289df7d7b2f0da4de90cf66ee44d60162fdb65e8f36744f724009d5879925d27

Analysis

max time kernel
455s
max time network
1179s
platform
windows11-21h2_x64
resource
win11-20240426-fr
resource tags

arch:x64arch:x86image:win11-20240426-frlocale:fr-fros:windows11-21h2-x64systemwindows
submitted
31/05/2024, 09:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

paint.net.5.0.13.install.anycpu.web.exe
Size

1.1MB
MD5

9e8c911802a8f387d536a340f39b2636
SHA1

85074c4e1574de523596950d33aa10fa27813813
SHA256

289df7d7b2f0da4de90cf66ee44d60162fdb65e8f36744f724009d5879925d27
SHA512

430e8fe20916fa9f8a2bec1f2d4d85ca555fae3c6e08622d8c4f36cb9c513beec51dca094acaf560bd5eb32a6a56753fd3594b7be92c9b89786290b1e122a9b3
SSDEEP

24576:/PYYYYkeBVMCOVI3YofBJT6F18BzgjIMbaF:/PYYYYksMCOVI9BJTSe8jnGF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
4092	SetupShim.exe
4536	SetupDownloader.exe
4032	paint.net.5.0.13.install.x64.exe
3956	SetupShim.exe
2180	SetupFrontEnd.exe

Loads dropped DLL 56 IoCs

pid	Process
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe
2180	SetupFrontEnd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 5 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 1900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2	SetupDownloader.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c000000010000000400000000100000040000000100000010000000be954f16012122448ca8bc279602acf5030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2	SetupDownloader.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2	SetupDownloader.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 0f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2	SetupDownloader.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e2000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2	SetupDownloader.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4536	SetupDownloader.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4092	SetupShim.exe
4032	paint.net.5.0.13.install.x64.exe
3956	SetupShim.exe
2180	SetupFrontEnd.exe

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 3920 wrote to memory of 4092	3920	paint.net.5.0.13.install.anycpu.web.exe	76
PID 3920 wrote to memory of 4092	3920	paint.net.5.0.13.install.anycpu.web.exe	76
PID 3920 wrote to memory of 4092	3920	paint.net.5.0.13.install.anycpu.web.exe	76
PID 4092 wrote to memory of 4536	4092	SetupShim.exe	79
PID 4092 wrote to memory of 4536	4092	SetupShim.exe	79
PID 4536 wrote to memory of 4032	4536	SetupDownloader.exe	80
PID 4536 wrote to memory of 4032	4536	SetupDownloader.exe	80
PID 4536 wrote to memory of 4032	4536	SetupDownloader.exe	80
PID 4032 wrote to memory of 3956	4032	paint.net.5.0.13.install.x64.exe	81
PID 4032 wrote to memory of 3956	4032	paint.net.5.0.13.install.x64.exe	81
PID 4032 wrote to memory of 3956	4032	paint.net.5.0.13.install.x64.exe	81
PID 3956 wrote to memory of 2180	3956	SetupShim.exe	82
PID 3956 wrote to memory of 2180	3956	SetupShim.exe	82

C:\Users\Admin\AppData\Local\Temp\paint.net.5.0.13.install.anycpu.web.exe
"C:\Users\Admin\AppData\Local\Temp\paint.net.5.0.13.install.anycpu.web.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3920
- C:\Users\Admin\AppData\Local\Temp\7zS05FBA077\SetupShim.exe
  "C:\Users\Admin\AppData\Local\Temp\7zS05FBA077\SetupShim.exe" /suppressReboot
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4092
- - C:\Users\Admin\AppData\Local\Temp\7zS05FBA077\x64\SetupDownloader\SetupDownloader.exe
    "x64\SetupDownloader\SetupDownloader.exe" /SkipSuccessPrompt "C:\Users\Admin\AppData\Local\Temp\7zS05FBA077\SetupShim.exe" /suppressReboot
    3⤵
    - Executes dropped EXE
    - Modifies system certificate store
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\PdnSetupDownloader\c61f236b-3dcf-45ed-a22b-9baf24257ced\paint.net.5.0.13.install.x64.exe
      "C:\Users\Admin\AppData\Local\Temp\PdnSetupDownloader\c61f236b-3dcf-45ed-a22b-9baf24257ced\paint.net.5.0.13.install.x64.exe" C:\Users\Admin\AppData\Local\Temp\7zS05FBA077\SetupShim.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\7zS0CF519C7\SetupShim.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS0CF519C7\SetupShim.exe" /suppressReboot C:\Users\Admin\AppData\Local\Temp\7zS05FBA077\SetupShim.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\7zS0CF519C7\x64\SetupFrontEnd.exe
        
        "x64\SetupFrontEnd.exe" "C:\Users\Admin\AppData\Local\Temp\7zS0CF519C7\SetupShim.exe" /suppressReboot C:\Users\Admin\AppData\Local\Temp\7zS05FBA077\SetupShim.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS05FBA077\SetupShim.exe

Filesize
152KB

MD5
ed82da8ce63807986d06e19ce59d7869

SHA1
545de4373061d6628c047929147ea3590daed3ec

SHA256
cbaf647f029408fbd79290f6727ce9a3cc4c9bcfac19c74a09981b4bc849a3dc

SHA512
fc78b01952bb23e4b108b493a0e20c157faca263eaeb912ad670a5cb2fe5f6c8e4e075b9cf34299ec3dfa1214acc36bfd34767f33fc31f81d178fcabbd2d698a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS05FBA077\x64\SetupDownloader\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS05FBA077\x64\SetupDownloader\SetupDownloader.Configuration.json

Filesize
135B

MD5
8ca6779446e31e219589a08769448da2

SHA1
efc2d9e4b0f99daf0333406610d8031a5a8aed2f

SHA256
2b23a17e993b7837a89365cdd328541f58ddfd4ab2b45285058284eee5733613

SHA512
a6a863880835dcca879534ec8a353e2d7fef9c4410edfe41b59bac561492cc6084330c7aad1d2e8a9590b2a3d7551a0b8b6d45ced4d235f01b596d69b593bbf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS05FBA077\x64\SetupDownloader\SetupDownloader.exe

Filesize
279KB

MD5
67662d81cc89357be411c8fd981f7333

SHA1
caab54c00eecb39b8818892123dc78369a72e178

SHA256
46b80d6a0c515274dbe615a86441e93eb656683cfe7c48ef80aca4ed5aa9c01e

SHA512
463ec7b8dd9c32ba1ec492d13330c19d5c57ea7000bc83a3c8162bef9354b144b390149bed49807aba251e35a25ae190c537ad6bf46eb1ffe4723ce6be2d5c2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS05FBA077\x64\SetupDownloader\SetupDownloader.exe.config

Filesize
218B

MD5
59efd5b23c940deca60238b287720310

SHA1
0067c8388dd359af895a1ca854970bdaf4e58f6e

SHA256
907801fc6262ae2e70f9ad104f903e3580f195bbab4ad27d79c9e571da970d86

SHA512
8ed8f6fe3564bdda0bd85752a15e7ec9380df8f366dcef9dedb826e5b62c188000ee79b7cbf61d1c01b7bcab92562a4895794f4ed540e943299973e3dee4270f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0CF519C7\x64\PaintDotNet.Base.dll

Filesize
703KB

MD5
67209f29f0af4d8f96fdbc81ff30a085

SHA1
3b2d4156ce911664959fb6e50a9e8b069d57bb9a

SHA256
be69026a433678fa21792f912569ae9f6a631c95a624b0454756d5f40515fbc4

SHA512
3c763976992e65bcd82b0eb4dc95e6de44101dbd96200764e2c5a9eedf56ad40f0ce2a45b68ac4037346aa7b1e56bf0fee549f5a9c30305d01187425852940a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0CF519C7\x64\PaintDotNet.ComponentModel.dll

Filesize
107KB

MD5
ac67a0e763a2a12825cf230f03e23e3f

SHA1
e036cf205ac03dd1ab1d7b900c7ea76f55762801

SHA256
aa676befb41623bf841e6c79e44cbe42be28ff077cd0dd771019e496b6491980

SHA512
528ee535d935b5dd1959f046ac2cb3f01bb2eaf62f02e0a93819c80d77e315f84ef9b98f97179551874a9d0f1800a3106e1c648be7ac90ce51193e9385b33c29

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0CF519C7\x64\PaintDotNet.Core.dll

Filesize
2.3MB

MD5
a70e63f4eb0221b68639a4a0f7cf4fb0

SHA1
4bd0653d4a0fd8db3cca1fc3f6488ae5ba81b96a

SHA256
1613afa5cdc8cb397977e3d05f137bf7c50156a9f304204040964e0177b02f9c

SHA512
7ef71ac4df60e3c47731c41a41403fb176674090f62b70509cfdbc840f3adc85609c655d8461bb012ac6784d13a6bb8224ab2740d954830cba0324fb295c7e2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0CF519C7\x64\PaintDotNet.Framework.dll

Filesize
1.1MB

MD5
187e7fdd1d10378c905254d1606e8c9a

SHA1
88839e000aa4ab9d6fe2aff631a3e5abfb942f19

SHA256
284745171ca433a20bdb26216d137a3aee472beb5856666cda8ac316d1b811e8

SHA512
c50847a03d248b5393a03fcdad2af7fa554c62a0223466d930e6ea3265980aa1d41f225803eb7ace1ed7f1ea385fd8e38b2d463d0b7629a1e760a49a4dd6dbde

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0CF519C7\x64\PaintDotNet.Fundamentals.dll

Filesize
1.3MB

MD5
6695acb63f5d60657f41ede817b97561

SHA1
7a783616d6130f8a86748aef41e231d013a7e8dc

SHA256
c37c4bed2e6d42410dd2f28586bd5e34d25a294f6d3e1f1579e84008ad9b3c2f

SHA512
3baf4eb04900ed367625067e6d183721fddc2765723dd39d5343f5841e3d39b9f8881257c7e78cfc1d4f55234c7c58669566252b0d839ac227bc11c85aab053f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0CF519C7\x64\PaintDotNet.ObjectModel.dll

Filesize
191KB

MD5
63260950a31a334c160d72935e121894

SHA1
5b55aeea0d9e59f2b7950b6324cc0a330b01e876

SHA256
7a47389d50017c70d614e1b57bddcfb9fb5c65e112d966f1b3bfc50ece445e54

SHA512
477d7ed2308098f546090251d1160086af4c3253ddc8d6a9699bec209f77b7a4abb112f39546b92ad6a738b5c42af3a0c1fd18dd6658473e4ff9ea8ececee588

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0CF519C7\x64\PaintDotNet.Primitives.dll

Filesize
1.1MB

MD5
e527547ef2cf312400f60f92f4286ecb

SHA1
37e58f85f8ceabf6afa472d2335f1d598258adcc

SHA256
338b83cf8f180a73a8a8d2dc2b90d344edabd63fdf84130f86d5efc01b8312d0

SHA512
48847c6777f2ec65c98ecec126f47cf7e5b88cdc4b68a6fbfcc7c57c9571f14a8b45a37bda68102eddfbd3d214db56c32a217a5da5a39f00241e87e7d699e351

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0CF519C7\x64\PaintDotNet.Runtime.dll

Filesize
82KB

MD5
a91cb6ea28f169248958bf47cfdf423a

SHA1
341f04887a8330868af35dd55ed12d6969264d55

SHA256
25712803301d7a0ba8aa6b521d2b655976506c6ba2e8a1c19c3a3052b33d2a25

SHA512
2f335a0e72e9e1df32d04a898f98546b201a9e150390b97628f2da89158dc0da841e86fb48954c66478643f0d61e5ea8c8db0da68628bc2e7199b9b5168a5306

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0CF519C7\x64\PaintDotNet.Strings.3.co.resources

Filesize
178KB

MD5
425ef7ba68111ec258a0468f6d800314

SHA1
2b59bb5921c3634722f28033e0d52c57725560f6

SHA256
1819d3637ee8fbe6165ee1e45dc4bb839ccbffd12a29f0acdb606d7cbba57476

SHA512
169d2ee3ad88bf1d219b77d755e4f895412679d7ec3eb41ec7247b79e97fa244e95ae3ea0016bb1c1297a183cc13e71b3b5cc68c34bb2604536ee005da950350

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0CF519C7\x64\PaintDotNet.Windows.dll

Filesize
4.1MB

MD5
eb9f050bff1d0f6379a945aad4c3d0d9

SHA1
a59cefdd7808359662ffd85c7bcc08224f7ecee5

SHA256
8dce9a8ff17e69be68d7270c30a9c98b05b41f171d87550170b5c74439521012

SHA512
a58a555d8a92afdbf1b35a79988eeb56edc628e505c65a6fe3c64b94b602b7dee6ebadefdadbb6c625cd90a69baf936b27ad14d3bfba3e4f7c47e777a7078d94

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0CF519C7\x64\SetupFrontEnd.deps.json

Filesize
60KB

MD5
1ef485c7f1494b49e1626f3157c021b5

SHA1
56ea39bc0d6b9eb2fb28bc880b54198b1876f581

SHA256
287362b09598bff6ab981b1986b41acadce44d5fe59b65929a17e3e86fbe018a

SHA512
86b706392bdb4c74aa49639ef4eee51a87ca3cf935e0ed530018ae31170be7d55fb8df1c15132e62aa2141322f42f1349e6344edc0f35de004544b7859084552

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0CF519C7\x64\SetupFrontEnd.dll

Filesize
219KB

MD5
adcc0ec1a6274012b7ce00f90f35f5d3

SHA1
9b4a541e19e8fc723621eda0afec47f81e8f4344

SHA256
577ffda478064ed8ab1e86511d289a13ff7eec9996b080d919f8d4e0443ffa33

SHA512
226e65b95cbdf39e92bcec83a846a40a9546f5567711d867cedd38b1443e19ae22c959d885f85e4ae81b8bcc8540628a451a579538be7787ee2d2ff150fac3f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0CF519C7\x64\SetupFrontEnd.exe

Filesize
170KB

MD5
ceaadd8bcdbf2e2d5284a43ace3b3b80

SHA1
fc9f0e392204a94b948b606d7dca71c0e8166b12

SHA256
66b927ad2d3513289b3e8448ccf4e08c3c9a131901a69e324464fb20ca91a99a

SHA512
138994b110565b824cd2529c053b8b223b46a2ea392da2bf0fe0f0d1fa2f68bea08f8afde0ed605e99b64e7c370583ee56c14938ece512ba8be39bf0b4aae7e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0CF519C7\x64\SetupFrontEnd.runtimeconfig.json

Filesize
537B

MD5
311a502395c85c4dd495c5ae3ed9e8c4

SHA1
8eeabb3e7b2101259e7ecf61c11f583168897e3a

SHA256
26584fd178277ecc937602db04ec2716bc836bdca21270f5937b1805dbba14a4

SHA512
6a1ec7986faf841c179af297fcf2c24b50a2a407cccc64b6b25bb45dadae301a2ff26411f556d99ecae6e1a14aaabdaf8bb27f3fc6297c90346d5fa2b44871b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0CF519C7\x64\System.Collections.Concurrent.dll

Filesize
258KB

MD5
719090d56ebf34f97843f5669bbf66a8

SHA1
27b8af21d76ae6213157d119a6b3bd2bb7d66a7c

SHA256
18aff41c1a8afbcbc276ae50f6f51abff8282d5919c91c3bc61111ab0329a992

SHA512
bdb9f81c57fc07c72db82456144643ffff8310aadfce6bd057e782032b4e6cabdfd95d5bb73968e7ef32087237124b35e0fe71e1048bf3661d1a61e4087692d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0CF519C7\x64\System.Collections.Specialized.dll

Filesize
106KB

MD5
6c1534f90c812053156b73798f0777f8

SHA1
8c17b22ad2b1677c065f75c9d8d54b262ded1684

SHA256
f0e9daf07884c3105986c2d06b882ac52e5d9a551c33029d93994c6dc5a506da

SHA512
f3c38d61e11b623dfe910c86d59b609c51327a476cb5f17e1dc471c1b5940b3534e908674c1a99d9d7f85ac986aaabaff41799a4cd059c4b5be4fad963025579

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0CF519C7\x64\System.ComponentModel.Primitives.dll

Filesize
82KB

MD5
32297b08dbcf8c7bb7184e7c6a365d44

SHA1
c5c4ce634ad7e104990115fdc6802b91836dcd38

SHA256
98e980976c7206a73b6e5e04067f955ed1a6357f03ce2e6f8fa174261c5e0b24

SHA512
742d9756ffa97de87446eeca14df45900fc788a0e5f94318739d67818002a99370cafa087731e15535e40eee2c8f1d8ae24df66759aaa12259f3c6e9804f03d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0CF519C7\x64\System.ComponentModel.dll

Filesize
30KB

MD5
ec556255488d86f0ea2d19c85df90ea9

SHA1
da97bb14d5621f14bc1305e1b54f429ce401e8a3

SHA256
59348203abf0dc97d42d53e3ad816b2817ebaf5819ad142125a4e91537d80f84

SHA512
9058cefa0ecfb63a5f5cfa0c05101ac92489a0d5ae8ca04e7ecc35b52b0e4e2e93bb0477fedc88eba776d77f3a885889905923ee033e4143ef56424b56589767

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0CF519C7\x64\System.Drawing.Primitives.dll

Filesize
134KB

MD5
10ca6ea3f6ac91efc411724536d38423

SHA1
e72e80bcf8589ee0b388ebb7e4d1813b6bab96fd

SHA256
8c6ed6c378e30c535a8a7c71269045220f5633f4abf5f88799297e25f680715c

SHA512
8a32edd342e71ab469a9dedffea19df2691d6bc649f049b07504a696c058af351a36945c5e5c56e7ec277f21ee68a935afee8308fb2cd6cbbf93e06441b3bc57

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0CF519C7\x64\System.Private.CoreLib.dll

Filesize
11.1MB

MD5
b180dd583d2361a17915cf8c9d04960b

SHA1
54cf747784f83f7a84238135b1a3386eb6adfa3f

SHA256
e895dacc02e823659bb6edd7eafb0e29e5c8e0a0273e27322fc882cf609ff542

SHA512
7d493f43bd5b405c19159017c386f3bfd00bb429b070fb626918e131ce43bf3d7d0278eae0ef2b9ea8be5469d3d7b67236904c27a438dfdd40f9d68aa5c69eb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0CF519C7\x64\System.Runtime.InteropServices.dll

Filesize
62KB

MD5
79733323c08f257b6f4f99aa6704cf18

SHA1
73d5a3dcfccff2c58a46b1486d6169c5e4f695e3

SHA256
7bf55aa42c732ce8070d6e5592c72e9449bbdc8f567e446662a0a1b258f77972

SHA512
91d793bd87ca77142bc7ab9a44dcc7b2f9073f81bc73edc8c47c85cd24f051beed6a4d82598fe70300d7ffd60e9c35913fe769d36e55d2bbf33e5960eb8d16f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0CF519C7\x64\System.Runtime.dll

Filesize
42KB

MD5
5c347538feb79f8988c911301a59bba5

SHA1
294874fc634cdd305df56ceaa3fc0ca53f044b1c

SHA256
c5af0a58f64aeb0004c6ba28d0b1b1cd321e6d01126b95203693d6544f5bb613

SHA512
0c7b106f7274c0423291e3414ce1873ad149c548a80cd4489c95d04c10dba5c5d3836b5f6dc74ada99ea7e8b92a80558f34ec0af1b99e5cb55b847e3a6d79cc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0CF519C7\x64\System.Windows.Forms.Primitives.dll

Filesize
938KB

MD5
0ab1915911aa77f4a1360900e4184a43

SHA1
24821d5826cfac4424d6d584a9030bba598785bc

SHA256
7dcc36b8bbf0b3f4074b5facdd4e5a022f78e2e5049391dde96ad4272c14200d

SHA512
64dd9e38280b005a8085508ee536024e6d0643a8dcb4901faf763742af7d9b1cb76145769b57d139021474067bf8275d6cf2fa1ee5c66c5c3d7e49dc9ec711a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0CF519C7\x64\System.Windows.Forms.dll

Filesize
12.7MB

MD5
fa2bc2e05fbb6ddc0bbe1f6cb938b6a4

SHA1
cc4b81e4b65c57bfcd459726ac88a129f92f5fb8

SHA256
f85b8cf2fe3ccc29280677e1e9461fdb3c75ba5d1a31b373b4d0a20c76cba894

SHA512
ebb7db28d544a63753346ccea16acc36bbca30eae595962b1d13d95161c60e7737ef3db5677a9316071c898a5f05931d8909d0e91fe1cf5a955e5562792d5658

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0CF519C7\x64\TerraFX.Interop.Windows.dll

Filesize
1003KB

MD5
6dd937738b99352618bd0326a91002cd

SHA1
8505c8d785b69e6f1bc008770a6014dce4e23f21

SHA256
9d7a578ccad3f0c39d92ae33050b65059287f428597e854d751f6d265435c6d1

SHA512
b2ecf17fccc70d8992f719a815439d65eceebedb6e8ded0baf8e47056f58b3500ddbd7c79ac1ccee47e409d16d37a0b96c98b3ea8012e9d6432cf4a4f14a3320

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0CF519C7\x64\clrjit.dll

Filesize
1.5MB

MD5
8b658473a01ffe6e1136cb7ebf56d7c0

SHA1
437d34e38d3ebaab6614c5fe8fa6c47bc7cf3591

SHA256
646a13d60f5a7478de72b1135a518652d9acdd82d4943cb57cf9d1d95ba47681

SHA512
33612685da60fdaa78853703ccd50dc9d0dc071eb01ffe565f7cd96c481ac132b8f955fd6c91d9530efb427b8cc43807792ea2ce0d9a4e5013ba4afebd4539e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0CF519C7\x64\coreclr.dll

Filesize
4.9MB

MD5
615d17308d83b63db00faafd2f43975c

SHA1
4d12ffd6c29057d20b146b81c5aa71ad23d9f99c

SHA256
1ef554db5d359354f6e6c6ebe9c31726e1dd092479dce4be4502e7d031653aa2

SHA512
6687bf6e9c0cc86c4fe400513ce898a79a9b514d99f2b6a371ebf5433aaeab00f1b14fdca1b6ce5bdd10c7b88129eef8713fb4e169cd4d19ee11d52476bb447b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0CF519C7\x64\hostfxr.dll

Filesize
377KB

MD5
b8d57c792c3fc5a405bfae7fdd471ebb

SHA1
d60d1ebf0f554005b7d6b0a6e66ac135aa45ebd9

SHA256
5ba9ded20b1a28daa809f60939543d7893a6f767402da4bd2c9ce57c4641226c

SHA512
c3fdb823a6a8a0bc0fc872f2816b423b1e760d2f0541b8c2ecf3432b284b6e2ee07568e4a841afa2e08d14d3900781c635dac553903ee70a70494073bd93b96d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0CF519C7\x64\hostpolicy.dll

Filesize
387KB

MD5
07d32c17cefc890238c9d4c836b21ad3

SHA1
8901bbd735f5366ff77733821fd0bfaee778b453

SHA256
61d3284520ffd8199f68642bbefd84336e35f6ae71ae6b9e4813a80f1bfd099a

SHA512
497ea9f6b59b78fa2dfa11916af53eb0d9e430d73374cde6564558031ef66703b22954d571404adb5957f3e635612c03be66ec872aae47a1de2321f2f078e7fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\pdnSetupShim.log

Filesize
135B

MD5
4663f629217ce5f63221c32463d87b07

SHA1
9de4d33b563511f2f50fc6431e5f7dedf33fb764

SHA256
87014cff0d5a76f8063380e521602a16eab99f513d30aaf1002a30c4b4d07297

SHA512
385dbe475d4ad5cf20143fb4087fc97bb6302d2b2251977234e5fd72c630abc119da1d9567b1d304e8bfc2a6a58449c5dfdd5a4b1845332669028e577b1d6e4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\pdnSetupShim.log

Filesize
1002B

MD5
405e04a61d51e55dec1e9c149213af4c

SHA1
393c7ada000c2b2f27d6fdf5e6b1247ccacbe8dc

SHA256
3d12b4a693506323aba612c383fdf6ad75125be5a1d03c09170027bbfc53c8c7

SHA512
2487d2114a2356f7165db444a5a6b6c7e3e4cdef4902ad654d0f37c31a5de8f5635266498afcc1d93cfbb28e8c21b211a25f08a5ebf4f07207d8db9a5cfdfe30

Download Submit
C:\Users\Admin\AppData\Local\Temp\pdnSetupShim.log

Filesize
775B

MD5
7df04bd31c97c1cf18c25789a63c9e58

SHA1
04d3a0a761c385dea3dc33d6d9e8652c0fa1f009

SHA256
9504374e01032d534c3e005f761052a577a9b03d224f93b932a3b5e765c47fa2

SHA512
a76962e0cc7fb8498c8f44495ee9ff837e71bdfbfe0898de1c026d2814292e7679e0345a830a98aaffe380436164972b698b9284073a76d241f8870295716f04

Download Submit
memory/4536-60-0x000001F0AD040000-0x000001F0AD052000-memory.dmp

Filesize
72KB

Download
memory/4536-57-0x00007FFCB5510000-0x00007FFCB5FD2000-memory.dmp

Filesize
10.8MB

Download
memory/4536-56-0x00007FFCB5510000-0x00007FFCB5FD2000-memory.dmp

Filesize
10.8MB

Download
memory/4536-55-0x000001F0944E0000-0x000001F094502000-memory.dmp

Filesize
136KB

Download
memory/4536-53-0x000001F0ACDA0000-0x000001F0ACE52000-memory.dmp

Filesize
712KB

Download
memory/4536-51-0x000001F092780000-0x000001F0927C6000-memory.dmp

Filesize
280KB

Download
memory/4536-58-0x00007FFCB5510000-0x00007FFCB5FD2000-memory.dmp

Filesize
10.8MB

Download
memory/4536-74-0x00007FFCB5510000-0x00007FFCB5FD2000-memory.dmp

Filesize
10.8MB

Download
memory/4536-50-0x00007FFCB5513000-0x00007FFCB5515000-memory.dmp

Filesize
8KB

Download
memory/4536-390-0x00007FFCB5510000-0x00007FFCB5FD2000-memory.dmp

Filesize
10.8MB

Download
memory/4536-1690-0x00007FFCB5510000-0x00007FFCB5FD2000-memory.dmp

Filesize
10.8MB

Download