878a47414d5209e784a415d507aac864827490f106ed0290802a333d641a7ac4

Analysis

max time kernel
56s
max time network
19s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06-03-2024 13:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

drawpile-2.1.20-setup.exe
Size

15.8MB
MD5

e26f405d32db4698c688893e35b54883
SHA1

5fbb215923a2a4631d10e14eedcaafddb1840c70
SHA256

878a47414d5209e784a415d507aac864827490f106ed0290802a333d641a7ac4
SHA512

0ce6bafb8bef8ef3f6580ddee91b0b645b57fa4cf1cc4620c56b7578968aecdc062d01a82b68f2e22cac1f72579cd4bda27cc3954c24f54365d079dba36b771b
SSDEEP

393216:Xv49iYZyoxeQSOXrR5dQeN1BCk1SJtPLdeHMWSme85CSeYZl1DQGIqH:/HY0oxeZONAJtFzjSdtEGH

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
3000	drawpile-2.1.20-setup.tmp
324	drawpile.exe
1328	Process not Found
660	drawpile.exe

Loads dropped DLL 61 IoCs

pid	Process
2704	drawpile-2.1.20-setup.exe
3000	drawpile-2.1.20-setup.tmp
3000	drawpile-2.1.20-setup.tmp
3000	drawpile-2.1.20-setup.tmp
324	drawpile.exe
324	drawpile.exe
324	drawpile.exe
324	drawpile.exe
324	drawpile.exe
324	drawpile.exe
324	drawpile.exe
324	drawpile.exe
324	drawpile.exe
324	drawpile.exe
324	drawpile.exe
324	drawpile.exe
324	drawpile.exe
324	drawpile.exe
324	drawpile.exe
324	drawpile.exe
324	drawpile.exe
324	drawpile.exe
324	drawpile.exe
324	drawpile.exe
324	drawpile.exe
324	drawpile.exe
324	drawpile.exe
324	drawpile.exe
324	drawpile.exe
324	drawpile.exe
324	drawpile.exe
1328	Process not Found
1328	Process not Found
1328	Process not Found
660	drawpile.exe
660	drawpile.exe
660	drawpile.exe
660	drawpile.exe
660	drawpile.exe
660	drawpile.exe
660	drawpile.exe
660	drawpile.exe
660	drawpile.exe
660	drawpile.exe
660	drawpile.exe
660	drawpile.exe
660	drawpile.exe
660	drawpile.exe
660	drawpile.exe
660	drawpile.exe
660	drawpile.exe
660	drawpile.exe
660	drawpile.exe
660	drawpile.exe
660	drawpile.exe
660	drawpile.exe
660	drawpile.exe
660	drawpile.exe
660	drawpile.exe
660	drawpile.exe
660	drawpile.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Drawpile\theme\dark\is-30J0H.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\dark\is-VQO4I.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\dark\is-PO7T7.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\light\is-99DU8.tmp	drawpile-2.1.20-setup.tmp
File opened for modification	C:\Program Files\Drawpile\imageformats\qsvg.dll	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\i18n\is-BBOSN.tmp	drawpile-2.1.20-setup.tmp
File opened for modification	C:\Program Files\Drawpile\libqt5keychain.dll	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\dark\is-PIHP3.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\light\is-QDGUI.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\light\is-G1PFN.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\light\is-EP5IH.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\light\is-KIUTU.tmp	drawpile-2.1.20-setup.tmp
File opened for modification	C:\Program Files\Drawpile\libsqlite3-0.dll	drawpile-2.1.20-setup.tmp
File opened for modification	C:\Program Files\Drawpile\Qt5Multimedia.dll	drawpile-2.1.20-setup.tmp
File opened for modification	C:\Program Files\Drawpile\libpcre2-16-0.dll	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\light\is-4IRJ0.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\dark\is-ETM5B.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\dark\is-87FUB.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\is-JOTV4.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\iconengines\is-IPDDQ.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\dark\is-83MRD.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\is-FF872.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\i18n\is-OTBMP.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\dark\is-DNAGS.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\light\is-1LIDR.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\light\is-TNDVA.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\light\is-OMI9O.tmp	drawpile-2.1.20-setup.tmp
File opened for modification	C:\Program Files\Drawpile\libstdc++-6.dll	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\light\is-OSO9S.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\light\is-DINE0.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\is-K2UUB.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\dark\is-ATFEE.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\i18n\is-2GV0N.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\dark\is-9O439.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\light\is-DFIPB.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\light\is-UKRHH.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\light\is-R44JQ.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\light\is-7TSJB.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\is-CL5I6.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\i18n\is-40IO7.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\light\is-5HMGH.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\i18n\is-CD2N7.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\i18n\is-O0AV7.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\is-A52M7.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\i18n\is-AR1IH.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\sounds\is-J8GS3.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\dark\is-TTCPH.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\dark\is-EL4P8.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\dark\is-PDR66.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\light\is-A6C78.tmp	drawpile-2.1.20-setup.tmp
File opened for modification	C:\Program Files\Drawpile\imageformats\qjpeg.dll	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\i18n\is-IC95S.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\sounds\is-MAIVU.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\dark\is-JIF7H.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\imageformats\is-JU44G.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\dark\is-UJG28.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\dark\is-F7G37.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\light\is-8K7SF.tmp	drawpile-2.1.20-setup.tmp
File opened for modification	C:\Program Files\Drawpile\libminiupnpc.dll	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\is-LP09S.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\light\is-0JLLC.tmp	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\theme\light\is-ANJUF.tmp	drawpile-2.1.20-setup.tmp
File opened for modification	C:\Program Files\Drawpile\drawpile-srv.exe	drawpile-2.1.20-setup.tmp
File created	C:\Program Files\Drawpile\i18n\is-FF6N0.tmp	drawpile-2.1.20-setup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 23 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ora\ = "DrawpileImage"	drawpile-2.1.20-setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DrawpileImage\ = "Drawpile image"	drawpile-2.1.20-setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DrawpileImage\shell\open\command	drawpile-2.1.20-setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DrawpileImage\shell\open\command\ = "\"C:\\Program Files\\Drawpile\\drawpile.exe\" \"%1\""	drawpile-2.1.20-setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\drawpile\ = "URL:Custom Protocol"	drawpile-2.1.20-setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\drawpile\URL Protocol	drawpile-2.1.20-setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\drawpile\shell\open\command\ = "\"C:\\Program Files\\Drawpile\\drawpile.exe\" \"%1\""	drawpile-2.1.20-setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.dprec	drawpile-2.1.20-setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DrawpileImage	drawpile-2.1.20-setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DrawpileImage\shell	drawpile-2.1.20-setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\drawpile	drawpile-2.1.20-setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\drawpile\shell\open\command	drawpile-2.1.20-setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\drawpile\shell	drawpile-2.1.20-setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dprec\ = "DrawpileImage"	drawpile-2.1.20-setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\drawpile\DefaultIcon\ = "C:\\Program Files\\Drawpile\\drawpile.exe,0"	drawpile-2.1.20-setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.dprecz	drawpile-2.1.20-setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.ora	drawpile-2.1.20-setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DrawpileImage\DefaultIcon\ = "C:\\Program Files\\Drawpile\\drawpile.exe,0"	drawpile-2.1.20-setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DrawpileImage\shell\open	drawpile-2.1.20-setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\drawpile\DefaultIcon	drawpile-2.1.20-setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\drawpile\shell\open	drawpile-2.1.20-setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dprecz\ = "DrawpileImage"	drawpile-2.1.20-setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DrawpileImage\DefaultIcon	drawpile-2.1.20-setup.tmp

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3000	drawpile-2.1.20-setup.tmp
3000	drawpile-2.1.20-setup.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3000	drawpile-2.1.20-setup.tmp

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2704 wrote to memory of 3000	2704	drawpile-2.1.20-setup.exe	28
PID 2704 wrote to memory of 3000	2704	drawpile-2.1.20-setup.exe	28
PID 2704 wrote to memory of 3000	2704	drawpile-2.1.20-setup.exe	28
PID 2704 wrote to memory of 3000	2704	drawpile-2.1.20-setup.exe	28
PID 2704 wrote to memory of 3000	2704	drawpile-2.1.20-setup.exe	28
PID 2704 wrote to memory of 3000	2704	drawpile-2.1.20-setup.exe	28
PID 2704 wrote to memory of 3000	2704	drawpile-2.1.20-setup.exe	28
PID 3000 wrote to memory of 324	3000	drawpile-2.1.20-setup.tmp	29
PID 3000 wrote to memory of 324	3000	drawpile-2.1.20-setup.tmp	29
PID 3000 wrote to memory of 324	3000	drawpile-2.1.20-setup.tmp	29
PID 3000 wrote to memory of 324	3000	drawpile-2.1.20-setup.tmp	29

C:\Users\Admin\AppData\Local\Temp\drawpile-2.1.20-setup.exe
"C:\Users\Admin\AppData\Local\Temp\drawpile-2.1.20-setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2704
- C:\Users\Admin\AppData\Local\Temp\is-PDIIP.tmp\drawpile-2.1.20-setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-PDIIP.tmp\drawpile-2.1.20-setup.tmp" /SL5="$70124,16341776,57856,C:\Users\Admin\AppData\Local\Temp\drawpile-2.1.20-setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3000
- - C:\Program Files\Drawpile\drawpile.exe
    "C:\Program Files\Drawpile\drawpile.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:324

C:\Program Files\Drawpile\drawpile.exe
"C:\Program Files\Drawpile\drawpile.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Drawpile\Qt5Core.dll

Filesize
2.6MB

MD5
2f1535f6ca35872994e5c3c38af2dac7

SHA1
9a7bdfce6d66cc6acf1d5359e2750adadf76272c

SHA256
232ccdb1846c4473813ccba1a359d875c6e38b5556aba7de1ae7d1bdd4971bc4

SHA512
ba7e145e5b708bb06c727dfae376ae7bea7719d6fda99191dad2d59eb2d799ba0694d7333712b86b8c74a2325b905b0e29d7a75e3ed730268c9e9780013d387d

Download Submit
C:\Program Files\Drawpile\Qt5Gui.dll

Filesize
192KB

MD5
d936a0bb2aff0b105d110cadd61b88a1

SHA1
12f2030ea087d41ebbdfceb32cef06ceb832b8d1

SHA256
4ce8e40f5371e221d716c6afb916471b0d70458e2eec6de094ddb393cb584dd9

SHA512
61ca97c759805ef0c2335d548f1b789ed92eca42403d5c42b92dd80d0a515326fe233df8cc98fbe559c47aebdabd21d776edbae68b88311a47cb9cd6ec2a2901

Download Submit
C:\Program Files\Drawpile\Qt5Multimedia.dll

Filesize
8KB

MD5
30a60f6f54fe76e5fa010e5dba38ea61

SHA1
60ec3dd976a79049a7295a37de4012bc21faf512

SHA256
8c1af5efcb34f50f9d7c7aa289615e106918e6dec8ca38bff90d99e9b86707be

SHA512
0f7a5ad15d2ebf2b4e60b647ad2bb231f3fe2467b3e6108f286f7a8ef9311e58b166676b4400f6cb685eba05f45b509f824a86834c8dabd342755c9d8ec9c4d3

Download Submit
C:\Program Files\Drawpile\Qt5Network.dll

Filesize
320KB

MD5
59ec3c2c611211a5969eca6355e32b36

SHA1
33b49aff5b7e4d2c1889f0adf663f7ca261f400a

SHA256
f1f8881cb073c24b89a031a585b9f58b9a425d6a352c4e2bea83de46bdba229a

SHA512
33f034257b7ad09ff15a44a05ba3214becfd833ad524fe2e6412f65afb50d3f4e1ae09d7b4f178e77662819eb6c1e5f8b763bf91885109f3ca4acc2d87a1c0b2

Download Submit
C:\Program Files\Drawpile\Qt5Widgets.dll

Filesize
8KB

MD5
43b3ff80b2184bf7cb9a6ea242c17952

SHA1
20894f7820e6963139610554c2f0e504c935f6c7

SHA256
d594f21dca5110914686dd282333becde9cd85957b9e1f036ca3c0048326cd19

SHA512
e6117fa1ebfac9129def54ac9331c5ccaf090da16ba171498dc68999c7525971eb55fe33eb30dae56c69feae02d6f979cb9e817807cc2ef87ec818c438bc995f

Download Submit
C:\Program Files\Drawpile\drawpile.exe

Filesize
3.5MB

MD5
1f32e819b8cb3487e7d7aa827deb5a64

SHA1
ad31ee01467de5bb9d22ad684349dd1636cbc8ac

SHA256
07082bb41a729d944b590bcbd9cbec01815f84f6e73869e334d7e597c15cb7e6

SHA512
8a0b92f8d6bdd27ea515414dffd6d3ca5713fff09e41b9939f86a32d5957c23f6d101820e426f3a54727c2e413d252fcb4a2e32ff0484d8ebbb976fd6b3c4300

Download Submit
C:\Program Files\Drawpile\drawpile.exe

Filesize
2.9MB

MD5
685d729ec0cc1079b4d6b9d4c7cfdc43

SHA1
76864e61605f05aea4eb66a776e77a07eafb9832

SHA256
bce6fb6f8e0b440890950e2f18c1a879581e5b8d39dbba3db30ecfc53b6741bc

SHA512
6ad87255e0eb10c31678adb1222f49168ff027cf83f5dc1d4195a124ab42e6639114265746db262e12eaae88e82eab668cff3e57c38a88aca9a6f110906f2cdd

Download Submit
C:\Program Files\Drawpile\libKF5Archive.dll

Filesize
436KB

MD5
5581c67e2c0311d134f6c53ab12806e2

SHA1
aa87051a8c2123569cf2a44e7f1330998bb4ea25

SHA256
a6c39377664192c9b01bb526b127d04923545a54b247ef9455bf1ff8bfab1ddf

SHA512
46936c102b002b45712c9d6edb82ff4622e2ca74846f789ccdf7cbbda9af9e0497520372966119dc7a30f3949bbe28324f21b48619f7c32afa69273d785f7fd9

Download Submit
C:\Program Files\Drawpile\libKF5DNSSD.dll

Filesize
316KB

MD5
d8be978c0b170b2878da7e8ade912aad

SHA1
d35fbc0bb61622fa9be44e86ded799c6eac4fa10

SHA256
50d15929f91a20fad0dbefce94b9fcbeaecc7cca71e139f9009e1001c5d0ecea

SHA512
5b8c76ce473083c62b62fb4b24f0b338d83dcce998635182e7cbe76d5e7861db73e2ded250d230f9f600219ba8617757df046748817d444f9c246aac2c3f0b66

Download Submit
C:\Program Files\Drawpile\libcrypto-1_1-x64.dll

Filesize
1.3MB

MD5
6fdd24e598ca0209eab3f25ea9a27310

SHA1
6cfef5822e8fa3776039ed73d3cb2b631ffd59cc

SHA256
1097543bc71d35db9e80d0eb26252ec3241d17fb161b856e0390ac88fcea26ba

SHA512
5429bc0c6248acd95fdd7d0a016191fa095394e2310abf2ce7bce05ac29d3aaca498c9e291e29d68468b3330735e3a45a32c6380f600024fb69b5234cf2b40ad

Download Submit
C:\Program Files\Drawpile\libintl-8.dll

Filesize
192KB

MD5
d5dfb43fbc8768c7a1a021eb14e918b5

SHA1
fe22cc36350817cbad9b011307d74eb48a9f1e35

SHA256
21e815864068638e3f1d9ddc269203270cdbcc5c37eac42d918a4bc1a4bb3456

SHA512
f5d028aeec3d79b851758718f585bd90994032a0338d25d12e1029888c983cb2c77e2930bd1ce564e358a83e7541cbdc37ac8b9fe5be84b7adfbc370162c5569

Download Submit
C:\Program Files\Drawpile\liblzma-5.dll

Filesize
832KB

MD5
336aa98213622506311eb85267ae8769

SHA1
93cfd7906dbc42e468ebc36a15100a7ccc6a07a8

SHA256
681a3d8bf94ef1b7ff5f1d8509b8fe267a00337ed2227ce6926a7b786976a3eb

SHA512
bd19daf708af0eeea857182eb0e726dda38bec96cd2cb88ed876325d48bf3a6f1975fa601aed8fb1133e9b515b4f9847be7dabdb253a712ee51502b2a77c167d

Download Submit
C:\Program Files\Drawpile\libminiupnpc.dll

Filesize
185KB

MD5
de41cdb56e52635f7d4518d4da48c4c4

SHA1
db94bd2c35abf93b474ebd2e98d9a0aba0af2d6a

SHA256
b7a8f33c02e0b5ceffc3b5eef7878b3254d196cf84ef66fbb1d12c649efe3eb7

SHA512
03428f7d3937c06bb7ecd2c8042009fb43c23206e5ff2994e51c90ed7d97e33355cd9cb3bd6575494e784965f7fa4b40d47e8ccf558001b595e552a75c14f96b

Download Submit
C:\Program Files\Drawpile\libpcre-1.dll

Filesize
192KB

MD5
b1ae6a2d740ce0ef4f95a283c3711880

SHA1
10b8351c1f3eb0ab45aa7a5cb8f67c87d820d929

SHA256
f464e91939dfc57eb2a59af8df247575007f51528c44aab03f75d279c9ed9bb8

SHA512
97982073f312de114fe427d797b100df901bce8d2ba8b705ea2a6a358d725a208bac1cacf2e1fba7d9da14b351c3428988cac05bc0141b2d11542ec0a2201960

Download Submit
C:\Program Files\Drawpile\libpcre2-16-0.dll

Filesize
423KB

MD5
77e30d1dd3c49db0ccebebaaa986493b

SHA1
0da15a9a5646f3f8b90f15d9746afc22f3ad9d32

SHA256
0c0db843caf61120a027694158243cdede6549ff4ab5cee37f8354b72d08bd65

SHA512
159aaf9f20cce084c97b54ece081d4a56b8980d527663825cf204f307374f8f30b0d7e6873ed78f38f11ed85dc8dcd6888082ee3a25ac40c1e9a4dd33bf09dbd

Download Submit
C:\Program Files\Drawpile\libsodium-23.dll

Filesize
2.0MB

MD5
e2d3282d6bcc94719453097e447e8c2f

SHA1
18200ec56be7e240f5f5f5e2d853a0593fd6fed6

SHA256
d0f2652f781c63f01d2d2cc9e0922a977fe27c4f3546cc2afe252b79be82c266

SHA512
052df9086f780e44f294fd86f38c9c8567534998b4fa246a82283f26d1ba2ac05d6911fd1f4b71258c089b2e2f064156605000bfd4d0db37a8941dbc441bd14e

Download Submit
C:\Program Files\Drawpile\libssl-1_1-x64.dll

Filesize
256KB

MD5
b9e7a684b15fe177e343d1f3cbcaa5b7

SHA1
f72a2071ffd10b8d6b2a55dd60aaf72d006d7298

SHA256
01d0154aff52fb59757df74c0c796891f65318e7ea22714b0bbcb473611b1889

SHA512
6e97f826f6e9e622df3d0ff643770bded922d0c48f1b0dc83ef6de48f68907df74b01e1b279c7b2c510f74ee0a699532ef4f90e773ca2770826e64960ad64413

Download Submit
C:\Program Files\Drawpile\libstdc++-6.dll

Filesize
1.3MB

MD5
673b02a37816805f761c5baa5057bdec

SHA1
7d9d9f8f19a3dce05bc38f5ad850251f70eda749

SHA256
5069590ecbab3e5cfea78554ec683a19acb1e4db8325d36427dc32dfac5bea7e

SHA512
ca50d013e917424a15d72f82a0799a1255191eabd0d125d345af57bad5506e6160f4df86ab47ec8f181f3bf21072026e9314d5ce301b5d32464fac28419f5f0c

Download Submit
C:\Program Files\Drawpile\libwinpthread-1.dll

Filesize
55KB

MD5
8a7b0309ffa3d3c74860a327a628e480

SHA1
a9330116f26b308f5faf8147080b1126fcd7d2f9

SHA256
6f25e6253ff73aba108d34be01879be22f6d5d7e7dcd18883d34cb63cd989a59

SHA512
812eaeabe92598c9db11d404d870f5e6fcceca93a92a940101175c5b7b680adcb5541bdeed730427b1e6dcc052822dc3c5fb02a9cf228adac7d786c5733df72f

Download Submit
C:\Program Files\Drawpile\zlib1.dll

Filesize
114KB

MD5
5e4d73a5d31888832bef9265f2c280f8

SHA1
176b43a9798324a6b1cc1af669246d20778a830f

SHA256
95060ba036af0e5fa59c045de08e9789818e85cbd251ac816068da20c87ba2dc

SHA512
ee81fcc9d320b319b38f7419a0102bb99037eb44fe4d33a2ad05340a7c80eec5f040e0a5331834e9a52f860b7633b10ba760a623c3791a3da6ae1d8568a0619c

Download Submit
\Program Files\Drawpile\Qt5Core.dll

Filesize
1.9MB

MD5
75bf0b1915aa381810981790cf11d924

SHA1
c1bd4d8ae59a424d1a4460614c194c42c13e8b00

SHA256
5eeef7fedc02bc3720964a31e367b44addbea8bf662f3fff52cfc764bc7a70ed

SHA512
9b62ee0f9d12c249db7860749cdf0eae2e7d3704b3de58ae4a2f5c99b895f87fc9e12d1222aadf9e757cf7eb7fd87df91e14080e2325225fa2deb9d07b309171

Download Submit
\Program Files\Drawpile\Qt5Gui.dll

Filesize
1.1MB

MD5
be5b7296a365eed2bfadbb50c4bc7866

SHA1
9740879c00a1f13af071a161abfbce68baea34d5

SHA256
e61e561425b90994c2f66ac8e503709c03c3bf1a5bde6476f05cc8369b388e1f

SHA512
85e58709a39560bb3904092c84913e3853761dfa14c69e387b982c6167ee34e5203034e9638c9fb78304ca79ef2f9d41714c1a42528f475e7d82572c3f8df27c

Download Submit
\Program Files\Drawpile\Qt5Multimedia.dll

Filesize
910KB

MD5
1100865ead2274a9bc1e8362dd2f4be2

SHA1
dcc59705a1c21961285144a8609d3aa0ed2a778f

SHA256
7d2c4f9df922e38c555ee4524ef59ede400ef5072dfa6d45865bc01779248e98

SHA512
53eb063c755ae97d06ff94d81a5bf7b06ef8be654e7c1cd2f2db62caf1191a8f305ca2eb46cf3f4fc788a7091c2abfe09cd2b6a4d4dc62f8c95ee7f32ca8689b

Download Submit
\Program Files\Drawpile\Qt5Network.dll

Filesize
1.3MB

MD5
74ad7b9139ec46a1cc3db493584aa8e2

SHA1
99b3959781d1f5cdf7c2f1f24321d230108fe3aa

SHA256
3450e2b21c9f8db6ec3a1674a7ccbd7c30a256bccf1f4c5056ce5a9147694abd

SHA512
ca73504099bf5b4e48ad82a9a13c7df8dd0bc69a488ce6bbb4e0c74c39c4fb88b075703d965ad7a72485b1a32ce8fe46bc08139ae8df6d6212e4dd9ff6d1c93f

Download Submit
\Program Files\Drawpile\Qt5Widgets.dll

Filesize
1.3MB

MD5
50f00aa08a68a6a7a8bb40f83e98b41f

SHA1
a474a4a31ac25c891c1d200c510fd24efec94684

SHA256
26520526bb8cffeb52accaf115ffa035c7852a1be315c9b98fd33441510a579b

SHA512
204336a3c3537b834a58aa33cbcde10a0d62e0144cda198126795f1da90b05c4e7dc7689eb35ab048ad14ec6402f0ebe1dd0ddd4a5c551ee8bbf21526ab731c6

Download Submit
\Program Files\Drawpile\drawpile.exe

Filesize
3.9MB

MD5
ccf337bb64a40c7884781b69467dccce

SHA1
79b5af12f1a91ce9fae37b9e6327d993239c0330

SHA256
55947734e34972ba8b11e6e173b02d475c4598b0c1c497c0495b8035175fb964

SHA512
e8e57b228c6736d7a036b6ef29b4278b655e1d8c484961f7a4548f137a96af2d1e243a54fc6b2fe1421cc252f2e2a50130c0ce3b5bbb91be6a0c0c65da8fff1e

Download Submit
\Program Files\Drawpile\drawpile.exe

Filesize
1.9MB

MD5
92af14a66b65468164cba28b1a2ad5fd

SHA1
b261c92eb2f58207f31eff1c2f82145f5f5b3224

SHA256
a098742a74aa6b4ea97ed9c9b9beb79d338f6d2e8cb350535b939ff84dcc0582

SHA512
ee636090c3f50cb7caf2c103d46dc482f1189ff870cc3a2bef90183274b8d64444889e7fdbd1ad711593bb0a9277c814ac29be9932933d6b41a2a560dd84b984

Download Submit
\Program Files\Drawpile\drawpile.exe

Filesize
7.8MB

MD5
32ff8a1712ebf936f9863731eb7720dc

SHA1
00a6eb8d1c5537877505f594c7c17719655ee950

SHA256
d03d5cae9f66b2c7dd40bc1cbdcf15371b84776a9af1f3eb00cbdce1785e2565

SHA512
411a5c3f9aa495fcdcd3b8966b4eadd62116806beca785f1be1512313e3755264507c433cbdcc0bbc0749400d6430173e84c7580d29e6dadcab953d6b688d1a7

Download Submit
\Program Files\Drawpile\libbz2.dll

Filesize
338KB

MD5
6ece5142b22949af397c6002f3ab4baf

SHA1
0a4e6d899585669d01e430d5151b4e8e3d4a07a0

SHA256
e4481afeacb86a4817258204bd127c0bcf44674d2edad2e82e6a68cdf315dc52

SHA512
17a6685c3c39348f0020db1c808d928d04adb1b66887c062e10605f8900eca795c616fe9cbf990fb90aa9b94d6290dea2800fde46677878285cff5322aa36899

Download Submit
\Program Files\Drawpile\libcrypto-1_1-x64.dll

Filesize
1.2MB

MD5
1891e053c286a04acee2e25d4904c3f4

SHA1
681a761c5aa0ee5da8a8b71f3bb2698854a7b4b3

SHA256
dfd6da64233e4635ddc0a7da14c1124e817455a42be7c1f655dc8527af6dcd2d

SHA512
0c8c332f50abe90652448cbdf3159596be809c1ba17615f803f63f92d128af01d027ee17941f75c0b42edf19926efcf06dd2f252e0f32e7fa9f85dc17db3c554

Download Submit
\Program Files\Drawpile\libfreetype-6.dll

Filesize
192KB

MD5
c012ad2935690e60b87c6e30ab4c7a7e

SHA1
ea9e2b1af9b433c9bb25acb1f03ed3d0049312fc

SHA256
19bd30f21a2d856f28ac7f51379018955280534465d8ce7ec0467621345660bb

SHA512
3732f142ab3b5ea864a87b48f89d62a352a94c7c936fea9566020d7e5742f337f0fb822a03664f0aa2bcda8cb85ea79877385ce3af95d9bde73d95b9eede144b

Download Submit
\Program Files\Drawpile\libgcc_s_seh-1.dll

Filesize
552KB

MD5
33323cf4720978ad7614b6b728b73e44

SHA1
6490d1817bae6030d05ac08d3832ac19400224fe

SHA256
0f3abbbd1dd0c14be07b0b6d27b3036901fd27f98e7dedbcefa482aa0f4c3788

SHA512
2974316f266fef779a2a328c4c8d6ef1be1ec6e2037c070473d1e87b87bb91b14395661094249094eadbca21921e92a528ef2362214243a490aba88e5bd0646c

Download Submit
\Program Files\Drawpile\libgif-7.dll

Filesize
227KB

MD5
a1dc46a0a323a0d07dc430626bc4cab3

SHA1
b14770a1aff13109a98a5a4e61725bf2153d3a57

SHA256
dd19c7751943dcf1224040c0833ab6a5d1775d499683f399f7dbcebdad875849

SHA512
b4b93f8091254fd6d536e653208da58b021f8deba1f7ea3fa83e8eddaf16081765874f4bd330e59933aeb6e5eddea492f59b944fadef87f956f0f017a868706a

Download Submit
\Program Files\Drawpile\libglib-2.0-0.dll

Filesize
192KB

MD5
4c36a1d400cbc5c0ae1e02c19e2334ff

SHA1
d89886ec3684b061821153caa4209d19ee897c5c

SHA256
7d8c97f39ff8c57d7d297ad9da93a17339f24b362bbaa39f9230a33c4cd8fa11

SHA512
9727e44da15802bdb7a04895f2a57c3dda25796927d385ea207c21042126885b1ed86ca992f5345d0918b3ab53790fdc079e893354133c1baad13b86eaff0cbc

Download Submit
\Program Files\Drawpile\libharfbuzz-0.dll

Filesize
256KB

MD5
cb572629c24f18360e85531ef3627191

SHA1
738358c38efafede32161d0fe5e1cdccd588cddf

SHA256
ef9acbbd7b4e2a0b57321516a0c570f1821de4ce289944788e1710aa86fed925

SHA512
ae5f55dde5bf8b005493eee83cf500aa36d7750b610ead983af10268d01440975be5d676852a1463019c99e6d551fbf18353ae51a9938b1d687f03d9398d870a

Download Submit
\Program Files\Drawpile\libiconv-2.dll

Filesize
192KB

MD5
0003fda33d38737418dc0056f3f1d104

SHA1
443d184dda3a003a015cfaa5d815d1479a539a0f

SHA256
8808c980e785f09b7f147971ed7704c75fa87553b70527721b36a589e0730cb4

SHA512
53b3ee1ed77309a30535ea33e73c01f2c289d7893f005bd1d6e17648229ddd287fb27c2f9ce7980900cbbc58a54a7922c7b8f77f97e58a798acf7867d0e484f0

Download Submit
\Program Files\Drawpile\libpng16-16.dll

Filesize
192KB

MD5
d57e71eb146f839e3f3a4b3f05d2b81e

SHA1
e9bd30da4f508ca06692f7e0b206725027326030

SHA256
068d7cedd7ef135bf1a5e23c038d0d1f3da1b2f22e7b7ded60e9437304c2cf7d

SHA512
1c9c301195bfc93672d473924c09d5bac8bfc694c81b423443b57c861344564eba6e81bc294ee5433760207c8c48d4a962469dc68e9b8fa2fd0b9d4c609ec346

Download Submit
\Program Files\Drawpile\libqt5keychain.dll

Filesize
179KB

MD5
4b2fa271f2bb44b085f5491f565e3a09

SHA1
04c82de4ad34cdde841d536c6985fd9c514edc77

SHA256
3269a9aef31f96ac1d1d5b7def59305a3a99e0d6ed1e8cbe0fa4b120344268b2

SHA512
2c858b1dc2aa2f799278f9eeb6490f0db8d615b03f33cc4f4f2a47247d2108360125346f7bd174658fc6bc4b7ef1343b4af20643f74b64a05f56fd508e3924b6

Download Submit
\Program Files\Drawpile\libssl-1_1-x64.dll

Filesize
770KB

MD5
36308923caeeb30b27f131692144af4c

SHA1
59f031d6cb16fbce4181e6e722e7faeeb4903ff5

SHA256
954b5c99e149f4d6d05f0a711b9003688545e810fa45d93e9a48df7e29bdcfce

SHA512
44bea4eaa23bf989e360853131ee59be508d401b3fc4d50906344b4c74ded0d7d7c9b5f59bc7d99df81a3bc482bcbef353ac8bc2d0e2123b1958f827bc25b9f2

Download Submit
\Program Files\Drawpile\unins000.exe

Filesize
708KB

MD5
23656a168f47708225fc81c51aefcdf4

SHA1
e54806db47fd2f6a566c0ab04ffc7bf993176032

SHA256
8d76868a8db139e9f8bffdf7c1edb9f8788bd468b1fbdadb770ab5a70a127b52

SHA512
c6632e6c5c6d3bfa13c2935dd56e6123ff7c14a11783feef63217edf247c99628d30cfe07770724be2d2a83f6798d3c0c09681c6aaeaf2a0f4f4d1b18e5b9613

Download Submit
\Users\Admin\AppData\Local\Temp\is-PDIIP.tmp\drawpile-2.1.20-setup.tmp

Filesize
697KB

MD5
832dab307e54aa08f4b6cdd9b9720361

SHA1
ebd007fb7482040ecf34339e4bf917209c1018df

SHA256
cc783a04ccbca4edd06564f8ec88fe5a15f1e3bb26cec7de5e090313520d98f3

SHA512
358d43522fd460eb1511708e4df22ea454a95e5bc3c4841931027b5fa3fb1dda05d496d8ad0a8b9279b99e6be74220fe243db8f08ef49845e9fb35c350ef4b49

Download Submit
memory/324-562-0x0000000065880000-0x00000000658BC000-memory.dmp

Filesize
240KB

Download
memory/324-573-0x0000000066740000-0x0000000066CC7000-memory.dmp

Filesize
5.5MB

Download
memory/324-600-0x000000006BE00000-0x000000006BEEC000-memory.dmp

Filesize
944KB

Download
memory/324-560-0x0000000065380000-0x00000000653C3000-memory.dmp

Filesize
268KB

Download
memory/324-601-0x00000000011A0000-0x000000000170A000-memory.dmp

Filesize
5.4MB

Download
memory/324-599-0x0000000069140000-0x0000000069218000-memory.dmp

Filesize
864KB

Download
memory/324-598-0x0000000066000000-0x0000000066178000-memory.dmp

Filesize
1.5MB

Download
memory/324-561-0x0000000000400000-0x00000000009A8000-memory.dmp

Filesize
5.7MB

Download
memory/324-597-0x0000000061CC0000-0x0000000061D66000-memory.dmp

Filesize
664KB

Download
memory/324-563-0x000000006CF00000-0x000000006CF2F000-memory.dmp

Filesize
188KB

Download
memory/324-564-0x0000000074B70000-0x0000000074D68000-memory.dmp

Filesize
2.0MB

Download
memory/324-566-0x0000000064940000-0x0000000064955000-memory.dmp

Filesize
84KB

Download
memory/324-565-0x0000000061440000-0x00000000614C0000-memory.dmp

Filesize
512KB

Download
memory/324-567-0x000000006FC40000-0x000000006FD95000-memory.dmp

Filesize
1.3MB

Download
memory/324-568-0x00000000613C0000-0x000000006141A000-memory.dmp

Filesize
360KB

Download
memory/324-570-0x0000000063CC0000-0x0000000063D93000-memory.dmp

Filesize
844KB

Download
memory/324-571-0x0000000062E80000-0x0000000062EA6000-memory.dmp

Filesize
152KB

Download
memory/324-595-0x00000000685C0000-0x0000000068A08000-memory.dmp

Filesize
4.3MB

Download
memory/324-576-0x0000000067A80000-0x0000000067AEB000-memory.dmp

Filesize
428KB

Download
memory/324-569-0x0000000067800000-0x0000000067859000-memory.dmp

Filesize
356KB

Download
memory/324-577-0x0000000065380000-0x00000000653C3000-memory.dmp

Filesize
268KB

Download
memory/324-579-0x000000006D200000-0x000000006D38F000-memory.dmp

Filesize
1.6MB

Download
memory/324-581-0x0000000067E00000-0x00000000680D0000-memory.dmp

Filesize
2.8MB

Download
memory/324-583-0x000000006D480000-0x000000006D524000-memory.dmp

Filesize
656KB

Download
memory/324-585-0x0000000064500000-0x0000000064529000-memory.dmp

Filesize
164KB

Download
memory/324-587-0x0000000000C30000-0x0000000001198000-memory.dmp

Filesize
5.4MB

Download
memory/324-589-0x0000000061600000-0x00000000617B7000-memory.dmp

Filesize
1.7MB

Download
memory/324-591-0x000000006C580000-0x000000006C8F1000-memory.dmp

Filesize
3.4MB

Download
memory/324-593-0x0000000068B40000-0x0000000068BBD000-memory.dmp

Filesize
500KB

Download
memory/2704-9-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2704-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2704-516-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/3000-514-0x00000000752F0000-0x00000000752F5000-memory.dmp

Filesize
20KB

Download
memory/3000-511-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/3000-7-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/3000-10-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download