af3d6f0d1e0fe6c116c91e86b045994a26123a3da101d92f05e232add071a7cb

Analysis

max time kernel
151s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06-02-2023 09:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

paint.net.5.0.1.install.anycpu.web.exe
Size

1.1MB
MD5

29d86c3800325e8db85d559a126958b0
SHA1

6a06773bd7b76103c231dad8bb751d5db157c2e7
SHA256

de7659f337aa53a731d4c89f5a331869327280325a52c80db11a5829686c09d0
SHA512

5b9053151acfbf7584438fb1436fbbbc7ea07701c5d20e3ae9bac488252b0896cb18e9d5d4f5762a6282f60810400c5bc734598af0151f1594ad307cf95b2521
SSDEEP

24576:HrYYYYkWYCzwLhA29pQyIbsIC0BuDgRtIyxwNJ:HrYYYYkvLhA29pmZDj0yxOJ

Score

9^/10

coreentity discovery

Malware Config

Signatures

CoreEntity .NET Packer 2 IoCs

A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

coreentity

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\paintdotnet.dll	coreentity
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\paintdotnet.dll	coreentity

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

paint.net.5.0.1.install.anycpu.web.exepaint.net.5.0.1.install.x64.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	paint.net.5.0.1.install.anycpu.web.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	paint.net.5.0.1.install.x64.exe

Executes dropped EXE 5 IoCs

Processes:

SetupShim.exeSetupDownloader.exepaint.net.5.0.1.install.x64.exeSetupShim.exeSetupFrontEnd.exe

pid process

2028 SetupShim.exe
3304 SetupDownloader.exe
444 paint.net.5.0.1.install.x64.exe
1544 SetupShim.exe
2604 SetupFrontEnd.exe

pid	process
2028	SetupShim.exe
3304	SetupDownloader.exe
444	paint.net.5.0.1.install.x64.exe
1544	SetupShim.exe
2604	SetupFrontEnd.exe

Loads dropped DLL 62 IoCs

Processes:

SetupFrontEnd.exe

pid	process
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe
2604	SetupFrontEnd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exe

description	ioc	process
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe

Drops file in Program Files directory 64 IoCs

Processes:

msiexec.exeSetupFrontEnd.exe

description	ioc	process
File created	C:\Program Files\paint.net\System.Collections.Immutable.dll	msiexec.exe
File created	C:\Program Files\paint.net\System.Reflection.dll	msiexec.exe
File created	C:\Program Files\paint.net\mscorrc.dll	msiexec.exe
File created	C:\Program Files\paint.net\PaintDotNet.Collections.dll	msiexec.exe
File created	C:\Program Files\paint.net\PaintDotNet.UI.dll	msiexec.exe
File created	C:\Program Files\paint.net\PaintDotNet.Windows.dll	msiexec.exe
File created	C:\Program Files\paint.net\PaintDotNet.Windows.Framework.pdb	msiexec.exe
File created	C:\Program Files\paint.net\PresentationFramework.Luna.dll	msiexec.exe
File created	C:\Program Files\paint.net\System.Resources.ResourceManager.dll	msiexec.exe
File created	C:\Program Files\paint.net\System.Security.AccessControl.dll	msiexec.exe
File created	C:\Program Files\paint.net\System.Security.Cryptography.Xml.dll	msiexec.exe
File created	C:\Program Files\paint.net\Microsoft.CSharp.dll	msiexec.exe
File created	C:\Program Files\paint.net\Microsoft.DiaSymReader.Native.amd64.dll	msiexec.exe
File created	C:\Program Files\paint.net\PaintDotNet.Windows.Framework.dll	msiexec.exe
File created	C:\Program Files\paint.net\System.Linq.Queryable.dll	msiexec.exe
File created	C:\Program Files\paint.net\System.Net.dll	msiexec.exe
File created	C:\Program Files\paint.net\System.Numerics.Vectors.dll	msiexec.exe
File created	C:\Program Files\paint.net\System.Drawing.Primitives.dll	msiexec.exe
File created	C:\Program Files\paint.net\System.Runtime.Serialization.Json.dll	msiexec.exe
File created	C:\Program Files\paint.net\Bundled\AvifFileType\AvifFileType.pdb	msiexec.exe
File created	C:\Program Files\paint.net\msvcp140_atomic_wait.dll	msiexec.exe
File created	C:\Program Files\paint.net\PresentationFramework.Aero2.dll	msiexec.exe
File created	C:\Program Files\paint.net\System.Configuration.ConfigurationManager.dll	msiexec.exe
File created	C:\Program Files\paint.net\System.Data.dll	msiexec.exe
File created	C:\Program Files\paint.net\System.Diagnostics.Debug.dll	msiexec.exe
File created	C:\Program Files\paint.net\PaintDotNet.Framework.dll	msiexec.exe
File created	C:\Program Files\paint.net\System.Runtime.Serialization.Formatters.dll	msiexec.exe
File created	C:\Program Files\paint.net\Bundled\AvifFileType\Readme.txt	msiexec.exe
File created	C:\Program Files\paint.net\Bundled\WebPFileType\Third Party Notices.txt	msiexec.exe
File created	C:\Program Files\paint.net\System.Runtime.InteropServices.JavaScript.dll	msiexec.exe
File created	C:\Program Files\paint.net\System.Text.Encoding.Extensions.dll	msiexec.exe
File opened for modification	C:\Program Files\paint.net\Staging	SetupFrontEnd.exe
File created	C:\Program Files\paint.net\D3DCompiler_47_cor3.dll	msiexec.exe
File created	C:\Program Files\paint.net\System.Globalization.Calendars.dll	msiexec.exe
File created	C:\Program Files\paint.net\System.IO.Pipes.dll	msiexec.exe
File created	C:\Program Files\paint.net\System.Net.Http.dll	msiexec.exe
File created	C:\Program Files\paint.net\System.Reflection.Emit.ILGeneration.dll	msiexec.exe
File created	C:\Program Files\paint.net\Resources\es\Images.PayPalDonate.gif	msiexec.exe
File created	C:\Program Files\paint.net\System.IO.Compression.FileSystem.dll	msiexec.exe
File created	C:\Program Files\paint.net\System.Net.Requests.dll	msiexec.exe
File created	C:\Program Files\paint.net\WindowsFormsIntegration.dll	msiexec.exe
File created	C:\Program Files\paint.net\Bundled\AvifFileType\AvifNative_x64.dll	msiexec.exe
File created	C:\Program Files\paint.net\PaintDotNet.Strings.3.resources	msiexec.exe
File created	C:\Program Files\paint.net\System.Linq.Parallel.dll	msiexec.exe
File created	C:\Program Files\paint.net\System.Security.Cryptography.ProtectedData.dll	msiexec.exe
File created	C:\Program Files\paint.net\System.Text.RegularExpressions.dll	msiexec.exe
File created	C:\Program Files\paint.net\PaintDotNet.Fundamentals.pdb	msiexec.exe
File created	C:\Program Files\paint.net\PaintDotNet.SystemLayer.pdb	msiexec.exe
File created	C:\Program Files\paint.net\PresentationFramework.Classic.dll	msiexec.exe
File created	C:\Program Files\paint.net\System.Resources.Reader.dll	msiexec.exe
File created	C:\Program Files\paint.net\Bundled\WebPFileType\WebPFileType.dll	msiexec.exe
File created	C:\Program Files\paint.net\System.Transactions.Local.dll	msiexec.exe
File created	C:\Program Files\paint.net\System.Xml.ReaderWriter.dll	msiexec.exe
File created	C:\Program Files\paint.net\PaintDotNet.ComponentModel.xml	msiexec.exe
File created	C:\Program Files\paint.net\PaintDotNet.Strings.3.pl.resources	msiexec.exe
File created	C:\Program Files\paint.net\System.AppContext.dll	msiexec.exe
File created	C:\Program Files\paint.net\System.ComponentModel.EventBasedAsync.dll	msiexec.exe
File created	C:\Program Files\paint.net\System.Net.Mail.dll	msiexec.exe
File created	C:\Program Files\paint.net\System.Security.Permissions.dll	msiexec.exe
File created	C:\Program Files\paint.net\Resources\ja\Images.PayPalDonate.gif	msiexec.exe
File created	C:\Program Files\paint.net\PaintDotNet.Core.pdb	msiexec.exe
File created	C:\Program Files\paint.net\System.DirectoryServices.dll	msiexec.exe
File created	C:\Program Files\paint.net\System.Runtime.dll	msiexec.exe
File created	C:\Program Files\paint.net\System.Xml.XmlSerializer.dll	msiexec.exe

Drops file in Windows directory 8 IoCs

Processes:

msiexec.exe

description	ioc	process
File opened for modification	C:\Windows\Installer\e58cdda.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{6D165307-EFDF-4906-8DB4-0DB7FD6D0CCC}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF5F4.tmp	msiexec.exe
File created	C:\Windows\Installer\e58cddd.msi	msiexec.exe
File created	C:\Windows\Installer\e58cdda.msi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

vssvc.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000007c4a2b5d7b48cb040000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800007c4a2b5d0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3f000000ffffffff0000000007000100006809007c4a2b5d000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000007c4a2b5d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000007c4a2b5d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

SetupDownloader.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	SetupDownloader.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	SetupDownloader.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	SetupDownloader.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

msiexec.exe

pid process

4892 msiexec.exe
4892 msiexec.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

SetupFrontEnd.exe

pid process

2604 SetupFrontEnd.exe

pid	process
4892	msiexec.exe
4892	msiexec.exe

Suspicious use of AdjustPrivilegeToken 53 IoCs

Processes:

SetupDownloader.exeSetupFrontEnd.exevssvc.exemsiexec.exesrtasks.exe

description	pid	process
Token: SeDebugPrivilege	3304	SetupDownloader.exe
Token: SeDebugPrivilege	2604	SetupFrontEnd.exe
Token: SeBackupPrivilege	3088	vssvc.exe
Token: SeRestorePrivilege	3088	vssvc.exe
Token: SeAuditPrivilege	3088	vssvc.exe
Token: SeBackupPrivilege	2604	SetupFrontEnd.exe
Token: SeRestorePrivilege	2604	SetupFrontEnd.exe
Token: SeShutdownPrivilege	2604	SetupFrontEnd.exe
Token: SeIncreaseQuotaPrivilege	2604	SetupFrontEnd.exe
Token: SeSecurityPrivilege	4892	msiexec.exe
Token: SeCreateTokenPrivilege	2604	SetupFrontEnd.exe
Token: SeAssignPrimaryTokenPrivilege	2604	SetupFrontEnd.exe
Token: SeLockMemoryPrivilege	2604	SetupFrontEnd.exe
Token: SeIncreaseQuotaPrivilege	2604	SetupFrontEnd.exe
Token: SeMachineAccountPrivilege	2604	SetupFrontEnd.exe
Token: SeTcbPrivilege	2604	SetupFrontEnd.exe
Token: SeSecurityPrivilege	2604	SetupFrontEnd.exe
Token: SeTakeOwnershipPrivilege	2604	SetupFrontEnd.exe
Token: SeLoadDriverPrivilege	2604	SetupFrontEnd.exe
Token: SeSystemProfilePrivilege	2604	SetupFrontEnd.exe
Token: SeSystemtimePrivilege	2604	SetupFrontEnd.exe
Token: SeProfSingleProcessPrivilege	2604	SetupFrontEnd.exe
Token: SeIncBasePriorityPrivilege	2604	SetupFrontEnd.exe
Token: SeCreatePagefilePrivilege	2604	SetupFrontEnd.exe
Token: SeCreatePermanentPrivilege	2604	SetupFrontEnd.exe
Token: SeBackupPrivilege	2604	SetupFrontEnd.exe
Token: SeRestorePrivilege	2604	SetupFrontEnd.exe
Token: SeShutdownPrivilege	2604	SetupFrontEnd.exe
Token: SeDebugPrivilege	2604	SetupFrontEnd.exe
Token: SeAuditPrivilege	2604	SetupFrontEnd.exe
Token: SeSystemEnvironmentPrivilege	2604	SetupFrontEnd.exe
Token: SeChangeNotifyPrivilege	2604	SetupFrontEnd.exe
Token: SeRemoteShutdownPrivilege	2604	SetupFrontEnd.exe
Token: SeUndockPrivilege	2604	SetupFrontEnd.exe
Token: SeSyncAgentPrivilege	2604	SetupFrontEnd.exe
Token: SeEnableDelegationPrivilege	2604	SetupFrontEnd.exe
Token: SeManageVolumePrivilege	2604	SetupFrontEnd.exe
Token: SeImpersonatePrivilege	2604	SetupFrontEnd.exe
Token: SeCreateGlobalPrivilege	2604	SetupFrontEnd.exe
Token: SeRestorePrivilege	4892	msiexec.exe
Token: SeTakeOwnershipPrivilege	4892	msiexec.exe
Token: SeBackupPrivilege	2704	srtasks.exe
Token: SeRestorePrivilege	2704	srtasks.exe
Token: SeSecurityPrivilege	2704	srtasks.exe
Token: SeTakeOwnershipPrivilege	2704	srtasks.exe
Token: SeBackupPrivilege	2704	srtasks.exe
Token: SeRestorePrivilege	2704	srtasks.exe
Token: SeSecurityPrivilege	2704	srtasks.exe
Token: SeTakeOwnershipPrivilege	2704	srtasks.exe
Token: SeRestorePrivilege	4892	msiexec.exe
Token: SeTakeOwnershipPrivilege	4892	msiexec.exe
Token: SeRestorePrivilege	4892	msiexec.exe
Token: SeTakeOwnershipPrivilege	4892	msiexec.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

SetupFrontEnd.exe

pid process

2604 SetupFrontEnd.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

SetupShim.exepaint.net.5.0.1.install.x64.exeSetupShim.exeSetupFrontEnd.exe

pid process

2028 SetupShim.exe
444 paint.net.5.0.1.install.x64.exe
1544 SetupShim.exe
2604 SetupFrontEnd.exe

pid	process
2028	SetupShim.exe
444	paint.net.5.0.1.install.x64.exe
1544	SetupShim.exe
2604	SetupFrontEnd.exe

Suspicious use of WriteProcessMemory 13 IoCs

Processes:

paint.net.5.0.1.install.anycpu.web.exeSetupShim.exeSetupDownloader.exepaint.net.5.0.1.install.x64.exeSetupShim.exe

description	pid	process	target process
PID 4788 wrote to memory of 2028	4788	paint.net.5.0.1.install.anycpu.web.exe	SetupShim.exe
PID 4788 wrote to memory of 2028	4788	paint.net.5.0.1.install.anycpu.web.exe	SetupShim.exe
PID 4788 wrote to memory of 2028	4788	paint.net.5.0.1.install.anycpu.web.exe	SetupShim.exe
PID 2028 wrote to memory of 3304	2028	SetupShim.exe	SetupDownloader.exe
PID 2028 wrote to memory of 3304	2028	SetupShim.exe	SetupDownloader.exe
PID 3304 wrote to memory of 444	3304	SetupDownloader.exe	paint.net.5.0.1.install.x64.exe
PID 3304 wrote to memory of 444	3304	SetupDownloader.exe	paint.net.5.0.1.install.x64.exe
PID 3304 wrote to memory of 444	3304	SetupDownloader.exe	paint.net.5.0.1.install.x64.exe
PID 444 wrote to memory of 1544	444	paint.net.5.0.1.install.x64.exe	SetupShim.exe
PID 444 wrote to memory of 1544	444	paint.net.5.0.1.install.x64.exe	SetupShim.exe
PID 444 wrote to memory of 1544	444	paint.net.5.0.1.install.x64.exe	SetupShim.exe
PID 1544 wrote to memory of 2604	1544	SetupShim.exe	SetupFrontEnd.exe
PID 1544 wrote to memory of 2604	1544	SetupShim.exe	SetupFrontEnd.exe

C:\Users\Admin\AppData\Local\Temp\paint.net.5.0.1.install.anycpu.web.exe
"C:\Users\Admin\AppData\Local\Temp\paint.net.5.0.1.install.anycpu.web.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4788

C:\Users\Admin\AppData\Local\Temp\7zS4B2FD096\SetupShim.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4B2FD096\SetupShim.exe" /suppressReboot
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2028

C:\Users\Admin\AppData\Local\Temp\7zS4B2FD096\x64\SetupDownloader\SetupDownloader.exe
"x64\SetupDownloader\SetupDownloader.exe" /SkipSuccessPrompt "C:\Users\Admin\AppData\Local\Temp\7zS4B2FD096\SetupShim.exe" /suppressReboot
3⤵
- Executes dropped EXE
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3304

C:\Users\Admin\AppData\Local\Temp\PdnSetupDownloader\efa43654-364f-4010-b72b-d96d282e312a\paint.net.5.0.1.install.x64.exe
"C:\Users\Admin\AppData\Local\Temp\PdnSetupDownloader\efa43654-364f-4010-b72b-d96d282e312a\paint.net.5.0.1.install.x64.exe" C:\Users\Admin\AppData\Local\Temp\7zS4B2FD096\SetupShim.exe
4⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:444

C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\SetupShim.exe
"C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\SetupShim.exe" /suppressReboot C:\Users\Admin\AppData\Local\Temp\7zS4B2FD096\SetupShim.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1544

C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\SetupFrontEnd.exe
"x64\SetupFrontEnd.exe" "C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\SetupShim.exe" /suppressReboot C:\Users\Admin\AppData\Local\Temp\7zS4B2FD096\SetupShim.exe
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2604

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:3088

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:3
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2704

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4892

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS4B2FD096\SetupShim.exe
Filesize
136KB

MD5
f82afdf72718f01f8224e1741374ac49

SHA1
440b52448536d2887cac23de90b0f282291f9d65

SHA256
606719ec98b05a8b4d793dd8308513df55bce978562b5c25c497149bcc79ae7e

SHA512
98cfb90b18f7bf37e6effe72d7177f394cc65a4d08144f21e96ae7e44047bfb418c4ed3683c49e129a5588b59c1aaef78535c5ee829ec1f399ee68a25c4d254d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4B2FD096\SetupShim.exe
Filesize
136KB

MD5
f82afdf72718f01f8224e1741374ac49

SHA1
440b52448536d2887cac23de90b0f282291f9d65

SHA256
606719ec98b05a8b4d793dd8308513df55bce978562b5c25c497149bcc79ae7e

SHA512
98cfb90b18f7bf37e6effe72d7177f394cc65a4d08144f21e96ae7e44047bfb418c4ed3683c49e129a5588b59c1aaef78535c5ee829ec1f399ee68a25c4d254d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4B2FD096\x64\SetupDownloader\Newtonsoft.Json.dll
Filesize
695KB

MD5
715a1fbee4665e99e859eda667fe8034

SHA1
e13c6e4210043c4976dcdc447ea2b32854f70cc6

SHA256
c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

SHA512
bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4B2FD096\x64\SetupDownloader\SetupDownloader.Configuration.json
Filesize
135B

MD5
8ca6779446e31e219589a08769448da2

SHA1
efc2d9e4b0f99daf0333406610d8031a5a8aed2f

SHA256
2b23a17e993b7837a89365cdd328541f58ddfd4ab2b45285058284eee5733613

SHA512
a6a863880835dcca879534ec8a353e2d7fef9c4410edfe41b59bac561492cc6084330c7aad1d2e8a9590b2a3d7551a0b8b6d45ced4d235f01b596d69b593bbf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4B2FD096\x64\SetupDownloader\SetupDownloader.exe
Filesize
262KB

MD5
f60e22f00fcb92ca1d0efa70df0ee900

SHA1
0b852af76e1dfccb89cae7ce6f8dca38bd8c9571

SHA256
73ca46db0349f8211e4fda2c8cec4241fb3cc1ef605e2dc39c03252b20a8570b

SHA512
83dca7872cd0ac2c436774d8084b3edac3b1e77e7704b7bbfff5de8ee677c34c0ec3d3e74c471fb8d020fb01d1b11f131d562b3304f87fd691c49a78898ba13c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4B2FD096\x64\SetupDownloader\SetupDownloader.exe
Filesize
262KB

MD5
f60e22f00fcb92ca1d0efa70df0ee900

SHA1
0b852af76e1dfccb89cae7ce6f8dca38bd8c9571

SHA256
73ca46db0349f8211e4fda2c8cec4241fb3cc1ef605e2dc39c03252b20a8570b

SHA512
83dca7872cd0ac2c436774d8084b3edac3b1e77e7704b7bbfff5de8ee677c34c0ec3d3e74c471fb8d020fb01d1b11f131d562b3304f87fd691c49a78898ba13c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4B2FD096\x64\SetupDownloader\SetupDownloader.exe.config
Filesize
218B

MD5
8f692dcbf1e68398b5dac3eba59872b0

SHA1
18011f5291790b0f49561385731ec5c6ad855415

SHA256
8c422938a58df86d88f29c61ff27006f0b3c9bb4742b11486bc5a01a6344129b

SHA512
e4bab07f4b9a9f725865e0e9f11fa31a4a1841399044f5976818782739b13d6c2012edf98199c5823ee9ecb3da40e7f3e2f88ab1394547801afa8b5b9dad9e79

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\SetupShim.exe
Filesize
136KB

MD5
f82afdf72718f01f8224e1741374ac49

SHA1
440b52448536d2887cac23de90b0f282291f9d65

SHA256
606719ec98b05a8b4d793dd8308513df55bce978562b5c25c497149bcc79ae7e

SHA512
98cfb90b18f7bf37e6effe72d7177f394cc65a4d08144f21e96ae7e44047bfb418c4ed3683c49e129a5588b59c1aaef78535c5ee829ec1f399ee68a25c4d254d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\SetupShim.exe
Filesize
136KB

MD5
f82afdf72718f01f8224e1741374ac49

SHA1
440b52448536d2887cac23de90b0f282291f9d65

SHA256
606719ec98b05a8b4d793dd8308513df55bce978562b5c25c497149bcc79ae7e

SHA512
98cfb90b18f7bf37e6effe72d7177f394cc65a4d08144f21e96ae7e44047bfb418c4ed3683c49e129a5588b59c1aaef78535c5ee829ec1f399ee68a25c4d254d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\PaintDotNet.Base.dll
Filesize
714KB

MD5
93533f012b763712208eff518516c25e

SHA1
cc1bf25b97a472b0af3581ecd0d736c5ca681d12

SHA256
14609129ef122eff5a83ad5b76b42340176f30a65163c1d54f04de1ddb6f9810

SHA512
8bf2b82ea87b6340f84e5146fe01d876cc4a89e2f2617f06a53f95d2006f14a5b0392762ceff4253f534352e740b65245122e5bfb278e4bcd621b16b72a84eb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\PaintDotNet.Base.dll
Filesize
714KB

MD5
93533f012b763712208eff518516c25e

SHA1
cc1bf25b97a472b0af3581ecd0d736c5ca681d12

SHA256
14609129ef122eff5a83ad5b76b42340176f30a65163c1d54f04de1ddb6f9810

SHA512
8bf2b82ea87b6340f84e5146fe01d876cc4a89e2f2617f06a53f95d2006f14a5b0392762ceff4253f534352e740b65245122e5bfb278e4bcd621b16b72a84eb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\PaintDotNet.ComponentModel.dll
Filesize
98KB

MD5
0dec14737516d476020b65efd1f4cac2

SHA1
59520634d4abf55ff7000de49fc4cdf89432c210

SHA256
604eb0f1ae510a27bdcc76a4fc57e9ab35edbd037995b4edcd81f5ac7d40619e

SHA512
436d5448553a6c13c9c93642a25d030a12b87a37e9a5217159d21ecb858f1e5fe58247089ad1ca726f4e21a47f4f16d0a443a7366b058a01051eca5c7851ce23

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\PaintDotNet.ComponentModel.dll
Filesize
98KB

MD5
0dec14737516d476020b65efd1f4cac2

SHA1
59520634d4abf55ff7000de49fc4cdf89432c210

SHA256
604eb0f1ae510a27bdcc76a4fc57e9ab35edbd037995b4edcd81f5ac7d40619e

SHA512
436d5448553a6c13c9c93642a25d030a12b87a37e9a5217159d21ecb858f1e5fe58247089ad1ca726f4e21a47f4f16d0a443a7366b058a01051eca5c7851ce23

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\PaintDotNet.Core.dll
Filesize
2.2MB

MD5
5b65d4cc50f2d715faff323408b1705d

SHA1
5e45b23b7a4852f9dc7c00cc4a434fa6cd220cab

SHA256
e11903509f61f33ee864c50ba0f092b161f9ff98c0900ac8675bc891c65f05d7

SHA512
bc541eb485520c88cafdf872fb6f6b5fdafe21da5582f3b2d14d468ad92b4b5658d0d9cb57ffa15447144113d1ed3b7fdda52bc978714ca85dbe7773b6e0c559

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\PaintDotNet.Core.dll
Filesize
2.2MB

MD5
5b65d4cc50f2d715faff323408b1705d

SHA1
5e45b23b7a4852f9dc7c00cc4a434fa6cd220cab

SHA256
e11903509f61f33ee864c50ba0f092b161f9ff98c0900ac8675bc891c65f05d7

SHA512
bc541eb485520c88cafdf872fb6f6b5fdafe21da5582f3b2d14d468ad92b4b5658d0d9cb57ffa15447144113d1ed3b7fdda52bc978714ca85dbe7773b6e0c559

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\PaintDotNet.Framework.dll
Filesize
994KB

MD5
17b0de2e09f690611b040e37fb1a64a3

SHA1
a19bb258c594a00c8be1e6acaad5673c48e0be24

SHA256
a79cd1d3b4c3364b4f2b784c76d09ea9338019e2764a5249ef3179276bc3c8f8

SHA512
4f154d792c50739371654f129c279f90cef720ea235b32106563946a07b8ba8d6f0094d3f35e899eada59c5bd001a07c598d0f8e9e10a0f5db8236d02722f98e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\PaintDotNet.Framework.dll
Filesize
994KB

MD5
17b0de2e09f690611b040e37fb1a64a3

SHA1
a19bb258c594a00c8be1e6acaad5673c48e0be24

SHA256
a79cd1d3b4c3364b4f2b784c76d09ea9338019e2764a5249ef3179276bc3c8f8

SHA512
4f154d792c50739371654f129c279f90cef720ea235b32106563946a07b8ba8d6f0094d3f35e899eada59c5bd001a07c598d0f8e9e10a0f5db8236d02722f98e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\PaintDotNet.ObjectModel.dll
Filesize
182KB

MD5
49f21ec827b1b408a292e74ad9c8482c

SHA1
0c8b75c5c95f72f85ceada4351cef425ff7694df

SHA256
79893e955ee43362002ed01ee97510dce2683c9bf77164d4bbd93e98a6c7c3aa

SHA512
d218f44c962826a2c156f474b74e23a4df5a71160a550afd412c8af166ae2fcdb8dc47dd4fe247b1c3cf5e05fb491e140230f7188a6ba33742787ce9d4a72c32

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\PaintDotNet.ObjectModel.dll
Filesize
182KB

MD5
49f21ec827b1b408a292e74ad9c8482c

SHA1
0c8b75c5c95f72f85ceada4351cef425ff7694df

SHA256
79893e955ee43362002ed01ee97510dce2683c9bf77164d4bbd93e98a6c7c3aa

SHA512
d218f44c962826a2c156f474b74e23a4df5a71160a550afd412c8af166ae2fcdb8dc47dd4fe247b1c3cf5e05fb491e140230f7188a6ba33742787ce9d4a72c32

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\PaintDotNet.SystemLayer.dll
Filesize
818KB

MD5
dbfa6bd51d98b95bb75d990d6aa09d6c

SHA1
f327b4c258c2156228515674d0c371f829c3dc09

SHA256
a5b6eb53b8e610016a5fd3efc9febf78ba3273571e7ade1c5f7ba6336ccb6ff2

SHA512
e59a02b675da48145681adf4635f92254e106dcfffec5de9b4a8875ba41fe2d0ee25089e2bc3a8890b282185a1fb5f3d7f190d20e56381aae174b09e9e9372d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\PaintDotNet.SystemLayer.dll
Filesize
818KB

MD5
dbfa6bd51d98b95bb75d990d6aa09d6c

SHA1
f327b4c258c2156228515674d0c371f829c3dc09

SHA256
a5b6eb53b8e610016a5fd3efc9febf78ba3273571e7ade1c5f7ba6336ccb6ff2

SHA512
e59a02b675da48145681adf4635f92254e106dcfffec5de9b4a8875ba41fe2d0ee25089e2bc3a8890b282185a1fb5f3d7f190d20e56381aae174b09e9e9372d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\PaintDotNet.Windows.Framework.dll
Filesize
6.0MB

MD5
e0f3e9a35ad147adbaf52c3a5b02eaba

SHA1
14e25bf24288ecad628c8eaffe2d96dc3b6e1948

SHA256
74f32cc9ace34f6f74a18459283c321b07feee1e53c4cf19daf23c570289bf09

SHA512
907e85a3111d22a8202617c107c63adbf05744033f9147861368463684da4cb1366d2274505fa29faa21963cc31709098bf337fd211e55e483a87ea86656c351

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\PaintDotNet.Windows.dll
Filesize
3.2MB

MD5
05df600c5c72e8b1d9a4d0cdcb5d664a

SHA1
9a6c96d91bc357516329f4e944f36427f87a1deb

SHA256
cd3b5d53b628749c1836bca14695f01f51663c669d5af44b2a6714f50ece527a

SHA512
29c7f849a4262c681611ef11c08b0652142ecdca8419ec8bcce356f074f2f3b25896fc850e53c01d12995a2f141d52e2cb75d31d5c93bafe6cc6acc8f2e5de18

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\PaintDotNet.Windows.dll
Filesize
3.2MB

MD5
05df600c5c72e8b1d9a4d0cdcb5d664a

SHA1
9a6c96d91bc357516329f4e944f36427f87a1deb

SHA256
cd3b5d53b628749c1836bca14695f01f51663c669d5af44b2a6714f50ece527a

SHA512
29c7f849a4262c681611ef11c08b0652142ecdca8419ec8bcce356f074f2f3b25896fc850e53c01d12995a2f141d52e2cb75d31d5c93bafe6cc6acc8f2e5de18

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\SetupFrontEnd.deps.json
Filesize
60KB

MD5
f163c0585d3191e82971cf98cec05292

SHA1
32a76151ee20980d4d7193aa4590c78e6eb7e7c1

SHA256
689a382d3d43d02dc17021a7ac83e315b3cd81e02b5ac780e2ce302e414b4a33

SHA512
d7977b559042b46d346eaf45f554d119294e6fe61d69d0868d541a95f19b15d2c22a83f8fd6052d28c0bc7ccb6ebac6495fbde8049574703880bb18a7647f2b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\SetupFrontEnd.dll
Filesize
210KB

MD5
5f214787f88ea5f94169e054caf188c5

SHA1
5912197fc0ccda78d64751c450c5f38974b486ce

SHA256
288261bb435858fe83f6bed28cfceeb5f7d68d88f6229deafbbdf7ade9f8cb94

SHA512
ddf1903832803ca51c40cf1ba07a952bed05ef3f85ea4c3726c85af37dd731db5d2c17f8a681016260fc1b1a1053ce1f6775c7d21aa1dcefd1d7c284eb729d71

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\SetupFrontEnd.dll
Filesize
210KB

MD5
5f214787f88ea5f94169e054caf188c5

SHA1
5912197fc0ccda78d64751c450c5f38974b486ce

SHA256
288261bb435858fe83f6bed28cfceeb5f7d68d88f6229deafbbdf7ade9f8cb94

SHA512
ddf1903832803ca51c40cf1ba07a952bed05ef3f85ea4c3726c85af37dd731db5d2c17f8a681016260fc1b1a1053ce1f6775c7d21aa1dcefd1d7c284eb729d71

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\SetupFrontEnd.exe
Filesize
161KB

MD5
079f1e46ce6a2ab3a6affb2e5ae9b2e3

SHA1
cf2e405711361724339dc215c98823d869d4e9bb

SHA256
d49fd536f8857da6474c02f61d7f53ebf9a3457e57121aa398174a0cc646cec0

SHA512
738e3a6d6a6892089b3209b419df88199475b2e8af2e8d0b83683f3109844ef05aeb7d0d179a8075a905404a460bf018f5b302e72461e23ffe6e9f3720025a59

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\SetupFrontEnd.exe
Filesize
161KB

MD5
079f1e46ce6a2ab3a6affb2e5ae9b2e3

SHA1
cf2e405711361724339dc215c98823d869d4e9bb

SHA256
d49fd536f8857da6474c02f61d7f53ebf9a3457e57121aa398174a0cc646cec0

SHA512
738e3a6d6a6892089b3209b419df88199475b2e8af2e8d0b83683f3109844ef05aeb7d0d179a8075a905404a460bf018f5b302e72461e23ffe6e9f3720025a59

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\SetupFrontEnd.runtimeconfig.json
Filesize
449B

MD5
b3a11f29210679f5561d47243bf071e6

SHA1
fafd0e657a335aa6f288459b909002133748c27e

SHA256
32162949e3eeb4d09fc178ad1c4194affce2ea00e16a9de00f0f5c4d1e39663c

SHA512
7a7c3daf1a8a0d183b7fb163543325ca429bfc2768aa0fdec315a7ef60a802301152a0ea31c35e45e1c94666fdc351f335edce3039ec6aced8b462072bce09db

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\System.Collections.Specialized.dll
Filesize
106KB

MD5
cca45c6fd9335fb5f300a442ef309999

SHA1
503be08200dfea57b0cc2e63f2788aa98f07f1a2

SHA256
c503fc0955a0b38a3ac84a1d298d2eb5d26f51d28fd059109e59d71db3466d50

SHA512
e212ea052dffa04a54846aabc8dcd89a3850cea9b6d622e2b4654b44ea365f48dfa39ff67493408ceee9551888822ff7ec6aa30123c99fda303c9a0c5731dfbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\System.Collections.Specialized.dll
Filesize
106KB

MD5
cca45c6fd9335fb5f300a442ef309999

SHA1
503be08200dfea57b0cc2e63f2788aa98f07f1a2

SHA256
c503fc0955a0b38a3ac84a1d298d2eb5d26f51d28fd059109e59d71db3466d50

SHA512
e212ea052dffa04a54846aabc8dcd89a3850cea9b6d622e2b4654b44ea365f48dfa39ff67493408ceee9551888822ff7ec6aa30123c99fda303c9a0c5731dfbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\System.ComponentModel.Primitives.dll
Filesize
82KB

MD5
7e29912864fea508b1ca8ad4140cdf3a

SHA1
b779761ed58a079ba30c38adb1c6fd6541bc0cab

SHA256
59c4921d5e677b686b4441f090a2e39b181f1299b933750d4757fe4c16ac3723

SHA512
5e3d48acf1cbde471cc6e96a0ae016fa7713cb756639d18abe9ff7946937d0d7511eea53ff6f3b9319877e910903296b5146918ff951363728b1be9ce451bf93

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\System.ComponentModel.Primitives.dll
Filesize
82KB

MD5
7e29912864fea508b1ca8ad4140cdf3a

SHA1
b779761ed58a079ba30c38adb1c6fd6541bc0cab

SHA256
59c4921d5e677b686b4441f090a2e39b181f1299b933750d4757fe4c16ac3723

SHA512
5e3d48acf1cbde471cc6e96a0ae016fa7713cb756639d18abe9ff7946937d0d7511eea53ff6f3b9319877e910903296b5146918ff951363728b1be9ce451bf93

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\System.ComponentModel.dll
Filesize
30KB

MD5
0615b06424206145f66822a7d14362e7

SHA1
f2509c827f6dcf056c5f2110989ab783dd09549d

SHA256
76d44fcc44df576705d236bfbe6e7c7241f8a1518c183fffe6ea0d6f054ebe69

SHA512
8e9f5997d4f3a2249a041e2de2709b0faf91541b1e4b0612ef02a51f06cf9388d775b27d77534b8b71928df9702d2fb9897db4a7c89756846e37d8730a72fe21

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\System.ComponentModel.dll
Filesize
30KB

MD5
0615b06424206145f66822a7d14362e7

SHA1
f2509c827f6dcf056c5f2110989ab783dd09549d

SHA256
76d44fcc44df576705d236bfbe6e7c7241f8a1518c183fffe6ea0d6f054ebe69

SHA512
8e9f5997d4f3a2249a041e2de2709b0faf91541b1e4b0612ef02a51f06cf9388d775b27d77534b8b71928df9702d2fb9897db4a7c89756846e37d8730a72fe21

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\System.Drawing.Primitives.dll
Filesize
134KB

MD5
e0321d56fe85cc0e0fe4d4d09a55277a

SHA1
cccc350a2e89b89a58ec829d735f706f9c068b7a

SHA256
216f839d1fb26b64a6fa5352f669383d359d984d2216a40eb1a16194f1333972

SHA512
fabe2f27210458657a9fec105478a8e32b1d0f432d73f20c8a19dde4dba94b97e38d9eb53ca8c1ca2f55da90119104a2a4a2d16de00d1c019fbc20a33e9fb91a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\System.Drawing.Primitives.dll
Filesize
134KB

MD5
e0321d56fe85cc0e0fe4d4d09a55277a

SHA1
cccc350a2e89b89a58ec829d735f706f9c068b7a

SHA256
216f839d1fb26b64a6fa5352f669383d359d984d2216a40eb1a16194f1333972

SHA512
fabe2f27210458657a9fec105478a8e32b1d0f432d73f20c8a19dde4dba94b97e38d9eb53ca8c1ca2f55da90119104a2a4a2d16de00d1c019fbc20a33e9fb91a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\System.Private.CoreLib.dll
Filesize
11.1MB

MD5
68844a413d4b1a4df8b0397bfa936656

SHA1
97f2ae2957c199e8357775015fc02ecb12db8429

SHA256
771adfb73d545dd3c1ef018846adf7525d830777568eb3a868d2874c4c36a9a2

SHA512
c8fdc03005bbc4999f206da0ede74b610678cee0b0086a24e1321308e201cc5eb950fd3e22cee50cead3454f38e228b9cd5e403ca521463124c6418b9e3bd477

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\System.Private.CoreLib.dll
Filesize
11.1MB

MD5
68844a413d4b1a4df8b0397bfa936656

SHA1
97f2ae2957c199e8357775015fc02ecb12db8429

SHA256
771adfb73d545dd3c1ef018846adf7525d830777568eb3a868d2874c4c36a9a2

SHA512
c8fdc03005bbc4999f206da0ede74b610678cee0b0086a24e1321308e201cc5eb950fd3e22cee50cead3454f38e228b9cd5e403ca521463124c6418b9e3bd477

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\System.Runtime.InteropServices.dll
Filesize
62KB

MD5
db61deef6560c46fcb52891e575f2df2

SHA1
a801aac33102582a4a17e2bfd2b3e41ce65a68bf

SHA256
33360cd48c12b26e493856135fc7ba426f43198408e446984267c8c63636357d

SHA512
5df9dfa06ab68ccaca6ebd148a8b095d3d183c392f607c7ae58c35cd5b46ff351475b628fd48c4ce7beb3e6630f053b6bde069ed29f49e6c214a8475e7d7a99f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\System.Runtime.InteropServices.dll
Filesize
62KB

MD5
db61deef6560c46fcb52891e575f2df2

SHA1
a801aac33102582a4a17e2bfd2b3e41ce65a68bf

SHA256
33360cd48c12b26e493856135fc7ba426f43198408e446984267c8c63636357d

SHA512
5df9dfa06ab68ccaca6ebd148a8b095d3d183c392f607c7ae58c35cd5b46ff351475b628fd48c4ce7beb3e6630f053b6bde069ed29f49e6c214a8475e7d7a99f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\System.Runtime.dll
Filesize
42KB

MD5
423bb028f37d49ab71a7b2c6da196976

SHA1
23cf26b8795993b0319e3ccf1393720ccde76cda

SHA256
8a1064aa4a5c802b7f8ecfa26261be26ae5687d28b2db9f7737feb5144fa93ec

SHA512
f0e82aa54667cbcfdccd0919d1111ac34bd2636fde0d7113171bbc6ee241cd78943b15e196b7f3a14d6c01afac6eb5852bbbfa505fba824a8c7d38fe2a19903b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\System.Threading.dll
Filesize
86KB

MD5
20290e82b1b625b45b99f311dad928f2

SHA1
366c187b3baaa48d598d9b52305e26b2b963606d

SHA256
cc7615a1c2add5ea6a6bea72deba250530281439071f19b707f02dace892550e

SHA512
a8816429f9606251bb180eaedb5202d7c233d3c1f0ae3ac6575d26dc70f913145734ad5b659893e4b5c1ac7133557498b34b0ab5ada55d5df934e288d5023bb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\System.Threading.dll
Filesize
86KB

MD5
20290e82b1b625b45b99f311dad928f2

SHA1
366c187b3baaa48d598d9b52305e26b2b963606d

SHA256
cc7615a1c2add5ea6a6bea72deba250530281439071f19b707f02dace892550e

SHA512
a8816429f9606251bb180eaedb5202d7c233d3c1f0ae3ac6575d26dc70f913145734ad5b659893e4b5c1ac7133557498b34b0ab5ada55d5df934e288d5023bb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\System.Windows.Forms.Primitives.dll
Filesize
938KB

MD5
6f6168028073b57b54e5f34730562e3b

SHA1
7274ea6a81521d96c4fa86b545791bcd94f5e032

SHA256
8ce9eb4bd8d10ed13dd982f1fab7985faadc4cddc1fea84f0ff0fa5da12795a5

SHA512
af99cdced4f873f76bbacc77f15e6d25ae089dd53c265f755c314167a6460316be286d951dd5b302f74f35861feae954b45b752f66424cc945705f5df8c0496d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\System.Windows.Forms.Primitives.dll
Filesize
938KB

MD5
6f6168028073b57b54e5f34730562e3b

SHA1
7274ea6a81521d96c4fa86b545791bcd94f5e032

SHA256
8ce9eb4bd8d10ed13dd982f1fab7985faadc4cddc1fea84f0ff0fa5da12795a5

SHA512
af99cdced4f873f76bbacc77f15e6d25ae089dd53c265f755c314167a6460316be286d951dd5b302f74f35861feae954b45b752f66424cc945705f5df8c0496d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\System.Windows.Forms.dll
Filesize
12.7MB

MD5
7be79f34a9560d2a0475a3b0484be724

SHA1
3904bc0466ab8d2d2243a12babb4bc136db2b6ff

SHA256
be47e686942dbb3922a7d854c8b24552d27458d6e09348709ff7565c2e6bd811

SHA512
192e08ef88724d1f7df5be11abc7f2b3fd7a23d6a8202b72e7014ad14ff37e74c0e3fb8dfa7a6bfa74581813adf83eae638ae54b382cd79099f108da4ccc4faa

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\System.Windows.Forms.dll
Filesize
12.7MB

MD5
7be79f34a9560d2a0475a3b0484be724

SHA1
3904bc0466ab8d2d2243a12babb4bc136db2b6ff

SHA256
be47e686942dbb3922a7d854c8b24552d27458d6e09348709ff7565c2e6bd811

SHA512
192e08ef88724d1f7df5be11abc7f2b3fd7a23d6a8202b72e7014ad14ff37e74c0e3fb8dfa7a6bfa74581813adf83eae638ae54b382cd79099f108da4ccc4faa

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\TerraFX.Interop.Windows.dll
Filesize
870KB

MD5
14d58de9b19205273da83f61c02c6dd0

SHA1
ebd5683ebd20dfdf4d2d7cb0463b5b8bb10e500b

SHA256
620c84b4ce5546ff9fc1d52c04cd3bdd11e47a40ade8104121b227467a5c8a75

SHA512
d2131b9212e087dae089ee6afc0c8d1d4ac61e949d10551994d5690c836989c3895645fb3636ffa607830bda003eda10e1240ce885e91166a9fcb477d1f80cf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\TerraFX.Interop.Windows.dll
Filesize
870KB

MD5
14d58de9b19205273da83f61c02c6dd0

SHA1
ebd5683ebd20dfdf4d2d7cb0463b5b8bb10e500b

SHA256
620c84b4ce5546ff9fc1d52c04cd3bdd11e47a40ade8104121b227467a5c8a75

SHA512
d2131b9212e087dae089ee6afc0c8d1d4ac61e949d10551994d5690c836989c3895645fb3636ffa607830bda003eda10e1240ce885e91166a9fcb477d1f80cf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\clrjit.dll
Filesize
1.5MB

MD5
7b578d29fb995af3a3f0bfb1193e4eea

SHA1
188b6555604586e04466ccdbaeef037ab6f3c3f7

SHA256
b4dc6fb897d2a68411a6022fa53d5c4cc6f7023393d709b0d360ccecbd0ed480

SHA512
3dae824d9e070e09400ba0ab80af44df811c26bbc5bc45fda860adcdce3948faa1932124de7af2ff9d48c1927b5fca554cd117df7601eae129f680df210d8c8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\clrjit.dll
Filesize
1.5MB

MD5
7b578d29fb995af3a3f0bfb1193e4eea

SHA1
188b6555604586e04466ccdbaeef037ab6f3c3f7

SHA256
b4dc6fb897d2a68411a6022fa53d5c4cc6f7023393d709b0d360ccecbd0ed480

SHA512
3dae824d9e070e09400ba0ab80af44df811c26bbc5bc45fda860adcdce3948faa1932124de7af2ff9d48c1927b5fca554cd117df7601eae129f680df210d8c8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\coreclr.dll
Filesize
4.9MB

MD5
da2c02566fa6f1735f3124f5f08b7e44

SHA1
0d929129200ac415aa2a817d3ba7ebcf30ac7f5f

SHA256
c85328a6f4230dfea9ea0143adce479402faaa23a92df1a38f3b27068ebd3d74

SHA512
54f0f3df0e1976198970327b9d4e8ef9b9b1d7607438b4886b217ddc1ea472231f2187ecc4da19767511dee83b28fdb8f7226ed93672a3998604fe652b127027

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\coreclr.dll
Filesize
4.9MB

MD5
da2c02566fa6f1735f3124f5f08b7e44

SHA1
0d929129200ac415aa2a817d3ba7ebcf30ac7f5f

SHA256
c85328a6f4230dfea9ea0143adce479402faaa23a92df1a38f3b27068ebd3d74

SHA512
54f0f3df0e1976198970327b9d4e8ef9b9b1d7607438b4886b217ddc1ea472231f2187ecc4da19767511dee83b28fdb8f7226ed93672a3998604fe652b127027

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\hostfxr.dll
Filesize
373KB

MD5
a319af7ac377a40534618677567a6fd4

SHA1
16ed6905078edbcb48ccc15145cfe1d344f82b17

SHA256
cea44470b8c5f86b774ff20fed4764daa19e148ee645725fac34c0bb999576b0

SHA512
3ed47f35cc82494021308561d46c73afef1c5aace6f9012ceb211d78396dc6a1a1289d4155549b1028e419d28f8e0976d8995142d85c1d34d232efba08e4b75f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\hostfxr.dll
Filesize
373KB

MD5
a319af7ac377a40534618677567a6fd4

SHA1
16ed6905078edbcb48ccc15145cfe1d344f82b17

SHA256
cea44470b8c5f86b774ff20fed4764daa19e148ee645725fac34c0bb999576b0

SHA512
3ed47f35cc82494021308561d46c73afef1c5aace6f9012ceb211d78396dc6a1a1289d4155549b1028e419d28f8e0976d8995142d85c1d34d232efba08e4b75f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\hostpolicy.dll
Filesize
382KB

MD5
55515dacaaa4e3c089bdb0ee350be827

SHA1
3b5615745d14b8c4866f9f4720198d4d6d936c13

SHA256
3b64012e943098c84e0ae1be880dd7c3031510b73095a6dd25a8410efc9fb26d

SHA512
faeace9fc68b525c0157c1226b03ec284df611423937167d4ae6e4ba57b8cee45903835044ebb74518e888a8ce88e31f9b41fe38d92c326d12dd1363e75cfe7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\hostpolicy.dll
Filesize
382KB

MD5
55515dacaaa4e3c089bdb0ee350be827

SHA1
3b5615745d14b8c4866f9f4720198d4d6d936c13

SHA256
3b64012e943098c84e0ae1be880dd7c3031510b73095a6dd25a8410efc9fb26d

SHA512
faeace9fc68b525c0157c1226b03ec284df611423937167d4ae6e4ba57b8cee45903835044ebb74518e888a8ce88e31f9b41fe38d92c326d12dd1363e75cfe7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\paintdotnet.dll
Filesize
7.8MB

MD5
a006ad11c7d4baadf0633c180b7137f8

SHA1
dff95826a31ad0cf56f2ce02529f9206d104a511

SHA256
40e489d4faaa8ca41db18314d215e64c5e17f87b192f0210d7cb740c2f9ea2be

SHA512
cc5a607fa2b085c9a4e2e483f9ed01b25dc83fe3a2d13b3003a356351953bffddebd2a94983326a0f19cddc42201e14b90559d44fde8c646f03f03e0e9693c4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB1B99E7\x64\paintdotnet.dll
Filesize
7.8MB

MD5
a006ad11c7d4baadf0633c180b7137f8

SHA1
dff95826a31ad0cf56f2ce02529f9206d104a511

SHA256
40e489d4faaa8ca41db18314d215e64c5e17f87b192f0210d7cb740c2f9ea2be

SHA512
cc5a607fa2b085c9a4e2e483f9ed01b25dc83fe3a2d13b3003a356351953bffddebd2a94983326a0f19cddc42201e14b90559d44fde8c646f03f03e0e9693c4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\PdnSetupDownloader\efa43654-364f-4010-b72b-d96d282e312a\paint.net.5.0.1.install.x64.exe
Filesize
62.0MB

MD5
05883771853deac7a3de2e40e88382fe

SHA1
32ea5a97933e62540b7a09f2b937d65f0c9cbf6c

SHA256
e10c9a96351228661ca1b9737467d383c3d41a87f15f54fc02d635634373fba8

SHA512
ab8b5e355c42ca1ce88cc754b4e1fff3cb85b0763ea96533f7f45db5cec8f6420698ba757958c43597abe54f350d4e836318e18726671f292f62282ff4d0490d

Download Submit
C:\Users\Admin\AppData\Local\Temp\PdnSetupDownloader\efa43654-364f-4010-b72b-d96d282e312a\paint.net.5.0.1.install.x64.exe
Filesize
62.0MB

MD5
05883771853deac7a3de2e40e88382fe

SHA1
32ea5a97933e62540b7a09f2b937d65f0c9cbf6c

SHA256
e10c9a96351228661ca1b9737467d383c3d41a87f15f54fc02d635634373fba8

SHA512
ab8b5e355c42ca1ce88cc754b4e1fff3cb85b0763ea96533f7f45db5cec8f6420698ba757958c43597abe54f350d4e836318e18726671f292f62282ff4d0490d

Download Submit
C:\Users\Admin\AppData\Local\Temp\pdnSetupShim.log
Filesize
135B

MD5
84d51132d7e10a9218969db7164825e0

SHA1
a91a4e8ef74306429a61aaf1dd5747479fb096bb

SHA256
6a4f582bd3e6edde14f6b6ffdf09e491afeb16f8f159973174fd0d25613123e2

SHA512
db11f332991a4a1f225162d15090ddb10982e4bed67696a6d10e7fc4f1d9b71c5136b4a1d9553a7deecaef2f30119585d059589518b23c2bb6fede30f7f419b3

Download Submit
memory/444-147-0x0000000000000000-mapping.dmp

Download
memory/1544-150-0x0000000000000000-mapping.dmp

Download
memory/2028-132-0x0000000000000000-mapping.dmp

Download
memory/2604-154-0x0000000000000000-mapping.dmp

Download
memory/3304-146-0x000002116B770000-0x000002116B782000-memory.dmp

Filesize
72KB

Download
memory/3304-145-0x00007FFAE3A50000-0x00007FFAE4511000-memory.dmp

Filesize
10.8MB

Download
memory/3304-144-0x00007FFAE3A50000-0x00007FFAE4511000-memory.dmp

Filesize
10.8MB

Download
memory/3304-143-0x0000021151EC0000-0x0000021151EE2000-memory.dmp

Filesize
136KB

Download
memory/3304-141-0x000002116A800000-0x000002116A8B2000-memory.dmp

Filesize
712KB

Download
memory/3304-139-0x0000021150350000-0x0000021150396000-memory.dmp

Filesize
280KB

Download
memory/3304-135-0x0000000000000000-mapping.dmp

Download