Analysis

  • max time kernel
    149s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/10/2023, 09:36

General

  • Target

    PaintDotNet_x64_5.0.11.msi

  • Size

    209.1MB

  • MD5

    5927bd08fbcb605ed7e457df5883eac8

  • SHA1

    69c15d19617f27affd89f224dfe223b736a5a253

  • SHA256

    053d7f5aa89926bcc1886e7b41cf0096baafa0f5dffcb7f5a7fbfe0ef54505ff

  • SHA512

    a13eee79aef068b092b33e08f48d76a7aaef9d5182e976ecb685e903573ca30acf6fff64d978cf8f6e0427c616444d28218a7a83bd2a0c2c305eca5389fce807

  • SSDEEP

    1572864:GXu751Jb17ZHfzDTwgpBvO1jasgvuwDVXJs+RBLSGcF/G5Bk:wu11Jb1lHfPBLM+1BJs0BsGB

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 64 IoCs
  • Registers COM server for autorun 1 TTPs 3 IoCs
  • Blocklisted process makes network request 2 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 11 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 5 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\PaintDotNet_x64_5.0.11.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2152
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3556
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:1376
      • C:\Program Files\paint.net\paintdotnet.exe
        "C:\Program Files\paint.net\paintdotnet.exe" /setupActions /install DESKTOPSHORTCUT=1 PDNUPDATING= SKIPCLEANUP= "PROGRAMSGROUP=" /disablePGO /skipEstablishNVProfile /skipRepairAttempt
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Registers COM server for autorun
        • Modifies registry class
        PID:2840
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious use of AdjustPrivilegeToken
      PID:4332
    • C:\Program Files\paint.net\paintdotnet.exe
      "C:\Program Files\paint.net\paintdotnet.exe"
      1⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4876
      • C:\Program Files\paint.net\paintdotnet.exe
        "C:\Program Files\paint.net\paintdotnet.exe" "/showCrashLog=C:\Users\Admin\AppData\Local\paint.net\CrashLogs\pdncrash.1.log"
        2⤵
        • Executes dropped EXE
        PID:4960

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Config.Msi\e584b1e.rbs

      Filesize

      79KB

      MD5

      0e8a4d807da0a46a7f24b7782c7d3a28

      SHA1

      9c7180cdb6e48f991f8a545a23d910f6912328f7

      SHA256

      7fea293d58fb3789ec87311ae6119a9d8b0e73ff42a32ff86bfac5503668347d

      SHA512

      368df447b803cc35b3fb61d9994bde5db5047abbc9481f13d8813a9968db8ac8cfb833aed1ec4dc8da6e31a8b5d5998e497f6661d3c7438b37f421d0dbff83bd

    • C:\Config.Msi\e584b20.rbs

      Filesize

      662B

      MD5

      516eac097d7b2e572cdf6b7da518078c

      SHA1

      bf0d0d9ff090a4f11e075a9a28f459490335a678

      SHA256

      33ebaac6f460740a85306eee9fc0fa7459b235681cfccd2432510119ce3917d5

      SHA512

      e9bb99f2dfa6d8d809c64940b45d68b7d3a4fb38fed0cb6879073214a40773a98f6ff6c978353723e2e6ef5f66f00b44658568241eb0402532ca11fc44222fef

    • C:\Program Files\paint.net\PaintDotNet.Base.dll

      Filesize

      702KB

      MD5

      6885d2b0ff26a2adc92c8915fd8fafbd

      SHA1

      b29ead720e727d173c4d950484c0497d95ffeb47

      SHA256

      8654e7b34d00f1b7b7cec4873037cda510737fe6f464f7fd9460d33f1eaf2173

      SHA512

      fbbc2af7f9d7aa83dd282d3a6404720b25f12596a187b8be75cca8547dd80b2d6c821e09e55bb74def3fae2e80aaa67f289c435b4c7fe37fe1692ce35441995c

    • C:\Program Files\paint.net\PaintDotNet.Base.dll

      Filesize

      702KB

      MD5

      6885d2b0ff26a2adc92c8915fd8fafbd

      SHA1

      b29ead720e727d173c4d950484c0497d95ffeb47

      SHA256

      8654e7b34d00f1b7b7cec4873037cda510737fe6f464f7fd9460d33f1eaf2173

      SHA512

      fbbc2af7f9d7aa83dd282d3a6404720b25f12596a187b8be75cca8547dd80b2d6c821e09e55bb74def3fae2e80aaa67f289c435b4c7fe37fe1692ce35441995c

    • C:\Program Files\paint.net\PaintDotNet.Collections.dll

      Filesize

      530KB

      MD5

      51d9905e7851da53c2fffa0a12233a9b

      SHA1

      369e3ba4b45d54b6b365cfe54f22bfe28e7aaeac

      SHA256

      b04ead386b430a9bc93c2ab71f1c7c08bddd2a322d57ee28f0f143e3ac01cea6

      SHA512

      f0da1686e3bbda44e2c0b58981317813e0c110233c9fa928773f135aed98a01e9a06a9feecf72c1215c5df1b8eb0dcc74253c3deb33aabc107e2a5f975dc76eb

    • C:\Program Files\paint.net\PaintDotNet.Collections.dll

      Filesize

      530KB

      MD5

      51d9905e7851da53c2fffa0a12233a9b

      SHA1

      369e3ba4b45d54b6b365cfe54f22bfe28e7aaeac

      SHA256

      b04ead386b430a9bc93c2ab71f1c7c08bddd2a322d57ee28f0f143e3ac01cea6

      SHA512

      f0da1686e3bbda44e2c0b58981317813e0c110233c9fa928773f135aed98a01e9a06a9feecf72c1215c5df1b8eb0dcc74253c3deb33aabc107e2a5f975dc76eb

    • C:\Program Files\paint.net\PaintDotNet.ComponentModel.dll

      Filesize

      106KB

      MD5

      916391ac430dd0f5ca5a88496b5cb825

      SHA1

      ca18a8c62793faaecd1cfaa9353adfb79a88096e

      SHA256

      0ff1a22b7f53b4a68d13d485d9ea5ff981342126c08114123162db77d2a0d9fd

      SHA512

      8b4014c2477adfb65995404353d58f419083d330d98d36e329763a3138027d74ce31f2910ae11acfe13bdb71ccf483388533bfe6f465cf61bf5327128aa4e306

    • C:\Program Files\paint.net\PaintDotNet.ComponentModel.dll

      Filesize

      106KB

      MD5

      916391ac430dd0f5ca5a88496b5cb825

      SHA1

      ca18a8c62793faaecd1cfaa9353adfb79a88096e

      SHA256

      0ff1a22b7f53b4a68d13d485d9ea5ff981342126c08114123162db77d2a0d9fd

      SHA512

      8b4014c2477adfb65995404353d58f419083d330d98d36e329763a3138027d74ce31f2910ae11acfe13bdb71ccf483388533bfe6f465cf61bf5327128aa4e306

    • C:\Program Files\paint.net\PaintDotNet.Fundamentals.dll

      Filesize

      1.3MB

      MD5

      07d89742f2185c9fa3a20522d3fd2535

      SHA1

      1d71c190ceb0b88ba0ccbb4965d10d6ab5e9bc47

      SHA256

      a3b2c28d63ead0a1e1daeac7c8eee69501af5fa12a9fa1bc7366a7a95300d57a

      SHA512

      25db6435a5a95f77ae9fca2d2b11361cdcc207e02a915bc6d922b3af38c18b320b011860eef4fe37615a968f6d41d5b2f73c62d3e7268c72c298ac7882f801b3

    • C:\Program Files\paint.net\PaintDotNet.Fundamentals.dll

      Filesize

      1.3MB

      MD5

      07d89742f2185c9fa3a20522d3fd2535

      SHA1

      1d71c190ceb0b88ba0ccbb4965d10d6ab5e9bc47

      SHA256

      a3b2c28d63ead0a1e1daeac7c8eee69501af5fa12a9fa1bc7366a7a95300d57a

      SHA512

      25db6435a5a95f77ae9fca2d2b11361cdcc207e02a915bc6d922b3af38c18b320b011860eef4fe37615a968f6d41d5b2f73c62d3e7268c72c298ac7882f801b3

    • C:\Program Files\paint.net\PaintDotNet.Primitives.dll

      Filesize

      1.1MB

      MD5

      822b0c9e003fe6e05d06691c9dc5e195

      SHA1

      b03929208f1e9055ef70d7149d75b0f1ff2a4539

      SHA256

      cde5924b0ba1e51a5e36cf0d63580de741e491f6c8ca30cb5f293e1449a1ad53

      SHA512

      449bed5f56a98c48df2a71ea7f3b616c66082671fc93da63bfa8fe199e8fd6397083f2cbf67fd69a9b76db55ab2c7032396bd9380a98c60b3dd38ee265e5f4a4

    • C:\Program Files\paint.net\PaintDotNet.Primitives.dll

      Filesize

      1.1MB

      MD5

      822b0c9e003fe6e05d06691c9dc5e195

      SHA1

      b03929208f1e9055ef70d7149d75b0f1ff2a4539

      SHA256

      cde5924b0ba1e51a5e36cf0d63580de741e491f6c8ca30cb5f293e1449a1ad53

      SHA512

      449bed5f56a98c48df2a71ea7f3b616c66082671fc93da63bfa8fe199e8fd6397083f2cbf67fd69a9b76db55ab2c7032396bd9380a98c60b3dd38ee265e5f4a4

    • C:\Program Files\paint.net\PaintDotNet.Runtime.dll

      Filesize

      82KB

      MD5

      1ceae95a2c5846bcd4c7bf4f53db859d

      SHA1

      68a4fb2f487c3fd04aa91e6f4ecdde12cfe4b951

      SHA256

      5970c84d8d1b15a4f4fcca8a2eb1cc0a8de0d38307cc91a446c3548e73095d89

      SHA512

      3aac4c4e78f3918b7f25a77fe05a77c05277f2c4390f8c1db8bcd4986ebaf1c46431114f2c311d4ab7ce70fad3024eabc84dc1725a5279b9031c82b88452b6e8

    • C:\Program Files\paint.net\PaintDotNet.Runtime.dll

      Filesize

      82KB

      MD5

      1ceae95a2c5846bcd4c7bf4f53db859d

      SHA1

      68a4fb2f487c3fd04aa91e6f4ecdde12cfe4b951

      SHA256

      5970c84d8d1b15a4f4fcca8a2eb1cc0a8de0d38307cc91a446c3548e73095d89

      SHA512

      3aac4c4e78f3918b7f25a77fe05a77c05277f2c4390f8c1db8bcd4986ebaf1c46431114f2c311d4ab7ce70fad3024eabc84dc1725a5279b9031c82b88452b6e8

    • C:\Program Files\paint.net\PaintDotNet.Strings.3.da.resources

      Filesize

      169KB

      MD5

      337cac3e42cc9be7f9695017c8eba68b

      SHA1

      bbf8b3ed15cc50d35d6a0a8697abcf9a94251bd4

      SHA256

      3d7d6b17480774fad14ac11752d36b00aee318b3e2ef0cf7ba7e93f56869b5ce

      SHA512

      4f7d647b8a21892eb6c38075284e9c5cc3a7ab95ee36386f34399f107b0d88c1ca665451cc44e01089878fbf9bc52262f6ef90a114b2b6d2856acb7a2b547efc

    • C:\Program Files\paint.net\PaintDotNet.SystemLayer.Native.x64.dll

      Filesize

      101KB

      MD5

      e45bf68048561d489a48298f20d3fab7

      SHA1

      f1402412ab5959571b685de30646f877ea7a6299

      SHA256

      0db056ebc5861252b3f7bbebb54f9dda72d1ecf87c4dac758149e99e44518e8c

      SHA512

      b013318dbda230b54dccd6aae9f2615e2b1f714b68224b96b015b0778e794c6861365721d58ebe6d110115f7475817e1a5a566de08d508e14106f1a86c609b08

    • C:\Program Files\paint.net\PaintDotNet.SystemLayer.dll

      Filesize

      818KB

      MD5

      796c43592b923ea2e84acc307fe9e65b

      SHA1

      80a18955a275d827e0243ba0261913b60067be24

      SHA256

      230b84a0a9038d3777e578a73238ff727561dea9a565d984054b0588151243eb

      SHA512

      7c0ff0b1ea35fa030dc5ddf7d3d9d38d8ea54e2b4ac7d383de50e08bd64464aca234c10fc572a9be3c27d721c0a76048ec3e7c69186536e8cce5b48b057c68b2

    • C:\Program Files\paint.net\PaintDotNet.SystemLayer.dll

      Filesize

      818KB

      MD5

      796c43592b923ea2e84acc307fe9e65b

      SHA1

      80a18955a275d827e0243ba0261913b60067be24

      SHA256

      230b84a0a9038d3777e578a73238ff727561dea9a565d984054b0588151243eb

      SHA512

      7c0ff0b1ea35fa030dc5ddf7d3d9d38d8ea54e2b4ac7d383de50e08bd64464aca234c10fc572a9be3c27d721c0a76048ec3e7c69186536e8cce5b48b057c68b2

    • C:\Program Files\paint.net\PaintDotNet.Systrace.dll

      Filesize

      46KB

      MD5

      4f5856c5c7b35691fba4987b513bf9a3

      SHA1

      e530f01950615b480cad5851b8cea98833c84494

      SHA256

      38587550070d62003786290df49313db27f359954a05e6acef56104832932435

      SHA512

      b176c9aa6869cdf6fd77b069aeaac3d459d22debac869884322a2c38da98bc5b06906fc2566284356ccae2386dd3fc7e3952b80259e78c3eee338b815fc4efeb

    • C:\Program Files\paint.net\PaintDotNet.Systrace.dll

      Filesize

      46KB

      MD5

      4f5856c5c7b35691fba4987b513bf9a3

      SHA1

      e530f01950615b480cad5851b8cea98833c84494

      SHA256

      38587550070d62003786290df49313db27f359954a05e6acef56104832932435

      SHA512

      b176c9aa6869cdf6fd77b069aeaac3d459d22debac869884322a2c38da98bc5b06906fc2566284356ccae2386dd3fc7e3952b80259e78c3eee338b815fc4efeb

    • C:\Program Files\paint.net\PaintDotNet.Windows.dll

      Filesize

      4.1MB

      MD5

      e3aa4e63c193937cc4dfb44e155f337d

      SHA1

      cea87fcf8d639c0bf920aa63eb532c7e96691820

      SHA256

      5a52d97e1e02330c3c69e5f305d33b5d009225e1bbb3f4852bbbccbc472dd6b7

      SHA512

      8614af510c9f70c30e2cd53c9313dfbc5a08976625f50678ddfd650ccd2b4639e39db5deb6b8ec267a4c51f8459e1e9c50f9f84292e3ccd29237edce11b6f0b6

    • C:\Program Files\paint.net\PaintDotNet.Windows.dll

      Filesize

      4.1MB

      MD5

      e3aa4e63c193937cc4dfb44e155f337d

      SHA1

      cea87fcf8d639c0bf920aa63eb532c7e96691820

      SHA256

      5a52d97e1e02330c3c69e5f305d33b5d009225e1bbb3f4852bbbccbc472dd6b7

      SHA512

      8614af510c9f70c30e2cd53c9313dfbc5a08976625f50678ddfd650ccd2b4639e39db5deb6b8ec267a4c51f8459e1e9c50f9f84292e3ccd29237edce11b6f0b6

    • C:\Program Files\paint.net\PointerToolkit.dll

      Filesize

      78KB

      MD5

      4e66b8a8104e08fe88860686465158d3

      SHA1

      62f9eedaf8ced1407294e33f49924dc34733d07d

      SHA256

      32c1f0c68a4d0fcf9fd9562effef37c12ad944e6ea15e1edb1b64a1a775f882e

      SHA512

      282a16f09edc9decf77a09167397bebf38c80a68de5627442d74fcffd0027732f26ff2daf66266d645abef96cfce3017d812fa56db14dda10e8a4a5ce6ea8688

    • C:\Program Files\paint.net\PointerToolkit.dll

      Filesize

      78KB

      MD5

      4e66b8a8104e08fe88860686465158d3

      SHA1

      62f9eedaf8ced1407294e33f49924dc34733d07d

      SHA256

      32c1f0c68a4d0fcf9fd9562effef37c12ad944e6ea15e1edb1b64a1a775f882e

      SHA512

      282a16f09edc9decf77a09167397bebf38c80a68de5627442d74fcffd0027732f26ff2daf66266d645abef96cfce3017d812fa56db14dda10e8a4a5ce6ea8688

    • C:\Program Files\paint.net\System.Collections.Concurrent.dll

      Filesize

      258KB

      MD5

      97e06faa0af2a1cbf0f04f16c3a7acd8

      SHA1

      fa2e4ab1ead892092aca3498e7f4e8c632489ccc

      SHA256

      67e910575e1929bc6e7d681d4b7600c3ee208193aa5e92c43e018a75fb1862d4

      SHA512

      5db303afde9885d01798909be388c57ec60915f921212a673f7cede0cfef1977a213809329d15bfdb946727fa8f4b3b4b042572b7201a237275618435a882c0a

    • C:\Program Files\paint.net\System.Collections.Concurrent.dll

      Filesize

      258KB

      MD5

      97e06faa0af2a1cbf0f04f16c3a7acd8

      SHA1

      fa2e4ab1ead892092aca3498e7f4e8c632489ccc

      SHA256

      67e910575e1929bc6e7d681d4b7600c3ee208193aa5e92c43e018a75fb1862d4

      SHA512

      5db303afde9885d01798909be388c57ec60915f921212a673f7cede0cfef1977a213809329d15bfdb946727fa8f4b3b4b042572b7201a237275618435a882c0a

    • C:\Program Files\paint.net\System.Diagnostics.Process.dll

      Filesize

      338KB

      MD5

      6d0ac10b370d3f7e7b99e15c0a0b8e5f

      SHA1

      9902f50c3a7dcf18e338222dad939e6dc0d9b456

      SHA256

      a977e9d72e27c9cae253e06b511db0f2ddd1bdee0697c1305bb05b3ecfe2adce

      SHA512

      336f7c165101e3d33dd15a435c4933381dc02e26cb5c8aa817756766084981329cbe19a3f94bb624aea4b4c164b24e80ade1fc5070b6960bb83eed7cc1ce3662

    • C:\Program Files\paint.net\System.Diagnostics.Process.dll

      Filesize

      338KB

      MD5

      6d0ac10b370d3f7e7b99e15c0a0b8e5f

      SHA1

      9902f50c3a7dcf18e338222dad939e6dc0d9b456

      SHA256

      a977e9d72e27c9cae253e06b511db0f2ddd1bdee0697c1305bb05b3ecfe2adce

      SHA512

      336f7c165101e3d33dd15a435c4933381dc02e26cb5c8aa817756766084981329cbe19a3f94bb624aea4b4c164b24e80ade1fc5070b6960bb83eed7cc1ce3662

    • C:\Program Files\paint.net\System.Diagnostics.Tracing.dll

      Filesize

      16KB

      MD5

      f46ec3e99895a25ec02ed732cd86cbd5

      SHA1

      37e10dd441c8b060d51dee2b8978619a8ad45cd0

      SHA256

      38f3cc9582ecdcf3e92359cb8e0d7c5684c1e09239d0d24d8d47efeb5e5d0342

      SHA512

      75c441aac18771d3cc8e2f069a7b9466bd2431d98029dd31c46e5d3c8c7a3a08269022ce1c7c8084949e7ee6ac2cb5b6acbce5d1a177284da0a882d73d030bd4

    • C:\Program Files\paint.net\System.Private.CoreLib.dll

      Filesize

      11.1MB

      MD5

      3a6ce8e0d8ef7463eaf3360e8bcd9d1d

      SHA1

      7706d6f85bfc7b4269dd60cfd8a812400aa65c48

      SHA256

      e562c61da860455e1de85a4a0509af4a4a32a79ac7f1d8146fc12e551ba78df5

      SHA512

      c8d99ed94e6d49b4ca89c8ba6a1d6cb44fdbcc84c203c078490cadcd96ffc2b88f2d7a23248b86e6199b18be2b75367d04b6f2c7226b39cb5bd499bc586fb5f6

    • C:\Program Files\paint.net\System.Private.CoreLib.dll

      Filesize

      11.1MB

      MD5

      3a6ce8e0d8ef7463eaf3360e8bcd9d1d

      SHA1

      7706d6f85bfc7b4269dd60cfd8a812400aa65c48

      SHA256

      e562c61da860455e1de85a4a0509af4a4a32a79ac7f1d8146fc12e551ba78df5

      SHA512

      c8d99ed94e6d49b4ca89c8ba6a1d6cb44fdbcc84c203c078490cadcd96ffc2b88f2d7a23248b86e6199b18be2b75367d04b6f2c7226b39cb5bd499bc586fb5f6

    • C:\Program Files\paint.net\System.Private.Uri.dll

      Filesize

      258KB

      MD5

      c17dd75ed17791de980749c83b24fb95

      SHA1

      3ea547af75b94bf21f803f98187064f5c2b11198

      SHA256

      ee2f0ecda732c3f9f0b64a39911596aeb31edee123e543cb2f63b46351132692

      SHA512

      2a18b5c09df846f99b23cefd651949377208f2e453266c44774487fbdc76e98dacef6fe0aab36d61d8584a385849f2ce35249946aed84be02982d9133763435d

    • C:\Program Files\paint.net\System.Private.Uri.dll

      Filesize

      258KB

      MD5

      c17dd75ed17791de980749c83b24fb95

      SHA1

      3ea547af75b94bf21f803f98187064f5c2b11198

      SHA256

      ee2f0ecda732c3f9f0b64a39911596aeb31edee123e543cb2f63b46351132692

      SHA512

      2a18b5c09df846f99b23cefd651949377208f2e453266c44774487fbdc76e98dacef6fe0aab36d61d8584a385849f2ce35249946aed84be02982d9133763435d

    • C:\Program Files\paint.net\System.Runtime.dll

      Filesize

      42KB

      MD5

      9f4be93f4dd1d267908bcbe4905e619d

      SHA1

      e20601872bebc16fcc74e90dae97a0edc65d500d

      SHA256

      681732904057da5ab5ed2b355f642c9906637718fc7349bbc20df7abc3240966

      SHA512

      2bda762da702e7cca53b3d722e9bf7f2c7cad34fdd4a4e4cdd9d728635464cc176f250d580b5e6f28b666ec265a5fdb9054998558139ed5b53d29dc0ecab7086

    • C:\Program Files\paint.net\System.Threading.Thread.dll

      Filesize

      15KB

      MD5

      3eb83651807805ceda5388c8b21ceb24

      SHA1

      69f214e1877bce64dd4f8c3c4f8d51189e57d3f6

      SHA256

      20f4d536865a920ae2b42145fec24c7adee5d2d7a11b3abd290854ae4618c8fe

      SHA512

      853950d1bad71cd69ad85b940a83067278249efa46e34f9bd149e26a44e68f4c8ddedc55ee381e69831325d4ed153698b34473645f9c71fe6a824ad42c25f0a8

    • C:\Program Files\paint.net\System.Threading.dll

      Filesize

      86KB

      MD5

      26550d4b13dc83529994da481d2312de

      SHA1

      394f62f625c5cbd583669949e3d7a693ea9841f5

      SHA256

      6194dcb19c20b28456b5966b4bb3ddce92e888630d15a3e790d6bd3a8a5d6a6f

      SHA512

      e905bef4c84ff92ff8611710539070ddc4026666d106605e186be1d4454969e32994cecd7178a00231b8e1e564ab10edeaa848adb7e98842029e0cbf7157c91f

    • C:\Program Files\paint.net\System.Threading.dll

      Filesize

      86KB

      MD5

      26550d4b13dc83529994da481d2312de

      SHA1

      394f62f625c5cbd583669949e3d7a693ea9841f5

      SHA256

      6194dcb19c20b28456b5966b4bb3ddce92e888630d15a3e790d6bd3a8a5d6a6f

      SHA512

      e905bef4c84ff92ff8611710539070ddc4026666d106605e186be1d4454969e32994cecd7178a00231b8e1e564ab10edeaa848adb7e98842029e0cbf7157c91f

    • C:\Program Files\paint.net\System.Windows.Forms.dll

      Filesize

      12.7MB

      MD5

      9e3da9ef1f14a21a7f37a81b7289a9a3

      SHA1

      56bf6e41c3ca8f916d692baee32eec723ea6c0da

      SHA256

      211c206993e2b8c2fc9734002977224a3e30bd2b499a9381e84a9baf11888d96

      SHA512

      44ccbfde3e6bf95e1eb51dfa39cf9d513315e09f198f3596c028559e38fe5c08daf6f37d39eb3ace632f33b7acb61e9c35235c7d1f1148c7e7aad5e871dbfa09

    • C:\Program Files\paint.net\System.Windows.Forms.dll

      Filesize

      12.7MB

      MD5

      9e3da9ef1f14a21a7f37a81b7289a9a3

      SHA1

      56bf6e41c3ca8f916d692baee32eec723ea6c0da

      SHA256

      211c206993e2b8c2fc9734002977224a3e30bd2b499a9381e84a9baf11888d96

      SHA512

      44ccbfde3e6bf95e1eb51dfa39cf9d513315e09f198f3596c028559e38fe5c08daf6f37d39eb3ace632f33b7acb61e9c35235c7d1f1148c7e7aad5e871dbfa09

    • C:\Program Files\paint.net\TerraFX.Interop.Windows.dll

      Filesize

      1002KB

      MD5

      64e467d48876ae65bdff218796a3d6ca

      SHA1

      709695a652096f00048af28d0247ab4413659ea0

      SHA256

      a33ac6bf656bbed711700d3d13acc3ff59654b929561c5a2e2f1cfb74ecc140f

      SHA512

      8daea65b15924c7c896e93c5ef1495ba2eba08b7bc2805464737f061863ec780d10c6139a84160705fc4ec11f518dcbb77baa6da05ba94a1a88e47711fa0c937

    • C:\Program Files\paint.net\TerraFX.Interop.Windows.dll

      Filesize

      1002KB

      MD5

      64e467d48876ae65bdff218796a3d6ca

      SHA1

      709695a652096f00048af28d0247ab4413659ea0

      SHA256

      a33ac6bf656bbed711700d3d13acc3ff59654b929561c5a2e2f1cfb74ecc140f

      SHA512

      8daea65b15924c7c896e93c5ef1495ba2eba08b7bc2805464737f061863ec780d10c6139a84160705fc4ec11f518dcbb77baa6da05ba94a1a88e47711fa0c937

    • C:\Program Files\paint.net\VCRUNTIME140.dll

      Filesize

      116KB

      MD5

      be8dbe2dc77ebe7f88f910c61aec691a

      SHA1

      a19f08bb2b1c1de5bb61daf9f2304531321e0e40

      SHA256

      4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

      SHA512

      0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

    • C:\Program Files\paint.net\VCRUNTIME140_1.dll

      Filesize

      48KB

      MD5

      f8dfa78045620cf8a732e67d1b1eb53d

      SHA1

      ff9a604d8c99405bfdbbf4295825d3fcbc792704

      SHA256

      a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5

      SHA512

      ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

    • C:\Program Files\paint.net\clrjit.dll

      Filesize

      1.5MB

      MD5

      216ad19c2963e1b413dc1b1d7390afd0

      SHA1

      0f0486b3a0bddba1f40706f8a2dee032da638d12

      SHA256

      6b225ecaa3567b97d786051e34f48f342d7543ffa0d493ec22958ab771bda930

      SHA512

      0a8c61cd60dbcf6d3a221a1a11c9145a0c0ad589863bcd6dfeb36da82417396abc6e38ca10242c0656694379d11be678c59947f2447feebdc7fb1f0bfd499d44

    • C:\Program Files\paint.net\clrjit.dll

      Filesize

      1.5MB

      MD5

      216ad19c2963e1b413dc1b1d7390afd0

      SHA1

      0f0486b3a0bddba1f40706f8a2dee032da638d12

      SHA256

      6b225ecaa3567b97d786051e34f48f342d7543ffa0d493ec22958ab771bda930

      SHA512

      0a8c61cd60dbcf6d3a221a1a11c9145a0c0ad589863bcd6dfeb36da82417396abc6e38ca10242c0656694379d11be678c59947f2447feebdc7fb1f0bfd499d44

    • C:\Program Files\paint.net\coreclr.dll

      Filesize

      4.9MB

      MD5

      f0cf91795693693d552c10e33b7e7a1d

      SHA1

      56e21e54f9f78c1f41cfd3d83309a50fc9b376a9

      SHA256

      698ca6e2185b6d6a790b25e18b35c11529c5e5e51bf6bdbfa09ee46fdd5c3479

      SHA512

      17a897ee3b9c9dd64d9f0b30fbefa2af2faf38ff8c65ba2ded0a7a32317b8d652a1216bc6365c6106eec16cc6b49d6dd4b3baabeded73061ea7252520ce81207

    • C:\Program Files\paint.net\coreclr.dll

      Filesize

      4.9MB

      MD5

      f0cf91795693693d552c10e33b7e7a1d

      SHA1

      56e21e54f9f78c1f41cfd3d83309a50fc9b376a9

      SHA256

      698ca6e2185b6d6a790b25e18b35c11529c5e5e51bf6bdbfa09ee46fdd5c3479

      SHA512

      17a897ee3b9c9dd64d9f0b30fbefa2af2faf38ff8c65ba2ded0a7a32317b8d652a1216bc6365c6106eec16cc6b49d6dd4b3baabeded73061ea7252520ce81207

    • C:\Program Files\paint.net\hostfxr.dll

      Filesize

      376KB

      MD5

      91c2b6c1351bb69a33a2c96b670efd98

      SHA1

      e01d073e785d13307ba1c348f92cba24bfce5fbc

      SHA256

      e3ae7c3c7caefcc4460ba2b1a5556f286d6ebc234f47489cc9eb05be53cee062

      SHA512

      0be099a2299c6af265a5922ce72b1badc4093f69be4d2a8a401abf82fcfd5d955b0b5b4a853fb8c6219e2a26d7d116adb4fa95ac134594b4ed6afbf5d1dd5dab

    • C:\Program Files\paint.net\hostfxr.dll

      Filesize

      376KB

      MD5

      91c2b6c1351bb69a33a2c96b670efd98

      SHA1

      e01d073e785d13307ba1c348f92cba24bfce5fbc

      SHA256

      e3ae7c3c7caefcc4460ba2b1a5556f286d6ebc234f47489cc9eb05be53cee062

      SHA512

      0be099a2299c6af265a5922ce72b1badc4093f69be4d2a8a401abf82fcfd5d955b0b5b4a853fb8c6219e2a26d7d116adb4fa95ac134594b4ed6afbf5d1dd5dab

    • C:\Program Files\paint.net\hostpolicy.dll

      Filesize

      385KB

      MD5

      9095418d670598ba5348090af00ca778

      SHA1

      1777cd3a69ee1779403a6fadd12dad270cd01339

      SHA256

      e2f2db7c49ce7e47bf088eb0bd4a015c812744c1ad9f2d126a0f1fe3ae00972a

      SHA512

      643982880e3db8063b851ebc6f3979a703b12a090663308c6d4592e0410f452c6f260a6429a6b7e725bbc38e5c8cba7eeaae27638e94f0d658bc5e7e6c158b78

    • C:\Program Files\paint.net\hostpolicy.dll

      Filesize

      385KB

      MD5

      9095418d670598ba5348090af00ca778

      SHA1

      1777cd3a69ee1779403a6fadd12dad270cd01339

      SHA256

      e2f2db7c49ce7e47bf088eb0bd4a015c812744c1ad9f2d126a0f1fe3ae00972a

      SHA512

      643982880e3db8063b851ebc6f3979a703b12a090663308c6d4592e0410f452c6f260a6429a6b7e725bbc38e5c8cba7eeaae27638e94f0d658bc5e7e6c158b78

    • C:\Program Files\paint.net\paintdotnet.deps.json

      Filesize

      72KB

      MD5

      c917ab1b2587e92b915b411e2b707a5c

      SHA1

      6e37233b20aaf85712591d90d58e81e7454ee12d

      SHA256

      dce226b6091a6d89382e844686d1732da75480ad66b8960d6e79dd9db913295f

      SHA512

      0e0975951336b7da74a05793ed0e670933790b87cb3ed4fae31d6edebd5446267619ccdd64ae435d21e4847fc5e503657583b03ea72e791f63aacb0ecf647480

    • C:\Program Files\paint.net\paintdotnet.dll

      Filesize

      8.0MB

      MD5

      5eccdf209cdbe4804db9d14d9dbe48d2

      SHA1

      c3e6dc1e99062ff4884cac512811b472326a7844

      SHA256

      bc674d4bb5c5a35407acc40d284c8ecaa483dc3e74668fca7df67f3d13b33f71

      SHA512

      adac5d83fa76cfa31a4e7f621bb4bb8dadb0fa3d484bd0482c137efca8c1be19d7c875580406b922eb0d4a745a0694d30987a440473b9ded9ef7c9f183193370

    • C:\Program Files\paint.net\paintdotnet.dll

      Filesize

      8.0MB

      MD5

      5eccdf209cdbe4804db9d14d9dbe48d2

      SHA1

      c3e6dc1e99062ff4884cac512811b472326a7844

      SHA256

      bc674d4bb5c5a35407acc40d284c8ecaa483dc3e74668fca7df67f3d13b33f71

      SHA512

      adac5d83fa76cfa31a4e7f621bb4bb8dadb0fa3d484bd0482c137efca8c1be19d7c875580406b922eb0d4a745a0694d30987a440473b9ded9ef7c9f183193370

    • C:\Program Files\paint.net\paintdotnet.exe

      Filesize

      108KB

      MD5

      67fed31fed186feb043c9ea4b7b10895

      SHA1

      6af035551bef7e5247cbfa081c1e857d2d5ab5d0

      SHA256

      b21dea15899007a050caeccab1bbd2d03de70b955ea16a97e4f7541ebfe9f2d6

      SHA512

      fe919416c92c201193377ccf9e7ebe3caae046b7f41f95f43b9dda0f6cfcee6f5c039237c62cecca0df1dd30f26be5f25eeda02b55ca1820b4d17bf0d3ba407a

    • C:\Program Files\paint.net\paintdotnet.runtimeconfig.json

      Filesize

      537B

      MD5

      1d66b0d5a0b1f4f4c659c186c5168b34

      SHA1

      f5a16eaeef55d0fe0d663cca1e77422c207cee9c

      SHA256

      cf0c43d65350b7687ab941faa3d7000cd5faf9c6e33ece9f167ffac83a28ae9c

      SHA512

      27484632d04e058a07e2e360bb28290f888eaa5899da968b9fbd991d6094f29e4e0ffdfc5955b417a59a8845fdadcb23684fb9221d0070279e987b7f9aacef5d

    • C:\Program Files\paint.net\vcruntime140.dll

      Filesize

      116KB

      MD5

      be8dbe2dc77ebe7f88f910c61aec691a

      SHA1

      a19f08bb2b1c1de5bb61daf9f2304531321e0e40

      SHA256

      4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

      SHA512

      0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

    • C:\Program Files\paint.net\vcruntime140.dll

      Filesize

      116KB

      MD5

      be8dbe2dc77ebe7f88f910c61aec691a

      SHA1

      a19f08bb2b1c1de5bb61daf9f2304531321e0e40

      SHA256

      4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

      SHA512

      0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

    • C:\Program Files\paint.net\vcruntime140_1.dll

      Filesize

      48KB

      MD5

      f8dfa78045620cf8a732e67d1b1eb53d

      SHA1

      ff9a604d8c99405bfdbbf4295825d3fcbc792704

      SHA256

      a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5

      SHA512

      ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\49855FCDFA62840A2838AEF1EFAC3C9B

      Filesize

      1KB

      MD5

      36172551ee1be54a19f9bcd3fb317f43

      SHA1

      ed162ac0d378d6d724bb323c92352aa22b946acf

      SHA256

      3bdb2cd2f3cd51483d8a7dc1c9461556513bca190e4d3c2c0e915ffc7c6b3b7d

      SHA512

      fc3c97382f0f24113675feeca769abe167b601f6fabe49c38256df17d1620ebf473d3bdcfbfa39671e243788c89eb66a0a4f4285a29901a6d801ee5dc5fce44e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77003E887FC21E505B9E28CBA30E18ED_8ACE642DC0A43382FABA7AE806561A50

      Filesize

      2KB

      MD5

      292097cae1b2a4bea431613b0688c06a

      SHA1

      327e4f389a8912e76bf73ef2d3c7aa2d85f68c11

      SHA256

      f800fe7c2e1e7730e3b0b1dcf47effc7cc4f5a8cef3bdde8436031c2495a9cf4

      SHA512

      8397de73ee80a720a239a8af97348765e3939ae250d7d944222a7f7e1d218b34eae248e1c0c533964e67cdd736e141090acda377404882d103d29810d42ad376

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7850C7BAFAC9456B4B92328A61976502_A0954CE132A4412D395C5C218DA419B1

      Filesize

      1KB

      MD5

      4dae5cb9baaeb2250d2bd6c99fe145be

      SHA1

      6df6c05426d2be50885862a5e7cc45c4f18e2212

      SHA256

      f4003a4097f6f2ab7898109c9c2ff607a31afb844422c1c10a8b55d74b4d536f

      SHA512

      1e2ac10387b1e8c2fb4c57da321ae763b7ce78aa23c5254b4940f12de7324e3c3838a93d45f3d3873411a50a405ff7e4cce593ea393803c50c54042525546d42

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\86844F70250DD8EF225D6B4178798C21_2CDE88B3CC9A35A2EA16DC0201366139

      Filesize

      2KB

      MD5

      179dfcc29fdc4bd2f2a356b9e209932f

      SHA1

      8c2154ee581069a993cc0a2e6552c3d5fefbf83d

      SHA256

      61a3a8626c0263297a5244e6626533852055814ea9d6173acc8efa695371bdb0

      SHA512

      d6f831585393c16f02cc04f0e376d00f1af88469c4dea3aff30edcf4d7aa3973e25fe39d6dca74aaa2ef892142fed22221d4c155ea2b470c203dbb21ffa791c6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\49855FCDFA62840A2838AEF1EFAC3C9B

      Filesize

      290B

      MD5

      fe3ff0a574fa8dc2aea77609607a4123

      SHA1

      cfbc72478b8d3c35bff346e26291d7063e58d941

      SHA256

      3e341cda0765b860af60e172a79540c43d3ccba8211af10e14c9bed15b51d0ee

      SHA512

      b3c39b64f3c54ee9fdfcb454b151f4802aeb047d605dee072cad783e55853b47134b5f126d66497274bdf2c833bb2460061fef96103688879802cbe65b88f577

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77003E887FC21E505B9E28CBA30E18ED_8ACE642DC0A43382FABA7AE806561A50

      Filesize

      556B

      MD5

      9562248b3405f19a5be0a1216a69c6c1

      SHA1

      6ce71f868286d4607e8fdf708af013eb5d42f8a3

      SHA256

      00584b049de431696370868949c01ab79d351ec7a01fd0c1d224e67a6df4c9f8

      SHA512

      88aa0e62cea8047f10a1196d390744178c33330e71278c84f1c845cce4b78e54eaf4d3d139dcb85eca9e7fe3ac73bb580103c761c389c2fcbb507ba397d95d86

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7850C7BAFAC9456B4B92328A61976502_A0954CE132A4412D395C5C218DA419B1

      Filesize

      560B

      MD5

      33a2c485df26093e0f95bf86decb14da

      SHA1

      3eeb9fcc19836400009eb77c487e5ec7ed274f4f

      SHA256

      d3b7003bd0d04e15966c998821ea4017f06cc183a8db148ba4e594c024d76dec

      SHA512

      58b9d04eabe5f149e4d6fbb1b51bcb2334e93b39cf4e96f865cb88b0d867f0247d6c15ff8b66ca7b38e5063a80824bf60ae206579c81a5dc1a0b3a7d0b82c3d5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\86844F70250DD8EF225D6B4178798C21_2CDE88B3CC9A35A2EA16DC0201366139

      Filesize

      560B

      MD5

      4976c60051dd32c762f134432a7a2c87

      SHA1

      219b365b4c9de66c1be94c9ff889eca4f15e8a9a

      SHA256

      ce22015a87d541f19f0796c61c74ec0dc98f019be3a5c5ff305c9e7ae540cafb

      SHA512

      2c962cdaa9721a6868b118f0e629daaa5d5c4d4f8c2ea0df8f31bfcaeb4a672237b833c4279eae20ede235fe2e7ba4ed0985f884b8fab4c259b36cc68d7c7774

    • C:\Windows\Installer\e584b1d.msi

      Filesize

      209.1MB

      MD5

      5927bd08fbcb605ed7e457df5883eac8

      SHA1

      69c15d19617f27affd89f224dfe223b736a5a253

      SHA256

      053d7f5aa89926bcc1886e7b41cf0096baafa0f5dffcb7f5a7fbfe0ef54505ff

      SHA512

      a13eee79aef068b092b33e08f48d76a7aaef9d5182e976ecb685e903573ca30acf6fff64d978cf8f6e0427c616444d28218a7a83bd2a0c2c305eca5389fce807

    • memory/2840-498-0x00007FFB99440000-0x00007FFB9993A000-memory.dmp

      Filesize

      5.0MB

    • memory/2840-502-0x00007FFB99440000-0x00007FFB9993A000-memory.dmp

      Filesize

      5.0MB

    • memory/4876-517-0x00007FFB9C340000-0x00007FFB9C83A000-memory.dmp

      Filesize

      5.0MB

    • memory/4876-523-0x00007FFB9C340000-0x00007FFB9C83A000-memory.dmp

      Filesize

      5.0MB

    • memory/4960-521-0x00007FFB9C340000-0x00007FFB9C83A000-memory.dmp

      Filesize

      5.0MB