Analysis
-
max time kernel
766s -
max time network
769s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-es -
resource tags
arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
08-03-2023 23:41
Static task
static1
Behavioral task
behavioral1
Sample
paint.net.5.0.2.install.anycpu.web.exe
Resource
win10v2004-20230220-es
General
-
Target
paint.net.5.0.2.install.anycpu.web.exe
-
Size
1MB
-
MD5
6a5e8c6eec9ab6ed7088bc35739e52d5
-
SHA1
be77e05970628d62c65b0bd609ef7ab5bb705c8f
-
SHA256
9d3edf7ade8ce94aaa6038e894562229e002a86840835e573caf1116e7b928a5
-
SHA512
e56e5356bee8d6d942f1bee7acd0a31fa03f51a7614df6f7bcdec89ec26cc3e7ea686892325938e7156f23c78814e0a9f04eeff255853939b157004ed6c12ed0
-
SSDEEP
24576:7rYYYYkWYCzwLhA29pQCo7jIC0BuDgwf0z:7rYYYYkvLhA29piUDjwe
Malware Config
Signatures
-
CoreEntity .NET Packer 1 IoCs
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
Processes:
resource yara_rule C:\Windows\Installer\e57dbba.msi coreentity -
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 4 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
paint.net.5.0.2.install.anycpu.web.exepaint.net.5.0.2.install.x64.exeSetupFrontEnd.exewinrar-x64-621.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation paint.net.5.0.2.install.anycpu.web.exe Key value queried \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation paint.net.5.0.2.install.x64.exe Key value queried \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation SetupFrontEnd.exe Key value queried \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation winrar-x64-621.exe -
Executes dropped EXE 11 IoCs
Processes:
SetupShim.exeSetupDownloader.exepaint.net.5.0.2.install.x64.exeSetupShim.exeSetupFrontEnd.exepaintdotnet.exePaintDotNet.exewinrar-x64-621.exeuninstall.exeWinRAR.exeWinRAR.exepid process 988 SetupShim.exe 2536 SetupDownloader.exe 1708 paint.net.5.0.2.install.x64.exe 232 SetupShim.exe 1720 SetupFrontEnd.exe 404 paintdotnet.exe 2072 PaintDotNet.exe 3152 winrar-x64-621.exe 2884 uninstall.exe 4288 WinRAR.exe 32 WinRAR.exe -
Loads dropped DLL 64 IoCs
Processes:
SetupFrontEnd.exepaintdotnet.exepid process 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 1720 SetupFrontEnd.exe 404 paintdotnet.exe 404 paintdotnet.exe -
Modifies system executable filetype association 2 TTPs 8 IoCs
Processes:
uninstall.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32 uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ uninstall.exe -
Registers COM server for autorun 1 TTPs 6 IoCs
Processes:
paintdotnet.exeuninstall.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FBF113F1-D7C8-477C-A23A-E600E7937E11}\InprocServer32\ = "C:\\Program Files\\paint.net\\PaintDotNet.ShellExtension.x64.dll" paintdotnet.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FBF113F1-D7C8-477C-A23A-E600E7937E11}\InprocServer32\ThreadingModel = "Apartment" paintdotnet.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32 uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ = "C:\\Program Files\\WinRAR\\rarext.dll" uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FBF113F1-D7C8-477C-A23A-E600E7937E11}\InprocServer32 paintdotnet.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
SetupFrontEnd.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA SetupFrontEnd.exe -
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
msiexec.exedescription ioc process File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\F: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\Q: msiexec.exe -
Drops file in Program Files directory 64 IoCs
Processes:
msiexec.exewinrar-x64-621.exeSetupFrontEnd.exeWinRAR.exedescription ioc process File created C:\Program Files\paint.net\System.Collections.dll msiexec.exe File created C:\Program Files\WinRAR\RarExt.dll winrar-x64-621.exe File created C:\Program Files\WinRAR\WinRAR.chm winrar-x64-621.exe File opened for modification C:\Program Files\paint.net\Staging SetupFrontEnd.exe File created C:\Program Files\paint.net\PaintDotNet.Strings.3.FR.resources msiexec.exe File created C:\Program Files\paint.net\System.Design.dll msiexec.exe File created C:\Program Files\paint.net\System.Security.Permissions.dll msiexec.exe File created C:\Program Files\paint.net\resx\PaintDotNet.Strings.3.resx msiexec.exe File created C:\Program Files\paint.net\mscorrc.dll msiexec.exe File created C:\Program Files\paint.net\PaintDotNet.Primitives.pdb msiexec.exe File created C:\Program Files\paint.net\PaintDotNet.Windows.dll msiexec.exe File created C:\Program Files\paint.net\clretwrc.dll msiexec.exe File opened for modification C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png winrar-x64-621.exe File opened for modification C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png winrar-x64-621.exe File created C:\Program Files\paint.net\Microsoft.VisualBasic.dll msiexec.exe File created C:\Program Files\paint.net\System.Transactions.dll msiexec.exe File created C:\Program Files\WinRAR\Default64.SFX winrar-x64-621.exe File created C:\Program Files\paint.net\System.Web.dll msiexec.exe File created C:\Program Files\paint.net\System.Windows.Forms.dll msiexec.exe File created C:\Program Files\paint.net\Microsoft.DiaSymReader.Native.amd64.dll msiexec.exe File created C:\Program Files\paint.net\System.IO.Compression.dll msiexec.exe File created C:\Program Files\paint.net\System.Linq.Parallel.dll msiexec.exe File created C:\Program Files\paint.net\System.Xml.XmlSerializer.dll msiexec.exe File opened for modification C:\Program Files\WinRAR\Default64.SFX winrar-x64-621.exe File created C:\Program Files\paint.net\PaintDotNet.Strings.3.no.resources msiexec.exe File created C:\Program Files\paint.net\System.Net.WebSockets.dll msiexec.exe File opened for modification C:\Program Files\WinRAR\WhatsNew.txt winrar-x64-621.exe File created C:\Program Files\paint.net\System.Security.SecureString.dll msiexec.exe File created C:\Program Files\paint.net\WindowsFormsIntegration.dll msiexec.exe File created C:\Program Files\WinRAR\ReadMe.txt winrar-x64-621.exe File created C:\Program Files\paint.net\msquic.dll msiexec.exe File created C:\Program Files\paint.net\PaintDotNet.Effects.Core.xml msiexec.exe File created C:\Program Files\paint.net\PaintDotNet.Framework.dll msiexec.exe File created C:\Program Files\paint.net\System.Threading.Thread.dll msiexec.exe File created C:\Program Files\paint.net\PaintDotNet.Effects.pdb msiexec.exe File created C:\Program Files\paint.net\System.Configuration.dll msiexec.exe File created C:\Program Files\paint.net\System.Security.Cryptography.Algorithms.dll msiexec.exe File created C:\Program Files\paint.net\System.AppContext.dll msiexec.exe File created C:\Program Files\paint.net\System.Reflection.MetadataLoadContext.dll msiexec.exe File opened for modification C:\Program Files\WinRAR\WinRAR.exe winrar-x64-621.exe File created C:\Program Files\paint.net\createdump.exe msiexec.exe File created C:\Program Files\paint.net\System.Windows.Controls.Ribbon.dll msiexec.exe File created C:\Program Files\paint.net\PointerToolkit.TerraFX.Interop.Windows.dll msiexec.exe File created C:\Program Files\paint.net\WindowsBase.dll msiexec.exe File created C:\Program Files\paint.net.rar WinRAR.exe File created C:\Program Files\paint.net\System.Buffers.dll msiexec.exe File created C:\Program Files\paint.net\System.Globalization.Extensions.dll msiexec.exe File created C:\Program Files\paint.net\System.IO.Compression.Brotli.dll msiexec.exe File created C:\Program Files\paint.net\System.Numerics.dll msiexec.exe File created C:\Program Files\paint.net\System.Runtime.Serialization.Primitives.dll msiexec.exe File created C:\Program Files\paint.net\msvcp140_codecvt_ids.dll msiexec.exe File created C:\Program Files\paint.net\PaintDotNet.ComponentModel.dll msiexec.exe File created C:\Program Files\paint.net\PaintDotNet.Strings.3.lt.resources msiexec.exe File created C:\Program Files\WinRAR\Order.htm winrar-x64-621.exe File created C:\Program Files\paint.net\UIAutomationClient.dll msiexec.exe File created C:\Program Files\paint.net\PaintDotNet.Strings.3.RU.resources msiexec.exe File created C:\Program Files\paint.net\System.IO.FileSystem.DriveInfo.dll msiexec.exe File created C:\Program Files\paint.net\System.ValueTuple.dll msiexec.exe File created C:\Program Files\paint.net\PaintDotNet.ShellExtension.x64.dll msiexec.exe File created C:\Program Files\paint.net\PresentationNative_cor3.dll msiexec.exe File created C:\Program Files\WinRAR\WinCon64.SFX winrar-x64-621.exe File created C:\Program Files\paint.net\System.Diagnostics.Contracts.dll msiexec.exe File created C:\Program Files\paint.net\Bundled\AvifFileType\License.txt msiexec.exe File created C:\Program Files\paint.net\System.IO.Pipes.AccessControl.dll msiexec.exe -
Drops file in Windows directory 11 IoCs
Processes:
msiexec.exedescription ioc process File created C:\Windows\Installer\e57dbba.msi msiexec.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log msiexec.exe File created C:\Windows\Installer\inprogressinstallinfo.ipi msiexec.exe File opened for modification C:\Windows\Installer\MSIA7.tmp msiexec.exe File created C:\Windows\Installer\e57dbbd.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI2E01.tmp msiexec.exe File opened for modification C:\Windows\Installer\e57dbba.msi msiexec.exe File opened for modification C:\Windows\Installer\ msiexec.exe File created C:\Windows\Installer\SourceHash{DBC43589-CC32-4502-BBEC-5B931AF4BD2E} msiexec.exe File created C:\Windows\Installer\{DBC43589-CC32-4502-BBEC-5B931AF4BD2E}\app_icon.ico msiexec.exe File opened for modification C:\Windows\Installer\{DBC43589-CC32-4502-BBEC-5B931AF4BD2E}\app_icon.ico msiexec.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks SCSI registry key(s) 3 TTPs 5 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
vssvc.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters vssvc.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters vssvc.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr vssvc.exe Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000009865abc95f2d4b980000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800009865abc90000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3f000000ffffffff0000000007000100006809009865abc9000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000009865abc900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000009865abc900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 vssvc.exe Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 vssvc.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 7 IoCs
Processes:
chrome.exemsiexec.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133227962722837080" chrome.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1F msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\20 msiexec.exe -
Modifies registry class 64 IoCs
Processes:
uninstall.exepaintdotnet.exemsiexec.exeWinRAR.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.r17 uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\paint.net.1\CurVer\ = "paint.net.1" paintdotnet.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\paint.net.1\shell\print\command paintdotnet.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.arj uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.r13 uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r27\ = "WinRAR" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.txz uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\DefaultIcon uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\98534CBD23CC2054BBCEB539A14FDBE2\SourceList\Media msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.heic\OpenWithProgids\paint.net.1 paintdotnet.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r23\ = "WinRAR" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.zst uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.pdn\PerceivedType = "image" paintdotnet.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r13\ = "WinRAR" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.tbz uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32 uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.lzh uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.tar\ = "WinRAR" uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\98534CBD23CC2054BBCEB539A14FDBE2\SourceList\PackageName = "PaintDotNet_x64_5.0.2.msi" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\paint.net.1\DefaultIcon\ = "C:\\Program Files\\paint.net\\paintdotnet.exe,0" paintdotnet.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.pdn paintdotnet.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.tbz2 uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.taz uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\paintdotnet.exe\SupportedTypes\.gif paintdotnet.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r00\ = "WinRAR" uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.tbz2\ = "WinRAR" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.gz uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\paintdotnet.exe\SupportedTypes\.rle paintdotnet.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA} uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r18\ = "WinRAR" uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment" uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r09\ = "WinRAR" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\InProcServer32 uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\InProcServer32\ = "C:\\Program Files\\WinRAR\\rarext32.dll" uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\paintdotnet.exe\shell\edit\command paintdotnet.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\paintdotnet.exe\SupportedTypes\.png paintdotnet.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.r04 uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.r08 uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.lz uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\paintdotnet paintdotnet.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FBF113F1-D7C8-477C-A23A-E600E7937E11}\ = "paint.net Thumbnail Provider" paintdotnet.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FBF113F1-D7C8-477C-A23A-E600E7937E11}\InprocServer32\ThreadingModel = "Apartment" paintdotnet.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\DefaultIcon uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FBF113F1-D7C8-477C-A23A-E600E7937E11} paintdotnet.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\paintdotnet.exe\SupportedTypes\.jxr paintdotnet.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\paintdotnet\shell\open\command paintdotnet.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.avif\OpenWithProgids paintdotnet.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r11\ = "WinRAR" uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\98534CBD23CC2054BBCEB539A14FDBE2\SourceList\Media\1 = ";" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.tlz\ = "WinRAR" uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" uninstall.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
msiexec.exechrome.exechrome.exepid process 4732 msiexec.exe 4732 msiexec.exe 756 chrome.exe 756 chrome.exe 4472 chrome.exe 4472 chrome.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
Processes:
SetupFrontEnd.exePaintDotNet.exepid process 1720 SetupFrontEnd.exe 2072 PaintDotNet.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs
Processes:
chrome.exepid process 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
SetupDownloader.exeSetupFrontEnd.exevssvc.exemsiexec.exesrtasks.exedescription pid process Token: SeDebugPrivilege 2536 SetupDownloader.exe Token: SeDebugPrivilege 1720 SetupFrontEnd.exe Token: SeBackupPrivilege 4360 vssvc.exe Token: SeRestorePrivilege 4360 vssvc.exe Token: SeAuditPrivilege 4360 vssvc.exe Token: SeBackupPrivilege 1720 SetupFrontEnd.exe Token: SeRestorePrivilege 1720 SetupFrontEnd.exe Token: SeShutdownPrivilege 1720 SetupFrontEnd.exe Token: SeIncreaseQuotaPrivilege 1720 SetupFrontEnd.exe Token: SeSecurityPrivilege 4732 msiexec.exe Token: SeCreateTokenPrivilege 1720 SetupFrontEnd.exe Token: SeAssignPrimaryTokenPrivilege 1720 SetupFrontEnd.exe Token: SeLockMemoryPrivilege 1720 SetupFrontEnd.exe Token: SeIncreaseQuotaPrivilege 1720 SetupFrontEnd.exe Token: SeMachineAccountPrivilege 1720 SetupFrontEnd.exe Token: SeTcbPrivilege 1720 SetupFrontEnd.exe Token: SeSecurityPrivilege 1720 SetupFrontEnd.exe Token: SeTakeOwnershipPrivilege 1720 SetupFrontEnd.exe Token: SeLoadDriverPrivilege 1720 SetupFrontEnd.exe Token: SeSystemProfilePrivilege 1720 SetupFrontEnd.exe Token: SeSystemtimePrivilege 1720 SetupFrontEnd.exe Token: SeProfSingleProcessPrivilege 1720 SetupFrontEnd.exe Token: SeIncBasePriorityPrivilege 1720 SetupFrontEnd.exe Token: SeCreatePagefilePrivilege 1720 SetupFrontEnd.exe Token: SeCreatePermanentPrivilege 1720 SetupFrontEnd.exe Token: SeBackupPrivilege 1720 SetupFrontEnd.exe Token: SeRestorePrivilege 1720 SetupFrontEnd.exe Token: SeShutdownPrivilege 1720 SetupFrontEnd.exe Token: SeDebugPrivilege 1720 SetupFrontEnd.exe Token: SeAuditPrivilege 1720 SetupFrontEnd.exe Token: SeSystemEnvironmentPrivilege 1720 SetupFrontEnd.exe Token: SeChangeNotifyPrivilege 1720 SetupFrontEnd.exe Token: SeRemoteShutdownPrivilege 1720 SetupFrontEnd.exe Token: SeUndockPrivilege 1720 SetupFrontEnd.exe Token: SeSyncAgentPrivilege 1720 SetupFrontEnd.exe Token: SeEnableDelegationPrivilege 1720 SetupFrontEnd.exe Token: SeManageVolumePrivilege 1720 SetupFrontEnd.exe Token: SeImpersonatePrivilege 1720 SetupFrontEnd.exe Token: SeCreateGlobalPrivilege 1720 SetupFrontEnd.exe Token: SeRestorePrivilege 4732 msiexec.exe Token: SeTakeOwnershipPrivilege 4732 msiexec.exe Token: SeRestorePrivilege 4732 msiexec.exe Token: SeTakeOwnershipPrivilege 4732 msiexec.exe Token: SeBackupPrivilege 1864 srtasks.exe Token: SeRestorePrivilege 1864 srtasks.exe Token: SeSecurityPrivilege 1864 srtasks.exe Token: SeTakeOwnershipPrivilege 1864 srtasks.exe Token: SeBackupPrivilege 1864 srtasks.exe Token: SeRestorePrivilege 1864 srtasks.exe Token: SeSecurityPrivilege 1864 srtasks.exe Token: SeTakeOwnershipPrivilege 1864 srtasks.exe Token: SeRestorePrivilege 4732 msiexec.exe Token: SeTakeOwnershipPrivilege 4732 msiexec.exe Token: SeRestorePrivilege 4732 msiexec.exe Token: SeTakeOwnershipPrivilege 4732 msiexec.exe Token: SeRestorePrivilege 4732 msiexec.exe Token: SeTakeOwnershipPrivilege 4732 msiexec.exe Token: SeRestorePrivilege 4732 msiexec.exe Token: SeTakeOwnershipPrivilege 4732 msiexec.exe Token: SeRestorePrivilege 4732 msiexec.exe Token: SeTakeOwnershipPrivilege 4732 msiexec.exe Token: SeRestorePrivilege 4732 msiexec.exe Token: SeTakeOwnershipPrivilege 4732 msiexec.exe Token: SeRestorePrivilege 4732 msiexec.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
SetupFrontEnd.exePaintDotNet.exechrome.exeWinRAR.exepid process 1720 SetupFrontEnd.exe 2072 PaintDotNet.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 4288 WinRAR.exe 4288 WinRAR.exe 4288 WinRAR.exe 4288 WinRAR.exe 4288 WinRAR.exe 4288 WinRAR.exe 4288 WinRAR.exe 4288 WinRAR.exe 4288 WinRAR.exe 4288 WinRAR.exe 4288 WinRAR.exe 4288 WinRAR.exe 4288 WinRAR.exe 4288 WinRAR.exe 4288 WinRAR.exe 4288 WinRAR.exe 4288 WinRAR.exe 4288 WinRAR.exe 4288 WinRAR.exe 4288 WinRAR.exe 4288 WinRAR.exe 4288 WinRAR.exe -
Suspicious use of SendNotifyMessage 30 IoCs
Processes:
chrome.exepid process 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe -
Suspicious use of SetWindowsHookEx 13 IoCs
Processes:
SetupShim.exepaint.net.5.0.2.install.x64.exeSetupShim.exeSetupFrontEnd.exePaintDotNet.exewinrar-x64-621.exeWinRAR.exepid process 988 SetupShim.exe 1708 paint.net.5.0.2.install.x64.exe 232 SetupShim.exe 1720 SetupFrontEnd.exe 2072 PaintDotNet.exe 2072 PaintDotNet.exe 2072 PaintDotNet.exe 2072 PaintDotNet.exe 2072 PaintDotNet.exe 3152 winrar-x64-621.exe 3152 winrar-x64-621.exe 32 WinRAR.exe 32 WinRAR.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
paint.net.5.0.2.install.anycpu.web.exeSetupShim.exeSetupDownloader.exepaint.net.5.0.2.install.x64.exeSetupShim.exemsiexec.exeSetupFrontEnd.exechrome.exedescription pid process target process PID 2184 wrote to memory of 988 2184 paint.net.5.0.2.install.anycpu.web.exe SetupShim.exe PID 2184 wrote to memory of 988 2184 paint.net.5.0.2.install.anycpu.web.exe SetupShim.exe PID 2184 wrote to memory of 988 2184 paint.net.5.0.2.install.anycpu.web.exe SetupShim.exe PID 988 wrote to memory of 2536 988 SetupShim.exe SetupDownloader.exe PID 988 wrote to memory of 2536 988 SetupShim.exe SetupDownloader.exe PID 2536 wrote to memory of 1708 2536 SetupDownloader.exe paint.net.5.0.2.install.x64.exe PID 2536 wrote to memory of 1708 2536 SetupDownloader.exe paint.net.5.0.2.install.x64.exe PID 2536 wrote to memory of 1708 2536 SetupDownloader.exe paint.net.5.0.2.install.x64.exe PID 1708 wrote to memory of 232 1708 paint.net.5.0.2.install.x64.exe SetupShim.exe PID 1708 wrote to memory of 232 1708 paint.net.5.0.2.install.x64.exe SetupShim.exe PID 1708 wrote to memory of 232 1708 paint.net.5.0.2.install.x64.exe SetupShim.exe PID 232 wrote to memory of 1720 232 SetupShim.exe SetupFrontEnd.exe PID 232 wrote to memory of 1720 232 SetupShim.exe SetupFrontEnd.exe PID 4732 wrote to memory of 404 4732 msiexec.exe paintdotnet.exe PID 4732 wrote to memory of 404 4732 msiexec.exe paintdotnet.exe PID 1720 wrote to memory of 2072 1720 SetupFrontEnd.exe PaintDotNet.exe PID 1720 wrote to memory of 2072 1720 SetupFrontEnd.exe PaintDotNet.exe PID 756 wrote to memory of 3420 756 chrome.exe chrome.exe PID 756 wrote to memory of 3420 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 4356 756 chrome.exe chrome.exe PID 756 wrote to memory of 1772 756 chrome.exe chrome.exe PID 756 wrote to memory of 1772 756 chrome.exe chrome.exe PID 756 wrote to memory of 2780 756 chrome.exe chrome.exe PID 756 wrote to memory of 2780 756 chrome.exe chrome.exe PID 756 wrote to memory of 2780 756 chrome.exe chrome.exe PID 756 wrote to memory of 2780 756 chrome.exe chrome.exe PID 756 wrote to memory of 2780 756 chrome.exe chrome.exe -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\paint.net.5.0.2.install.anycpu.web.exe"C:\Users\Admin\AppData\Local\Temp\paint.net.5.0.2.install.anycpu.web.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7zS888B6C46\SetupShim.exe"C:\Users\Admin\AppData\Local\Temp\7zS888B6C46\SetupShim.exe" /suppressReboot2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7zS888B6C46\x64\SetupDownloader\SetupDownloader.exe"x64\SetupDownloader\SetupDownloader.exe" /SkipSuccessPrompt "C:\Users\Admin\AppData\Local\Temp\7zS888B6C46\SetupShim.exe" /suppressReboot3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\PdnSetupDownloader\fb9bfb57-3430-4daf-b039-09c12287b643\paint.net.5.0.2.install.x64.exe"C:\Users\Admin\AppData\Local\Temp\PdnSetupDownloader\fb9bfb57-3430-4daf-b039-09c12287b643\paint.net.5.0.2.install.x64.exe" C:\Users\Admin\AppData\Local\Temp\7zS888B6C46\SetupShim.exe4⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\SetupShim.exe"C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\SetupShim.exe" /suppressReboot C:\Users\Admin\AppData\Local\Temp\7zS888B6C46\SetupShim.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\SetupFrontEnd.exe"x64\SetupFrontEnd.exe" "C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\SetupShim.exe" /suppressReboot C:\Users\Admin\AppData\Local\Temp\7zS888B6C46\SetupShim.exe6⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\paint.net\PaintDotNet.exe"C:\Program Files\paint.net\PaintDotNet.exe"7⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:31⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\paint.net\paintdotnet.exe"C:\Program Files\paint.net\paintdotnet.exe" /setupActions /install DESKTOPSHORTCUT=1 PDNUPDATING=0 SKIPCLEANUP=0 "PROGRAMSGROUP=" /disablePGO /skipEstablishNVProfile /skipRepairAttempt2⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd22c99758,0x7ffd22c99768,0x7ffd22c997782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1452 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3216 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3340 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4552 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4756 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4752 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4868 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4744 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5076 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5356 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5360 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5364 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5040 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5340 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4964 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4948 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4788 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3220 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3268 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3260 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4864 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5080 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3252 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5956 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5724 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5656 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6040 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5732 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5844 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6184 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6172 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6564 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=4760 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=6460 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5956 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6424 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Users\Admin\Downloads\winrar-x64-621.exe"C:\Users\Admin\Downloads\winrar-x64-621.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\WinRAR\uninstall.exe"C:\Program Files\WinRAR\uninstall.exe" /setup3⤵
- Executes dropped EXE
- Modifies system executable filetype association
- Registers COM server for autorun
- Modifies registry class
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=4580 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=3320 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=6064 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4828 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6264 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2824 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=3376 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6500 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=6416 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2828 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1792 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6232 --field-trial-handle=1844,i,559628315322462715,1901770780109922787,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\WinRAR\WinRAR.exe"C:\Program Files\WinRAR\WinRAR.exe" a -ep1 -scul -r0 -iext -imon1 -- "paint.net.rar" "C:\Program Files\paint.net"1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\WinRAR\WinRAR.exe"C:\Program Files\WinRAR\WinRAR.exe" "C:\Program Files\paint.net.rar"1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Config.Msi\e57dbbc.rbsFilesize
79KB
MD5c87573a13fdf43a13f5134f88299320b
SHA1cb22f46ea24f522de168f5dfd1865afd38c3431b
SHA2561c4ea7faa0a09baa8a9b3e59fb227aad8a9840b5b4c435b45387afc6bacee25c
SHA512ae61b6f49c71aa121bf84da956f8b910f37a031700bca165fa9ac97d3ba4663e6024a7cd045fde9c0c2e8decf6bde782fde9fd90a4813792b89984e9821cb27d
-
C:\Config.Msi\e57dbbe.rbsFilesize
663B
MD54edbbc081569a5f0090fd0086f0a0573
SHA133eff7b9d6919f4e550555474fe61c526ca7dff8
SHA256d7e91c070659e62824aeffb76aeb6fbc676c28d0b9d9016b5d9a7f6bc8af5537
SHA512b78d252f82ebc6322e0a8aad1fc0c45ce7d87ba56fe31d6d2f653cb16ed9b8617c7bb52c31e2caee19be3e3473f1bf6222d0651693bc8ab9296559830a81e1e4
-
C:\Program Files\WinRAR\Uninstall.exeFilesize
437KB
MD5cac9723066062383778f37e9d64fd94e
SHA11cd78fc041d733f7eacdd447371c9dec25c7ef2c
SHA256e187e1119350caa3aec9d531989f60452d0198368f19cf65ffd2194a8a4003ad
SHA5122b3dc50fb5006f1f3beec1774d0927a0533b49d20122e49a0b4b41840f83c494376c8e61da735aa58d27453c44450203d5c2bb4f03fdd37b648ee0f51f925c59
-
C:\Program Files\paint.net\mscordaccore_amd64_amd64_7.0.323.6910.dllFilesize
1MB
MD58753cfc25b8785a7204e522d99ad50f2
SHA1fde44f698b477755aa49cf9717d07ab1fdceadd0
SHA256b9e9aed9f540350284b5274fbb27be1eaae107a339b8e58c89216fb1adf38e05
SHA5122757a03a268f66f3cd766edaadab0a4b6d2f9e6d4fddf3c30608a434e1806c34ad4691c690d9105b9298687114bc5f9b4fc0ea4acdb42254ea78db265f94f5c5
-
C:\Program Files\paint.net\paintdotnet.runtimeconfig.jsonFilesize
449B
MD55653eeba8fa7fcba355024cf1cdc3030
SHA1352596de8ee84a1d18d61c2eb74cad8fe3efe92b
SHA256c3a49dd86d68b783c5bf42d9a03381b68f93e2f7014ec8d2a111078cbc20f03a
SHA5122151d877d38f738091a41b02013c547906c0e4cbccd3d68f720d9a187de02fdf336df3c2c42af38c93835902cec7d601dc0e825145fe23c8a48a51c463035b0a
-
C:\Program Files\paint.net\vcruntime140_cor3.dllFilesize
106KB
MD5870fea4e961e2fbd00110d3783e529be
SHA1a948e65c6f73d7da4ffde4e8533c098a00cc7311
SHA25676fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644
SHA5120b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006Filesize
47KB
MD5bb8204b36608582165b50708380e71bb
SHA1b718705e245d95f5efadc3b39741a9a4f696496b
SHA2560c8b2b1c039503daf4c49f6917a8d1d4d7e14b5fdd407f6731c001ad05cfc291
SHA512c16e185ab4bb6c05a6cf7018553c5216e2f99b79542eb48bf3b49bd48e29539a5e554dde1984d2f2abe1d7ab58f96eba160aaecaad6e9d1c5a97bd50cf9ce1b8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009Filesize
20KB
MD5923a543cc619ea568f91b723d9fb1ef0
SHA16f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000bFilesize
280KB
MD59baacffc5e1ec83ce1616ea4145275a9
SHA17178a21a3824fbaa9a28c1b920264f81209eb240
SHA256a83a85bcbbc069930b252df55dca2bd2a3de5aa4479b70ce720260b5496fdb85
SHA512a66ac845ff8a2622a1bbf11d790041d2101437aec08abebbceafabdb5c0a0240b4f28891307b29640a36536908b68b9d8dfce4f395d1493fa053110d45a47df7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000cFilesize
30KB
MD5888c5fa4504182a0224b264a1fda0e73
SHA165f058a7dead59a8063362241865526eb0148f16
SHA2567d757e510b1f0c4d44fd98cc0121da8ca4f44793f8583debdef300fb1dbd3715
SHA5121c165b9cf4687ff94a73f53624f00da24c5452a32c72f8f75257a7501bd450bff1becdc959c9c7536059e93eb87f2c022e313f145a41175e0b8663274ae6cc36
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000dFilesize
63KB
MD58033fed1f312bbb913b8cf605b68a0b8
SHA1bd19063c08b669a51b8a3b2c9601cdad9545d911
SHA2569802c3206b624d67ebc8e6cc7ead579588fae49f9366453d5358c0903dd7589a
SHA512629fbfce802cc13faceb5b1703142f072c6162137f32e02d514a4270589f6f74b23eb014790229c15dadbf4f7796da1ac8cc04eeea12eac203c3d10848e99984
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000eFilesize
37KB
MD5d90cb261f4a509d886611473296e188e
SHA123551f9039c8b855b496f017c8f75b32f6e56671
SHA256ca6c7cdd1e68e9f251fbf58e0b0ad9e883b38979e264c3cf4125f603b21c8bb4
SHA5121cca6c9490c8f7adca7441ffea3e7445309d0c52fbaf7252e4c3c73525e00233a8173536c031747a55343bb86e96618d9c96afc6e4f8d25b0106729cca5c8031
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011Filesize
67KB
MD58b631f94aaf1a73cda6802ed68ffb4ac
SHA18abb64cda7cdae9490bb4255976b8bcd6ac7b400
SHA25638fd41c7e15690f7d6e37fd941a1f179d347babde493b702250730b1a0636412
SHA51218cbdda7f67d92d9bd11c19364d0a7e85e63c09874d53d185a6531340c24a6387af0f244c599277176b662ea0632a79236f2363c5001c94512f6cbd17aacd63a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013Filesize
42KB
MD5f795f9c823a790b718182279c0b3192e
SHA15d8c4d195b636712539969176d940adc3e3612b9
SHA2561aa320e4fd82477f2649b8c4c0770eba176fd7ff91f92d7d5961f0923348bdf0
SHA512add8cf1845b47fecd158df3d89414eb99b5fa81e27f206d5755b258a5389f79574cf3233fea5f1284d4773a51f94d4c35ffd4b514608642bd5b356fe2addcad0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014Filesize
19KB
MD5ca7fbbfd120e3e329633044190bbf134
SHA1d17f81e03dd827554ddd207ea081fb46b3415445
SHA256847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
SHA512ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001cFilesize
51KB
MD56e2df673cf4661a6709df74b340a712e
SHA178951ef50dd7d443f8480af8c8cbe8f2a00aba5e
SHA2565adbc8850a787767d3726dc34e3cc71f4d91382f2392a34ca9c97f7aa411f182
SHA5128ac2e49e092f03ede6cedb19418c4654b12449bfc4b34d4ef1009f74b171f4ff244f0fa0b4999e99b257eef2c8337e8e87b1a803030c986da3f3a3b198f51fdf
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001fFilesize
148KB
MD5dd445ddd5d58751b85b415b680cdf2ed
SHA17337b85e795a2c9d9b1d5af540d8003740e75259
SHA2566fa9dcd3424dadb03238505e3a79698ba16ede99bfd21ec678a87ac20e82afb0
SHA512014bbac225d016988a0defb68c6851f89a6030c5c4ddb16c357bf0958f1a56d8c30a2603192228bae9310dd49fb9395fd659ed442cf88d328efea01a049abf10
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021Filesize
33KB
MD5d989f35706c62ce4a5c561586c55566e
SHA1d32e7958e5765609bf08dcdefd0b2c2a8714ce34
SHA256375dfe942a03ee024b5cc827b3efda5550d13df7530281f50862ce3b33fcb716
SHA51284b9347471279e53ec5f151caf47fd125b9c137d4bf550a873c8f46e269098ea5e2882b1dc1fe3b44095308df78f56d53674928f44a1e76d3bd7dc9d888d91dd
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000055Filesize
160KB
MD5fa6149f8c3296135f4df001ad8bfde7b
SHA130552f7994fbcb3012362651f7c1ead1b672b0cf
SHA256846db6fc429a1a1b297bad301abfab64ff1b4ed698041e486015ce33318640c5
SHA51212db8b41ded054de70089c33157e1e629ad6016013ab0ac571351ac5870d6bb4de403db70974c745a3173c2169b71749113e9cdca0acae5f24c1d5e29c8215cc
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD5113e6c3360bb64d35d47275f8de590f7
SHA17900759b3feea72ac691e2670f17249e0f0c2cfd
SHA256cfd458098e5b509dfe0f12f7b3b2ea726732ab1540a582f40de5dd9b0e2d2d0c
SHA512093df92deeb44214c792abe97d2afcb5d3ed13957689cdba85caa2747eecd47a33a9339be56b06fb30da71a956fb2455de073de3ee82c5058dd55c48ec2833db
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
3KB
MD55818a13c7a31d7bafc7106a562a548d1
SHA1ab8c672ffd49afdb065c261aa5f2bb5c7aad0b43
SHA25658b8e9ba1667e386b3a8c5edb992bec5d18162549005d79a388435d6a0f6ec8a
SHA5121c221962c0fd0b5049fe0b62ee9e411a38f603bcee578744bd5584be79caf0315455ccaaa33a5d5f861bc121312af7774fccb78001f60841ba0f38dce7251c8f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD55bc08919bd8ef5903167bbf425daaba9
SHA1c6cee8355220ce59db68b303bca8decf65f8f4f9
SHA256a6d4c44448444f3021567fb9ba57d1587b7b920fb8445a21f45da796e0a85959
SHA51293bdb5203fa8edef2190a7d892d1ef59c5b2e3c13257fc0b282e28f3673841ddb7f9ee91d34b15f3d8af015604ac9476821818c60abffd165d6c15680aa7d464
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.mediafire.com_0.indexeddb.leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
6KB
MD5dbe2081a79a66c32d21e4276909fda7b
SHA1c3284cbeec9fb7b118dd8d3a756baa11a31d1482
SHA25679b09ea552638d29e92156addcb48bf7c0283822a5e05d56d448233504db57fb
SHA512f98820f2afd4d1df3f3355a971dd2c2c785a13fb45978e7320fe4676b91a9e235e2bce7b369b746c0d828b5332ea3dab23e8ea73a1e9491f8a32d343661b9dbc
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
7KB
MD554ffe79847bd4d12e69f0d3c7adb5bbe
SHA15510f94fb44754f271f6f47bf11891b5a133177b
SHA256a13fc469b01bb47267c4331ceaae61276a48a9d85019c9838901087397e22bc7
SHA512a0701b50c3f65d1f4bf01499170dccbef4b875ce04eeedb48d119b799231d45485f564d872306ade528aa33c24fbf28a99237dba1eec8698a4f6018aeeb66386
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
7KB
MD55738fb6f5725024f67f2be056c689914
SHA169190bae2e5596d3e7d61102d821c63e18052dbe
SHA256f9441cfcadbfc0d60a1184d3a6e52691942e689cfd7372d28bd99789007d29ec
SHA5122dd112ac62e044d28ab1bfe0153d059ef030cfd16109b5c52364d45f087d4177aa3b1c006649148a1af078daf608c9eee51f5859996af1ae7073808988901b7d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
3KB
MD581d09d2d80389785090aa7b73b7eea77
SHA1aec5294bde1d1065378d36394c7027018f8665fc
SHA25689d8508506d9e2c098c6e2a3ef882e8d59a8d3fabaac516da7b0cffff39201cb
SHA512ce44c1e24e7e859b53cbd1b897b4cc0f1e0c68b1419b07921e3a7c283c7a87775d07ee777733e51003c432f2cc7461f602dd7460c1b38cb1bc004344f639ebfe
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
6KB
MD548d37bb74a397e3c48d2cdff4d124681
SHA145ebd35c24ebb6d229600a4794b2e7fcb007a72b
SHA256a5965ad297b3c46ef3a1116a4b4292a8875837866140de062908d0fe0f72a57b
SHA512b902b71eeb7c5b792e21d775b921165c30157c6547d27ad79f40e820f0e49956d9b6fb17419db55561f47839f4c3ca8764533f4e65731bcf5d68db2fb5f4456a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
2KB
MD548e28e8fbbca5e01d82bd3987c691553
SHA117a57f15d36f504f42e2c6a3393fbc604cd7bfcd
SHA2568a00131d6227f57c1187b3482d3919d399a84e05bf6caf57028f3612b70c58e9
SHA512239d4206576bf86d3fcd92e1b13e025f43a5dd1c9d47cd318e3c7d71678bdfb19d7ff534426109def31d58955399b50fd7ed4cec01872742398ed9998358a966
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
371B
MD5770edc9d2e036c3abccb87703b85700c
SHA14330118918591af846398a5f76daa1cb49d988f5
SHA25668cfb008ce957392a344f050e1141f10bf6a597925153edb637ca701c7fe4e55
SHA5126677fbec310a89647bb1068842062f3b4fbc403e32f20633080c80133e907e4b1343367cd77e55cf64877a4f570c4d305229182474fe564e774dfe7b38bb8ea6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
2KB
MD55ead6e2c94501a570ac98f5aa133c9e5
SHA1f48ecca84d6ccb2c9f78180942dde7112bd78ba8
SHA256c69ce816d03e68a7da8a2b89d6dfc0078f2b762c286133e11f3d2590f77a538d
SHA512852b01e92688b1c35e16d5ebd944999131ac2d2aba4a1e47bb095b889b32a1ffccf5ad5e08cf4ce904e9b2280d2741ad0985d8d70b8fea02e5853a173b375583
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
2KB
MD52b8386e66e3bc4a3e5912e4c8a1eaac1
SHA1cf5b377feef3e85a7398b66e31fc625d15ecc959
SHA256583a00fbdb38362fc7b5b9ac5365d9f5acb2cae6812952397f6cc1fe3366f1ad
SHA5128c2d332bbfa42d6a7bd15553f5c0ac605d4ffd153a6d33ca5738ab27b7e7977c9a73fa470f910b0cf6d2a07395d3e75cb74e9f4660e12d9dfbfb23e72d1257da
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
538B
MD5a451ddac7a918866d708925750b404f3
SHA1e40bb7730f1ab5983f10ec5f1be88c36ee317c34
SHA256d200e6dd99a96169d534c26bbce614906afaf1149a10ba761b6bf5874996fd45
SHA51206484a04f4261bcf19eb30514308a26fbc78fbf0b7df9985a46d6f8a9a4a43dda71b6187d5b3a30f08b387035469d7057ccbfdd10ea17c3aadad3571d9ef4acd
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD58d993e9a1ff71fdd03b3e030711c17ec
SHA1f12de5c7b1c1e3e1d69615a79c8d151991a65a20
SHA25688774c4222e56bec173c4b66499301abb02d23d903976e1370def34cd16bc224
SHA51294c0ba791de5fe25e95713423936845d8ee1cf348c371f017daa3d83a773b3cb3b9f6e346a807119f8eaddc6fbd5cb45c94b01747a1166eea3b932d15ded525e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD576cc2ba20c649bd739f0911b5bb98f82
SHA17338895ebeceba12347992c406b5e4441429033b
SHA256cb6c2e1ce08d4ea529451242ab2794661c613f9b8cfda46b7e7d4336cbf972f0
SHA5128fe272d344ad00be405e2daca25f4727a06cf035b6ace3a72433626fa924aad59dc3dc99d822a580d7468344ccfcfb6275b4fde89dc7d1794377037515b39633
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD53d0d9b8f48635035c7403316f287f1cf
SHA16181f384c064b3237631b11b0cbfd3045499b4ee
SHA256e6858fffda927ddc4db9c381d3cc6f49c4035f8c60cf9b320762be7d2dc9d751
SHA512f2a17144a988a124614d9ee9fc1f42a8a8b202b630b7f47f920ac1959ae1ba4bac1c620e72ac5ae397065843740552154207d2d3c5bb7c3730fc965d26bceafb
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
872B
MD519aeed1f2b4fd6440f0ca40cd3fb373b
SHA1233b3bba697e45bc19827f0d50f37a0f69532922
SHA256fef8d861b532e98343e5e39e8f18890b77f9fb414d610d505c7e5bebc1c13807
SHA512731af5b51aed3bb4189ca7d07d2cdbdb76fca0192abd7b21cf224e232d9df7883cacb049031675944ea01e8b578c79f501dde0ddd1e8ce622b0748267d0f7779
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
2KB
MD5cfb5a3a323d0ab0bc058992c382c0e01
SHA195d457e0e7b92f68a05ccde5edf4520ee0e0c25a
SHA256dfae2b8fa2780332b00906ce143203b631e4307ccee964c3a9457694c90eb47c
SHA512f41832ae4253db4840360261ffc67686db8062397806cca13d15c23b5a304173b7ee341cc490d64a33a2521083df2a766a3ce36983402a5474ca3a52ea782da9
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
872B
MD5a769dd231d35159441edd0d21b8a05dc
SHA1d8d7ac1316fbd93738ca56db3e2ee708475b5c4c
SHA2563b488308a4ad72011545640784af92a0f3388ed3b0be839018fe72af27c38631
SHA5125f9cdc12e66aeb4ac6cbf74bb20a5c28f51e6457488a7d14fbacf958c21ea44908c03d02908314ca13a14eaa00b7616d1a2271f2778cf2bba50b0487c139e3bb
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\e7173b9c-5621-43c6-a3fb-c42d7d204ad2.tmpFilesize
2KB
MD5c7a1d3df22e0f8a2269c72a1eebcd906
SHA1b5f611edc95b1e01d9cb3d76debcdde3e16f15bc
SHA256dedeecbdd5d22124585c4cf262f28ee3b79ec6e5b2500508078271ac6d4c7931
SHA512c5350765858d27b45887f59e5c62a1e4c024aea66f1b430418fef8aaa9225afbaf260f75cc77627ed91edbae23d5fc2b94ecf1447bcf0316aacfd55413ffe191
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
8KB
MD55822440756e8d7deb693524e7ecad909
SHA1581437156dae0a99e2cf525b118cbe5b120d008d
SHA256358196e0de24078c8be46df9d3b66cb596646fcf4fc38370ea32729814ab666a
SHA5121528475937af887d4f9d33b291592cab0edf2b31e75da0abde6877f1f6a0cb6812383a7736d1f9c336d75ebef1ac85dcaf1b4add0c1c8b0c61bf3e6d95901d0e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD50bd0937e4b0c87545ea744fe9692e1c3
SHA15bc23334259c370f08c4f421ed5cbce833cacabe
SHA2566ff8c1ca90e15d2268543f2c41f1ea1b5b7d06e92befc0e113043f40f727c089
SHA512d6a38bf4a550add3aeaf04dc7cf864fd7b38a0ac4f9dc24e4c4735f26658b175461cbf53a7e39c1e53c4761d9f1e49e5b30296da3450cc34699b123f23563d61
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD54986e569b1583f7c4283b79b8dd178ae
SHA198386c3e166574e31794c679f1113d48439c6758
SHA2560a0cc4c6b20c36f8885d7518001f398dbbba31cb410c296026477fe88667de05
SHA512606594dae562035e54b7550e5c8f25598869f841532910dc01dd9a47feaca81514fc3f2976f550847ceba5daffe9ae5569174324326a5a1b821aad280aa49860
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD52fd729d265c07da8e5ffbee331e5783c
SHA11cb10acc87432ba47360aa9a4a954ef86451b1ba
SHA256589a5aa50a9935db814996e7ea82ec260b1bc3d6734d9c3c505bf7598c4586f7
SHA512cb7568efed92e10f15214788c8d2e4d2aad36c8634256f81526616de09fec3c91ee9e4e1bad7f5239e27a23c8fe2db34a7394ac51edad068dc73a8d4d517b106
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD55791d2193b0c7edb9f2828ac2a370dc5
SHA179c4a9380f056ef43bde90bb574955efb4f2340e
SHA2569715bd6375a5c35b011e267939c6fc43b244b1835358b1e3f799b1e036df7b8b
SHA512d7036a21d4ff2ccf78627d64f9182d9defff1917ecbab7da29b0395fcd49f7d7ed3f07db939ceaf03586015ea82b0d7dc7bfbf35add360e536348b499753da0f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5e2c4ad1e51b13cfc0f276d8bc9cbe7c8
SHA153406f44a0c27211c39d9fd6045ac5f5f57f659d
SHA256c028bef2034345333e2ae242e3c071b4f110318c69cd336740e7808ff111acf8
SHA5127d8d0c86b6f6b19593abe0d38f63706158329596ae78ec8a8040e57632125e378e45b4e6839a9a70cb8434bd33b659ab2e009da0e43a1ab62e6663bd99aee882
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD50df17efdaa5e1bf1006662d0cd34bac9
SHA1dab5a20de920637f87ad49415798fdbae99fa676
SHA256c6293324138940c03b6327deb8fdc2974871250e89002249d1d0dfee4871cd01
SHA51240a9c97ff2f8173f14ca6f276c44b2bbc75f8c95ff473812ecc72261ef73e439cdd3571876f720b0cbf17e95cd08d9a95b3613c26577b5e0f7cd502b149be92e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD59426490b27bdb8281cc8316fcc977764
SHA1cb82bc55c681078cb00562616ec4979fb6d8abcc
SHA2564393c14cc5619705dbb4a276645e3930ba352ad33069043125a371acfd2a6c91
SHA5122389fa8b2665daa43f3a7b22e9d67576fa57e683f3da7db571be577fa6694c9a15315628edfe4969817b3879d89475e2b0f1a2a805353e663243675e9850e500
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD53b21bc5aed2bd9493c256a92272e4aa9
SHA154b2b943c19b7fb0a150c5d3b8a807c1dc4f4109
SHA2563472df653818e783ed691fa152559ba362c2022097e332fa888934823e1fae7c
SHA512a48e83985e5ee9bb663f5fa74a1f5655a9a370d3f5d36fbf591d474fbfe28fd18c749dddce2c9dca3e06c7ac4dfeb858b2ee5f2459188bfc16e57833644b9460
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesFilesize
15KB
MD5ed6430ffb5cee84d5677bf412187bae3
SHA15071c0da7d67f597d68f68defea27a5d2283f537
SHA256e13075d12a61243d5551c22ed673f573ede8ffe70d2582cf03449ee02ca34ac0
SHA5126a2ed85404acfcfbe13c892b42ab259f76501ad66de957949c512054ac78fcc956d1c36fad46bd60c68a0f8185825ae070f4651f1e3115061d447598b64856e5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-indexFilesize
72B
MD53e7a3fd5d86e95f5b5b7d42b66318705
SHA1bd40564b2ef7abaea6fb7305895b1119c18ba118
SHA256021875b66da38808fbf50c42bdb9bc0e91e350f5af4434bdda55acc9dd70eb0f
SHA512d0bdbe6addd24169971523e5a06dac3ae2636964d6c61c2f7e49bf532d2ac5684690cd36233d6998b25013450afc2837a1b3986bf8802940ba3d1ff0c8504bf1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a92ac.TMPFilesize
48B
MD56f7ec063027267c97526a8ba22a06e55
SHA1a8147f05c6558ac92879923a7ed12fc76a9a29c6
SHA256f30e6a14612af105ea685dbf2c8ab7cde1b75bee5770e234d5da7a89db01be35
SHA5123fc48094f5a0b820137625455d9e1c7e4b0fedcb67012613138e26a5a146972c3a8dcda5b650f260e2b6f4a5e0154c1ee94364ea4414e524f12057122c84b6f0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
143KB
MD5994fa63e8b08b6e24810ab6957588d21
SHA19c04f01aab3bf876bcbce3862e40f52ac41c1370
SHA256cb9e4af6c7d426a7bc919afe8753f63b595907af9044e147f8c8d8b913e74f6b
SHA5120fde3bb23a9a02428934dc75e28111d9d9bcdcdbfd1eb3ede03166461286ae2394617c2a86f06ab1e133d96acab62a70b0414edf63c036a6b96c19b9778f94e3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
143KB
MD541726bfc990ce699e8c62c4e0710fe3c
SHA15669263ad7e8b51a6ff2bedf586eb4f9e4b717d3
SHA2567777dd080fd092a4b21e2a1e22af070817fb139e04971a74d3ce5f68ae7c0a18
SHA512a9e9072da576a0e85809ffb0d4dcd7565b764fca1f2d6cf8957e05488fa0860cbb8ec958d03927f763d89af0c6a6215305287e25e88123fc559127ec2e8909ac
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
143KB
MD537c3f298a0539ff56a9ff9f54d41106d
SHA11edddaa622e6a62d10b303d008256d0d6de14046
SHA25640818c8ab5ce05dbd571202bd7e0b9b254271a2f74b45515dc4bb9b517bd77e2
SHA512b1e766207a278dfd327baedba24bba4c2a0e3773921d6389a168091d42376429b295c1c7481d77c73ddf1ddd1c8c289a16cfef97009e803706d76f25f075bdd3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
143KB
MD5dfd83b8ffca0a0f11ae147a11ca60626
SHA1fb5afd77631afa9aae1870c2080f38483136ec82
SHA2561a48b09e7c8cfed6077d49095ed0bdbd5575f5839e130fe396e5078f9f703278
SHA512d6b97ba876397b0b8d916e6482aaaf7044b6dbd5bd9b3630db96e9adba0f5c9a5f1f71ba3898061e64efc64a113189a08913b88159a823b5d43f1a91c92b29a2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
143KB
MD5e30143472be4e5355deba0a24acb95e2
SHA158cdd56d19e0adf4399069f384cbb160fab5db01
SHA2564c9fa8dcc251e1a23115f480970b0ff7586cdf5140ef9db49ed2939fd6a238d3
SHA512a1f45c65ec7fb26300e71ee1c16b1c9ab909ea60dd407a499a4c8d8d991eebb597433a187b5dca448b1d5930fce96c0b02f0703582b831f6ed7ed6e4a2a5ddd3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
143KB
MD51485ec573620a288c7f00b3a65691fd8
SHA1b081485de18df50f54a7cf54d2da2bcbfd3f3a2a
SHA256be41b6100bbbf27aa79f676e599a1c2dd0862daae34d7edfa7469d0b6b2b0d7d
SHA5124f8fd01ec27f1d0d0978436469767a3cc3c8777e57cba34b45a7b9a98b7d7710e4bccc25e47851173b9455a2ca162148e9b9ffb6934631e33c92fa04e88ab25e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
118KB
MD5158f9a21f7cb9670bf417718de382fda
SHA19d9329f849bef1cc6ce0565d05a152b880943dd0
SHA2569e3870dd44f29d903e4f7c5586cc23f2659ae43c672f37e88590a05433e3987a
SHA51250e03199b3d4c4ef6c4b836837687fbccd1c02dd620c3aaea42b0d2563f8861af3e972181988e27852f0e8cd806025f0c12f41e63c404a6852a1236b0b4965d8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
122KB
MD56335310998a59ca675cb0b068ea7c119
SHA1926c817fda6a234a4f9eea7e5641bf36323db838
SHA25681a2c97632e6785c21a22d18f1d2a7cccace2cbd821c10d934bfd4b0e7725a92
SHA5125697c964bfeac9e77b0df930675ea92b792d804075b50f902adaa10a8ae124f85c70fc9e8ee42b7971391f89cba55dc67d9c98e887ed000d449ecdeef8d0aff3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
108KB
MD5c0243a0146fdfd44fb867c99aed5f11e
SHA14dcda1e9415560d3a53476cad4c3b29b37744f78
SHA256367331d8df8de68eba69908b1f0d1b362ed065241dac72283244d9e441d26672
SHA5123c92e6f78217bd4ed501c1318a1eee2f6a6a983a152940b50afa54b9b8f2bdc288cd8e0a83658d4bde2908502993b6c9754e6e137edfa289891f9e4ac1e43d4d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
115KB
MD596b670ebe52e2379a255452489f67236
SHA12e4b2f775d159e18821bb30788e27588951b48d5
SHA256fafd9a84e0f7dd64df76fc54d36d9b5791be39569590a2d12f53967b92ca244a
SHA5127ba81d9b875c707b4a35e8fa92e91ab048105488b1a2e82cc595afcc132ee49de608fcd2f95e9af545b558fa504f987c9dee767d21e8eee29bf90f6521020b42
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
118KB
MD544c2c5e6351a6d4251c09e3fb8175a81
SHA13fbfe76dcf68773ea6713123fb7a8aafb87a310a
SHA2561dfdbfe9e674c89f1ca9e9d3038e3dcb713215d19d7f7384c57eaee5b225208f
SHA512c4cff464a343700ac854ee55786df2263e77656865ce6694fce5c9c94900f46398d1ea411b6975d156baabae7f20a20c875f5888fb4dce3a4bbd19989ed94bd7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a23b6.TMPFilesize
99KB
MD50b2fa4aa12eb11a2678b2862d69ff247
SHA12655632c3c051c93bee900646c0c76adb137b3ba
SHA256f57dccb39bd66eb29c6c04f565895fd45796ea1b7f2377999a15a12a9403d3f4
SHA5121267c8d84b33144120a21b7ee9f0228062a1977ff869f898af979208de1da48e605255bae0cfc2a15a1375d39383f82a46a8bd02d67c162a43b581fa6f15205b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\AppData\Local\Temp\7zS888B6C46\SetupShim.exeFilesize
136KB
MD5db51c903838632898319669eb2271114
SHA125fa7935e834e56f7757321da7f84aad8d587eee
SHA256babcd035c2f920004fcc922aa23c4fc55949b335b5e920bcec215a51c1e036d4
SHA512a42fd32040317d351f98bf53e0832e1c9dfd7e1b45c5aba44dfbc79f25f88cc19dcb762410840cfa5cd63e8531496dfe25d63937af8758d712d06102e626fdbb
-
C:\Users\Admin\AppData\Local\Temp\7zS888B6C46\SetupShim.exeFilesize
136KB
MD5db51c903838632898319669eb2271114
SHA125fa7935e834e56f7757321da7f84aad8d587eee
SHA256babcd035c2f920004fcc922aa23c4fc55949b335b5e920bcec215a51c1e036d4
SHA512a42fd32040317d351f98bf53e0832e1c9dfd7e1b45c5aba44dfbc79f25f88cc19dcb762410840cfa5cd63e8531496dfe25d63937af8758d712d06102e626fdbb
-
C:\Users\Admin\AppData\Local\Temp\7zS888B6C46\SetupShim.exeFilesize
136KB
MD5db51c903838632898319669eb2271114
SHA125fa7935e834e56f7757321da7f84aad8d587eee
SHA256babcd035c2f920004fcc922aa23c4fc55949b335b5e920bcec215a51c1e036d4
SHA512a42fd32040317d351f98bf53e0832e1c9dfd7e1b45c5aba44dfbc79f25f88cc19dcb762410840cfa5cd63e8531496dfe25d63937af8758d712d06102e626fdbb
-
C:\Users\Admin\AppData\Local\Temp\7zS888B6C46\x64\SetupDownloader\Newtonsoft.Json.dllFilesize
695KB
MD5715a1fbee4665e99e859eda667fe8034
SHA1e13c6e4210043c4976dcdc447ea2b32854f70cc6
SHA256c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e
SHA512bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad
-
C:\Users\Admin\AppData\Local\Temp\7zS888B6C46\x64\SetupDownloader\SetupDownloader.Configuration.jsonFilesize
135B
MD58ca6779446e31e219589a08769448da2
SHA1efc2d9e4b0f99daf0333406610d8031a5a8aed2f
SHA2562b23a17e993b7837a89365cdd328541f58ddfd4ab2b45285058284eee5733613
SHA512a6a863880835dcca879534ec8a353e2d7fef9c4410edfe41b59bac561492cc6084330c7aad1d2e8a9590b2a3d7551a0b8b6d45ced4d235f01b596d69b593bbf4
-
C:\Users\Admin\AppData\Local\Temp\7zS888B6C46\x64\SetupDownloader\SetupDownloader.exeFilesize
263KB
MD5bf4f4864bcecd94eefa400a6ae55edbf
SHA1eb106dbbe2c4d659cdd225229f9b82001152295a
SHA256fb50d98597661e5f8386f0ea44f036031547f4e1c806d8aa38717337ed4fea95
SHA5129bc97bbabb8023adb2544f59107a2e56346f787ed4f8ef042210601ad92cba54898d2e099946f87e11d5e72f0f1d637df11f7c028ff4e5ccaab7d265b307fb2b
-
C:\Users\Admin\AppData\Local\Temp\7zS888B6C46\x64\SetupDownloader\SetupDownloader.exeFilesize
263KB
MD5bf4f4864bcecd94eefa400a6ae55edbf
SHA1eb106dbbe2c4d659cdd225229f9b82001152295a
SHA256fb50d98597661e5f8386f0ea44f036031547f4e1c806d8aa38717337ed4fea95
SHA5129bc97bbabb8023adb2544f59107a2e56346f787ed4f8ef042210601ad92cba54898d2e099946f87e11d5e72f0f1d637df11f7c028ff4e5ccaab7d265b307fb2b
-
C:\Users\Admin\AppData\Local\Temp\7zS888B6C46\x64\SetupDownloader\SetupDownloader.exeFilesize
263KB
MD5bf4f4864bcecd94eefa400a6ae55edbf
SHA1eb106dbbe2c4d659cdd225229f9b82001152295a
SHA256fb50d98597661e5f8386f0ea44f036031547f4e1c806d8aa38717337ed4fea95
SHA5129bc97bbabb8023adb2544f59107a2e56346f787ed4f8ef042210601ad92cba54898d2e099946f87e11d5e72f0f1d637df11f7c028ff4e5ccaab7d265b307fb2b
-
C:\Users\Admin\AppData\Local\Temp\7zS888B6C46\x64\SetupDownloader\SetupDownloader.exe.configFilesize
218B
MD58f692dcbf1e68398b5dac3eba59872b0
SHA118011f5291790b0f49561385731ec5c6ad855415
SHA2568c422938a58df86d88f29c61ff27006f0b3c9bb4742b11486bc5a01a6344129b
SHA512e4bab07f4b9a9f725865e0e9f11fa31a4a1841399044f5976818782739b13d6c2012edf98199c5823ee9ecb3da40e7f3e2f88ab1394547801afa8b5b9dad9e79
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\SetupShim.exeFilesize
136KB
MD5db51c903838632898319669eb2271114
SHA125fa7935e834e56f7757321da7f84aad8d587eee
SHA256babcd035c2f920004fcc922aa23c4fc55949b335b5e920bcec215a51c1e036d4
SHA512a42fd32040317d351f98bf53e0832e1c9dfd7e1b45c5aba44dfbc79f25f88cc19dcb762410840cfa5cd63e8531496dfe25d63937af8758d712d06102e626fdbb
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\SetupShim.exeFilesize
136KB
MD5db51c903838632898319669eb2271114
SHA125fa7935e834e56f7757321da7f84aad8d587eee
SHA256babcd035c2f920004fcc922aa23c4fc55949b335b5e920bcec215a51c1e036d4
SHA512a42fd32040317d351f98bf53e0832e1c9dfd7e1b45c5aba44dfbc79f25f88cc19dcb762410840cfa5cd63e8531496dfe25d63937af8758d712d06102e626fdbb
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\PaintDotNet.Base.dllFilesize
718KB
MD51cf53a29e427572615759900ca36c907
SHA10f023f73bed0833154de0282e3a5336879b9ef72
SHA25623cd2f8a4bf0283833e772d583701b2b806273cd8ed2e8c2ac7fbeaf0ebcba2f
SHA512fecd8e43b981bf0206a280eb3008f6156c7939b67d507bd892dc1cca63b4178db0490746da5386885256fc118a03875f0900f014741abfc99dd1958fed3c5fd8
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\PaintDotNet.Base.dllFilesize
718KB
MD51cf53a29e427572615759900ca36c907
SHA10f023f73bed0833154de0282e3a5336879b9ef72
SHA25623cd2f8a4bf0283833e772d583701b2b806273cd8ed2e8c2ac7fbeaf0ebcba2f
SHA512fecd8e43b981bf0206a280eb3008f6156c7939b67d507bd892dc1cca63b4178db0490746da5386885256fc118a03875f0900f014741abfc99dd1958fed3c5fd8
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\PaintDotNet.ComponentModel.dllFilesize
98KB
MD585a011052f83162b31d78e7c515a8d5e
SHA1be7d91c62ccba4e971bfa0cf82f65d87706d6bc7
SHA25692a847f24993b6d79a8f88f132dc7579b605de97adbb1824676ee41b0604a90f
SHA51297e5369cd63d94fad2fe26dd7340230fb61e68e4884c47442716723233abf0f86f0a413b0ed30efba4c58617c5ddca6f379b581ca07984e948a2522aab60afe3
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\PaintDotNet.ComponentModel.dllFilesize
98KB
MD585a011052f83162b31d78e7c515a8d5e
SHA1be7d91c62ccba4e971bfa0cf82f65d87706d6bc7
SHA25692a847f24993b6d79a8f88f132dc7579b605de97adbb1824676ee41b0604a90f
SHA51297e5369cd63d94fad2fe26dd7340230fb61e68e4884c47442716723233abf0f86f0a413b0ed30efba4c58617c5ddca6f379b581ca07984e948a2522aab60afe3
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\PaintDotNet.Core.dllFilesize
2MB
MD5c8355d166cef6f93f2f47774a0776467
SHA13aad0094ba42ddad5b7f09a269666608ff61ea43
SHA2565b525c55dab076d859b6e295d41f1d11ad72bdd8c4c9f0276d6367b905f0d016
SHA51220697b959024ee159e5dbdc7e0b070294cd531d27ff7aa911b556c91f22f579bc7f57b412172a92c6593a8015370d4a91fdbc299ad4b0a00516cf743f88defc1
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\PaintDotNet.Core.dllFilesize
2MB
MD5c8355d166cef6f93f2f47774a0776467
SHA13aad0094ba42ddad5b7f09a269666608ff61ea43
SHA2565b525c55dab076d859b6e295d41f1d11ad72bdd8c4c9f0276d6367b905f0d016
SHA51220697b959024ee159e5dbdc7e0b070294cd531d27ff7aa911b556c91f22f579bc7f57b412172a92c6593a8015370d4a91fdbc299ad4b0a00516cf743f88defc1
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\PaintDotNet.Framework.dllFilesize
1010KB
MD5f577126db967a0eefbdb78ef4f90234c
SHA12913c381e2dc10f35f51fd001e05a5f6d776c43d
SHA25652d9976c5dc0b39d41a2c8e981c348fd481db7c55c32ff894bfb4d0cc49639d6
SHA512168a626a5e4bb0bf77a351c27a8f0d250948e3968570546fcb6f8bc657535da883ba4e6dbeb72d06c7326f2b40454f9c595d79ff5996ab64e8d5040fae774266
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\PaintDotNet.Framework.dllFilesize
1010KB
MD5f577126db967a0eefbdb78ef4f90234c
SHA12913c381e2dc10f35f51fd001e05a5f6d776c43d
SHA25652d9976c5dc0b39d41a2c8e981c348fd481db7c55c32ff894bfb4d0cc49639d6
SHA512168a626a5e4bb0bf77a351c27a8f0d250948e3968570546fcb6f8bc657535da883ba4e6dbeb72d06c7326f2b40454f9c595d79ff5996ab64e8d5040fae774266
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\PaintDotNet.Fundamentals.dllFilesize
1MB
MD5e9231a4e54b4480e76033c5957c482ba
SHA1dd4a3aba9f7fe4e9430f427513780b9f02b5ad0d
SHA25667c6eb3513e7125c5caca12733a90dd7dcb0586b2b3a7c6cf636a3268373f8b7
SHA512cedffc352a59f8210743de0534f760842e7ea541702836725180ab4e3ecd1fb39f30ca4c204f6a897d21e0ef0b41713df7af12cce9f48627b85938cac348392d
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\PaintDotNet.Fundamentals.dllFilesize
1MB
MD5e9231a4e54b4480e76033c5957c482ba
SHA1dd4a3aba9f7fe4e9430f427513780b9f02b5ad0d
SHA25667c6eb3513e7125c5caca12733a90dd7dcb0586b2b3a7c6cf636a3268373f8b7
SHA512cedffc352a59f8210743de0534f760842e7ea541702836725180ab4e3ecd1fb39f30ca4c204f6a897d21e0ef0b41713df7af12cce9f48627b85938cac348392d
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\PaintDotNet.ObjectModel.dllFilesize
182KB
MD59ed7ba99bbc0d61dd08352a58055b175
SHA1675a0adf156c2a88224483b8469c027e7554d71e
SHA2564118f6e2dea0c8caf0e7b822c52a373af15d8bcdb8038ea8145ac0bd9b25c3c4
SHA5124d498f2604f3ca43912705eb8a19f95a7e930e8babbd5ac0025a0175cd06b1e49d31d5e126100b9fe2fef89c9486ffad7b40695cbb0133c927a01cf2d81484d1
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\PaintDotNet.ObjectModel.dllFilesize
182KB
MD59ed7ba99bbc0d61dd08352a58055b175
SHA1675a0adf156c2a88224483b8469c027e7554d71e
SHA2564118f6e2dea0c8caf0e7b822c52a373af15d8bcdb8038ea8145ac0bd9b25c3c4
SHA5124d498f2604f3ca43912705eb8a19f95a7e930e8babbd5ac0025a0175cd06b1e49d31d5e126100b9fe2fef89c9486ffad7b40695cbb0133c927a01cf2d81484d1
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\PaintDotNet.Primitives.dllFilesize
938KB
MD5a14d449a03e33436f492eb89f1aee8c3
SHA174de3ebcd500dc15cee127e77eedda123e6f25f4
SHA25600fdfea382eee9fdc3d54fbda6dade12313955aab4ed1109340a485c28154a44
SHA512f650b355a573ea42f638ef82c7c0a452604759fa20beb9911fb45000202a06f922e231c012c3c28d2e4d4064de9dc0223852062de9be88ae3605a37994e7d768
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\PaintDotNet.Primitives.dllFilesize
938KB
MD5a14d449a03e33436f492eb89f1aee8c3
SHA174de3ebcd500dc15cee127e77eedda123e6f25f4
SHA25600fdfea382eee9fdc3d54fbda6dade12313955aab4ed1109340a485c28154a44
SHA512f650b355a573ea42f638ef82c7c0a452604759fa20beb9911fb45000202a06f922e231c012c3c28d2e4d4064de9dc0223852062de9be88ae3605a37994e7d768
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\PaintDotNet.Runtime.dllFilesize
74KB
MD512cd1f43ab57b0b4f67393aefa684510
SHA154a6c06cbe86d131c7baa84a0e389e825d157339
SHA256ebfe25806fc3357c209820fb8fdc17613140cdbb8f0dd8760b53fb7c09e5fda0
SHA512c5f3fab93afe8cf7e7620ff7531b49b37b8518fc23081b3e2d97fd85cfa012da905a6fa9bccbb76690ab7ced661cb6d9529a51dd2967ad6b9b55653ce8f602c1
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\PaintDotNet.Strings.3.co.resourcesFilesize
176KB
MD5d52f605089a5909444cd3d00121b9eca
SHA14585d03750c24cb46cd0d47b271019fdd8248163
SHA25685f434ade1a64d4719fa1759446bc2451cac9c81ff063bf4c54eff684625d815
SHA51237ced0bd1c88c67f2aa6efe7c76566a2f39f3fedae4da245752b844f0cebea0a3e4345e74987bb5102cc461b7b9d1e5a4dc6c1131c01bca485a7790159eb1e5a
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\PaintDotNet.Windows.dllFilesize
3MB
MD59175025bcbca0f749d6500a842e9f048
SHA1361941df6e4d3e9a4ec1b340a7a1e06c02e85c45
SHA256616009e382db7b7d5f7cb9af73cc501f05a879bb9d67045d483fa69e6ac4a0e3
SHA5124dc770f39cb3489c2c1c1078f35bf50b6e5eec83217863ea57a12d77db70a91d1fc9e5932ec0b32c6de8f54efc8eedcadc3ea18ae383bda95eb59c1c542d18da
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\PaintDotNet.Windows.dllFilesize
3MB
MD59175025bcbca0f749d6500a842e9f048
SHA1361941df6e4d3e9a4ec1b340a7a1e06c02e85c45
SHA256616009e382db7b7d5f7cb9af73cc501f05a879bb9d67045d483fa69e6ac4a0e3
SHA5124dc770f39cb3489c2c1c1078f35bf50b6e5eec83217863ea57a12d77db70a91d1fc9e5932ec0b32c6de8f54efc8eedcadc3ea18ae383bda95eb59c1c542d18da
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\SetupFrontEnd.deps.jsonFilesize
59KB
MD528b6e9050c62d0117e97e70a5bac36f4
SHA10ba79797c1f1da83353b589a87724c75440df931
SHA2561db2bb606660cf0de98c5260d44f29b17357466d216e90dc937c2e2bf0a1330f
SHA51216166b440b1c81c8a1598da8c2fbeddfb9eb271f9467d2f567543f0a452a2d35fccc2ba231b8b0524de0aeecedc509882d5908b4b99c3b9c703849cf2e9e2450
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\SetupFrontEnd.dllFilesize
210KB
MD57661fbc617c62838da8d27fa8fe41e69
SHA1173c1d28c5bec798dd1ba2a6e077809f6cda2abe
SHA2569c06869c94371a1754f90fa0475f3987f1177dff0b5e3b88a555b3971ce78b81
SHA512099165b23c85e0a70e7f337a822d23a9880c7c31f240f0f20bebf186359e17bfc1ccd40d7119f4c16502401e06e8e1a3b7ee5e8cbc4a47160c552a76798044ab
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\SetupFrontEnd.dllFilesize
210KB
MD57661fbc617c62838da8d27fa8fe41e69
SHA1173c1d28c5bec798dd1ba2a6e077809f6cda2abe
SHA2569c06869c94371a1754f90fa0475f3987f1177dff0b5e3b88a555b3971ce78b81
SHA512099165b23c85e0a70e7f337a822d23a9880c7c31f240f0f20bebf186359e17bfc1ccd40d7119f4c16502401e06e8e1a3b7ee5e8cbc4a47160c552a76798044ab
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\SetupFrontEnd.exeFilesize
162KB
MD5ecd1b6c532545defb118d10bb666575e
SHA13209041ed6b54c274b0a66e6121955b500fd42c5
SHA2565610b309cc56efd174fdf45feec265b086ee9ff55efb0d3862fff81348e78fb0
SHA512dd2522cac5ab3062492851e72892c99a0aa8e2c1d9e056c1fb18fdd882a433dd93a6b1e68f1c49f3de6f4e88f7a684f695a86f82bbd8f3c811ffe0a4b40ee152
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\SetupFrontEnd.exeFilesize
162KB
MD5ecd1b6c532545defb118d10bb666575e
SHA13209041ed6b54c274b0a66e6121955b500fd42c5
SHA2565610b309cc56efd174fdf45feec265b086ee9ff55efb0d3862fff81348e78fb0
SHA512dd2522cac5ab3062492851e72892c99a0aa8e2c1d9e056c1fb18fdd882a433dd93a6b1e68f1c49f3de6f4e88f7a684f695a86f82bbd8f3c811ffe0a4b40ee152
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\SetupFrontEnd.runtimeconfig.jsonFilesize
449B
MD55653eeba8fa7fcba355024cf1cdc3030
SHA1352596de8ee84a1d18d61c2eb74cad8fe3efe92b
SHA256c3a49dd86d68b783c5bf42d9a03381b68f93e2f7014ec8d2a111078cbc20f03a
SHA5122151d877d38f738091a41b02013c547906c0e4cbccd3d68f720d9a187de02fdf336df3c2c42af38c93835902cec7d601dc0e825145fe23c8a48a51c463035b0a
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\System.Collections.Concurrent.dllFilesize
258KB
MD5f449d4c37f4d57f2040dad7f9f6473c3
SHA1194166b4977895ae8e60b2b6379407487a323b98
SHA256f53b877e777a137218174fdbe09324f2a41d9b13402c14e54ea913e7271c3fb5
SHA512f88f143cca13210184d0f08c761607d79d416b8368de2aec104595a624ec44da7b77f9bb01974479491988e92907dadab61b854e9621a978f1f8c48d2b910453
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\System.Collections.Concurrent.dllFilesize
258KB
MD5f449d4c37f4d57f2040dad7f9f6473c3
SHA1194166b4977895ae8e60b2b6379407487a323b98
SHA256f53b877e777a137218174fdbe09324f2a41d9b13402c14e54ea913e7271c3fb5
SHA512f88f143cca13210184d0f08c761607d79d416b8368de2aec104595a624ec44da7b77f9bb01974479491988e92907dadab61b854e9621a978f1f8c48d2b910453
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\System.Collections.Specialized.dllFilesize
106KB
MD5d266ccdac8a4beab6b1df38847c06ee3
SHA19ab6aefe5142becb42a24069b2c1df9148d1c9fd
SHA25612737b63f59707891828a0c5fecd716e34aa35be795bb5b19547185104e22aa3
SHA512d100df0e44e34d7b466976093a1fb8287203a29381a34a8f315c5931b4b9fc132024935d02534101570b34a40e80b3972d3061ace5be3b8428ea531d65ebe054
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\System.Collections.Specialized.dllFilesize
106KB
MD5d266ccdac8a4beab6b1df38847c06ee3
SHA19ab6aefe5142becb42a24069b2c1df9148d1c9fd
SHA25612737b63f59707891828a0c5fecd716e34aa35be795bb5b19547185104e22aa3
SHA512d100df0e44e34d7b466976093a1fb8287203a29381a34a8f315c5931b4b9fc132024935d02534101570b34a40e80b3972d3061ace5be3b8428ea531d65ebe054
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\System.ComponentModel.Primitives.dllFilesize
82KB
MD5facfdafa0ae200ca0633d319a17e0cd1
SHA1534d0549fa4dd93da4edf6b09a0e4fe64488cfd6
SHA2568b176b5697c67ffd3f5ad4ec60bf4efd2bd5d0ad902bb96f6b05ef48bea0124c
SHA512d44cad0fab5d1e150ae806e2e81dbe68caf36d6e64907f43d861c5c7681f93313982a3aa1dd9bb36848d71ee60dfb10548b57f856bd317a9ce70198837fd8e26
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\System.ComponentModel.Primitives.dllFilesize
82KB
MD5facfdafa0ae200ca0633d319a17e0cd1
SHA1534d0549fa4dd93da4edf6b09a0e4fe64488cfd6
SHA2568b176b5697c67ffd3f5ad4ec60bf4efd2bd5d0ad902bb96f6b05ef48bea0124c
SHA512d44cad0fab5d1e150ae806e2e81dbe68caf36d6e64907f43d861c5c7681f93313982a3aa1dd9bb36848d71ee60dfb10548b57f856bd317a9ce70198837fd8e26
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\System.ComponentModel.dllFilesize
30KB
MD503529f44b676b450990e523c6c50208a
SHA14046f0095fa3a01ec771d749961e3aed356efaf8
SHA256b69c45559d45e199152ed3b558ec9656fd52ecc05cd0456adccecc72e276ae9e
SHA512ae0610381848bbd5993cb95b2f9c8ba18eace61b496883df7946f8c3509e03fdbd45558e74020045f98dbed95a257743f8a3f055e9b2e519e782b678119c23fe
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\System.ComponentModel.dllFilesize
30KB
MD503529f44b676b450990e523c6c50208a
SHA14046f0095fa3a01ec771d749961e3aed356efaf8
SHA256b69c45559d45e199152ed3b558ec9656fd52ecc05cd0456adccecc72e276ae9e
SHA512ae0610381848bbd5993cb95b2f9c8ba18eace61b496883df7946f8c3509e03fdbd45558e74020045f98dbed95a257743f8a3f055e9b2e519e782b678119c23fe
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\System.Drawing.Primitives.dllFilesize
134KB
MD598fdeb87ea5ea177d59f9696a8ad4037
SHA17c9e811e273c73e7f1966feade5185bacdab4bfb
SHA2566f9f317c606db86f5e708a991c70641a3b7246a14b8f6b4a771b65111b409c91
SHA512030b179196292a23d9c92c61c0661d00aa2321d91ef6c90e2ffd22d593ded19bce8c22203269e3b6608eb1fa55a1ae9f2102501935299261f30865d073101220
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\System.Drawing.Primitives.dllFilesize
134KB
MD598fdeb87ea5ea177d59f9696a8ad4037
SHA17c9e811e273c73e7f1966feade5185bacdab4bfb
SHA2566f9f317c606db86f5e708a991c70641a3b7246a14b8f6b4a771b65111b409c91
SHA512030b179196292a23d9c92c61c0661d00aa2321d91ef6c90e2ffd22d593ded19bce8c22203269e3b6608eb1fa55a1ae9f2102501935299261f30865d073101220
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\System.Private.CoreLib.dllFilesize
11MB
MD5df68b7a4b26558b45a358e300bfd1fff
SHA197172af4477cacc71501e7ad8a7b1c23aa5292ee
SHA256c3c1f001304c11fc0ec037a8aac9348c82aea824f3b50a308aebdf2c47f579b9
SHA512e6d895cf2720a1bbb5138db2cad2aad2e4768ba1934406bb812fb2d5ccdbbb341dcf95ace2d7dd3d0209d5ee8aa143c31f195e7a43912c2a12eff1e411198125
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\System.Private.CoreLib.dllFilesize
11MB
MD5df68b7a4b26558b45a358e300bfd1fff
SHA197172af4477cacc71501e7ad8a7b1c23aa5292ee
SHA256c3c1f001304c11fc0ec037a8aac9348c82aea824f3b50a308aebdf2c47f579b9
SHA512e6d895cf2720a1bbb5138db2cad2aad2e4768ba1934406bb812fb2d5ccdbbb341dcf95ace2d7dd3d0209d5ee8aa143c31f195e7a43912c2a12eff1e411198125
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\System.Runtime.InteropServices.dllFilesize
62KB
MD5e31b6fb60d050aa48ff3ef07ee328774
SHA15a28a778566856b8a9a578ea7e72d32b9edf0c30
SHA256f218bca40230158afd7d9c3e0c4e604e6c75d8cc089013c6b86b05670c5ead60
SHA512b5841e4e9e4d26942a68b50d8a4298b636608525a83f2550c5693248ca79c9f221455c35714d958503766f1c571637283b43aac758e36b60873043a301417f5a
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\System.Runtime.InteropServices.dllFilesize
62KB
MD5e31b6fb60d050aa48ff3ef07ee328774
SHA15a28a778566856b8a9a578ea7e72d32b9edf0c30
SHA256f218bca40230158afd7d9c3e0c4e604e6c75d8cc089013c6b86b05670c5ead60
SHA512b5841e4e9e4d26942a68b50d8a4298b636608525a83f2550c5693248ca79c9f221455c35714d958503766f1c571637283b43aac758e36b60873043a301417f5a
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\System.Runtime.dllFilesize
42KB
MD5ed234e38f8a495d72bc9a09c994586bf
SHA1f705cb25476684043e53e218cff38d25c2a39485
SHA2563b3334e456862d406be6d07438c91fd74f5c1eb75d7f2a4a634b2e4c9d1d8da9
SHA512a67ec1cba68870e16b151578c49fb05c0b35c763fa59cf8c791ce2793bea2af402d4e43f155c23ce3aeba1e1004fd5968ebf59ec273c61aea7b6a5a07ecbbf6b
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\System.Windows.Forms.Primitives.dllFilesize
938KB
MD52c4e345796dad80b1a759e870a8a3ad9
SHA1f2070511c877aa75c33d81a9e389b0b304561b29
SHA2567d8d937eb21dec9b14d7c9850ab4e4ed35371c81951064a52e5dd35d08f258b1
SHA512b73ee44081a86897ea65301a44c1226e11118800ebe5b40dbe524ea6dab89590341768662395175d0faa85956cb80cdc9a9178d9d044ebd30fab08a56fbd37da
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\System.Windows.Forms.Primitives.dllFilesize
938KB
MD52c4e345796dad80b1a759e870a8a3ad9
SHA1f2070511c877aa75c33d81a9e389b0b304561b29
SHA2567d8d937eb21dec9b14d7c9850ab4e4ed35371c81951064a52e5dd35d08f258b1
SHA512b73ee44081a86897ea65301a44c1226e11118800ebe5b40dbe524ea6dab89590341768662395175d0faa85956cb80cdc9a9178d9d044ebd30fab08a56fbd37da
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\System.Windows.Forms.dllFilesize
12MB
MD5868c8f0294d962d59e42cd99f84df7db
SHA14000ed87508a8ae6c2f5734c88b36f63aad7cf7e
SHA2560f011e8a2c0e8012460d2d3f8c4f8770479114a7a82190f2cee0d549d0464f3a
SHA51272fb85ba781b5ccda918d1f3935df81ff03ce0db48652647db1242a5c0fccdbeb245489115bc245f0e1f1aad5f1245f4f96f8ed0ff692ff3838adaf4179cb7a7
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\System.Windows.Forms.dllFilesize
12MB
MD5868c8f0294d962d59e42cd99f84df7db
SHA14000ed87508a8ae6c2f5734c88b36f63aad7cf7e
SHA2560f011e8a2c0e8012460d2d3f8c4f8770479114a7a82190f2cee0d549d0464f3a
SHA51272fb85ba781b5ccda918d1f3935df81ff03ce0db48652647db1242a5c0fccdbeb245489115bc245f0e1f1aad5f1245f4f96f8ed0ff692ff3838adaf4179cb7a7
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\TerraFX.Interop.Windows.dllFilesize
874KB
MD502e0e4acaf12073066b467486d0358af
SHA13e7f37711fc8e8219aa1f99cb6b6aa8a6d78e476
SHA2568e8844e26f2f9b50b5b2d2990e56c5dbd2ee90f613977ed469b5c16db253d80d
SHA5127ef5bf3ff33c89cd8d39c25d365db047bac628282f74ac6a6b4b54602faddb50aafcb638498147be13b78d2241194967ed4779e402e4c174e78060625cf32c46
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\TerraFX.Interop.Windows.dllFilesize
874KB
MD502e0e4acaf12073066b467486d0358af
SHA13e7f37711fc8e8219aa1f99cb6b6aa8a6d78e476
SHA2568e8844e26f2f9b50b5b2d2990e56c5dbd2ee90f613977ed469b5c16db253d80d
SHA5127ef5bf3ff33c89cd8d39c25d365db047bac628282f74ac6a6b4b54602faddb50aafcb638498147be13b78d2241194967ed4779e402e4c174e78060625cf32c46
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\clrjit.dllFilesize
1MB
MD5ece00d3324e879add5c7928dbbb9338c
SHA168e9fe01016c6d0dce5d0e29111b49e60330867b
SHA2566f86ee8b4b17306ab623a2f4310151fec97d98abd774316ce10d40cdb8507a2f
SHA51250b2ef7df03c920b103bfb17363b27d46d953f99217790c9acaa12357940a97fc8b5872e6e1665b88303db6c2bb55ca4175fd3c78c942ad9dd7c72c3c9c66315
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\clrjit.dllFilesize
1MB
MD5ece00d3324e879add5c7928dbbb9338c
SHA168e9fe01016c6d0dce5d0e29111b49e60330867b
SHA2566f86ee8b4b17306ab623a2f4310151fec97d98abd774316ce10d40cdb8507a2f
SHA51250b2ef7df03c920b103bfb17363b27d46d953f99217790c9acaa12357940a97fc8b5872e6e1665b88303db6c2bb55ca4175fd3c78c942ad9dd7c72c3c9c66315
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\coreclr.dllFilesize
4MB
MD5d221f609769e83ea77fd159f3ae009cd
SHA1a0117b8f30085ee22de5756eb758af8efbd64080
SHA2568f12e8464a0e8009f60e6d30beef4ce2f03e6f890580c567174d48f199e2fe61
SHA512d3624a1b404cfc07632abf69002c4f2131012925f9af5c1d45729b98ab532951dea3f336107746318c6f77f0165914f5acefcceeb60b6658414ab7b3beef8bcd
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\coreclr.dllFilesize
4MB
MD5d221f609769e83ea77fd159f3ae009cd
SHA1a0117b8f30085ee22de5756eb758af8efbd64080
SHA2568f12e8464a0e8009f60e6d30beef4ce2f03e6f890580c567174d48f199e2fe61
SHA512d3624a1b404cfc07632abf69002c4f2131012925f9af5c1d45729b98ab532951dea3f336107746318c6f77f0165914f5acefcceeb60b6658414ab7b3beef8bcd
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\hostfxr.dllFilesize
373KB
MD507292fe45226d0860160e191476bd1e7
SHA1d347d1b1f9356fe2d59b1a7c1c32b6799c527b30
SHA2560ee83d7180cc7a716f5d8089bf2bfbed6a3a88d92f2a5519e8ff507ed35b72de
SHA51242c7366b09f87780c8e1153ad556d904d98abb3f6800319893f75d644b0fd350149df64591b72b3f3ebdc51effa7e6c2c15ad0885513e81bd7c6613423ebe3a1
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\hostfxr.dllFilesize
373KB
MD507292fe45226d0860160e191476bd1e7
SHA1d347d1b1f9356fe2d59b1a7c1c32b6799c527b30
SHA2560ee83d7180cc7a716f5d8089bf2bfbed6a3a88d92f2a5519e8ff507ed35b72de
SHA51242c7366b09f87780c8e1153ad556d904d98abb3f6800319893f75d644b0fd350149df64591b72b3f3ebdc51effa7e6c2c15ad0885513e81bd7c6613423ebe3a1
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\hostpolicy.dllFilesize
382KB
MD57d7edb04eef25cc94ccde47f45169ec7
SHA1e155a20bdf4de0487493d44ccd167e36cbfd4af6
SHA256402a29f533cdb6f945fd52c03bafd0330e2a57613f2d6b42b45aa7d929196958
SHA512e3cb1e3bbf31aa9d0ca87e05254b9fe6a9b3e201fe58bf23c9e5ce2a1b6f81fc93f9a51cb65f3ff7575bbfc9a73ef32ac8f9b7195bb2b87bf50e37f64f2f6afb
-
C:\Users\Admin\AppData\Local\Temp\7zSCA6ACE47\x64\hostpolicy.dllFilesize
382KB
MD57d7edb04eef25cc94ccde47f45169ec7
SHA1e155a20bdf4de0487493d44ccd167e36cbfd4af6
SHA256402a29f533cdb6f945fd52c03bafd0330e2a57613f2d6b42b45aa7d929196958
SHA512e3cb1e3bbf31aa9d0ca87e05254b9fe6a9b3e201fe58bf23c9e5ce2a1b6f81fc93f9a51cb65f3ff7575bbfc9a73ef32ac8f9b7195bb2b87bf50e37f64f2f6afb
-
C:\Users\Admin\AppData\Local\Temp\PdnSetupDownloader\fb9bfb57-3430-4daf-b039-09c12287b643\paint.net.5.0.2.install.x64.exeFilesize
61MB
MD5ea9d42d85a902d06cac5a296ad274489
SHA1169daa55bbe24114a3bf73553041fed22119a8f6
SHA2563a93fa5e111285d1704884a325680ced7730d679949d9269794100a931dfee7c
SHA5122d887582f0f407259c24545b0777a744258dae855594f46e0414dd2c23041be2b45ad04d477a6c2e84342c35f5df33b1efc744c620e275a8fea571defd0de9a2
-
C:\Users\Admin\AppData\Local\Temp\PdnSetupDownloader\fb9bfb57-3430-4daf-b039-09c12287b643\paint.net.5.0.2.install.x64.exeFilesize
61MB
MD5ea9d42d85a902d06cac5a296ad274489
SHA1169daa55bbe24114a3bf73553041fed22119a8f6
SHA2563a93fa5e111285d1704884a325680ced7730d679949d9269794100a931dfee7c
SHA5122d887582f0f407259c24545b0777a744258dae855594f46e0414dd2c23041be2b45ad04d477a6c2e84342c35f5df33b1efc744c620e275a8fea571defd0de9a2
-
C:\Users\Admin\AppData\Local\Temp\pdnSetupShim.logFilesize
135B
MD5c9a5be0be385ac4a76605b2d08b04975
SHA186be947975533ce856ee190d1636194d4769032b
SHA256084c6f47d2de7c9c9a4d5fdb3dc60cfa3d6132055e7a798ba675d5170af4a311
SHA512f34d019759be6af3b594026e0c00dd4caa109fe5f18a3fc27a1420ae6e347c1ac9e74a54e5b83fc8fae552f6e9851efce046de8483987f7845b75c774f1f9a2a
-
C:\Users\Admin\AppData\Local\Temp\pdnSetupShim.logFilesize
486B
MD5997d40ba2e3487b05107608a20a7d7c3
SHA1e2debafae783af255fa63cde2502b7d1065c8793
SHA2560bb2164bdc17d1965254c2af3d959249e728b678442db89fff40547234c7daeb
SHA5123ee06ed83652cdc8686c8949c53aef74cd5b8cfbf6a794d28cdf8932b52bfe48a2dc9da9a2e47d1bcf5b3149246a5ca6d93da7ec098ee64ff9aa96fcd6722c19
-
C:\Users\Admin\AppData\Local\Temp\pdnSetupShim.logFilesize
932B
MD5c70230bca5344636f08e3e4bf8a1b8d9
SHA1ee24d031e32c98245133a4b291af764f1b005b01
SHA256825210446dd636970e156aa23d643d73e370cb54255c490cb04ce33cd612f52c
SHA512293d2a98bf9d1235f416bdd7646b07915e6a9551dc5b8fc497bc218abdcd8ecc23cf8c2e78293df83175d811a4d942b9faccd62c26e937297e0079cbf6810e10
-
C:\Users\Admin\AppData\Local\Temp\pdnSetupShim.logFilesize
775B
MD5a2340d8196160ef73a41aaa78859d4f9
SHA18b6209232b6d92deb816993cd0b253fb0c0dfa69
SHA2564d40070d5d35a0452b3ea6dc634c24354db3b9b907fbf14b49e771fabc60e23c
SHA51258fe09031d4bc9c05d0bb06b1c53812f091deaed11ca1a137a3565ac96b09c96af653790416d1612fcd3f53d09600f28702ff1e9cd2479c3b351a227fc7db219
-
C:\Users\Admin\Downloads\winrar-x64-621.exeFilesize
3MB
MD5766ac70b840c029689d3c065712cf46e
SHA1e54f4628076d81b36de97b01c098a2e7ba123663
SHA25606d6ecc5f9d88636b0bac62218c296bfa1b2222f734c9cbed5575bd9f634e219
SHA51249064dc2c30eecd7320a6431abfee49d250ea7cda5e8ae630d2c55325f5bdf338355ae8d7a3246b4036afce5c100b8b30599baf19ab64d20190392d2d9a28608
-
C:\Windows\Installer\e57dbba.msiFilesize
204MB
MD5de6a045f5ef68a96f1fb0549ec958be9
SHA1d50e72ee01dabf72691895efd5722f448dd28bde
SHA25614fb04493868d2cc676fac34c249691e82fe828b444e98f8cb223cc76d793487
SHA512712f0146a1de0e291f15637dc099c4bf277d96becdec070dc69796398c8961287e88b43fc95caea4bab71563d3e5a11efb2507c68cbd7d8e0275a77ceb2b1055
-
C:\Windows\Installer\{DBC43589-CC32-4502-BBEC-5B931AF4BD2E}\app_icon.icoFilesize
75KB
MD5d47d5e7a8a90d00db1644a40555d14c2
SHA1652eae27caf68d1903616910f46bcca27f6623b0
SHA2569c6063ea5b8a118f1aeab0c201f5bc7fa5d630dcfd80d0c8bf3efe67bfde6953
SHA512ecf923b823e246416ad4f010647a14c764325ff83752d542313ccd74143f800c1d37f14952e02ed78813f0417c94a0e5eccb02daecabf242444cd5d6a635ec8a
-
memory/2072-2222-0x000002451C4D0000-0x000002451C4E0000-memory.dmpFilesize
64KB
-
memory/2072-2223-0x000002451C4F0000-0x000002451C4F4000-memory.dmpFilesize
16KB
-
memory/2536-189-0x0000024F97780000-0x0000024F97790000-memory.dmpFilesize
64KB
-
memory/2536-190-0x0000024F97780000-0x0000024F97790000-memory.dmpFilesize
64KB
-
memory/2536-196-0x0000024FB30B0000-0x0000024FB30C2000-memory.dmpFilesize
72KB
-
memory/2536-194-0x0000024F97780000-0x0000024F97790000-memory.dmpFilesize
64KB
-
memory/2536-193-0x0000024F97780000-0x0000024F97790000-memory.dmpFilesize
64KB
-
memory/2536-192-0x0000024F97780000-0x0000024F97790000-memory.dmpFilesize
64KB
-
memory/2536-191-0x0000024F97780000-0x0000024F97790000-memory.dmpFilesize
64KB
-
memory/2536-183-0x0000024F97240000-0x0000024F97286000-memory.dmpFilesize
280KB
-
memory/2536-185-0x0000024FB2D80000-0x0000024FB2E32000-memory.dmpFilesize
712KB
-
memory/2536-188-0x0000024FB2D20000-0x0000024FB2D42000-memory.dmpFilesize
136KB
-
memory/2536-186-0x0000024FB2E40000-0x0000024FB2F42000-memory.dmpFilesize
1MB
-
memory/2812-2262-0x00007FFD43B70000-0x00007FFD43B71000-memory.dmpFilesize
4KB
-
memory/2812-2263-0x00007FFD43430000-0x00007FFD43431000-memory.dmpFilesize
4KB
-
memory/4356-2242-0x00007FFD43600000-0x00007FFD43601000-memory.dmpFilesize
4KB