHA256
41a223b5143852543f043e3fef5fbe3542490c0575dcf669fb94006cd12ba6b4

SHA512
729c968fbea8b0137512b2d140b44671b584f4b6a09cdb7f4430876fa942162cb75cbd2c0a0bbeb26fbb8189c593780aa271eaaf9d0923715023983bba14c1e8

Download Submit
C:\Program Files\SceneBuilder\runtime\bin\server\jvm.dll

Filesize
576KB

MD5
524e011d5e007bfe882db02ce256d91a

SHA1
db8e8354a1495e0a1caa64a9c6c87ff31c3fa30e

SHA256
5d01b39b0e8829882c37dc02a988e808e84b79f6a6487bdf13ab8a5d19d1fd18

SHA512
573a7b35a1ebc554ed8aeecf48017e69582971a11bca09a24e8edb6cca50e943a052d270bb3f09afbe8c51522c5651a8e887d11d20808301f1dda361cb402eff

Download Submit
C:\Program Files\SceneBuilder\runtime\bin\verify.dll

Filesize
54KB

MD5
63a88f5024492f81e5386198e429baf5

SHA1
10ac605f540c58bd0b3aef8238cc8b230261644e

SHA256
b3dbc8e3bc6c0051c68be3299a7987fcac4ceebb35ce0db8efcb949a90750d18

SHA512
d547d38c7696e564fc8bb61377a312a8cd6817321cf203b07ad4639afa19198d0ee55460d9f9a454ee577d368450be13f178410b3f21d85e0da6e9f91b50dd3d

Download Submit
C:\Program Files\SceneBuilder\runtime\bin\zip.dll

Filesize
79KB

MD5
ee62b59203aefddae31d8b924f7a9a4a

SHA1
c68109422a3a146aad55466999c3e2c7bd2ef8b2

SHA256
606ef7bdb36018a34a3db7e894a259bc50f5a930d67bbe43f25846bf58334419

SHA512
fa0a4209d290694ed0cd2e1f59c8f63622b3824f7c1baa0eea86231a90c7664f57e36d34399aeacd6538dfbc5a71ab605ee368a3fc7f4ded23ea9defbc0c620a

Download Submit
C:\Program Files\SceneBuilder\runtime\legal\java.logging\COPYRIGHT

Filesize
35B

MD5
4586c3797f538d41b7b2e30e8afebbc9

SHA1
3419ebac878fa53a9f0ff1617045ddaafb43dce0

SHA256
7afb3a2dc57cb16223dddc970e0b464311e5311484c793abf9327a19ef629018

SHA512
f2c722ae80d2c0dcdb30a6993864eb90b85be5311261012d4585c6595579582d1b37323613f5417d189adcd096fa948e0378c1e6c59761bf94d65c0a5c2f2fd3

Download Submit
C:\Program Files\SceneBuilder\runtime\legal\java.logging\LICENSE

Filesize
33B

MD5
16989bab922811e28b64ac30449a5d05

SHA1
51ab20e8c19ee570bf6c496ec7346b7cf17bd04a

SHA256
86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192

SHA512
86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608

Download Submit
C:\Program Files\SceneBuilder\runtime\legal\javafx.swing\ADDITIONAL_LICENSE_INFO

Filesize
51B

MD5
494903d6add168a732e73d7b0ba059a0

SHA1
f85c0fd9f8b04c4de25d85de56d4db11881e08ca

SHA256
0a256a7133bd2146482018ba6204a4ecc75836c139c8792da53536a9b67071d4

SHA512
b6e0968c9fd9464623bfa595bf47faf8f6bc1c55b09a415724c709ef8a3bcf8a954079cce1e0e6c91d34c607da2cecc2a6454d08c370a618fb9a4d7d9a078b24

Download Submit
C:\Program Files\SceneBuilder\runtime\legal\javafx.swing\ASSEMBLY_EXCEPTION

Filesize
46B

MD5
c62a00c3520dc7970a526025a5977c34

SHA1
f81a2bcb42ccbf898d92f59a4dc4b63fef6c2848

SHA256
a4b7ad48df36316ddd7d47fcecc1d7a2c59cbfe22728930220ef63517fd58cb0

SHA512
60907d1910b6999b8210b450c6695b7cc35a0c50c25d6569cf8bb975a5967ca4e53f0985bee474b20379df88bb0891068347ecf3e9c42900ed19a1dcbc2d56ec

Download Submit
C:\Program Files\SceneBuilder\runtime\legal\javafx.swing\LICENSE

Filesize
35B

MD5
f815ea85f3b4676874e42320d4b8cfd7

SHA1
3a2ddf103552fefe391f67263b393509eee3e807

SHA256
01a4ebd2a3b2671d913582f1241a176a13e9be98f4e3d5f2f04813e122b88105

SHA512
ddf09f482536966ac17313179552a5efc1b230fa5f270ebde5df6adebf07ee911b9ef433dfbfcb4e5236922da390f44e355709ecaf390c741648dd2a17084950

Download Submit
C:\Program Files\SceneBuilder\runtime\lib\jvm.cfg

Filesize
29B

MD5
7ce21bdcfa333c231d74a77394206302

SHA1
c5a940d2dee8e7bfc01a87d585ddca420d37e226

SHA256
aa9efb969444c1484e29adecab55a122458090616e766b2f1230ef05bc3867e0

SHA512
8b37a1a5600e0a4e5832021c4db50569e33f1ddc8ac4fc2f38d5439272b955b0e3028ea10dec0743b197aa0def32d9e185066d2bac451f81b99539d34006074b

Download Submit
C:\Program Files\SceneBuilder\runtime\lib\modules

Filesize
512KB

MD5
c029b90a5be99da519ed75ba76684e72

SHA1
e87df99db64bfa8bf0deea48b7785f02f59b6206

SHA256
42403a1212fc09c781dfb131993c7051ef3f9da1903010793ef1bfc3c472e4e6

SHA512
8fa9b797d44e644cd5ab0191e862304b520014708069933a5aa1e7428ff50c5369587dce95ce3bd392f0d9b14c2019c9835f47db531e64ebf7c1f59590785a74

Download Submit
C:\Program Files\SceneBuilder\vcruntime140.dll

Filesize
87KB

MD5
0e675d4a7a5b7ccd69013386793f68eb

SHA1
6e5821ddd8fea6681bda4448816f39984a33596b

SHA256
bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

SHA512
cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7

Filesize
2KB

MD5
8d59c7c4e6856483225d04c974dc260b

SHA1
a6b809d384353b1701e123388a0d31b2d21733dd

SHA256
edd05ec66a738b214f2296ace1ccaa87bc1836d238cd107a27351152b136f94d

SHA512
3308a158c4ff5ca5e1aa925f94b1fbc032a50fe6b2779713961b029181ff71ae598f0d44454577d588cffb66c00683df7dfeeeffe944eb834b5d32f5dca211a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691

Filesize
1KB

MD5
07b87bcad59e88d4877c14eb432d8ff7

SHA1
4697001385f1ffe645a935df06a83d317525bb64

SHA256
deddf46d9a0295d0c75d026f7561efc2296e1471f2a28ef10a48589a4d2be770

SHA512
6d725a3a0569e8a3d3cf2c96a1e2d6a01477139a4fb55b74027887ac25148853cfd49c0da5bcf49a230645abe64d48e2d45d608fa2a52235d2ecca9e127656dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_E53947ACB495905C6D61845C88BAD8F3

Filesize
510B

MD5
6d2062bcd12133cb0ed4ce12834f8003

SHA1
5e055b27287a9732c73976b2c0b24846035c3551

SHA256
119399ec79e6140db6e889d83196bbc357b7f075c6e8f375a9b829481148dedd

SHA512
0b9c9a811adf65e8e7591e39437fedda8feacceaf616d590683c623e0c6324eb263439e54e4b065178e27253626d642b64838072e62859c75e87b746cf1ded60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7

Filesize
490B

MD5
2f656bf5a067ecaa4a05cdbf9ab6c305

SHA1
e6a18b3724b3ffec0cf00c4a6c44882bb400d797

SHA256
43fa495fa8ad044cd63341c0c6cf46e2d8499b29d7ae1b4afa7dc26af7d102c8

SHA512
942fc9243ddb6a3908eda6a6f53db019c3dea99fb8f48a54c8ed11c082649b20be8e1a8223ce81df207056d30857efc3ce042cc7d953fc89891c359cd9767381

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691

Filesize
486B

MD5
d35eb0d0b9f975579364103ae42bd382

SHA1
a7705bf4bafb76dc24c8d056120d9e4f50f854c8

SHA256
9c38c63e956e1edbd441c593d0535761047b37ddf7814a160edf6931f928ccfc

SHA512
b7e4c42c91466870240c64e83d5c8e5cd0d3ab03b7a0bdf31e1f3e4cf5ef16b13e34dacaa7d34bd82a931553b06920e27f152a23d9066102a27a456084bf6abd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_E53947ACB495905C6D61845C88BAD8F3

Filesize
494B

MD5
c81d2aee3249c46390f07cc6e29d280a

SHA1
9ee06770c3cfaa7b08849eb91457791488851aa5

SHA256
41860faec90d8b770c55d77334b344572879a15f0860e5f41c7fad631d3b9184

SHA512
8804285dbef172fe3dcf42342933bc965df7acc55d4152b9051588a6c5779537d64a74af8bbc8d19bda969013f1fbc15e472e4812b955f8af211cd0ced648850

Download Submit
C:\Windows\Installer\MSIB69E.tmp

Filesize
168KB

MD5
a0962dd193b82c1946dc67e140ddf895

SHA1
7f36c38d80b7c32e750e22907ac7e1f0df76e966

SHA256
b9e73e5ab78d033e0328fc74a9e4ebbd1af614bc4a7c894beb8c59d24ee3ede9

SHA512
118b0bd2941d48479446ed16ab23861073d23f9cc815f5f1d380f9977f18c34a71f61496c78b77b9a70f8b0a6cd08fe1edc1adb376dad5762ad0dd2068c64751

Download Submit
C:\Windows\Installer\e57b47b.msi

Filesize
84.5MB

MD5
d2771f90cdb505219e2b1fecd1a6f227

SHA1
511594a506970bc9cb9562ecdf061d2c346a35eb

SHA256
483df81431af3aa7eb9d2822d1e7c8e569a00aa83948337971f811ceeb4b4469

SHA512
55602261721d14e39e19f9dc9447e0cc21948fe2363149794ed3a91a48d02a8af1e8e0c13fbb136ea7977152ad30ccf0e5ec2cb078bc6b15871f17deafed266f

Download Submit
C:\Windows\Installer\{4E29896F-34C7-4377-AF64-CA5D11AE0D07}\StartMenuIcon.exe

Filesize
278KB

MD5
954099dddf2fefde050d7c37568ac72c

SHA1
a7128f5858a68b46be649bda938f55a0778022ab

SHA256
5a9131b5de657bd10bd8db619ba350601a7644e683407804904bd12537471cb4

SHA512
e160b602d70619610670b1f0e948bce16610ec4d61c0afd2ef0b3d114bbb997221f5ac3c7308aaaa91ff47f7f55a5d7c99bdfa080def4d07e8e7fc26c5c1c116

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
23.0MB

MD5
c6eb91be74b4e0ec3e5d2ff528d888a0

SHA1
41ff35a2bb5ff523ce5b9f83fce22e744ac7b6c2

SHA256
696b9ca63fb4a00f9f8d2cd81e052b91ec88f33c89c6b8afbeaaa9fe4d203e81

SHA512
7fdf182b0f36804b38b053a9f8d5f38d146f207e5db76aceab50377231d4aa2edfd0fb5c89d8b9ec2fa29a0d1de82a8e1f7fe0ce7560badbba818e3981f59820

Download Submit
\??\Volume{119bf5f3-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{10ee1981-ccf3-4f26-b5a8-b79071e00979}_OnDiskSnapshotProp

Filesize
6KB

MD5
c37320fe1a1990abc5552d8d560a7d8d

SHA1
1b8c101058782d12590e340218b1b46bb887d7d3

SHA256
cb17e9ad724c32afaacd6914a9b9677f9766d0ce166a7eb992a1317b19b5071d

SHA512
c90da74dd4a9871a7cae593bd0fe084f9e7edb1d42fa9d9d1dd78068cf3c0c5d047b94b65dd4484d68e3a0e789533b05f9dc18a1b431e5c0c8cd0a19fb18cbf0

Download Submit
memory/1492-603-0x00000128DE6E0000-0x00000128DF6E0000-memory.dmp

Filesize
16.0MB

Download
memory/1492-557-0x00000128DE6E0000-0x00000128DF6E0000-memory.dmp

Filesize
16.0MB

Download
memory/1492-639-0x00000128DE6E0000-0x00000128DF6E0000-memory.dmp

Filesize
16.0MB

Download
memory/1492-588-0x00000128DE6E0000-0x00000128DF6E0000-memory.dmp

Filesize
16.0MB

Download
memory/1492-601-0x00000128DF080000-0x00000128DF090000-memory.dmp

Filesize
64KB

Download
memory/1492-569-0x00000128DE6E0000-0x00000128DF6E0000-memory.dmp

Filesize
16.0MB

Download
memory/1492-608-0x00000128DE6E0000-0x00000128DF6E0000-memory.dmp

Filesize
16.0MB

Download
memory/1492-607-0x00000128DF0A0000-0x00000128DF0B0000-memory.dmp

Filesize
64KB

Download
memory/1492-606-0x00000128DF090000-0x00000128DF0A0000-memory.dmp

Filesize
64KB

Download
memory/1492-605-0x00000128DF070000-0x00000128DF080000-memory.dmp

Filesize
64KB

Download
memory/1492-604-0x00000128DF050000-0x00000128DF060000-memory.dmp

Filesize
64KB

Download
memory/1492-549-0x00000128DE6E0000-0x00000128DF6E0000-memory.dmp

Filesize
16.0MB

Download
memory/1492-553-0x00000128DE6E0000-0x00000128DF6E0000-memory.dmp

Filesize
16.0MB

Download
memory/1492-602-0x00000128DEFF0000-0x00000128DF000000-memory.dmp

Filesize
64KB

Download
memory/2976-617-0x000001B7B4E70000-0x000001B7B5E70000-memory.dmp

Filesize
16.0MB

Download
memory/2976-624-0x000001B7B4E70000-0x000001B7B5E70000-memory.dmp

Filesize
16.0MB

Download
memory/2976-626-0x000001B7B4E70000-0x000001B7B5E70000-memory.dmp

Filesize
16.0MB

Download
memory/4824-532-0x0000018060120000-0x0000018060130000-memory.dmp

Filesize
64KB

Download
memory/4824-583-0x000001805F8D0000-0x00000180608D0000-memory.dmp

Filesize
16.0MB

Download
memory/4824-470-0x000001805F8D0000-0x00000180608D0000-memory.dmp

Filesize
16.0MB

Download
memory/4824-534-0x000001805F8D0000-0x00000180608D0000-memory.dmp

Filesize
16.0MB

Download
memory/4824-533-0x0000018060130000-0x0000018060140000-memory.dmp

Filesize
64KB

Download
memory/4824-502-0x000001805F8D0000-0x00000180608D0000-memory.dmp

Filesize
16.0MB

Download
memory/4824-531-0x00000180600F0000-0x0000018060100000-memory.dmp

Filesize
64KB

Download
memory/4824-530-0x000001805F8D0000-0x00000180608D0000-memory.dmp

Filesize
16.0MB

Download
memory/4824-529-0x00000180600E0000-0x00000180600F0000-memory.dmp

Filesize
64KB

Download
memory/4824-526-0x000001805F8D0000-0x00000180608D0000-memory.dmp

Filesize
16.0MB

Download
memory/4824-520-0x000001805F8D0000-0x00000180608D0000-memory.dmp

Filesize
16.0MB

Download
memory/4824-507-0x000001805F8D0000-0x00000180608D0000-memory.dmp

Filesize
16.0MB

Download