c183a223158f94047bb5e6e332ee7b3af74516d8d3c9831c6c6efa75843995e1

Resubmissions

05-02-2025 22:11

250205-134ygawmaj 10

04-02-2025 03:17

250204-dtf4qavlgj 7

Analysis

max time kernel
42s
max time network
43s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
04-02-2025 03:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

paint.net.5.1.2.install.anycpu.web.exe
Size

1.2MB
MD5

9605c02b8bb135e3ffa6a20d7aa8b9e6
SHA1

435fcf847cc70da75f0a9e2fac07567b6871a02e
SHA256

c183a223158f94047bb5e6e332ee7b3af74516d8d3c9831c6c6efa75843995e1
SHA512

a75c3267d7d5fb77c6b4fd3acf401478ea1c70e9cd6c6df76bb5d7c20de43508545668ed0c704576deebe9abcaebbb9c2fdc5de860600688519729ddc55bda72
SSDEEP

24576:RQ0VuvoyQOLhTaEaweB7qJJT6F18o83b39VqeL:RQ0VYDfhTwOJTSW3Z9

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
3768	SetupShim.exe
1112	SetupDownloader.exe
828	paint.net.5.1.2.install.x64.exe
4720	SetupShim.exe
2172	SetupFrontEnd.exe

Loads dropped DLL 59 IoCs

pid	Process
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe
2172	SetupFrontEnd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 3 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2	SetupDownloader.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf50f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2	SetupDownloader.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f1030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2	SetupDownloader.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1112	SetupDownloader.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3768	SetupShim.exe
828	paint.net.5.1.2.install.x64.exe
4720	SetupShim.exe
2172	SetupFrontEnd.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 3468 wrote to memory of 3768	3468	paint.net.5.1.2.install.anycpu.web.exe	77
PID 3468 wrote to memory of 3768	3468	paint.net.5.1.2.install.anycpu.web.exe	77
PID 3768 wrote to memory of 1112	3768	SetupShim.exe	80
PID 3768 wrote to memory of 1112	3768	SetupShim.exe	80
PID 1112 wrote to memory of 828	1112	SetupDownloader.exe	81
PID 1112 wrote to memory of 828	1112	SetupDownloader.exe	81
PID 828 wrote to memory of 4720	828	paint.net.5.1.2.install.x64.exe	82
PID 828 wrote to memory of 4720	828	paint.net.5.1.2.install.x64.exe	82
PID 4720 wrote to memory of 2172	4720	SetupShim.exe	83
PID 4720 wrote to memory of 2172	4720	SetupShim.exe	83

C:\Users\Admin\AppData\Local\Temp\paint.net.5.1.2.install.anycpu.web.exe
"C:\Users\Admin\AppData\Local\Temp\paint.net.5.1.2.install.anycpu.web.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3468
- C:\Users\Admin\AppData\Local\Temp\7zSC8D02CD7\SetupShim.exe
  "C:\Users\Admin\AppData\Local\Temp\7zSC8D02CD7\SetupShim.exe" /suppressReboot
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3768
- - C:\Users\Admin\AppData\Local\Temp\7zSC8D02CD7\x64\SetupDownloader\SetupDownloader.exe
    "x64\SetupDownloader\SetupDownloader.exe" /SkipSuccessPrompt "C:\Users\Admin\AppData\Local\Temp\7zSC8D02CD7\SetupShim.exe" /suppressReboot
    3⤵
    - Executes dropped EXE
    - Modifies system certificate store
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1112
  - - C:\Users\Admin\AppData\Local\Temp\PdnSetupDownloader\d301c13f-5819-4228-8b1d-44c5564e6d98\paint.net.5.1.2.install.x64.exe
      "C:\Users\Admin\AppData\Local\Temp\PdnSetupDownloader\d301c13f-5819-4228-8b1d-44c5564e6d98\paint.net.5.1.2.install.x64.exe" C:\Users\Admin\AppData\Local\Temp\7zSC8D02CD7\SetupShim.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:828
    - - C:\Users\Admin\AppData\Local\Temp\7zSC3396CC7\SetupShim.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zSC3396CC7\SetupShim.exe" /suppressReboot C:\Users\Admin\AppData\Local\Temp\7zSC8D02CD7\SetupShim.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4720
      - C:\Users\Admin\AppData\Local\Temp\7zSC3396CC7\x64\SetupFrontEnd.exe
        
        "x64\SetupFrontEnd.exe" "C:\Users\Admin\AppData\Local\Temp\7zSC3396CC7\SetupShim.exe" /suppressReboot C:\Users\Admin\AppData\Local\Temp\7zSC8D02CD7\SetupShim.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zSC3396CC7\x64\PaintDotNet.Base.dll

Filesize
1.5MB

MD5
b9da44e77a40611d14130ec520160ca3

SHA1
916746adb386029cce4ea0d0e80bb6847d05da0e

SHA256
affc22e888e5349375e4b9c80ed69dac17c9423b5d243142d87f1344841619c4

SHA512
94564f421ddd44226ff2d7d4573365a45ee2a224d90c8296df7b59a704ce031832ad3e16a35d00b2b84c122a43d58fa4189f5d9c5b8b72ef547a1987954a7e8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC3396CC7\x64\PaintDotNet.ComponentModel.dll

Filesize
447KB

MD5
152cfced447b556868c2e9595df449b0

SHA1
c3dbe523567bcc5536737f0119968ef23a42864e

SHA256
3de8e4de98e88d4979c3d0f0b23dd44612508e2e9da64d11d9aa631e37f12588

SHA512
7db961fbe2f521d94c26fd3b5e7f17b6abd926ecbe89ef096ea8484dd98f2ee893bd4396da646a28bed3629c1ad745df2541d9672936b6b586d3ff02be69509b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC3396CC7\x64\PaintDotNet.Core.dll

Filesize
9.7MB

MD5
99b812b1ba96443255885ad2bf9d837a

SHA1
04151b7c4384a5bfa5e61e96fe614a06815b92d5

SHA256
4dab0b3689139e63362fb726c2ddec75d847714b4135ee5b5a40bdcedacf3063

SHA512
112d2debed49145274eacdea13af2ca9a12b186fbb90d78331e002ed941e155e585d4107702d453595fe8249e86ff6fe79446d9033305c5c5922ea7a0d320591

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC3396CC7\x64\PaintDotNet.Framework.dll

Filesize
4.7MB

MD5
207d70e2896dfffe998e62ab55c97259

SHA1
085e19a473b0279f9f3e2afdb6d52bdefe273681

SHA256
a55403bb0e12f371779ab765dcb1287a4c87345754c9e61946f51fde59355e95

SHA512
c40d818f25e206ead0a0f132e567193f086aa27fcfdf18dcc5f240bdda99874c0a9d8512dcce9d81ff4478fd8d1fda4b56127007b45edb45604d1310fa2377ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC3396CC7\x64\PaintDotNet.Fundamentals.dll

Filesize
2.3MB

MD5
a73f502ded209762a3e309576f5d8a0e

SHA1
c37c5c6e7fc24476957ac03b0e0cc74929eb1e88

SHA256
5a2008d463e22e0200ac1c8889276cee6e04b0be0116d20350ef9b1708a3dbd1

SHA512
c1b9a9c4d179c77bea6fe6c161eb7c39ffc8e489f8d830d9db16b9c8824ddf8c0d6cdb8bac59c178492cf34241ea8a56bb31637d213cd5b95e59cd4c28f5cdc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC3396CC7\x64\PaintDotNet.ObjectModel.dll

Filesize
1.3MB

MD5
08065ea989d06b6196663898b16218af

SHA1
6a8fe60bc3090e911bc9afabe8241972a74967c1

SHA256
62205fb6800082f6dbaf6ba16c05fd2176056bce069c4eef033c7e4de518bce0

SHA512
90f69640afb425290ea8cfe7a4283a4ce525c4101c17864b154f7550d46b83497b7e071306fb851689785011fab0841c231c0230a6be47fd30a9d4a27e06190c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC3396CC7\x64\PaintDotNet.Primitives.dll

Filesize
2.7MB

MD5
7adefcd24c37b102bf61b33404501250

SHA1
3dc91154fe9cc2dfc867f0accb224503dd20b270

SHA256
08acb48c14e5527e1ea7c1254dbb9a557eeed5078aa5620f2303de57b6d0495c

SHA512
448c48e248553625be2626d3a72abff49e7d41b188b138bdffb460bc29174b0eebe2bc309979850bc38033579cc11d4f90a87f98d93bc10cdd0eaae797c773a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC3396CC7\x64\PaintDotNet.Runtime.dll

Filesize
591KB

MD5
f04c0ae26a65c61e8e9cc62dc9b4e23d

SHA1
4f7eb28d56f8f4a6ccdd669666714b5b44203bfc

SHA256
616697ae7ba86d6ab3babd02e076708baa1cfc1c0d3c90c8618c7cd424151d32

SHA512
2f55d1e5849a7992a5c7d905fdce4e2ec016158a7e0bfad3836f9ba9eef0ddf8ed0c1582cc4cba6fe7b9a0750371efeae7f07f700a2d089144f62516e7f7f4f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC3396CC7\x64\PaintDotNet.Strings.3.co.resources

Filesize
185KB

MD5
60cf2fc26e2f17fc76643e8174a89e57

SHA1
aa665fed9bb39845f90debd5e6275de03ec58550

SHA256
e6797c8b5cb487d794f25d75939adb954acb7fa524ee7785e0a9c7fd094d9aee

SHA512
97715df115135ebce54b1d46eeffc82854654014cb09dec307a8ccfdf3de8c35de7f4d66d13aaee45ea5ea8cb3a49f08c42085db044a92df8295956f39d14ad1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC3396CC7\x64\PaintDotNet.Windows.dll

Filesize
6.4MB

MD5
ca1702fb927498ecd4db589137bfd062

SHA1
c239956d233c9f6f7f489c656aa1e44b80c92fd1

SHA256
8599f62e1f6d794d781582871859ee5f53facc9e7f7ce3b616972e5ab1c3c62a

SHA512
bd2d9ada3d583ff9eb5e03ef1e725f4bc09112c5f1d564d8ac976039eeaf79a7cb02a5c35a7abd28ddcefa26ee380a923124c53500100bd9e6e8e6f212a04b97

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC3396CC7\x64\SetupFrontEnd.deps.json

Filesize
63KB

MD5
36bbbede3837bc12e75b474422257c8f

SHA1
2cf679e696e63fc7c0c21608b5c2e792ec7b0d01

SHA256
9550b6bf61a36d17bd8d899a7a54a234005ab2e315e7376b66c188ee288c7b8a

SHA512
355da9d2bf800a649fba9404c268ada959767ee42f4bfbb8e5bf250ae5ace0e2ed66ebfa2081fb9b2774a8f22bc7a031c0c2429b38de1dfbf7af4ebfefa78784

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC3396CC7\x64\SetupFrontEnd.dll

Filesize
1.1MB

MD5
72abb21d17d13ca29e7739003d9d1435

SHA1
4e83382a2d4cfc5998c0bd3285db3016eb5b37c4

SHA256
1788f4c63ce6e88f8675655c096d5ed5e76c8d006e46f8fc7218dcfe191b786f

SHA512
4ac3fd62eb41657476c4a7a7a34600ea891743b8a01a3103eb32f433150e298bf8480292d386bcccedcad76ecc08cd56e99015eb84ec543024902f405e337986

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC3396CC7\x64\SetupFrontEnd.exe

Filesize
158KB

MD5
9000a308f6b543dd9a8885f815fccd88

SHA1
eb76a9a121e3eaba50d077917e9a439f5796fad2

SHA256
b2b0e2b261f0c2ee31daeba00e9ec9dda3eaf2100a58db1a4bbf85a806d4c221

SHA512
66d39d574e42784274ff08c954fd28ca988f6ac802f34cfc9b67e774703701b31e7ab51ef740e85682af7e9f6a3f336ba260c5c329857b3eb8807d7e70fe55be

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC3396CC7\x64\SetupFrontEnd.runtimeconfig.json

Filesize
526B

MD5
51044ca9e4d2f6cb7f95fd82dde88a5c

SHA1
9565bd3d596a5286dd7f51ed9244d5fb36c6ded4

SHA256
ac9abee630c7ab8bb6d68510ba05342e4fd6942d59e17e451f0fd45146c3593a

SHA512
db07e80145dc9a2d8066a38917fcc42d47235e199e38a8a1ffecb25ae7ddabd4e7c2f53c31e8bf52419e01679b361b6b40f0e2d8c68dad095d752feba0004e54

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC3396CC7\x64\System.Collections.Concurrent.dll

Filesize
286KB

MD5
5b8d600348208d9b582f56eafcf2fd95

SHA1
b05ca2fcd177011cf85dfe8c911c1c14c4c09eb2

SHA256
28cc7289da3c11d5c125d10f1017b7fd1b44a8b8bba536ce3d3cadb3ae95c040

SHA512
be202db79a3e42ebc81b697c55c31f7357e0489d7cdf4e728621a0bbf4b5ff294782c3a215f9b310490ecbdc85bf97be676af67ca77319ebaec85bb673cd1722

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC3396CC7\x64\System.Collections.Specialized.dll

Filesize
102KB

MD5
974758eace7546270affc9eab518472b

SHA1
a5e85ec41ca66ac66a02a95d5cb44efeb3e26766

SHA256
97c0417d370b142ac48049930602b8a4e84137abba8a26cbe3cf719afdc18dbd

SHA512
7551f6ec01a278f7471e3afe9ae658e08ae43ef91525af7cde3bce3d0edba96cbb34bd4a06f82cbc6597a7beef68198b20bc7c315212e581d9a75809afabf4b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC3396CC7\x64\System.ComponentModel.Primitives.dll

Filesize
78KB

MD5
4932fdb2dfb7ae23baad5ff37432a3cd

SHA1
8842ea609cea0a7e141ae310430dd542eb5153fa

SHA256
773b4ee10fd3680925690a26078fd66f4d7009aa9a4eac1a9f44adc6f20f5578

SHA512
664a2781dacff798f0e09505534d0b2798be76bada60dd6cd4c05e20094ab8841c52c0f011befc7c60b34a621139593a4863b1c82cdb9dde0d69cd6f99a84c03

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC3396CC7\x64\System.ComponentModel.dll

Filesize
30KB

MD5
2eaf19bed6f68ceaa44482c10415dc1c

SHA1
9071d4b9f6d023cded85115fc0f66fac2bf7c730

SHA256
aceb9792fc8de4d3f7d5add78fbbb6d3b909cac1ac984a2faf46672f290e7c70

SHA512
b644d389d97fb3dd50bf85d025a4585a89561ba0055097962af5ed3e7b6cbbbc6ee2e124d90d6ac21216c03455da915458e2bd6f18ba8671fa7eab4898b9ce4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC3396CC7\x64\System.Drawing.Primitives.dll

Filesize
134KB

MD5
39e0c2434469afe34c4832fcecc42306

SHA1
28d628e55c1ce588153e0008df10b50a4e5d5da8

SHA256
d01efd19a3d9647f3f3abf8c58c8c21794fd89caa43712970c41a1ecd44949db

SHA512
82efe2dba426d435a2bc161965751b74e76733988ac1ba5712ef99cc2c3ec9031f8b82b45112ed9083e9b27038aa4d46ea337dd78684f0f32b8675483edd2d1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC3396CC7\x64\System.Private.CoreLib.dll

Filesize
14.6MB

MD5
5f4c67670c40f51e2dc270f3c3056a41

SHA1
7f98974a161b72e758a6f1f8ae93ab35a6da777b

SHA256
1843c1c812fb7a32f24876f9581f420670d0d5b5b83c2f287a0474dd1e2df512

SHA512
8c7b48af83e03f20af9c706adf3e66d5c6e430599941729963ff6f196a71a1f51998116259a13432731f43032910a467a8263e7ed85620577fccd64f502b46f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC3396CC7\x64\System.Private.Windows.Core.dll

Filesize
1.2MB

MD5
1805799aa58fbffbdb1f57cb6b92fe70

SHA1
8a5a24581be0d98340d4089920127d964e954bb8

SHA256
6445a7126cf43e45fe126604680fc7066445a3ed7c27b22c832936fa5f4bb8b0

SHA512
f8258e6fbc5ccef1b669bcc956df3a7073f7efc057a0c792ca58b8a4595f496c79eb10a5e04b6acaef420e7edeaa0787d56709a78dd5fe78bd111256d3fe5718

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC3396CC7\x64\System.Runtime.InteropServices.dll

Filesize
110KB

MD5
68320d69b7c794f068e4c79c95b29dc9

SHA1
e7c289c47f3de8f36fb4a431443cf618d8f828d7

SHA256
d6c984657a7171427dcec5aa202afeef498a943d11e0a125675f7b8729059788

SHA512
df6e0b3f08fcbcd039b09fc634030394759f685d50bd8143e31bae23168fb802e158f25efdecaf593f18536a7c52a93edbb251c4a80f6c5d54e1f6d4027fe5a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC3396CC7\x64\System.Runtime.dll

Filesize
43KB

MD5
4ac1d30956c8d81ed363c98d33d4c330

SHA1
b5624c1cc703f8fa250684c65abad5c6bf242d1d

SHA256
2ff1309149bbc5f1e68200a9e3d14cd9f10e346e501fcd8df6ac9956dea339f1

SHA512
4710f38cf94541457386ff6a5f286b2793c90b64f6e353be366d23d6aed8e117a12f5838041dd9daf105242c4f4f811f49cd4c94664d9e09ba191dc6a504ddbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC3396CC7\x64\System.Windows.Forms.Primitives.dll

Filesize
3.8MB

MD5
1be30686459f3a663fb83ae3fede8ebc

SHA1
9996cf4ddfd6b662650df62c6b1021f9d22f5176

SHA256
4c167a911be62817985c3e6910c4d9cda2f38abc2cb7d0bc4bff19e8a129bfd9

SHA512
67e98b426b0bdf157139d192e0f30771d8d4f9f680724547d36949bd76965e6ed2ad215071c2a774709655ad59914c616b55549133bfdc30d7b1f91b798b982b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC3396CC7\x64\System.Windows.Forms.dll

Filesize
13.1MB

MD5
36eefbdff01be8a8c5247dd3a14fbc82

SHA1
f5dbd9087c49a661ea70ea7eae614e9257ca0f03

SHA256
917acaa90b890ceb6d933ebe34eee7158114a0cf49e8865571d43f60caada2fd

SHA512
8689ec6eb9914cdc6e8c8eb8e86916024b770ee2f3e44349459833ce98cd4ffad425930da93c0081f4ab93b35e116c082544fb2772e3dd0cf41de31708b26bcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC3396CC7\x64\TerraFX.Interop.Windows.dll

Filesize
1.3MB

MD5
81bf1fa4d9f576872428f69f8c3f74d5

SHA1
7f381b42f5531c8f9b73a6e06cacb43287a52987

SHA256
ef45a69409e91fb25d90f3eaf744a7985fb66c6c57567d417de7d7c74b9dc49b

SHA512
b7fbbd67bab0679c54e460adfa74052b5767496b6b341406ec817643b916db36f60a3df44d05298ff9afec7be60a418db68e3f54b0d5bef9265be378da57e576

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC3396CC7\x64\coreclr.dll

Filesize
4.6MB

MD5
632fb94138df6d348f4cf4050e7d5094

SHA1
07109b94597f7d3a320400dfcb03d00889a25d18

SHA256
8324c9324006bd22f33ad109f8d30d677c349942ae322a5612599908d2ed8663

SHA512
5cc0c88eebc055faf62ec6ab8ac5eb1cbdd3ab06f60b49fde9fca010657bb1a76786fe726ac841674c4b75c33f2ec590978e0052373bba1bc3893ba2b93eaeb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC3396CC7\x64\hostfxr.dll

Filesize
350KB

MD5
958e70e3523a0cf753d2e050884d8522

SHA1
73eae31adbc79e1430351eb4f561732189ecc724

SHA256
82253f5f4487b9d928cd720f701066041450a22a9b9bc2a09b4a5ee539ebccb3

SHA512
45bb8bee3000ee64c737ad7ee49958d1534f0ccbb87cacbc8cf35b69994b730da84aafd19370af5fe2189e8d3866944a480b7c33cec7f5a387e94886ab62360f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC3396CC7\x64\hostpolicy.dll

Filesize
366KB

MD5
142d64a5cfb3e458c4ef6164982fcf3f

SHA1
bd1fb52dac36cd47cfed7b6994ce252fe60a9aaf

SHA256
34d50123269e90ecabfbd93cb08521c4746f84f40a81863426c1b025c18da859

SHA512
0f6111cc70c5d28d3af260f7fa0fed137dc5493995dba32ed4a9d0b0b6a5b40a1990cb549a9b091fcfde9557de502e7a9ef9a1e957beb95b1a9276f8d3ca8ff9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC8D02CD7\SetupShim.exe

Filesize
184KB

MD5
68d92aa0798783c1d5fc6082635715b0

SHA1
f8f1a3574461d69aceb68afb639893b7eca42b7d

SHA256
3e55309376ebf0a69ed84f60a1a5ff1131f911d7a8e42e9f0467281fa63391f3

SHA512
1c7565124dc5382699dd9fff491694a6a03c9038b9fb72a5916fc00354e6718026d6dacf3ac9885ddd5abd95ec2307110be7c9a5444acbcf826daa99f779197a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC8D02CD7\x64\SetupDownloader\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC8D02CD7\x64\SetupDownloader\SetupDownloader.Configuration.json

Filesize
135B

MD5
6df7f325b73c57f0d0edfde0cb3f709a

SHA1
3f04ca43c4161c3cce530d3378a854148107e949

SHA256
9bba7887079e90c9cf59e75d9db75b5a57ce456e50e7c8057c06879e2e60645a

SHA512
5bd9c0576603685842c7d391004b340e7e2b5e8c543f2e1fd33518910c286cb7dce5e92b90b32e4631d719436006f78c4b57b55b98cd89cc3d9ad1c5f4b0768c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC8D02CD7\x64\SetupDownloader\SetupDownloader.exe

Filesize
274KB

MD5
c40da93c67953afbdf1d73531933c1b8

SHA1
496d27ccf102cf46f68bd0d5f6834299025da561

SHA256
acc1f503ef4574977c2dd59b039316a1b2e9bb97b32b47e6aef1b050bf7c2cea

SHA512
67deed851d7f1a2fb98b3f2b137542b2fe84d7fb3fed965188acbfbabbf4b10ed356a0f82326154e81d9c949b07a6c49bd9636ac3c35acdc6e47deaa024159d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC8D02CD7\x64\SetupDownloader\SetupDownloader.exe.config

Filesize
218B

MD5
59efd5b23c940deca60238b287720310

SHA1
0067c8388dd359af895a1ca854970bdaf4e58f6e

SHA256
907801fc6262ae2e70f9ad104f903e3580f195bbab4ad27d79c9e571da970d86

SHA512
8ed8f6fe3564bdda0bd85752a15e7ec9380df8f366dcef9dedb826e5b62c188000ee79b7cbf61d1c01b7bcab92562a4895794f4ed540e943299973e3dee4270f

Download Submit
C:\Users\Admin\AppData\Local\Temp\pdnSetupShim.log

Filesize
135B

MD5
5cd6823085f4134d7bf0878913242a3b

SHA1
9ec5809fd049b9258543f52bf9d82d30b9c6e4d0

SHA256
a9b23d97c9b8188d8df82347a94595e30ae911edb0cbb1519f3d35cb584b4801

SHA512
7bfabadb7660bb35f928b064dcd5375ae434263419ad123a85d3eda6b2ebed949ccef5f204c4cf5b236236e1e55308c2396e28e6f4563c1b0a36451fb18f9d65

Download Submit
C:\Users\Admin\AppData\Local\Temp\pdnSetupShim.log

Filesize
930B

MD5
28dcf55262c67eed82f3b099c7ccff8c

SHA1
4b995571e9575f8414e23b39376737421ede4dec

SHA256
2f8249964ab24b46e17129ad7f5c2eb7086d2037317cdc1c7655354ca24b30da

SHA512
19edde4a59113618f35a706582147a8f65e62d22e854d542b8931a3f3a270e42b1cb1909329a0a408bc20fb7f97741f583c23f7b74eaac7821bc075d6e5bc3ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\pdnSetupShim.log

Filesize
773B

MD5
fea7e3c9077b00b3674ca330b62e1157

SHA1
2643ba2dc4aa9915d4454875ffc5f8fc0c7b07e6

SHA256
09f7cb7abd033ee124813b0bff9533bee4a57db4e96c1e3fc45a95b7e25a82b5

SHA512
39774959beaff852edabe69fc1164aaaf281014a57235646d17f8a33c4cbc1f6fd0b352f6a32c19426a1fc02a73749f1ee5bddb02624febafcbb282c2f9a1e0f

Download Submit
memory/1112-50-0x00007FFF95453000-0x00007FFF95455000-memory.dmp

Filesize
8KB

Download
memory/1112-51-0x000002710E580000-0x000002710E5C6000-memory.dmp

Filesize
280KB

Download
memory/1112-58-0x000002712A740000-0x000002712A752000-memory.dmp

Filesize
72KB

Download
memory/1112-56-0x00007FFF95453000-0x00007FFF95455000-memory.dmp

Filesize
8KB

Download
memory/1112-53-0x0000027128E00000-0x0000027128EB2000-memory.dmp

Filesize
712KB

Download
memory/1112-55-0x0000027128B90000-0x0000027128BB2000-memory.dmp

Filesize
136KB

Download