e3309fbc01eaa4a6d270767a5847f192fa074499b6dddbf2b0362973ad15acb4

Analysis

max time kernel
150s
max time network
158s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
21/09/2024, 08:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

blender-4.2.1-windows-x64.msi
Size

327.6MB
MD5

cdece273a5dcd74d1a8b7c44e865c687
SHA1

45be80371352e476a5c8896ebf2ebfe3aedba79e
SHA256

e3309fbc01eaa4a6d270767a5847f192fa074499b6dddbf2b0362973ad15acb4
SHA512

5e4ac719f5224ecafc4f281c8d89b5ecff7a7775f52ab8ceb89797571b938943125e8e95100f0ea8beb695b5a2a2d030ddf4cd57abb09c7e8bb9e60797d970c5
SSDEEP

6291456:cDBdMtaUxTy0Xdi/t2PKZh2DzAJh5gd+z/OhAk9M93SbyfM:cD0zXdiF2PK/2D2zJKmCx

Score

6^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Blocklisted process makes network request 4 IoCs

flow	pid	Process
2	556	msiexec.exe
3	556	msiexec.exe
4	556	msiexec.exe
5	556	msiexec.exe

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\F:	blender.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\D:	blender.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\datafiles\locale\hu\LC_MESSAGES\blender.mo	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\scripts\startup\bl_ui\__pycache__\node_add_menu_compositor.cpython-311.pyc.1833689640864	blender.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\pyclbr.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\scripts\startup\bl_ui\properties_physics_common.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\scripts\addons_core\cycles\source\kernel\device\hiprt\globals.h	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\http\cookiejar.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\importlib\abc.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\site-packages\pxr\PxOsd\_pxOsd.pyd	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\scripts\addons_core\cycles\lib\kernel_gfx1102.fatbin.zst	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\site-packages\numpy\distutils\tests\test_mingw32ccompiler.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\xml\parsers\__init__.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\site-packages\mesonbuild\compilers\mixins\pgi.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\datafiles\icons\ops.pose.push.dat	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\site-packages\idna\__init__.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\scripts\startup\bl_ui\__pycache__\properties_material_gpencil.cpython-311.pyc.1833690250864	blender.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\site-packages\pip\_vendor\chardet\big5prober.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\multiprocessing\resource_tracker.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\site-packages\mesonbuild\compilers\__init__.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\scripts\addons_core\cycles\source\kernel\integrator\surface_shader.h	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\site-packages\mesonbuild\mcompile.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\blender.shared\usd\hdSt\resources\shaders\invalidMaterialNetwork.glslfx	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\datafiles\fonts\NotoSansTelugu-VariableFont_wdth,wght.woff2	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\encodings\cp865.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\site-packages\mesonbuild\scripts\copy.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\scripts\startup\bl_ui\properties_freestyle.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\site-packages\pip\_vendor\cachecontrol\serialize.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\blender.shared\usd\usdShaders\resources\shaders\previewSurface.glslfx	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\scripts\startup\bl_operators\node.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\scripts\startup\bl_ui\__pycache__\space_topbar.cpython-311.pyc.1833706148192	blender.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\site-packages\numpy\testing\_private\utils.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\site-packages\numpy\f2py\tests\test_return_complex.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\site-packages\idna-3.3.dist-info\RECORD	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\site-packages\setuptools\_distutils\command\install.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\site-packages\zstandard\__init__.pyi	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\site-packages\setuptools\_distutils\command\_framework_compat.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\site-packages\mesonbuild\modules\unstable_simd.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\site-packages\setuptools\_distutils\command\build.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\license\MPL-2.0.txt	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\scripts\addons_core\node_wrangler\operators.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\scripts\addons_core\rigify\rigs\chain_rigs.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\DLLs\libssl-3.dll	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\encodings\iso8859_15.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\blender.shared\OpenImageDenoise_device_sycl.dll	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\datafiles\colormanagement\filmic\filmic_to_0-85_1-011.spi1d	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\site-packages\Cython\Includes\Deprecated\python_type.pxd	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\scripts\presets\tracking_track_color\Object.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\scripts\presets\camera\Arri_Alexa_LF.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\scripts\startup\bl_ui\properties_mask_common.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\datafiles\icons\ops.mesh.extrude_region_move.dat	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\scripts\startup\bl_operators\node_editor\__pycache__\node_functions.cpython-311.pyc.1833689180528	blender.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\scripts\startup\bl_operators\__pycache__\object_randomize_transform.cpython-311.pyc.1833690237616	blender.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\scripts\addons_core\cycles\shader\node_wavelength.oso	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\site-packages\numpy\f2py\tests\src\parameter\constant_real.f90	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\site-packages\numpy\core\_string_helpers.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\site-packages\numpy\_typing\__init__.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\blender.shared\materialx\libraries\stdlib\genmsl\mx_smoothstep_float.metal	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\site-packages\numpy\testing\print_coercion_tables.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\scripts\startup\bl_ui\space_view3d.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\site-packages\idna\intranges.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\blender.shared\MaterialXRender.dll	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\site-packages\setuptools\_distutils\command\sdist.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\datafiles\icons\ops.sculpt.border_face_set.dat	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\site-packages\mesonbuild\dependencies\cuda.py	msiexec.exe
File created	C:\Program Files\Blender Foundation\Blender 4.2\4.2\scripts\addons_core\io_scene_fbx\fbx_utils.py	msiexec.exe

Drops file in Windows directory 13 IoCs

description	ioc	Process
File created	C:\Windows\Installer\SourceHash{932B2E6B-7F23-4F97-B9DA-148C3CB3FDB4}	msiexec.exe
File created	C:\Windows\SystemTemp\~DF26F66234B7FD1A0A.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3E9A.tmp	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Installer\e58298c.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\e58298e.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFDBF1530D72A976D1.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF4962541646F800FB.TMP	msiexec.exe
File created	C:\Windows\Installer\e58298c.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF6601CA71DA1C895B.TMP	msiexec.exe

Executes dropped EXE 1 IoCs

pid	Process
4808	blender.exe

Loads dropped DLL 57 IoCs

pid	Process
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
4808	blender.exe
3840	regsvr32.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs

persistence privilege_escalation

Installer Packages

T1546.016

Msiexec

T1218.007

pid	Process
556	msiexec.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000006586dee215ef0e8b0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800006586dee20000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809006586dee2000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d6586dee2000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000006586dee200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133713810747106357"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 25 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\blender.4.2\DefaultIcon\ = "\"C:\\Program Files\\Blender Foundation\\Blender 4.2\\blender-launcher.exe\", 1"	blender.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\blender.4.2\shell\open\FriendlyAppName = "Blender 4.2"	blender.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.blend\OpenWithProgids	blender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InProcServer32\ = "C:\\Program Files\\Blender Foundation\\Blender 4.2\\BlendThumb.dll"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InProcServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\.blend	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\.blend\ShellEx\{e357fccd-a995-4576-b01f-234630154e96}	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\.blend\ShellEx\{e357fccd-a995-4576-b01f-234630154e96}\ = "{D45F043D-F17F-4e8a-8435-70971D9FA46D}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\blender.4.2\ = "Blender 4.2"	blender.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\blender.4.2\AppUserModelId = "blender.4.2"	blender.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\blender.4.2\DefaultIcon	blender.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.blend	blender.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\blender.4.2	blender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\ = "Blender Thumbnail Handler"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\blender.4.2\shell\open\command	blender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\.blend\OpenWithProgids\blender.4.2 = "0"	blender.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InProcServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\blender.4.2\shell\open	blender.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\.blend\ShellEx	regsvr32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\.blend\Treatment = "0"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\blender.4.2\shell\open\command\ = "\"C:\\Program Files\\Blender Foundation\\Blender 4.2\\blender-launcher.exe\" \"%1\""	blender.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.blend\ = "blender.4.2"	blender.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\blender.4.2\shell	blender.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
4016	msiexec.exe
4016	msiexec.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	556	msiexec.exe
Token: SeIncreaseQuotaPrivilege	556	msiexec.exe
Token: SeSecurityPrivilege	4016	msiexec.exe
Token: SeCreateTokenPrivilege	556	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	556	msiexec.exe
Token: SeLockMemoryPrivilege	556	msiexec.exe
Token: SeIncreaseQuotaPrivilege	556	msiexec.exe
Token: SeMachineAccountPrivilege	556	msiexec.exe
Token: SeTcbPrivilege	556	msiexec.exe
Token: SeSecurityPrivilege	556	msiexec.exe
Token: SeTakeOwnershipPrivilege	556	msiexec.exe
Token: SeLoadDriverPrivilege	556	msiexec.exe
Token: SeSystemProfilePrivilege	556	msiexec.exe
Token: SeSystemtimePrivilege	556	msiexec.exe
Token: SeProfSingleProcessPrivilege	556	msiexec.exe
Token: SeIncBasePriorityPrivilege	556	msiexec.exe
Token: SeCreatePagefilePrivilege	556	msiexec.exe
Token: SeCreatePermanentPrivilege	556	msiexec.exe
Token: SeBackupPrivilege	556	msiexec.exe
Token: SeRestorePrivilege	556	msiexec.exe
Token: SeShutdownPrivilege	556	msiexec.exe
Token: SeDebugPrivilege	556	msiexec.exe
Token: SeAuditPrivilege	556	msiexec.exe
Token: SeSystemEnvironmentPrivilege	556	msiexec.exe
Token: SeChangeNotifyPrivilege	556	msiexec.exe
Token: SeRemoteShutdownPrivilege	556	msiexec.exe
Token: SeUndockPrivilege	556	msiexec.exe
Token: SeSyncAgentPrivilege	556	msiexec.exe
Token: SeEnableDelegationPrivilege	556	msiexec.exe
Token: SeManageVolumePrivilege	556	msiexec.exe
Token: SeImpersonatePrivilege	556	msiexec.exe
Token: SeCreateGlobalPrivilege	556	msiexec.exe
Token: SeBackupPrivilege	344	vssvc.exe
Token: SeRestorePrivilege	344	vssvc.exe
Token: SeAuditPrivilege	344	vssvc.exe
Token: SeBackupPrivilege	4016	msiexec.exe
Token: SeRestorePrivilege	4016	msiexec.exe
Token: SeRestorePrivilege	4016	msiexec.exe
Token: SeTakeOwnershipPrivilege	4016	msiexec.exe
Token: SeBackupPrivilege	4632	srtasks.exe
Token: SeRestorePrivilege	4632	srtasks.exe
Token: SeSecurityPrivilege	4632	srtasks.exe
Token: SeTakeOwnershipPrivilege	4632	srtasks.exe
Token: SeBackupPrivilege	4632	srtasks.exe
Token: SeRestorePrivilege	4632	srtasks.exe
Token: SeSecurityPrivilege	4632	srtasks.exe
Token: SeTakeOwnershipPrivilege	4632	srtasks.exe
Token: SeRestorePrivilege	4016	msiexec.exe
Token: SeTakeOwnershipPrivilege	4016	msiexec.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
556	msiexec.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
556	msiexec.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3472	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4016 wrote to memory of 4632	4016	msiexec.exe	88
PID 4016 wrote to memory of 4632	4016	msiexec.exe	88
PID 3544 wrote to memory of 4476	3544	chrome.exe	91
PID 3544 wrote to memory of 4476	3544	chrome.exe	91
PID 3544 wrote to memory of 5084	3544	chrome.exe	92
PID 3544 wrote to memory of 5084	3544	chrome.exe	92
PID 3544 wrote to memory of 5084	3544	chrome.exe	92
PID 3544 wrote to memory of 5084	3544	chrome.exe	92
PID 3544 wrote to memory of 5084	3544	chrome.exe	92
PID 3544 wrote to memory of 5084	3544	chrome.exe	92
PID 3544 wrote to memory of 5084	3544	chrome.exe	92
PID 3544 wrote to memory of 5084	3544	chrome.exe	92
PID 3544 wrote to memory of 5084	3544	chrome.exe	92
PID 3544 wrote to memory of 5084	3544	chrome.exe	92
PID 3544 wrote to memory of 5084	3544	chrome.exe	92
PID 3544 wrote to memory of 5084	3544	chrome.exe	92
PID 3544 wrote to memory of 5084	3544	chrome.exe	92
PID 3544 wrote to memory of 5084	3544	chrome.exe	92
PID 3544 wrote to memory of 5084	3544	chrome.exe	92
PID 3544 wrote to memory of 5084	3544	chrome.exe	92
PID 3544 wrote to memory of 5084	3544	chrome.exe	92
PID 3544 wrote to memory of 5084	3544	chrome.exe	92
PID 3544 wrote to memory of 5084	3544	chrome.exe	92
PID 3544 wrote to memory of 5084	3544	chrome.exe	92
PID 3544 wrote to memory of 5084	3544	chrome.exe	92
PID 3544 wrote to memory of 5084	3544	chrome.exe	92
PID 3544 wrote to memory of 5084	3544	chrome.exe	92
PID 3544 wrote to memory of 5084	3544	chrome.exe	92
PID 3544 wrote to memory of 5084	3544	chrome.exe	92
PID 3544 wrote to memory of 5084	3544	chrome.exe	92
PID 3544 wrote to memory of 5084	3544	chrome.exe	92
PID 3544 wrote to memory of 5084	3544	chrome.exe	92
PID 3544 wrote to memory of 5084	3544	chrome.exe	92
PID 3544 wrote to memory of 5084	3544	chrome.exe	92
PID 3544 wrote to memory of 3116	3544	chrome.exe	93
PID 3544 wrote to memory of 3116	3544	chrome.exe	93
PID 3544 wrote to memory of 4988	3544	chrome.exe	94
PID 3544 wrote to memory of 4988	3544	chrome.exe	94
PID 3544 wrote to memory of 4988	3544	chrome.exe	94
PID 3544 wrote to memory of 4988	3544	chrome.exe	94
PID 3544 wrote to memory of 4988	3544	chrome.exe	94
PID 3544 wrote to memory of 4988	3544	chrome.exe	94
PID 3544 wrote to memory of 4988	3544	chrome.exe	94
PID 3544 wrote to memory of 4988	3544	chrome.exe	94
PID 3544 wrote to memory of 4988	3544	chrome.exe	94
PID 3544 wrote to memory of 4988	3544	chrome.exe	94
PID 3544 wrote to memory of 4988	3544	chrome.exe	94
PID 3544 wrote to memory of 4988	3544	chrome.exe	94
PID 3544 wrote to memory of 4988	3544	chrome.exe	94
PID 3544 wrote to memory of 4988	3544	chrome.exe	94
PID 3544 wrote to memory of 4988	3544	chrome.exe	94
PID 3544 wrote to memory of 4988	3544	chrome.exe	94
PID 3544 wrote to memory of 4988	3544	chrome.exe	94
PID 3544 wrote to memory of 4988	3544	chrome.exe	94
PID 3544 wrote to memory of 4988	3544	chrome.exe	94
PID 3544 wrote to memory of 4988	3544	chrome.exe	94
PID 3544 wrote to memory of 4988	3544	chrome.exe	94
PID 3544 wrote to memory of 4988	3544	chrome.exe	94
PID 3544 wrote to memory of 4988	3544	chrome.exe	94
PID 3544 wrote to memory of 4988	3544	chrome.exe	94
PID 3544 wrote to memory of 4988	3544	chrome.exe	94
PID 3544 wrote to memory of 4988	3544	chrome.exe	94
PID 3544 wrote to memory of 4988	3544	chrome.exe	94
PID 3544 wrote to memory of 4988	3544	chrome.exe	94

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\blender-4.2.1-windows-x64.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Event Triggered Execution: Installer Packages
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:556

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4016
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4632
- C:\Program Files\Blender Foundation\Blender 4.2\blender.exe
  "C:\Program Files\Blender Foundation\Blender 4.2\blender.exe" --register-allusers
  2⤵
  - Enumerates connected drives
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  PID:4808
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:4056
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Windows\system32\regsvr32 /s "C:\Program Files\Blender Foundation\Blender 4.2\BlendThumb.dll"
    3⤵
    PID:2252
  - - C:\Windows\system32\regsvr32.exe
      C:\Windows\system32\regsvr32 /s "C:\Program Files\Blender Foundation\Blender 4.2\BlendThumb.dll"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:3840

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb2d0ecc40,0x7ffb2d0ecc4c,0x7ffb2d0ecc58
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1792,i,5255741090820683445,4421237087706798400,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1788 /prefetch:2
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1404,i,5255741090820683445,4421237087706798400,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,5255741090820683445,4421237087706798400,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2196 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,5255741090820683445,4421237087706798400,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,5255741090820683445,4421237087706798400,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4420,i,5255741090820683445,4421237087706798400,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4772,i,5255741090820683445,4421237087706798400,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4784 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4788,i,5255741090820683445,4421237087706798400,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3736,i,5255741090820683445,4421237087706798400,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3408,i,5255741090820683445,4421237087706798400,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3300 /prefetch:8
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3140,i,5255741090820683445,4421237087706798400,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3436 /prefetch:8
  2⤵
  PID:3840

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2552

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3728

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3636
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:3472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1916 -prefMapHandle 1904 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9e32fbc-46f4-44dd-a259-9ac132a08f1d} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" gpu
    3⤵
    PID:1048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfd7870b-8d27-4cb2-be61-4f0db6a88390} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" socket
    3⤵
    PID:3780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3196 -childID 1 -isForBrowser -prefsHandle 3228 -prefMapHandle 3220 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40b81234-b08e-4d48-bf3e-e2651a659c37} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" tab
    3⤵
    PID:2564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3620 -childID 2 -isForBrowser -prefsHandle 3612 -prefMapHandle 1368 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11433163-b780-49cd-b791-45c71605b04a} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" tab
    3⤵
    PID:3812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4800 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4796 -prefMapHandle 4780 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0635ec0a-b312-4999-8cb5-93eaf93aaa0a} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" utility
    3⤵
    - Checks processor information in registry
    PID:4600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5432 -childID 3 -isForBrowser -prefsHandle 5392 -prefMapHandle 5396 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99cb414b-2431-4710-a124-5992073aeaa5} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" tab
    3⤵
    PID:3696
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5536 -childID 4 -isForBrowser -prefsHandle 5540 -prefMapHandle 5548 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ea15a0f-f1cd-4c54-a2bf-045848f5f1d8} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" tab
    3⤵
    PID:3468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5716 -childID 5 -isForBrowser -prefsHandle 5796 -prefMapHandle 5792 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c04c4e08-6b3c-443a-bfb5-95a6ff749315} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" tab
    3⤵
    PID:4228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Installer Packages

T1546.016

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Installer Packages

T1546.016

Defense Evasion

System Binary Proxy Execution

T1218

Msiexec

T1218.007

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e58298d.rbs

Filesize
1.6MB

MD5
ade64e294b44336f0286ee03f9554da7

SHA1
6e901949516e17b0123361d22ef988c4aae0fc33

SHA256
adbcd5f82ee20c550c97c1d7ec099d6ed6bea2eaeacc13f0d660e95b34d9d6f5

SHA512
145dd141557fa1f61c395ea6b1444fe9e2cf5e31ee68f9ae85c22bf9650fd6721520a52933fb7b65861e8310ed9e95bdfa515e8f4297cdeae6381226f2109730

Download Submit
C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\site-packages\Cython\Tests\__init__.py

Filesize
14B

MD5
c34aba81b82bc8a5a69b95cc5eb4b3e6

SHA1
17edf5bb6e605baacf70f826a5361057b40eda17

SHA256
a93afb978b35bb5d2970c7c58cff5c159192d4f293eafd8c97fbf2dddadeb68d

SHA512
1961a2914539f67d5c352e7e434463f47d6d71ace5de5bc52d6fea8e8b453d962546c5b668a07199e3b8ae56553c71fa2297ad76acc24af0d4a6f96094182938

Download Submit
C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\site-packages\certifi-2021.10.8.dist-info\WHEEL

Filesize
116B

MD5
325a7162f4b2770d339d6744af88e2be

SHA1
684b975b1f12f3d38841c6361d3d61c3d15c9f2a

SHA256
56d0811de0aa7a612ef5cfead2a0452d7d5d265badcf16d891baf19b1d290ef5

SHA512
451d323b81f25ac04017a65601b7b3bdf29529935389afd0abdcd385fe6d44c18508b67c4a6ed091d7848433334e4ae6ed3309cbec252fa21398d997fa429aa6

Download Submit
C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\site-packages\pxr\UsdShade\__init__.py

Filesize
1KB

MD5
0178e13da7bcd3357e0f2d39044bb026

SHA1
b165a569397955eb9e165915fc41b1c9f4d1e4ff

SHA256
8bf3dbee76cd86f924fadd8960c94444b4ca1125af2eaca3cca9f70a9240f703

SHA512
e2f582ecedda15ce98cc372f71f97a92cb51c15d402d2887f0eabb0f3ce1bf29f00aead952ede5a90323b8faeedf959d6420fbd15f1f96500469aacadaf8293f

Download Submit
C:\Program Files\Blender Foundation\Blender 4.2\4.2\python\lib\site-packages\pycodestyle-2.8.0.dist-info\INSTALLER

Filesize
5B

MD5
00305bc1fb89e33403a168e6e3e2ec08

SHA1
a39ca102f6b0e1129e63235bcb0ad802a5572195

SHA256
0b77bdb04e0461147a7c783c200bc11a6591886e59e2509f5d7f6cb7179d01ab

SHA512
db43b091f60de7f8c983f5fc4009db89673215ccd20fd8b2ced4983365a74b36ac371e2e85397cac915c021377e26f2c4290915ea96f9e522e341e512c0fc169

Download Submit
C:\Program Files\Blender Foundation\Blender 4.2\blender-launcher.exe

Filesize
1.0MB

MD5
8b8b9adf3522e6b21b841236f8366a58

SHA1
188ae25f13f98f46e19dac514745c29f90c2d6f7

SHA256
da35c7219cc65ed55319f62561b961240692778ed6dad566e2d01738afbed266

SHA512
8df46dc65adf10267a8bfe1e4f948ff5afec12b880a3037f887ba93cdaf71f8c0e0c9b021ba28add1b440743df29f6e9d68cfe174dd8d0974647f2024c8bf131

Download Submit
C:\Program Files\Blender Foundation\Blender 4.2\blender.crt\msvcp140.dll

Filesize
553KB

MD5
6da7f4530edb350cf9d967d969ccecf8

SHA1
3e2681ea91f60a7a9ef2407399d13c1ca6aa71e9

SHA256
9fee6f36547d6f6ea7ca0338655555dba6bb0f798bc60334d29b94d1547da4da

SHA512
1f77f900215a4966f7f4e5d23b4aaad203136cb8561f4e36f03f13659fe1ff4b81caa75fef557c890e108f28f0484ad2baa825559114c0daa588cf1de6c1afab

Download Submit
C:\Program Files\Blender Foundation\Blender 4.2\blender.crt\vcruntime140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Program Files\Blender Foundation\Blender 4.2\blender.crt\vcruntime140_1.dll

Filesize
36KB

MD5
135359d350f72ad4bf716b764d39e749

SHA1
2e59d9bbcce356f0fece56c9c4917a5cacec63d7

SHA256
34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32

SHA512
cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba

Download Submit
C:\Program Files\Blender Foundation\Blender 4.2\blender.shared\MaterialXCore.dll

Filesize
832KB

MD5
4c05cf8e3236999e12af8827853ecd55

SHA1
88d8f028e019f0f7396bc2927fc59a57e5639949

SHA256
3a04151e261523a98468f5621639eb7eee759aabcadaef2e4456c181c02b5385

SHA512
1577176b4264a157168cc56d321b2cf76b3dc69f6fbf2a18506f1c5314675de84608969a60089348a7f17f5ad790cabda78e7103034f5a13b6d617b8f362c8cb

Download Submit
C:\Program Files\Blender Foundation\Blender 4.2\blender.shared\MaterialXFormat.dll

Filesize
185KB

MD5
8193c11f3d348ad45063b3446678ce3f

SHA1
6b8a8c4f83dc02db7cb7a70c6fbf0f791ddf5ab0

SHA256
85bd51389d41e26095d45ec9b2f43fb24eeb694efcdc7a08d58ec3fe39b33bb9

SHA512
0d5790f0fe418e3d9f7a8cee75ededb5c851a55d0a0d8b8412c17967bcf4ebe75080249a74099885ed4cfb086c6a40e816c01abbdf25b529af65f6b88f5836b7

Download Submit
C:\Program Files\Blender Foundation\Blender 4.2\blender.shared\OpenImageDenoise.dll

Filesize
159KB

MD5
c2cbaa8f5fb7f4f1b49d1da69783b6bd

SHA1
6cd09948497c5f38e67b071dc3335a60868a5794

SHA256
3d55d155ea1b002b41132c19793ce0767ab6fcb45632b7af30d88982473e9b19

SHA512
e2b30121daf454cdb23614cdda31837692a3a75281d796531c5201ba6911fdcb94a9cb2452137e2f97c35a18088d5afc0dcb9ee10536e6a264c9943e4d740262

Download Submit
C:\Program Files\Blender Foundation\Blender 4.2\blender.shared\SDL2.dll

Filesize
1.6MB

MD5
5519060c0a3732dd3e182ff5ffa1b37d

SHA1
84c14c4ecb8647aee1759e867937b81a2265d9bb

SHA256
2bb6bf95076c2e41ea9d496212e3cb4a04ee6799f72a7d0bc0cec6f127970f26

SHA512
ead883708d143283de4f5c8a8379b5ea35a95670d78ccb17da7cd07932c59079431a454940ee1e9326f1b6a75b404b538173f80378f295382969284412b421ce

Download Submit
C:\Program Files\Blender Foundation\Blender 4.2\blender.shared\avcodec-60.dll

Filesize
45.9MB

MD5
91bb5abdbd674e458d227f1e4ad4fc8e

SHA1
c8074560830ba1848b46b3fb95202a60a96c7ce2

SHA256
b7c21305ca1c26c633196dc27044c16824239b0ef491afc9a84272005e5d6e69

SHA512
b6b6e8b09051fc18b902b46c20aa48539c29ab1bcf1930cd80ab2abda539b1c4a2840385429dfc3bb43111e96ebfc77953d7bf359260d08854d1a99cef971b9f

Download Submit
C:\Program Files\Blender Foundation\Blender 4.2\blender.shared\avdevice-60.dll

Filesize
69KB

MD5
e3065f84266fc308545b6f49268f8326

SHA1
b10490890497158fdeed28e6cdc70872a07a3723

SHA256
f13122910c9b50d2b5d7748e987921bb11e14d02145907499de0fc39822ff35d

SHA512
48cb2050e61beff7a30f2c300769eae74a6d8999eadc425dfc070468118d2e7c41e9d8dc5fa91c8bff572c7544ff357e61c6e7766f03ae32625885cc579c99c2

Download Submit
C:\Program Files\Blender Foundation\Blender 4.2\blender.shared\avformat-60.dll

Filesize
2.2MB

MD5
bf7ac539289ce4a79920706950b932d1

SHA1
ac7f3aa524f1434d5e62f3fe1dcbdd118630ab33

SHA256
3d332b94f66bd1bfc49f4d00611e567fa55d9003ec4f4c8f2225b56bd911a820

SHA512
cb198d1d07eb6bdaa1a7a5dbc4762392f4ecee78afc538831f220da74d2694a031044bdc4eceaf7de2f78f3e49de303ee358ed333832b3f65099c59bbc68115d

Download Submit
C:\Program Files\Blender Foundation\Blender 4.2\blender.shared\avutil-58.dll

Filesize
693KB

MD5
b4b526abc8386a4366ae491884629efa

SHA1
29226aa620feef6857167c743f2f439ba15d97ca

SHA256
eec1ac64b2ebf9cea75fba3fa5d0a7b24716bf0fd6dbfcb64590b34d17073a20

SHA512
62289710ac3c36220404ed524f0718b4e1bd6f715a8d80f035c60df592685fdadb9dd3232ae1d5e634d0df1f51467a8dffca62297f4163410bbdd3e914858d65

Download Submit
C:\Program Files\Blender Foundation\Blender 4.2\blender.shared\boost_python311-vc142-mt-x64-1_82.dll

Filesize
188KB

MD5
8f21487f8d189942eaf8cf821b549c5d

SHA1
4e7173333b73997699c65d7daf22c4e1424e8d8f

SHA256
2fae83f3d942da8b4ccf974546e26da82bb55bc2372c04d299a41c65541b3acc

SHA512
fd3fd4d0d629d47c8fc29cfcfa20bd9886c0393ee1e44460416e78473e8f1a1af86c551dd73ec51b4d2335ec4d202712a495f1323c7af79e55508b133f4c3ec7

Download Submit
C:\Program Files\Blender Foundation\Blender 4.2\blender.shared\embree4.dll

Filesize
25.4MB

MD5
83d232ba43e8065cb01f4b2c291e7f19

SHA1
098a2c35ada3c35c814e0cf49d0f11f64ff1cb13

SHA256
4bebd29ca111987fc6c9de52ae9365b72a3d8c1929ea720d7f745707ba9e5dff

SHA512
4b80a74ffdf45fe27396d0416a1662bc99b00b258724728a5a7ba28d528f540a202e313ea360ca4e55467bd07b82883b41554130d3cca3f7ca4f21e66ee099a8

Download Submit
C:\Program Files\Blender Foundation\Blender 4.2\blender.shared\opencolorio_2_3.dll

Filesize
4.1MB

MD5
a31065bdc5c10695e4e833746e348e6a

SHA1
016e9d395fb7b25ab58fafa40aac6dbcee58c8ec

SHA256
98ac33134af7792227615d0793efb9c7f8c0d7212e40bb1f8009554d75b4173c

SHA512
964c1032c507562e927302beca60f88134284d8725ef75b3517fa24efec0dbf16c3843a85f27e3e303c445c6dd8af263b71d51f21af46c5db16078d8be78584d

Download Submit
C:\Program Files\Blender Foundation\Blender 4.2\blender.shared\openimageio.dll

Filesize
9.0MB

MD5
158e94e4f435e543db28c7d1cf3756e8

SHA1
807b5d3177161da499910dd7761e31ff16b6f4ab

SHA256
d2d2fc31dafb093426487e41d2b1e6d770e51bc9b3a4bbba9cc912a28125a825

SHA512
87bd90db88618b6976c6ef16fc0ea7b7dacd52020f07d40eea97e661df84b4066178abb49a4facb8fa8912ae7bfa7e0056c380c1905761d831d3cb0560750cd6

Download Submit
C:\Program Files\Blender Foundation\Blender 4.2\blender.shared\openimageio_util.dll

Filesize
753KB

MD5
395068c7e2feceada87dfdf9f84c902d

SHA1
165a2f515b3837496fc82ef236a41ed375ef7229

SHA256
3f10e9b96edd550769e188e04d483a0c22d5071c9271cd36647e3983ddb23104

SHA512
cf1d5f97a780dc088fd223bd7fdecd0c7157753c95ed3d07cdf2305d3e46eefe2efaa6400a002d2eac3e1fb3220075d95b2e110aad6e7b4c799db4ea760b0bed

Download Submit
C:\Program Files\Blender Foundation\Blender 4.2\blender.shared\oslcomp.dll

Filesize
21.6MB

MD5
5ffb4504b20ead019782ac9d1417bb7c

SHA1
34da8d005a5a7ceeb4699c60beb8395b59a12f61

SHA256
9a42e36a09ae2315b30bcf61db00d7d8a49ec5cc6206c4440f649621b7ced544

SHA512
b48f7102960235d050ca251ad8ba29d4aea1ed12f498b4e278a76ada8de70a7845b0b3a4110dd8319d589978b9c412addd4f68ef7a47fde81ebb41c8a32cb037

Download Submit
C:\Program Files\Blender Foundation\Blender 4.2\blender.shared\oslquery.dll

Filesize
155KB

MD5
15be9a6dd75dc34b68f713b62d430655

SHA1
bdd083c23692c396fe488a20487b9adfb05034e1

SHA256
14419a023b62ae52eab2c0b9b05c777b3bd3783b4ec00bb7758353cdc4251221

SHA512
849529caf53eefd49db2ca64b84ba1ab9f4fc76c918d792f58d420ca000d432ab141fbf9c24765665c2c509878de25461e5594a0eba5819d720bbbd886974e5c

Download Submit
C:\Program Files\Blender Foundation\Blender 4.2\blender.shared\swscale-7.dll

Filesize
421KB

MD5
89a3db011aa41547381fc6e63a8fa7ad

SHA1
5598d32c7deca4ac8dfb870733a862d2e6f382c4

SHA256
548ff4e62697201d24381592347fea7955fd327b1a0f57f010626cfa454cd830

SHA512
b325704d2c820c87d78f94ef2daf39e81cf35d662ab10f70ba260751de75307a86471c4b833e9e524bfedaea8a7c6de1452a21c121150b2e25ae43bff2e5942c

Download Submit
C:\Program Files\Blender Foundation\Blender 4.2\blender.shared\sycl7.dll

Filesize
4.6MB

MD5
bf8ab503a4faf844cb7027a1483cab74

SHA1
a3b727402fad5c31c5a587b9ef8adbfa2112cd09

SHA256
b61ddeb950b71ee89cbf261a78c6fd63b331c63758dfcc83c4898b36d179cf6c

SHA512
fe638bc4605c976b8b8a7f94cd4b4acc42234366c66ac2890f343719980479f59116a51949e81cd76e8287cfba86bc6b7b52c0e46e097b7888a64baf9d118466

Download Submit
C:\Program Files\Blender Foundation\Blender 4.2\blender.shared\tbb.dll

Filesize
155KB

MD5
f655e5b5473e98c6b2bae0069505ca8a

SHA1
71b1b899fb40ea42e0929ec1305da99cfb530b01

SHA256
cc62cc39661429945cda80f93a4a62c7c67300f9b5f81253de53abd4c5b53504

SHA512
21b7342d8a559f95d033a46dbf6212d2f4e66111767e176729c076f88d4210c52044c3feb59a60d6a34402b15ca42bb4e20ba5afe285bd18f05857d96214b736

Download Submit
C:\Program Files\Blender Foundation\Blender 4.2\blender.shared\tbbmalloc.dll

Filesize
54KB

MD5
a70e312a856bd55ca9b77895ad0633b6

SHA1
f0cef1e6cc37dfd2f01cf480db6035e1d41bcd98

SHA256
476f84225029847ff7e318f3107dbb755a38826d3db69fc7ef92851ea3934210

SHA512
8f9883700258620fff1867a71af3bb9bf097842c47f78fe8f9b6835e78b8e701bdcf4e83eb772b7669c232131a05b06ff30918b7d02087e6dbf1008e347a6575

Download Submit
C:\Program Files\Blender Foundation\Blender 4.2\blender.shared\usd_ms.dll

Filesize
30.1MB

MD5
777fce542d55e479d473aee845c121d7

SHA1
5936cb4835de0b18821c2bc27b134df72641f152

SHA256
eab0d547bab8c1efc61e181f6a8662482dc3ee1a40d5f98c8a6b310e02eb3b7c

SHA512
914548f1e218382420bdd84f3c9b27d67e70deba6856d90050f368d154135259da47498c076ecdf24dcb7bf9d699ff473de33c2a536a3833da06c80b5fd3bf07

Download Submit
C:\Program Files\Blender Foundation\Blender 4.2\blender_cpu_check.dll

Filesize
20KB

MD5
1e8e5965949e84a3d47d2c374c78e76e

SHA1
a4242157303c81f57c73125e31f502de950fa414

SHA256
0414cb07fa2b6b424d3be26a627aad27a372887a8c7cc8cb687fac9ac9ac46a0

SHA512
ad1d515a1ad9f3d4d300392533d76c4db75c89d1a14f90ef8d3531c829edc934d05f6df66fcbe8b58fee4c38f33e0a640f6be4ee039404e92acf4d5f1b3af0ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4E2BAFF688C7994811CD78232818FD29

Filesize
2KB

MD5
7cae9e08b134915f8ca9ef10e6ea577a

SHA1
2b26f7898860f1302a7f4b422d00131038dd8cec

SHA256
d878c81725bf893f5d88536758f56a4cb4f400fa6f2dee1c62448bf95667ddd5

SHA512
71ee86725ec6161b1dad5871494e4525feba6bbfc7ca4af7f725a09e4b2e8b128a21fa78b6a26f38ecfb2851572360c6e80a58ce7b52255b7a684322d775b23d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\949D2E01833511C6366A8B529939FE66_A640373CFD567F7FA24BE1FC82025C7E

Filesize
314B

MD5
563685f2219be7ad2ddeb3cec6b839db

SHA1
530718bf9718e6a9a924bd015bac2c7dc4f3a923

SHA256
b1f624cdfa1935d92d1ed89e0343790447e2947ad64160188306e2d897fb6044

SHA512
da579b5db610cffa4cd46c1fd62a60447066e009d267a670d773d014e9d0857e57e975e710aa8a758e1f90c8e4e044c9e0f0d27e0205fb35a92475bd271ceb66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4E2BAFF688C7994811CD78232818FD29

Filesize
306B

MD5
3e217be473ce21f8b5f325a5e45a6a43

SHA1
298f507addbc0073c170e64d78242d22d5d3067b

SHA256
e7dcdbd953a7b08f00de3a156134fe83025649f9896f411b2df94bbb0c883202

SHA512
55ee433260425acde8747c6a447343db730090f6fd477eb5007dbbca2e068486852622d0e071d139ae01f8cc37960e2d2e70382b12d0882bec347e3c8ce52690

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\949D2E01833511C6366A8B529939FE66_A640373CFD567F7FA24BE1FC82025C7E

Filesize
494B

MD5
1265c6f62fbabbe227cc580fad821fcb

SHA1
76ae2150d96174761df725d3d80dba79869081e2

SHA256
e068e02ac8291be39959b618b11b1592f450cedc793d361329ff556f092261e6

SHA512
bc2df6644a0da1a8b72610899a9ea4344036ea5d01eb1231b563bad38be6e410d68991d50767771670c8fc0adc903c063cfb5d28a6be4ad96788fdc71b57f7b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4fe248e79ad3e20041e309e1c8f5b66e

SHA1
0187d1a4cc8d4bed6b1e782d72fd68a5d478c664

SHA256
ef91c371c093bb39b20a439940b7d7bc7e42e89e6d6c1804419751332620a110

SHA512
40ba672f02e6fc08a41528109efd9bf1d7c6d27f986f07e6debe334ba1b662473cd7072cce97cc4339dc2146e904b80b690ff078733c5711a70e988deb693f08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
030c8663b748b51ebca648565cfda359

SHA1
2b832175502ebabed93e730ff6bb1719994132c4

SHA256
4b67f267e1577b6687a9578e7333e101244cd60ca718f976b2272597bc90f737

SHA512
c8c9e841094d0f8ae814f6090d522c6b2840acfba43df2c58aef2d267f73ea9aaa89465760583cdbcead048d8500ca8d9dfa28b1113e4c546d324449588abf53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
bd8e49655466bab574a1ece67f32e019

SHA1
884efdfbb89a11ab6d5d87baad380ec0a07c8fe8

SHA256
e6b8da27ceba05710a4b827c70c435f9c82ed7fdb1a9e45cf82071eb2ae08742

SHA512
0e093a8580d950980d126aa7f0f3c87054a0f8631d733410cc4c4d68eda085187688c7b333b708b0c7085d2c97aa1ad5313cbbfb139bfa47a7187775dddf22b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c5f58e52c9e09eb0cebc34e79fc57355

SHA1
a61ebc2db9f4329e3e01a2dd0be14d01d5ec9618

SHA256
8d0379f04a4eb6f958d5c0dfd0f8f218b2ca60f0d3c5979f1c75cde6b241c09a

SHA512
7c91cae778c2116342392120f16fced9ed1f8c9f4363e0fac5bbf741d780d0961b9516302100f08c637b8c4249264a7a27e51546fc9f8c2e0dfe0d44022f74e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
828ac3dd280b3501b50ce2066d78a645

SHA1
2320db1bfb51a29e3f2bb897f608d7bca065ce7d

SHA256
4f90f4165e6d83e750307a1090e2eec1af0b977d4a350dcdce4e838f717e9951

SHA512
e62e3839216b08e2de6cbadcda391a5b218af9e8c8e92a3f33bd9451297e636e1ea7c9349f1b8f2cf8418146e5f61a92901d974043f600e412a7715d2be503de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
0a57b00c8481361a7bfca2947f101f3a

SHA1
5002a04bb6b6da996cd3bae7c3e241c16c574e21

SHA256
6aae49e95e6bde781835126feb74180a89e8b524b7638309639b5868a53d3e05

SHA512
d82ea0ddac0169b655f3ebaf1f08a8249310b601eb8bfe934e5121c36d1697d27eb7b9a8d0413eae719d3797ceca38cc0027adbc1babfeb52e7099b55bedea86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8523bae3be00dfe56b49fe21b4bacc69

SHA1
6fe88129f35f946771b445bc26db9ff1806e1edf

SHA256
83fd9175d34396d35dccfa73238e611048aaaf49ec519a49031520f79ed6f2e4

SHA512
aca419f282ba3ae7879bfa6799f508fb79dbb69c82a71678d34acbb2b4988ff1cc1ea296c1fdf1008418f78ffcff75c061dbe19bc51c2cc0d8112a4d2a29c8d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dd2ab2b68551fae03ee7ca7ab81d0af8

SHA1
17c6a45ef3435626f741c4a054389bb9b6e1b141

SHA256
a62847d1184936c2b794736a6b595591f32c48f1e00b3989e7ec0a70524251a6

SHA512
fe3333e581cff5e119c5ae7539e1e2f0646d56cc65b857de1722f7c562549eef65a5d0f8a27148bb0df336ee6188c17e9c70ff5e42e4bd83f27a9144820e25b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6d9cfc3e7a236d387e9c58d869d1fecd

SHA1
64c753595913d1acfbe95041440180d9bffce5a7

SHA256
f8d05e5f62d88db9edaa6dd7df60aaf16027fc5b0dabf4fbb001a3980e4b00e1

SHA512
36b3e58683f25c5d9a51247199849994c7114c5e1d36ef79b4f2a4d9729689f0847455cf65cc9fd2e554b709120bbf7f1813742858bbddaa8526a01ed1aa6622

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d090e41c0f21dec67fe4e86dea67b655

SHA1
573a99f8600c157cdb0ad000f53ac2042e016f0a

SHA256
1c7803d769beb5a3e4daa82742c67fa4537ac366bd0231c6fcf68b8984b0decf

SHA512
cd51f37915c3d0cd9ce788f5cfc252c65ed05574ccc4f997f5f0f86836eadb1b0b8fa01de1c937ca282b18471fbac7d9173f5baf9f9332ac6f4a0e748c80e516

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
20aebacf0dd2e1b12256b4fba04b7044

SHA1
af0f4e86cfb3936c5c7e91e06bff267b908af281

SHA256
23f7a9767c9bf04e74c25e6a3f0c102b80bbf26fb203c91c2becee8a35e43d77

SHA512
c9465a32a906d4270ab36564dc4912b70bbdc4bf7965bf5668b95fe3c8350ee7aa6434d2439422ad18647b4307e154a70da379f4295f652576ce8057ae7ccd85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
34333deaaf97afccb0d2ff5e37f23541

SHA1
91356aafda5bcaf9e12fc93a65737b650d34eaa4

SHA256
71cb63f52cdf2f7d40480baf297539c4e5406e3d58150bc674f7065b43c65270

SHA512
25120b3bdbb1a73c31929c6af06b5ca8dba8548b4c56eebb7c6e6ac03f051ccfadfe6d2a1e95a79e85f33250442edeade7c7e6d95b6ce192b4fad179a784a462

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d645903316fdc1606e3c8d550d3f7c28

SHA1
723c261b4f75a4681c97466ddbd7a4f4bc5591fe

SHA256
63f263ef8d29e86615b1219108468e4ba3ed00a74829baf477ebacb609bd994d

SHA512
9d610ebf1a2c49b81e707298250befecabfee95f1fbcaa0b9c6f1bc918e5db903c4ebbdc7d7527346099c1b128081eb284fc92b4104c859314c252eaa1a48806

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6b9a4be0b7a8dd1e57f5dfa612dc7b70

SHA1
37ad303b21cac3741d9e77457263a68ba7da3c8e

SHA256
cef7abdbc5aba2a701744821d1610a2eea3af4ccc456f14c0cf090fdcceba309

SHA512
1e0b90f2f6df70b135f54cc4e2f0fcb57501e5debb06faa66581353e99b550c24cf0490b1f62713a3024fc629cc3f922a8e6658d5caf8302072102847bc58a13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
747f328ab61e5678f323764697e2fdb2

SHA1
25ad6eae5e6c410986e49b11fff83c798d866544

SHA256
c1ecaa29422e9fce7fb8d99f874f0f8d0cc43b79c3be3fabceb00ed384448b87

SHA512
23c205aec4b8b3ef3adcf4807bd442c7b3ddac0c31b54a48a001fccfc5f77f8cbd48057f20489fdc185036720532d6707f7eb6e7d6e6a61465401946c7649e81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
213KB

MD5
9eaa4727249885bd95bf46b3d828c960

SHA1
e8a90593952d3e4fae63ebddd0a269a459f17cfc

SHA256
c6d7b4be9ff08e1a6d338fdef2063ad7016b369fef250255d732b570eca58863

SHA512
ba17eeb1ca6521c1b169cfb8f3acd873d90f269ba0bd713796e0e207ecc86e514c23e14c4c3df3c2ff43bee074af226921279230e5586b4d29def91c1cf6aeee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
213KB

MD5
cf48883ae6661a2ac0aadbd697297dbe

SHA1
e7ccf293fbfea1f792c7b8498bac20ff4845e08e

SHA256
72cc57d8f10f3a97feab9f78d898159a010d2dc5b87185f3af001af16feeb153

SHA512
945e1fd2f454a77375a854d4d1852120235d8586b0b6e11f7932e28783006a52c131e73a7b6d4976fe64e1ccd02038878366deec2f3f9233ce4e0ac532c579e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
ac4a9fa87a982cb7425f90a9ee11ccca

SHA1
31f031b03465e893294f0e8f70f41cd82e17d2d0

SHA256
f30f12b847c6809175aea9775c6c34e34df85df915e5228d41858bd81a193b1a

SHA512
ff0df0e55c0e5fe2d876eb4d1c1dd3413b3c2d6d8f4edea960c0ee807440fc3a6113de9a5858954f52f7b4c0605a8b405f7b088535ee5053563f7d40d7019c77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
aabfe66ce17bc58ac890204b5bfb2c35

SHA1
33377d328dfa5ebac332f5a3782d05ce4725d674

SHA256
94f1c053b9813ea870e5f8556bb69bc467a266364224f9ff63cac29f2c5cb922

SHA512
505747f3406ede150429df8e619cf14a2c27355319fbad2cce84383c8959944431be7f57b3d4e39701847463bdb49b0f32a830f23bf656eb78a7d678e1b7cd90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
213KB

MD5
87ad4b6a56bdd13c07b413fc4711763a

SHA1
19c51e0516c46b4489b67032feef799a0141d751

SHA256
960138762b7878ef015711be89873ab3522706065e94ed00439c30eb51bc2b98

SHA512
668d055487fb57681a6b8425307d33552ac0097e55337f3ebfc9611f1b394f705a410afc25216ca10572fecf6acbe5f4bb99d6ba770c9d284aa5bdc8b3d96f67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
d4b61c8ce6f7bcd37c6c73ea67e456d3

SHA1
71af91a596dea14f18b5a5982498c4295d9ccf2d

SHA256
9285eb5274feb9f4c412c89602a28e30f4030375917adb34be649d8b2f4f5d5c

SHA512
f0b64e3f5ae80c1113f7110f9c197a3280c7afc6201142d904a4f7504d2e2d1b1c0aa4289ecf6406aab8ba3a2f4f3ff403a8cd6cc3f9928537ce4b7079b78670

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\activity-stream.discovery_stream.json

Filesize
30KB

MD5
013c6b4bd98f03d481d1a8bf03543ea4

SHA1
192cb84ff3cf822a816a60ffd028c2a02a3e2495

SHA256
006e05a950543ee09d796188884a6273225beae54300660094c1336a06a92aef

SHA512
fb1995f2b71b7a19131194db8a54d238e40c95922a5f11a6a9a3618ba99a6a05adcdca9f9accc131506369ac913c823c50b591ef9629f0ade88251c46c055a0f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\AlternateServices.bin

Filesize
6KB

MD5
166ccdda55976401d629999073dca99b

SHA1
766795de3368081b09caafc2e84169e643926c14

SHA256
51fc7f23786bb8aa281de9661a1ab545e1041f472e55e916184b372ea5d35795

SHA512
20cdc6435462ae1d4dc83eaa78b29bb222de7d3b031e7b511eb1ae2835ea69125c26656ff1712cde9538a766aac304d2a6a75f60d80cc4ef8dbeacc64ec8cea6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
a8117e451b483fdf08d2b916b8801213

SHA1
b9fa52cbfda049bc075985c0ad3428c8db89b817

SHA256
c3c5f0c1b37ce3819c487d779536194236db8c5436883cd3cd2b9f0c80840cd2

SHA512
34a731b1bd284c539e5adb2e17e0a591cad3287fcbf86059e0600f43ba6d8762ed5de82ec5176068d734e83cd92b3734a7727d0853ab1e80223b870ed8e691fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
7aacedb2fcaa44f3ae000f20ff2c79c5

SHA1
43cd78fef7b4a45962cb1faa698e460652f9dff9

SHA256
c6181b1dcbdaa609b949202bbc6d0b62a5acdc6c8b34a9b209a081e26c0b8cef

SHA512
5aa1b8bbbb2aeb1d70d31add5c9cd745cee740e37f42930bdf687df8b7a948d7dcfacc53286cfff12b6bbf9d77deab71b1d903c5272235b57c6fc50d6542176a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
3809a8642149abf8f98d177cf068adf8

SHA1
fb2762ec505d1a1fdb72b38f879103467629a484

SHA256
1dbd8d6c92ee91d11b72e65e122b1b7dc94e870ad503aa087a052443d92bccf4

SHA512
54932393a1b1ec4bf583709f2211e045a00724e057df43d69743d677ea0d03d44bcc2760f19ed25ad0e5c1016f4eb22a65fd8794e7051f4dca7c9e1b97000b14

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\14b951e7-8bf8-4a87-bfe1-0c91798cbad4

Filesize
671B

MD5
51ce11cc9ae09d566b624899f84466bf

SHA1
0ae77da80ed89a85149f00773a522787f7678286

SHA256
f8caeac8184f0e7c2384c296dfebc44b81fd5f6fe684a47afb9c1a71aecefd3e

SHA512
c9ac3292531891dfc1fb3ffeaa33d3fb76cb9230cc018ddfe4776b29fbb8a1d8659848e1058441abb7ff4e2ca1bbac55387c40515c605164be8d29d4d65fe03e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\1a46af2f-dc30-4bfe-9887-002ef8d3be03

Filesize
982B

MD5
ba186e8a7aa182a25df81d0f2d62c336

SHA1
8c2f4941b613bae7979e375922c2855bb6a4ac5e

SHA256
7810ffeb8aad1629a2022d5893d56e5242fbbdff56a4944a7fa4ed27e6fae0d9

SHA512
d071ca06e9aadb9e435401ea6912acd6602440ba7e34ffd27174f6545cd08b6cf9d43e086dd7a407e6979f5eee199a48ba18ea7dae6da94fc7faf428b5c9f9da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\c1aa2a21-0662-4730-899c-69bc29ac3423

Filesize
23KB

MD5
487843146bfe6a167da490d5d3f46293

SHA1
0cacabf83f725d638a97843c6204bce75d07ccd2

SHA256
fbe3090d53cda7db91393c29ac4e40fc25d799b3417d0d393fa7472655e33b4d

SHA512
4f77d1d7bfe33f2dfec224237ccf3a0f3e9f28e0329e2a986e7fe2feed727b0b7f861ef68957867920153462fad589a624ee4f159bb5dfb82ae298847269014d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs-1.js

Filesize
10KB

MD5
b6f841dc10161a601af134daa8c960ac

SHA1
116ef9af53dfefd316c77baf86bf62d18d2628fc

SHA256
2d06c68ac725b0e66b5217cf26fd397387edda0293ca06445abecb816c19f90b

SHA512
99b6c675f2b0122c17b6a9702d427851363cc6b28a46aaed427fa1e010a23fe7d4625daf70f1d9508b3b5f75a7aa94c3256e37970434ea5279de2359842e1cdb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs.js

Filesize
10KB

MD5
0647ff88c66cf49c0cf25c8e48cca442

SHA1
0a5f518f230dbf02d565f5c067f2cac78a958809

SHA256
970fa1d740357c74218b489ffadf2f34656e4ba6d22337b5e1594ae38c248ee2

SHA512
6ddbdd2830730d602cefd67540da2199e81ee1691856db7ffc0fa689dee0a4901cb261fe3ac1008942fa0b5e61532923dd91b3a00d9b39fc1d948cf8a15d5b03

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
12.8MB

MD5
3232c508ef4b77ef10b9d73de89e6fe2

SHA1
b0fad4655a576183aaf498f11d3b087865feb6c5

SHA256
001f3f232595f1dd01e94ace0276ee4b1af5c50c8a2a8f20f2b4c77c1b9e44c7

SHA512
e9d5c2ede2b823637a692c009812b02cd460205fe01e5c4abeda2de9c43de1ca79301cfc0ccca88adbae65b9f5907534a24af7d94a9e99f9014fcf7496800f5f

Download Submit
\??\Volume{e2de8665-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{65e9d8cf-c488-4a10-bdab-992ab9aab252}_OnDiskSnapshotProp

Filesize
6KB

MD5
5ed7121c370b2e976b9f5da7bb46f854

SHA1
f4a766d3d723e0bfb44ac814153ea9f2e025badc

SHA256
7779f629eece641e3641991b5cb356db7bfe67926b4f7c26de5a6f182822f57f

SHA512
42da70d9f1bb25be65da321d20f778c05a6ca7b425341ac9882a33c4f9862595ce041f1240ce58c67887a8310420869cca36cfb6014f2c0dd6e014dc36baeaf2

Download Submit
memory/4808-5563-0x00007FFB3A400000-0x00007FFB3A410000-memory.dmp

Filesize
64KB

Download
memory/4808-5562-0x00007FFB3A400000-0x00007FFB3A410000-memory.dmp

Filesize
64KB

Download
memory/4808-5561-0x00007FFB3A400000-0x00007FFB3A410000-memory.dmp

Filesize
64KB

Download
memory/4808-5560-0x00007FFB3A400000-0x00007FFB3A410000-memory.dmp

Filesize
64KB

Download
memory/4808-5559-0x00007FFB3A400000-0x00007FFB3A410000-memory.dmp

Filesize
64KB

Download
memory/4808-5558-0x00007FF6A13C0000-0x00007FF6A6408000-memory.dmp

Filesize
80.3MB

Download