ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Trojan.MulDrop7.37762

Added to the Dr.Web virus database: 2017-08-22

Virus description added:

Technical Information

To ensure autorun and distribution:
Modifies the following registry keys:
  • [<HKLM>\SOFTWARE\Classes\Paint.NET.1\shell\open\command] '' = '"%ProgramFiles%\Paint.NET\PaintDotNet.exe" "%1"'
Malicious functions:
Creates and executes the following:
  • '%ProgramFiles%\Paint.NET\SetupNgen.exe' /install DESKTOPSHORTCUT=1 PDNUPDATING=0 SKIPCLEANUP=0 "PROGRAMSGROUP=" QUEUENGEN=1
  • '%TEMP%\7ZipSfx.000\Kur.exe'
Executes the following:
  • '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ngen.exe' install "%ProgramFiles%\Paint.NET\PaintDotNet.Resources.dll" /queue /AppBase:"%ProgramFiles%\Paint.NET"
  • '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ngen.exe' install "%ProgramFiles%\Paint.NET\PaintDotNet.Core.dll" /queue /AppBase:"%ProgramFiles%\Paint.NET"
  • '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ngen.exe' install "%ProgramFiles%\Paint.NET\PaintDotNet.SystemLayer.Native.x86.dll" /queue /AppBase:"%ProgramFiles%\Paint.NET"
  • '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ngen.exe' install "%ProgramFiles%\Paint.NET\PaintDotNet.SystemLayer.dll" /queue /AppBase:"%ProgramFiles%\Paint.NET"
  • '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ngen.exe' install "%ProgramFiles%\Paint.NET\PaintDotNet.exe" /queue /AppBase:"%ProgramFiles%\Paint.NET"
  • '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ngen.exe' install "%ProgramFiles%\Paint.NET\WiaProxy32.exe" /queue /AppBase:"%ProgramFiles%\Paint.NET"
  • '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ngen.exe' install "%ProgramFiles%\Paint.NET\PaintDotNet.Data.dll" /queue /AppBase:"%ProgramFiles%\Paint.NET"
  • '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ngen.exe' install "%ProgramFiles%\Paint.NET\PaintDotNet.Effects.dll" /queue /AppBase:"%ProgramFiles%\Paint.NET"
  • '<SYSTEM32>\msiexec.exe' -Embedding A3C11C3120248174F31253BAAD42038E
  • '<SYSTEM32>\msiexec.exe' /Y "<SYSTEM32>\wiaaut.dll"
  • '<SYSTEM32>\msiexec.exe' /i "%TEMP%\7ZipSfx.000\x86\x86.msi" /quiet /norestart
  • '<SYSTEM32>\msiexec.exe' /V
  • '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ngen.exe' install "%ProgramFiles%\Paint.NET\PaintDotNet.Base.dll" /queue /AppBase:"%ProgramFiles%\Paint.NET"
  • '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ngen.exe' install "%ProgramFiles%\Paint.NET\PaintDotNet.SystemLayer.Native.x64.dll" /queue /AppBase:"%ProgramFiles%\Paint.NET"
  • '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ngen.exe' install "%ProgramFiles%\Paint.NET\Interop.WIA.dll" /queue /AppBase:"%ProgramFiles%\Paint.NET"
  • '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ngen.exe' install "%ProgramFiles%\Paint.NET\ICSharpCode.SharpZipLib.dll" /queue /AppBase:"%ProgramFiles%\Paint.NET"
Modifies file system:
Creates the following files:
  • %TEMP%\7ZipSfx.000\x64\ShellExtension_x86.dll
  • %TEMP%\7ZipSfx.000\x86\ShellExtension_x86.dll
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\dlOpenMPx64\vcomp90.dll
  • %TEMP%\7ZipSfx.000\x86\ShellExtension_x64.dll
  • %TEMP%\7ZipSfx.000\x64\PaintDotNet.SystemLayer.Native.x86.dll
  • %TEMP%\7ZipSfx.000\x86\PaintDotNet.SystemLayer.Native.x86.dll
  • %TEMP%\7ZipSfx.000\x64\ShellExtension_x64.dll
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\dlOpenMPx86\vcomp90.dll
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulOpenMPx86\vcomp90.dll
  • %TEMP%\7ZipSfx.000\x86\Windows\system32\vcomp90.dll
  • %TEMP%\7ZipSfx.000\x64\Windows\system32\vcomp90.dll
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulOpenMPx64\vcomp90.dll
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\dlOpenMPx64\vcomp90.dll
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulOpenMPx64\vcomp90.dll
  • %TEMP%\7ZipSfx.000\x86\PaintDotNet.SystemLayer.Native.x64.dll
  • %TEMP%\7ZipSfx.000\x86\PaintDotNet.Effects.dll
  • %TEMP%\7ZipSfx.000\x64\Native.x64\PaintDotNet.Native.x64.dll
  • %TEMP%\7ZipSfx.000\x86\Native.x64\PaintDotNet.Native.x64.dll
  • %TEMP%\7ZipSfx.000\x64\PaintDotNet.Effects.dll
  • %TEMP%\7ZipSfx.000\x86\PaintDotNet.Core.dll
  • %TEMP%\7ZipSfx.000\x64\PaintDotNet.Data.dll
  • %TEMP%\7ZipSfx.000\x86\PaintDotNet.Data.dll
  • %TEMP%\7ZipSfx.000\x64\PaintDotNet.SystemLayer.dll
  • %TEMP%\7ZipSfx.000\x86\PaintDotNet.SystemLayer.dll
  • %TEMP%\7ZipSfx.000\x64\PaintDotNet.SystemLayer.Native.x64.dll
  • %TEMP%\7ZipSfx.000\x86\PaintDotNet.Resources.dll
  • %TEMP%\7ZipSfx.000\x64\Native.x86\PaintDotNet.Native.x86.dll
  • %TEMP%\7ZipSfx.000\x86\Native.x86\PaintDotNet.Native.x86.dll
  • %TEMP%\7ZipSfx.000\x64\PaintDotNet.Resources.dll
  • %WINDIR%\WinSxS\Policies\amd64_policy.9.0.Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_x-ww_ca951597\9.0.30729.6161.cat
  • %ProgramFiles%\Paint.NET\Resources\ja\Images.PayPalDonate.gif
  • %WINDIR%\WinSxS\Manifests\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7.cat
  • %ProgramFiles%\Paint.NET\Resources\de\Files.AboutCredits.rtf
  • %ProgramFiles%\Paint.NET\PaintDotNet.Resources.dll
  • %ProgramFiles%\Paint.NET\PdnRepair.exe.config
  • %ProgramFiles%\Paint.NET\wiaaut.dll
  • <SYSTEM32>\wiaaut.dll
  • %ProgramFiles%\Paint.NET\PaintDotNet.pdb
  • %ProgramFiles%\Paint.NET\Resources\en-US\Icons.RectangleToolIcon.png
  • %ProgramFiles%\Paint.NET\PaintDotNet.exe
  • %ProgramFiles%\Paint.NET\PaintDotNet.SystemLayer.Native.x86.dll
  • %ProgramFiles%\Paint.NET\PaintDotNet.Strings.3.PT-BR.resources
  • %ProgramFiles%\Paint.NET\Resources\en-US\Icons.DentsEffectIcon.png
  • %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_x-ww_6ad67377\9.0.30729.6161.policy
  • %TEMP%\7ZipSfx.000\x64\wiaaut.dll
  • %TEMP%\7ZipSfx.000\x86\wiaaut.dll
  • %WINDIR%\Installer\2860e.msi
  • %TEMP%\7ZipSfx.000\x86\System Folder\wiaaut.dll
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\dlOpenMPx86\vcomp90.dll
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulOpenMPx86\vcomp90.dll
  • %TEMP%\7ZipSfx.000\x64\System Folder\wiaaut.dll
  • %WINDIR%\Installer\MSI6.tmp
  • C:\Config.Msi\28611.rbs
  • %ProgramFiles%\Paint.NET\Resources\fr\Icons.FontBoldIcon.png
  • %WINDIR%\Installer\MSI5.tmp
  • %WINDIR%\Installer\MSI2.tmp
  • %WINDIR%\Installer\MSI4.tmp
  • %WINDIR%\Installer\28610.ipi
  • %TEMP%\7ZipSfx.000\x64\PaintDotNet.Core.dll
  • %TEMP%\7ZipSfx.000\x86\Windows\system32\atl90.dll
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\dlATLx86\atl90.dll
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulATLx86\atl90.dll
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulATLx86\atl90.dll
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulATLx64\atl90.dll
  • %TEMP%\7ZipSfx.000\x64\Windows\system32\atl90.dll
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\dlATLx86\atl90.dll
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\dlCRTx64\msvcm90.dll
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulCRTx64\msvcm90.dll
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\dlCRTx64\msvcm90.dll
  • %TEMP%\7ZipSfx.000\x86\Interop.WIA.dll
  • %TEMP%\7ZipSfx.000\x64\ICSharpCode.SharpZipLib.dll
  • %TEMP%\7ZipSfx.000\x86\ICSharpCode.SharpZipLib.dll
  • %TEMP%\7ZipSfx.000\x64\Interop.WIA.dll
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\dlATLx64\atl90.dll
  • %TEMP%\7ZipSfx.000\x64\PdnRepair.exe
  • %TEMP%\7ZipSfx.000\x86\PdnRepair.exe
  • %TEMP%\7ZipSfx.000\x64\SetupNgen.exe
  • %TEMP%\7ZipSfx.000\x86\PaintDotNet.exe
  • %TEMP%\7ZipSfx.000\x86\PaintDotNet.Strings.3.ZH-CHS.resources
  • %TEMP%\7ZipSfx.000\Kur.exe
  • %TEMP%\7ZipSfx.000\x64\PaintDotNet.exe
  • %TEMP%\7ZipSfx.000\x86\WiaProxy32.exe
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\dlATLx64\atl90.dll
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulATLx64\atl90.dll
  • %TEMP%\7ZipSfx.000\x64\WiaProxy32.exe
  • %TEMP%\7ZipSfx.000\x86\SetupNgen.exe
  • %TEMP%\7ZipSfx.000\x64\UpdateMonitor.exe
  • %TEMP%\7ZipSfx.000\x86\UpdateMonitor.exe
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\dlCRTx64\msvcr90.dll
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulCRTx64\msvcr90.dll
  • %TEMP%\7ZipSfx.000\x64\Windows\system32\msvcr90.dll
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulCRTx64\msvcr90.dll
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\dlCRTx86\msvcp90.dll
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulCRTx86\msvcp90.dll
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\dlCRTx64\msvcr90.dll
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulCRTx86\msvcr90.dll
  • %TEMP%\7ZipSfx.000\x64\PaintDotNet.Base.DLL
  • %TEMP%\7ZipSfx.000\x86\PaintDotNet.Base.DLL
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\dlCRTx86\msvcr90.dll
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\dlCRTx86\msvcr90.dll
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulCRTx86\msvcr90.dll
  • %TEMP%\7ZipSfx.000\x86\Windows\system32\msvcr90.dll
  • %TEMP%\7ZipSfx.000\x86\Windows\system32\msvcp90.dll
  • %TEMP%\7ZipSfx.000\x86\Windows\system32\msvcm90.dll
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\dlCRTx86\msvcm90.dll
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulCRTx86\msvcm90.dll
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulCRTx86\msvcm90.dll
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulCRTx64\msvcm90.dll
  • %TEMP%\7ZipSfx.000\x64\Windows\system32\msvcm90.dll
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\dlCRTx86\msvcm90.dll
  • %TEMP%\7ZipSfx.000\x64\Windows\system32\msvcp90.dll
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\dlCRTx86\msvcp90.dll
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulCRTx86\msvcp90.dll
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulCRTx64\msvcp90.dll
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\dlCRTx64\msvcp90.dll
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulCRTx64\msvcp90.dll
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\dlCRTx64\msvcp90.dll
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
  • %ProgramFiles%\Paint.NET\Native.x86\PaintDotNet.Native.x86.dll
  • %WINDIR%\WinSxS\Manifests\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_63af3423.manifest
  • %WINDIR%\WinSxS\Manifests\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f.manifest
  • %ProgramFiles%\Paint.NET\Resources\ru-ru\Files.AboutCredits.rtf
  • %ProgramFiles%\Paint.NET\PaintDotNet.Strings.3.resources
  • %ProgramFiles%\Paint.NET\Resources\en-US\Icons.TextToolIcon.png
  • %ProgramFiles%\Paint.NET\PaintDotNet.SystemLayer.Native.x64.dll
  • %ProgramFiles%\Paint.NET\PaintDotNet.Data.pdb
  • %ProgramFiles%\Paint.NET\ShellExtension_x86.dll
  • %ProgramFiles%\Paint.NET\PaintDotNet.Strings.3.DE.resources
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll
  • %ProgramFiles%\Paint.NET\Resources\es\Icons.FontBoldIcon.png
  • %WINDIR%\WinSxS\Policies\amd64_policy.9.0.Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_x-ww_ca951597\9.0.30729.6161.policy
  • %WINDIR%\WinSxS\Policies\amd64_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_16f3e195\9.0.30729.6161.cat
  • %ProgramFiles%\Paint.NET\Resources\en-US\Icons.EllipseToolIcon.png
  • %WINDIR%\WinSxS\Manifests\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f.cat
  • %WINDIR%\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_63af3423\msvcm90.dll
  • %ProgramFiles%\Paint.NET\SetupNgen.pdb
  • %ProgramFiles%\Paint.NET\Interop.WIA.dll
  • %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_x-ww_6ad67377\9.0.30729.6161.cat
  • %ProgramFiles%\Paint.NET\Resources\en-US\Icons.FreeformShapeToolIcon.png
  • %ProgramFiles%\Paint.NET\Resources\ru-ru\Icons.FontUnderlineIcon.png
  • %WINDIR%\WinSxS\Manifests\amd64_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_7fe65c7f.manifest
  • %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75\9.0.30729.6161.policy
  • %WINDIR%\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_63af3423\msvcp90.dll
  • %WINDIR%\WinSxS\Policies\amd64_policy.9.0.Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_x-ww_fe3d5721\9.0.30729.6161.policy
  • %ProgramFiles%\Paint.NET\WiaProxy32.exe
  • %ProgramFiles%\Paint.NET\Resources\en-US\copying.txt
  • %ProgramFiles%\Paint.NET\Resources\en-US\Icons.LineToolIcon.png
  • %WINDIR%\Installer\28612.msi
  • %WINDIR%\Installer\{72EF03F5-0507-4861-9A44-D99FD4C41417}\_853F67D554F05449430E7E.exe
  • %ProgramFiles%\Paint.NET\Resources\en-US\Icons.MenuEditCutIcon.png
  • %ProgramFiles%\Paint.NET\PaintDotNet.Resources.pdb
  • %ProgramFiles%\Paint.NET\Resources\en-US\Icons.InkSketchEffectIcon.png
  • %ProgramFiles%\Paint.NET\Resources\fr\Icons.FontItalicIcon.png
  • %ProgramFiles%\Paint.NET\FileTypes\OptiPngFileType.dll
  • %ProgramFiles%\Paint.NET\FileTypes\PhotoShop.dll
  • %ProgramFiles%\Paint.NET\PaintDotNet.Strings.3.TR.resources
  • %ProgramFiles%\Paint.NET\FileTypes\optipng.exe
  • %ALLUSERSPROFILE%\Desktop\Paint.NET.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Paint.NET.lnk
  • %ProgramFiles%\Paint.NET\FileTypes\IcoCur.dll
  • %ProgramFiles%\Paint.NET\SetupNgen.exe.config
  • %ProgramFiles%\Paint.NET\PaintDotNet.SystemLayer.dll
  • %ProgramFiles%\Paint.NET\PaintDotNet.Strings.3.KO.resources
  • %ProgramFiles%\Paint.NET\Resources\de\Images.PayPalDonate.gif
  • %ProgramFiles%\Paint.NET\Resources\fr\Icons.FontUnderlineIcon.png
  • %WINDIR%\WinSxS\Manifests\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7.manifest
  • %ProgramFiles%\Paint.NET\Resources\zh-cn\Files.AboutCredits.rtf
  • %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_x-ww_9e7eb501\9.0.30729.6161.cat
  • %ProgramFiles%\Paint.NET\PaintDotNet.Strings.3.JA.resources
  • %ProgramFiles%\Paint.NET\PdnRepair.pdb
  • %ProgramFiles%\Paint.NET\Resources\en-US\Icons.RoundedRectangleToolIcon.png
  • %ProgramFiles%\Paint.NET\Resources\ja\Icons.FontStrikeoutIcon.png
  • %ProgramFiles%\Paint.NET\UpdateMonitor.exe
  • %ProgramFiles%\Paint.NET\License.txt
  • %ProgramFiles%\Paint.NET\WiaProxy32.pdb
  • %WINDIR%\WinSxS\amd64_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_7fe65c7f\vcomp90.dll
  • %ProgramFiles%\Paint.NET\Resources\en-US\Icons.OutlineEffectIcon.png
  • %ProgramFiles%\Paint.NET\Resources\en-US\Icons.InvertColorsEffect.png
  • %ProgramFiles%\Paint.NET\Resources\es\Icons.FontItalicIcon.png
  • %ProgramFiles%\Paint.NET\Resources\en-US\Icons.EdgeDetectEffect.png
  • %ProgramFiles%\Paint.NET\PaintDotNet.Strings.3.ES.resources
  • %ProgramFiles%\Paint.NET\Resources\pt-br\Files.AboutCredits.rtf
  • %ProgramFiles%\Paint.NET\UpdateMonitor.exe.config
  • %ProgramFiles%\Paint.NET\Native.x64\PaintDotNet.Native.x64.dll
  • %WINDIR%\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_63af3423\msvcr90.dll
  • %ProgramFiles%\Paint.NET\PaintDotNet.Effects.dll
  • %ProgramFiles%\Paint.NET\PdnRepair.exe
  • %ProgramFiles%\Paint.NET\Resources\fr\Icons.FontStrikeoutIcon.png
  • %WINDIR%\WinSxS\Policies\amd64_policy.9.0.Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_x-ww_fe3d5721\9.0.30729.6161.cat
  • %ProgramFiles%\Paint.NET\Resources\zh-cn\Images.PayPalDonate.gif
  • %ProgramFiles%\Paint.NET\Resources\es\Icons.FontUnderlineIcon.png
  • %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_x-ww_9e7eb501\9.0.30729.6161.policy
  • %ProgramFiles%\Paint.NET\PaintDotNet.Effects.pdb
  • %WINDIR%\WinSxS\Manifests\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_c44f2197.manifest
  • %ProgramFiles%\Paint.NET\PaintDotNet.Strings.3.ZH-CHS.resources
  • %ProgramFiles%\Paint.NET\Resources\ja\Files.AboutCredits.rtf
  • %ProgramFiles%\Paint.NET\PaintDotNet.Strings.3.it.resources
  • %ProgramFiles%\Paint.NET\PaintDotNet.Base.pdb
  • %WINDIR%\WinSxS\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_c44f2197\atl90.dll
  • %ProgramFiles%\Paint.NET\PaintDotNet.Data.dll
  • %ProgramFiles%\Paint.NET\ICSharpCode.SharpZipLib.dll
  • %ProgramFiles%\Paint.NET\Resources\en-US\Icons.ColorPickerToolIcon.png
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll
  • %WINDIR%\WinSxS\Manifests\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_c44f2197.cat
  • %ProgramFiles%\Paint.NET\UpdateMonitor.pdb
  • %ProgramFiles%\Paint.NET\WiaProxy32.exe.config
  • %ProgramFiles%\Paint.NET\PaintDotNet.Strings.3.RU.resources
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
  • %ProgramFiles%\Paint.NET\Resources\ru-ru\Icons.FontItalicIcon.png
  • %ProgramFiles%\Paint.NET\Resources\fr\Images.PayPalDonate.gif
  • %ProgramFiles%\Paint.NET\PaintDotNet.Core.pdb
  • %WINDIR%\WinSxS\Manifests\amd64_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_7fe65c7f.cat
  • %ProgramFiles%\Paint.NET\SetupNgen.exe
  • %WINDIR%\WinSxS\Manifests\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43.cat
  • %ProgramFiles%\Paint.NET\PaintDotNet.Strings.3.FR.resources
  • %ProgramFiles%\Paint.NET\PaintDotNet.SystemLayer.pdb
  • %ProgramFiles%\Paint.NET\Resources\ru-ru\Icons.FontBoldIcon.png
  • %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75\9.0.30729.6161.cat
  • %WINDIR%\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
  • %ProgramFiles%\Paint.NET\PaintDotNet.Base.DLL
  • %ProgramFiles%\Paint.NET\PaintDotNet.exe.config
  • %WINDIR%\WinSxS\Policies\amd64_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_16f3e195\9.0.30729.6161.policy
  • %ProgramFiles%\Paint.NET\Resources\es\Images.PayPalDonate.gif
  • %WINDIR%\WinSxS\Manifests\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43.manifest
  • %ProgramFiles%\Paint.NET\Resources\en-US\Icons.CurvesEffect.png
  • %ProgramFiles%\Paint.NET\Resources\ru-ru\Icons.FontStrikeoutIcon.png
  • %ProgramFiles%\Paint.NET\Resources\fr\Files.AboutCredits.rtf
  • %ProgramFiles%\Paint.NET\Resources\it\Files.AboutCredits.rtf
  • %ProgramFiles%\Paint.NET\Resources\en-US\Icons.MenuUtilitiesCheckForUpdatesIcon.png
  • %WINDIR%\WinSxS\Manifests\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_63af3423.cat
  • %ProgramFiles%\Paint.NET\ShellExtension_x64.dll
  • %ProgramFiles%\Paint.NET\Resources\en-US\Icons.PaintBrushToolIcon.png
  • %ProgramFiles%\Paint.NET\Resources\es\Files.AboutCredits.rtf
  • %ProgramFiles%\Paint.NET\PaintDotNet.Core.dll
  • %TEMP%\7ZipSfx.000\x64\PaintDotNet.Strings.3.ZH-CHS.resources
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\Manifests\amd64_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_7fe65c7f.manifest
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulOpenMPx64\amd64_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_7fe65c7f.manifest
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\Manifests\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7.manifest
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulOpenMPx64\amd64_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_7fe65c7f.manifest
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\Manifests\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_63af3423.manifest
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulCRTx64\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_63af3423.manifest
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\Manifests\amd64_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_7fe65c7f.manifest
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulCRTx86\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43.manifest
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\Manifests\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43.manifest
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulCRTx86\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43.manifest
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\Manifests\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43.manifest
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulATLx86\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7.manifest
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\Manifests\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7.manifest
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulATLx86\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7.manifest
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulCRTx64\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_63af3423.manifest
  • %TEMP%\7ZipSfx.000\x86\Resources\en-US\Icons.RectangleToolIcon.png
  • %TEMP%\7ZipSfx.000\x64\Resources\en-US\Icons.RoundedRectangleToolIcon.png
  • %TEMP%\7ZipSfx.000\x86\Resources\en-US\Icons.RoundedRectangleToolIcon.png
  • %TEMP%\7ZipSfx.000\x64\Resources\en-US\Icons.RectangleToolIcon.png
  • %TEMP%\7ZipSfx.000\x86\Resources\en-US\Icons.OutlineEffectIcon.png
  • %TEMP%\7ZipSfx.000\x64\Resources\en-US\Icons.PaintBrushToolIcon.png
  • %TEMP%\7ZipSfx.000\x86\Resources\en-US\Icons.PaintBrushToolIcon.png
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\Manifests\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_c44f2197.manifest
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulATLx64\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_c44f2197.manifest
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\Manifests\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_63af3423.manifest
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulATLx64\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_c44f2197.manifest
  • %TEMP%\7ZipSfx.000\x64\Resources\en-US\Icons.TextToolIcon.png
  • %TEMP%\7ZipSfx.000\x86\Resources\en-US\Icons.TextToolIcon.png
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\Manifests\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_c44f2197.manifest
  • %TEMP%\7ZipSfx.000\x86\Resources\fr\Files.AboutCredits.rtf
  • %TEMP%\7ZipSfx.000\x64\Resources\es\Files.AboutCredits.rtf
  • %TEMP%\7ZipSfx.000\x86\Resources\es\Files.AboutCredits.rtf
  • %TEMP%\7ZipSfx.000\x64\Resources\fr\Files.AboutCredits.rtf
  • %TEMP%\7ZipSfx.000\x86\Resources\ja\Files.AboutCredits.rtf
  • %TEMP%\7ZipSfx.000\x64\Resources\it\Files.AboutCredits.rtf
  • %TEMP%\7ZipSfx.000\x86\Resources\it\Files.AboutCredits.rtf
  • %TEMP%\7ZipSfx.000\x64\PaintDotNet.Core.pdb
  • %TEMP%\7ZipSfx.000\x86\PaintDotNet.Core.pdb
  • %TEMP%\7ZipSfx.000\x64\PaintDotNet.Data.pdb
  • %TEMP%\7ZipSfx.000\x86\PaintDotNet.Base.pdb
  • %TEMP%\7ZipSfx.000\x64\Resources\de\Files.AboutCredits.rtf
  • %TEMP%\7ZipSfx.000\x86\Resources\de\Files.AboutCredits.rtf
  • %TEMP%\7ZipSfx.000\x64\PaintDotNet.Base.pdb
  • %TEMP%\7ZipSfx.000\x64\Resources\ja\Files.AboutCredits.rtf
  • %TEMP%\7ZipSfx.000\x64\Resources\en-US\copying.txt
  • %TEMP%\7ZipSfx.000\x86\Resources\en-US\copying.txt
  • %TEMP%\7ZipSfx.000\x64\License.txt
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulOpenMPx86\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f.manifest
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\Manifests\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f.manifest
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulOpenMPx86\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f.manifest
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\Manifests\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f.manifest
  • %TEMP%\7ZipSfx.000\x86\Resources\ru-ru\Files.AboutCredits.rtf
  • %TEMP%\7ZipSfx.000\x64\Resources\pt-br\Files.AboutCredits.rtf
  • %TEMP%\7ZipSfx.000\x86\Resources\pt-br\Files.AboutCredits.rtf
  • %TEMP%\7ZipSfx.000\x64\Resources\ru-ru\Files.AboutCredits.rtf
  • %TEMP%\7ZipSfx.000\x86\License.txt
  • %TEMP%\7ZipSfx.000\x64\Resources\zh-cn\Files.AboutCredits.rtf
  • %TEMP%\7ZipSfx.000\x86\Resources\zh-cn\Files.AboutCredits.rtf
  • %TEMP%\7ZipSfx.000\x64\Resources\en-US\Icons.OutlineEffectIcon.png
  • %TEMP%\7ZipSfx.000\x86\Resources\en-US\Icons.EdgeDetectEffect.png
  • %TEMP%\7ZipSfx.000\x64\Resources\en-US\Icons.EllipseToolIcon.png
  • %TEMP%\7ZipSfx.000\x86\Resources\en-US\Icons.EllipseToolIcon.png
  • %TEMP%\7ZipSfx.000\x64\Resources\en-US\Icons.EdgeDetectEffect.png
  • %TEMP%\7ZipSfx.000\x86\Resources\en-US\Icons.CurvesEffect.png
  • %TEMP%\7ZipSfx.000\x64\Resources\en-US\Icons.DentsEffectIcon.png
  • %TEMP%\7ZipSfx.000\x86\Resources\en-US\Icons.DentsEffectIcon.png
  • %TEMP%\7ZipSfx.000\x64\Resources\fr\Icons.FontBoldIcon.png
  • %TEMP%\7ZipSfx.000\x86\Resources\fr\Icons.FontBoldIcon.png
  • %TEMP%\7ZipSfx.000\x64\Resources\ru-ru\Icons.FontItalicIcon.png
  • %TEMP%\7ZipSfx.000\x86\Resources\es\Icons.FontBoldIcon.png
  • %TEMP%\7ZipSfx.000\x64\Resources\ru-ru\Icons.FontBoldIcon.png
  • %TEMP%\7ZipSfx.000\x86\Resources\ru-ru\Icons.FontBoldIcon.png
  • %TEMP%\7ZipSfx.000\x64\Resources\es\Icons.FontBoldIcon.png
  • %TEMP%\7ZipSfx.000\x64\Resources\en-US\Icons.CurvesEffect.png
  • %TEMP%\7ZipSfx.000\x64\Resources\de\Images.PayPalDonate.gif
  • %TEMP%\7ZipSfx.000\x86\Resources\de\Images.PayPalDonate.gif
  • %TEMP%\7ZipSfx.000\x64\Resources\ja\Images.PayPalDonate.gif
  • %TEMP%\7ZipSfx.000\x86\Resources\zh-cn\Images.PayPalDonate.gif
  • %TEMP%\7ZipSfx.000\x64\x64.msi
  • %TEMP%\7ZipSfx.000\x86\x86.msi
  • %TEMP%\7ZipSfx.000\x64\Resources\zh-cn\Images.PayPalDonate.gif
  • %TEMP%\7ZipSfx.000\x86\Resources\fr\Images.PayPalDonate.gif
  • %TEMP%\7ZipSfx.000\x64\Resources\en-US\Icons.ColorPickerToolIcon.png
  • %TEMP%\7ZipSfx.000\x86\Resources\en-US\Icons.ColorPickerToolIcon.png
  • %TEMP%\7ZipSfx.000\x64\Resources\fr\Images.PayPalDonate.gif
  • %TEMP%\7ZipSfx.000\x86\Resources\ja\Images.PayPalDonate.gif
  • %TEMP%\7ZipSfx.000\x64\Resources\es\Images.PayPalDonate.gif
  • %TEMP%\7ZipSfx.000\x86\Resources\es\Images.PayPalDonate.gif
  • %TEMP%\7ZipSfx.000\x64\Resources\en-US\Icons.InkSketchEffectIcon.png
  • %TEMP%\7ZipSfx.000\x86\Resources\en-US\Icons.InkSketchEffectIcon.png
  • %TEMP%\7ZipSfx.000\x64\Resources\en-US\Icons.InvertColorsEffect.png
  • %TEMP%\7ZipSfx.000\x86\Resources\en-US\Icons.FreeformShapeToolIcon.png
  • %TEMP%\7ZipSfx.000\x64\Resources\es\Icons.FontUnderlineIcon.png
  • %TEMP%\7ZipSfx.000\x86\Resources\es\Icons.FontUnderlineIcon.png
  • %TEMP%\7ZipSfx.000\x64\Resources\en-US\Icons.FreeformShapeToolIcon.png
  • %TEMP%\7ZipSfx.000\x86\Resources\en-US\Icons.MenuEditCutIcon.png
  • %TEMP%\7ZipSfx.000\x64\Resources\en-US\Icons.MenuUtilitiesCheckForUpdatesIcon.png
  • %TEMP%\7ZipSfx.000\x86\Resources\en-US\Icons.MenuUtilitiesCheckForUpdatesIcon.png
  • %TEMP%\7ZipSfx.000\x64\Resources\en-US\Icons.MenuEditCutIcon.png
  • %TEMP%\7ZipSfx.000\x86\Resources\en-US\Icons.InvertColorsEffect.png
  • %TEMP%\7ZipSfx.000\x64\Resources\en-US\Icons.LineToolIcon.png
  • %TEMP%\7ZipSfx.000\x86\Resources\en-US\Icons.LineToolIcon.png
  • %TEMP%\7ZipSfx.000\x86\Resources\ru-ru\Icons.FontUnderlineIcon.png
  • %TEMP%\7ZipSfx.000\x86\Resources\es\Icons.FontItalicIcon.png
  • %TEMP%\7ZipSfx.000\x64\Resources\fr\Icons.FontStrikeoutIcon.png
  • %TEMP%\7ZipSfx.000\x86\Resources\fr\Icons.FontStrikeoutIcon.png
  • %TEMP%\7ZipSfx.000\x64\Resources\es\Icons.FontItalicIcon.png
  • %TEMP%\7ZipSfx.000\x86\Resources\ru-ru\Icons.FontItalicIcon.png
  • %TEMP%\7ZipSfx.000\x64\Resources\fr\Icons.FontItalicIcon.png
  • %TEMP%\7ZipSfx.000\x86\Resources\fr\Icons.FontItalicIcon.png
  • %TEMP%\7ZipSfx.000\x64\Resources\fr\Icons.FontUnderlineIcon.png
  • %TEMP%\7ZipSfx.000\x86\Resources\fr\Icons.FontUnderlineIcon.png
  • %TEMP%\7ZipSfx.000\x64\Resources\ru-ru\Icons.FontUnderlineIcon.png
  • %TEMP%\7ZipSfx.000\x86\Resources\ja\Icons.FontStrikeoutIcon.png
  • %TEMP%\7ZipSfx.000\x64\Resources\ru-ru\Icons.FontStrikeoutIcon.png
  • %TEMP%\7ZipSfx.000\x86\Resources\ru-ru\Icons.FontStrikeoutIcon.png
  • %TEMP%\7ZipSfx.000\x64\Resources\ja\Icons.FontStrikeoutIcon.png
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulpCRTx64\9.0.30729.6161.policy
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\Policies\dlpATLx64\9.0.30729.6161.policy
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulpATLx64\9.0.30729.6161.policy
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\Policies\dlpCRTx64\9.0.30729.6161.policy
  • %TEMP%\7ZipSfx.000\x86\WiaProxy32.exe.config
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\Policies\dlpCRTx64\9.0.30729.6161.policy
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulpCRTx64\9.0.30729.6161.policy
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\Policies\dlpCRTx86\9.0.30729.6161.policy
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulpCRTx86\9.0.30729.6161.policy
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\Policies\dlpATLx86\9.0.30729.6161.policy
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulpCRTx86\9.0.30729.6161.policy
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\Policies\dlpATLx64\9.0.30729.6161.policy
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulpATLx64\9.0.30729.6161.policy
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\Policies\dlpCRTx86\9.0.30729.6161.policy
  • %TEMP%\7ZipSfx.000\x64\WiaProxy32.exe.config
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\Manifests\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f.cat
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulOpenMPx86\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f.cat
  • %TEMP%\7ZipSfx.000\x64\PaintDotNet.exe.config
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulOpenMPx86\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f.cat
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\Manifests\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43.cat
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulCRTx86\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43.cat
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\Manifests\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f.cat
  • %TEMP%\7ZipSfx.000\x86\SetupNgen.exe.config
  • %TEMP%\7ZipSfx.000\x64\UpdateMonitor.exe.config
  • %TEMP%\7ZipSfx.000\x86\UpdateMonitor.exe.config
  • %TEMP%\7ZipSfx.000\x64\SetupNgen.exe.config
  • %TEMP%\7ZipSfx.000\x86\PaintDotNet.exe.config
  • %TEMP%\7ZipSfx.000\x64\PdnRepair.exe.config
  • %TEMP%\7ZipSfx.000\x86\PdnRepair.exe.config
  • %TEMP%\7ZipSfx.000\x64\PaintDotNet.Strings.3.JA.resources
  • %TEMP%\7ZipSfx.000\x86\PaintDotNet.Strings.3.JA.resources
  • %TEMP%\7ZipSfx.000\x64\PaintDotNet.Strings.3.KO.resources
  • %TEMP%\7ZipSfx.000\x86\PaintDotNet.Strings.3.it.resources
  • %TEMP%\7ZipSfx.000\x64\PaintDotNet.Strings.3.FR.resources
  • %TEMP%\7ZipSfx.000\x86\PaintDotNet.Strings.3.FR.resources
  • %TEMP%\7ZipSfx.000\x64\PaintDotNet.Strings.3.it.resources
  • %TEMP%\7ZipSfx.000\x86\PaintDotNet.Strings.3.resources
  • %TEMP%\7ZipSfx.000\x64\PaintDotNet.Strings.3.RU.resources
  • %TEMP%\7ZipSfx.000\x86\PaintDotNet.Strings.3.RU.resources
  • %TEMP%\7ZipSfx.000\x64\PaintDotNet.Strings.3.resources
  • %TEMP%\7ZipSfx.000\x86\PaintDotNet.Strings.3.KO.resources
  • %TEMP%\7ZipSfx.000\x64\PaintDotNet.Strings.3.PT-BR.resources
  • %TEMP%\7ZipSfx.000\x86\PaintDotNet.Strings.3.PT-BR.resources
  • %TEMP%\7ZipSfx.000\x86\PaintDotNet.Strings.3.ES.resources
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulpOpenMPx64\9.0.30729.6161.policy
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\Policies\dlpOpenMPx64\9.0.30729.6161.policy
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulpOpenMPx64\9.0.30729.6161.policy
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\Policies\dlpOpenMPx64\9.0.30729.6161.policy
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulpATLx86\9.0.30729.6161.policy
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\Policies\dlpATLx86\9.0.30729.6161.policy
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulpATLx86\9.0.30729.6161.policy
  • %TEMP%\7ZipSfx.000\x64\PaintDotNet.Strings.3.DE.resources
  • %TEMP%\7ZipSfx.000\x86\PaintDotNet.Strings.3.DE.resources
  • %TEMP%\7ZipSfx.000\x64\PaintDotNet.Strings.3.ES.resources
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulpOpenMPx86\9.0.30729.6161.policy
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\Policies\dlpOpenMPx86\9.0.30729.6161.policy
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulpOpenMPx86\9.0.30729.6161.policy
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\Policies\dlpOpenMPx86\9.0.30729.6161.policy
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulCRTx86\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43.cat
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulpATLx64\9.0.30729.6161.cat
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulpCRTx64\9.0.30729.6161.cat
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\Policies\dlpATLx64\9.0.30729.6161.cat
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\Policies\dlpCRTx64\9.0.30729.6161.cat
  • %TEMP%\7ZipSfx.000\x64\WiaProxy32.pdb
  • %TEMP%\7ZipSfx.000\x86\WiaProxy32.pdb
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\Policies\dlpATLx64\9.0.30729.6161.cat
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulpOpenMPx64\9.0.30729.6161.cat
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\Policies\dlpOpenMPx64\9.0.30729.6161.cat
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulpOpenMPx64\9.0.30729.6161.cat
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\Policies\dlpOpenMPx64\9.0.30729.6161.cat
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\Policies\dlpCRTx64\9.0.30729.6161.cat
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulpATLx64\9.0.30729.6161.cat
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulpCRTx64\9.0.30729.6161.cat
  • %TEMP%\7ZipSfx.000\x86\UpdateMonitor.pdb
  • %TEMP%\7ZipSfx.000\x86\PaintDotNet.pdb
  • %TEMP%\7ZipSfx.000\x64\PaintDotNet.Resources.pdb
  • %TEMP%\7ZipSfx.000\x86\PaintDotNet.Resources.pdb
  • %TEMP%\7ZipSfx.000\x64\PaintDotNet.pdb
  • %TEMP%\7ZipSfx.000\x86\PaintDotNet.Data.pdb
  • %TEMP%\7ZipSfx.000\x64\PaintDotNet.Effects.pdb
  • %TEMP%\7ZipSfx.000\x86\PaintDotNet.Effects.pdb
  • %TEMP%\7ZipSfx.000\x64\SetupNgen.pdb
  • %TEMP%\7ZipSfx.000\x86\SetupNgen.pdb
  • %TEMP%\7ZipSfx.000\x64\UpdateMonitor.pdb
  • %TEMP%\7ZipSfx.000\x86\PdnRepair.pdb
  • %TEMP%\7ZipSfx.000\x64\PaintDotNet.SystemLayer.pdb
  • %TEMP%\7ZipSfx.000\x86\PaintDotNet.SystemLayer.pdb
  • %TEMP%\7ZipSfx.000\x64\PdnRepair.pdb
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulCRTx64\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_63af3423.cat
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\Manifests\amd64_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_7fe65c7f.cat
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulOpenMPx64\amd64_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_7fe65c7f.cat
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\Manifests\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_63af3423.cat
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulATLx64\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_c44f2197.cat
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\Manifests\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_63af3423.cat
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulCRTx64\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_63af3423.cat
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\Manifests\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7.cat
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulATLx86\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7.cat
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\Manifests\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43.cat
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulATLx86\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7.cat
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\Manifests\amd64_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_7fe65c7f.cat
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulOpenMPx64\amd64_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_7fe65c7f.cat
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\Manifests\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7.cat
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\Manifests\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_c44f2197.cat
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\Policies\dlpATLx86\9.0.30729.6161.cat
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\Policies\dlpCRTx86\9.0.30729.6161.cat
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulpATLx86\9.0.30729.6161.cat
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulpCRTx86\9.0.30729.6161.cat
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\Policies\dlpATLx86\9.0.30729.6161.cat
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\Policies\dlpCRTx86\9.0.30729.6161.cat
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulpATLx86\9.0.30729.6161.cat
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulpOpenMPx86\9.0.30729.6161.cat
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\Manifests\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_c44f2197.cat
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulATLx64\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_c44f2197.cat
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\Policies\dlpOpenMPx86\9.0.30729.6161.cat
  • %TEMP%\7ZipSfx.000\x86\Windows\winsxs\ulpCRTx86\9.0.30729.6161.cat
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\Policies\dlpOpenMPx86\9.0.30729.6161.cat
  • %TEMP%\7ZipSfx.000\x64\Windows\winsxs\ulpOpenMPx86\9.0.30729.6161.cat
Deletes the following files:
  • %TEMP%\autB.tmp
  • %TEMP%\autC.tmp
  • %TEMP%\aut9.tmp
  • %TEMP%\autA.tmp
  • %TEMP%\autD.tmp
  • %TEMP%\aut10.tmp
  • %TEMP%\aut11.tmp
  • %TEMP%\autE.tmp
  • %TEMP%\autF.tmp
  • %WINDIR%\Installer\MSI2.tmp
  • %WINDIR%\Installer\MSI4.tmp
  • %TEMP%\aut1.tmp
  • %TEMP%\jvtapru
  • %WINDIR%\Installer\MSI5.tmp
  • %WINDIR%\Installer\2860e.msi
  • %WINDIR%\Installer\28610.ipi
  • %WINDIR%\Installer\MSI6.tmp
  • C:\Config.Msi\28611.rbs
Miscellaneous:
Searches for the following windows:
  • ClassName: 'Shell_TrayWnd' WindowName: ''

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play