File name:

paint.net.5.0.13.install.x64.exe

Full analysis: https://app.any.run/tasks/f7e1448d-1f1b-4086-9680-bdaf7d502235
Verdict: Malicious activity
Analysis date: October 18, 2024, 10:05:08
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

A910361558E67A37451C94C284F9E993

SHA1:

94A78D4026D5438FD1332A1EEBDF38691B2994F2

SHA256:

4730C736870F20DA06A0A322BECFA05EB63E862A7A36385339F54965C911E15A

SSDEEP:

786432:RnVH6JdGjw1+SBWjb4WFP7oEHOyw5Rwg/Y0h9yKUY0Ja:RnVHkdGjyBWjbXnun5RwgJh9yKUY0g

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • paint.net.5.0.13.install.x64.exe (PID: 7080)
      • msiexec.exe (PID: 1376)

    • The process creates files with name similar to system file names

      • paint.net.5.0.13.install.x64.exe (PID: 7080)

    • The process drops C-runtime libraries

      • paint.net.5.0.13.install.x64.exe (PID: 7080)
      • msiexec.exe (PID: 1376)

    • Executable content was dropped or overwritten

      • paint.net.5.0.13.install.x64.exe (PID: 7080)

    • Reads security settings of Internet Explorer

      • paint.net.5.0.13.install.x64.exe (PID: 7080)

    • Executes as Windows Service

      • VSSVC.exe (PID: 920)

  • INFO

    • Reads the computer name

      • paint.net.5.0.13.install.x64.exe (PID: 7080)
      • SetupShim.exe (PID: 6168)
      • SetupFrontEnd.exe (PID: 7148)

    • Checks supported languages

      • paint.net.5.0.13.install.x64.exe (PID: 7080)
      • SetupShim.exe (PID: 6168)
      • SetupFrontEnd.exe (PID: 7148)

    • Create files in a temporary directory

      • paint.net.5.0.13.install.x64.exe (PID: 7080)
      • SetupShim.exe (PID: 6168)

    • Process checks computer location settings

      • paint.net.5.0.13.install.x64.exe (PID: 7080)

    • The process uses the downloaded file

      • paint.net.5.0.13.install.x64.exe (PID: 7080)

    • Sends debugging messages

      • SetupShim.exe (PID: 6168)

    • Creates files in the program directory

      • SetupFrontEnd.exe (PID: 7148)

    • Manages system restore points

      • SrTasks.exe (PID: 5832)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 1376)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:03:05 23:29:49+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.4
CodeSize: 536576
InitializedDataSize: 195584
UninitializedDataSize: -
EntryPoint: 0x36d21
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 5.13.8830.42291
ProductVersionNumber: 5.13.8830.42291
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: paint.net Setup
FileVersion: 5.13.8830.42291
InternalName: SetupSfx
LegalCopyright: Copyright © 2024 dotPDN LLC, Rick Brewster, and contributors. All Rights Reserved.
OriginalFileName: SetupSfx.exe
ProductName: paint.net
ProductVersion: 5.13.8830.42291
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
127
Monitored processes
11
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start paint.net.5.0.13.install.x64.exe setupshim.exe setupfrontend.exe vssvc.exe no specs SPPSurrogate no specs srtasks.exe no specs conhost.exe no specs msiexec.exe paintdotnet.exe no specs paintdotnet.exe no specs paint.net.5.0.13.install.x64.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
920C:\WINDOWS\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
948"C:\Users\admin\Desktop\paint.net.5.0.13.install.x64.exe" C:\Users\admin\Desktop\paint.net.5.0.13.install.x64.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
paint.net Setup
Exit code:
3221226540
Version:
5.13.8830.42291
Modules
Images
c:\users\admin\desktop\paint.net.5.0.13.install.x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
1156\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeSrTasks.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1376C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
3276C:\WINDOWS\system32\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}C:\Windows\System32\dllhost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
COM Surrogate
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\msvcrt.dll
4312"C:\Program Files\paint.net\paintdotnet.exe" /setupActions /install DESKTOPSHORTCUT=1 PDNUPDATING=0 SKIPCLEANUP=0 "PROGRAMSGROUP=" /disablePGO /skipEstablishNVProfile /skipRepairAttemptC:\Program Files\paint.net\paintdotnet.exemsiexec.exe
User:
admin
Company:
dotPDN LLC
Integrity Level:
HIGH
Description:
paint.net
Exit code:
0
Version:
5.13.8830.42291
Modules
Images
c:\program files\paint.net\paintdotnet.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
5512"C:\Program Files\paint.net\PaintDotNet.exe"C:\Program Files\paint.net\paintdotnet.exeSetupFrontEnd.exe
User:
admin
Company:
dotPDN LLC
Integrity Level:
MEDIUM
Description:
paint.net
Version:
5.13.8830.42291
5832C:\WINDOWS\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:12C:\Windows\System32\SrTasks.exedllhost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft® Windows System Protection background tasks.
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\srtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
6168"C:\Users\admin\AppData\Local\Temp\7zS8ABE1B79\SetupShim.exe" /suppressRebootC:\Users\admin\AppData\Local\Temp\7zS8ABE1B79\SetupShim.exe
paint.net.5.0.13.install.x64.exe
User:
admin
Company:
dotPDN LLC
Integrity Level:
HIGH
Description:
paint.net Setup Bootstrapper
Exit code:
0
Version:
5.13.8830.42291
Modules
Images
c:\users\admin\appdata\local\temp\7zs8abe1b79\setupshim.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
7080"C:\Users\admin\Desktop\paint.net.5.0.13.install.x64.exe" C:\Users\admin\Desktop\paint.net.5.0.13.install.x64.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
paint.net Setup
Exit code:
0
Version:
5.13.8830.42291
Modules
Images
c:\users\admin\desktop\paint.net.5.0.13.install.x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
11 860
Read events
11 016
Write events
803
Delete events
41

Modification events

(PID) Process:(7148) SetupFrontEnd.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
480000000000000022E23D574521DB01EC1B0000E0080000D50700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7148) SetupFrontEnd.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
48000000000000005A583E574521DB01EC1B0000E0080000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7148) SetupFrontEnd.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Leave)
Value:
48000000000000004E3876574521DB01EC1B0000E0080000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7148) SetupFrontEnd.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Enter)
Value:
48000000000000007C6076574521DB01EC1B0000E0080000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7148) SetupFrontEnd.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Leave)
Value:
4800000000000000C8A578574521DB01EC1B0000E0080000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7148) SetupFrontEnd.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
4800000000000000D5D47D574521DB01EC1B0000E0080000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7148) SetupFrontEnd.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
Operation:writeName:LastIndex
Value:
11
(PID) Process:(7148) SetupFrontEnd.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGatherWriterMetadata (Enter)
Value:
480000000000000068BBF3574521DB01EC1B0000E0080000D30700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7148) SetupFrontEnd.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\VssapiPublisher
Operation:writeName:IDENTIFY (Enter)
Value:
4800000000000000A9DCF6574521DB01EC1B0000E80F0000E8030000010000000000000000000000C4683FAE14F75747A7B14D7D196C6E0200000000000000000000000000000000
(PID) Process:(920) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\COM+ REGDB Writer
Operation:writeName:IDENTIFY (Enter)
Value:
480000000000000014EFFF574521DB019803000088170000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
602
Suspicious files
142
Text files
207
Unknown types
10

Dropped files

PID
Process
Filename
Type
7080paint.net.5.0.13.install.x64.exeC:\Users\admin\AppData\Local\Temp\7zS8ABE1B79\x64\clrgc.dllexecutable
MD5:59482276B8EB99206FCA05AC40B61F2C
SHA256:75826ED0FCE219731574AB595D7A2F03E6DAEB377EF907979BE18F0D54287AD7
7080paint.net.5.0.13.install.x64.exeC:\Users\admin\AppData\Local\Temp\7zS8ABE1B79\x64\Accessibility.dllexecutable
MD5:08423B4791A85F7F4CA044D6D8C7A46D
SHA256:64CCE776532C2270B5ACF4829BB17A2A21C99E66767BFC9FB4103CBBC166095D
7080paint.net.5.0.13.install.x64.exeC:\Users\admin\AppData\Local\Temp\7zS8ABE1B79\x64\hostpolicy.dllexecutable
MD5:07D32C17CEFC890238C9D4C836B21AD3
SHA256:61D3284520FFD8199F68642BBEFD84336E35F6AE71AE6B9E4813A80F1BFD099A
7080paint.net.5.0.13.install.x64.exeC:\Users\admin\AppData\Local\Temp\7zS8ABE1B79\x64\clretwrc.dllexecutable
MD5:FEB8874AE822035DC09B34641DD72D08
SHA256:849AFBF4AE3333606E82C1E45201257B82E99BC70642B0EF42E61CA7C5D39544
7080paint.net.5.0.13.install.x64.exeC:\Users\admin\AppData\Local\Temp\7zS8ABE1B79\x64\Interop.WIA.dllexecutable
MD5:ABF9526A11FCB5DD933C9027A32ED864
SHA256:EB5CD0A5D132FFC66179485A376E15F5DC09E26A8D6F8B3BD96C67558BE56983
7080paint.net.5.0.13.install.x64.exeC:\Users\admin\AppData\Local\Temp\7zS8ABE1B79\x64\Microsoft.DiaSymReader.Native.amd64.dllexecutable
MD5:804B9539F7BE4ECE92993DC95C8486F5
SHA256:76D0DA51C2ED6CE4DE34F0F703AF564CBEFD54766572A36B5A45494A88479E0B
7080paint.net.5.0.13.install.x64.exeC:\Users\admin\AppData\Local\Temp\7zS8ABE1B79\x64\Microsoft.CSharp.dllexecutable
MD5:8AE9C696033A6125F4091D69DABB02EA
SHA256:FA0E611DA4DEBC26138125442815075F09A8EAFD6E88FCEA0A89EB657338A797
7080paint.net.5.0.13.install.x64.exeC:\Users\admin\AppData\Local\Temp\7zS8ABE1B79\x64\DirectWriteForwarder.dllexecutable
MD5:98EA53407ECC97B9AD7592260F589330
SHA256:ED89396CCB1553B460B265F319621BAA60C63511B95BDC4D2FB26C835BD41C16
7080paint.net.5.0.13.install.x64.exeC:\Users\admin\AppData\Local\Temp\7zS8ABE1B79\x64\K4os.Compression.LZ4.dllexecutable
MD5:A1944E4E58324602F32D7B4F7BEA2F31
SHA256:40592047836074B4DE7FB4747D8FD2EB40832723147125AFDAA28CB11117F0A4
7080paint.net.5.0.13.install.x64.exeC:\Users\admin\AppData\Local\Temp\7zS8ABE1B79\x64\License.txttext
MD5:078448A602541FE9EE3F4BDBEDD7C6D7
SHA256:5EDB9439E3F86F7A4490E70953FCF187275861C8F478325B7976186B4CDCD7E5
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
13
TCP/UDP connections
31
DNS requests
11
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1376
msiexec.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Identity%20Verification%20Root%20Certificate%20Authority%202020.crl
unknown
whitelisted
6944
svchost.exe
GET
200
2.16.164.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6944
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1376
msiexec.exe
GET
204.79.197.203:80
http://oneocsp.microsoft.com/ocsp/MFQwUjBQME4wTDAJBgUrDgMCGgUABBTDHsfuqfubd3pihvq4mgQVWgHWNwQUyH7SaoUqG8oZmAQHJ89QEE9oqKICEzMAAAAHh6M0o3uljhwAAAAAAAc%3D
unknown
whitelisted
1376
msiexec.exe
GET
200
204.79.197.203:80
http://oneocsp.microsoft.com/ocsp/MFQwUjBQME4wTDAJBgUrDgMCGgUABBTOQYLFSE5GO%2FpaRVfYu7d9gZEbQAQU2UEpsA8PY2zvadf1zSmepEhqMOYCEzMAAAAHN4xbodlbjNQAAAAAAAc%3D
unknown
whitelisted
1376
msiexec.exe
GET
200
204.79.197.203:80
http://oneocsp.microsoft.com/ocsp/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRBq81UG1MnDOVNKqff0SSEz6JuZwQU6IPEM9fcnwycdpoKptTfh6ZeWO4CEzMAANAB%2BkQngDU4pFIAAAAA0AE%3D
unknown
whitelisted
1376
msiexec.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ID%20Verified%20CS%20AOC%20CA%2001.crl
unknown
whitelisted
GET
50.87.184.106:443
https://www.getpaint.net/updates/anonymous_install_ping/v5.13.8830.42291_result_0
unknown
GET
50.87.184.106:443
https://www.getpaint.net/updates/v9/manifest.os1000.x64.json
unknown
1376
msiexec.exe
GET
200
204.79.197.203:80
http://oneocsp.microsoft.com/ocsp/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRBq81UG1MnDOVNKqff0SSEz6JuZwQU6IPEM9fcnwycdpoKptTfh6ZeWO4CEzMAANAB%2BkQngDU4pFIAAAAA0AE%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2.23.209.130:443
www.bing.com
Akamai International B.V.
GB
whitelisted
4
System
192.168.100.255:138
whitelisted
6944
svchost.exe
2.16.164.120:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
239.255.255.250:1900
whitelisted
6944
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
1376
msiexec.exe
204.79.197.203:80
oneocsp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1376
msiexec.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
7148
SetupFrontEnd.exe
50.87.184.106:443
www.getpaint.net
UNIFIEDLAYER-AS-1
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
www.bing.com
  • 2.23.209.130
  • 2.23.209.140
  • 2.23.209.187
  • 2.23.209.135
  • 2.23.209.189
  • 2.23.209.149
  • 2.23.209.142
  • 2.23.209.186
  • 2.23.209.143
  • 92.123.104.27
  • 92.123.104.31
  • 92.123.104.30
  • 92.123.104.33
  • 92.123.104.28
  • 92.123.104.34
  • 92.123.104.29
  • 92.123.104.26
  • 92.123.104.32
whitelisted
google.com
  • 142.250.185.238
whitelisted
crl.microsoft.com
  • 2.16.164.120
  • 2.16.164.49
whitelisted
www.microsoft.com
  • 95.101.149.131
  • 23.35.229.160
whitelisted
oneocsp.microsoft.com
  • 204.79.197.203
whitelisted
self.events.data.microsoft.com
  • 20.50.201.204
whitelisted
www.getpaint.net
  • 50.87.184.106
whitelisted

Threats

No threats detected
Process
Message
SetupShim.exe
--- paint.net SetupShim starting, lpCmdLine='/suppressReboot', nCmdShow=1
SetupShim.exe
SetupShim.exe
CoInitializeEx() returned 0
SetupShim.exe
SetupShim.exe
GetNativePlatformID: detected Win10 v1709+, using IsWow64Process2()
SetupShim.exe
SetupShim.exe
GetNativePlatformIDWin10v1709: IsWow64Process2() returned processMachine=332, nativeMachine=34404
SetupShim.exe
SetupShim.exe
GetNativePlatformID: GetNativePlatformIDWin10v1709() returned x64
SetupShim.exe
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
paint.net.5.0.13.install.x64.exe