02330d74ea7107a7f09db8e42214f87411ca1e462434937adad8c222382d2eea

Analysis

max time kernel
83s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
30-03-2023 13:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

picwish-setup.exe
Size

1.9MB
MD5

e5a1cdc09c01b092a93b522c6f5854db
SHA1

bf6cace29da031b9ec7ea45d2db3ca77e7506eef
SHA256

02330d74ea7107a7f09db8e42214f87411ca1e462434937adad8c222382d2eea
SHA512

7511574898933988308fc8739c8b9ebc6b5d35550d351cc396338ca831e03062f727bdd3c6b8e6f5a1efb1c70985e0ea0de60c8939ccb0438b0b5e495d4eb809
SSDEEP

49152:ZQR6QAuAMLVImaAfqTTCEyNCSay7ATGGqogQxu2le5oUb2w:Zo6QLAMZoCEyNCfYogQa

Score

8^/10

discovery evasion

Malware Config

Signatures

Downloads MZ/PE file
Modifies Windows Firewall 1 TTPs 3 IoCs
evasion

Modify Existing Service
T1031

Processes:

netsh.exenetsh.exenetsh.exe

pid process

4344 netsh.exe
1008 netsh.exe
1760 netsh.exe

pid	process
4344	netsh.exe
1008	netsh.exe
1760	netsh.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

PinTaskbarTool.exePicWish.exepicwish-setup.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	PinTaskbarTool.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	PicWish.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	picwish-setup.exe

Executes dropped EXE 4 IoCs

Processes:

installer.exeinstaller.tmpPinTaskbarTool.exePicWish.exe

pid process

868 installer.exe
5104 installer.tmp
3976 PinTaskbarTool.exe
2528 PicWish.exe
Loads dropped DLL 1 IoCs

Processes:

installer.tmp

pid process

5104 installer.tmp
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

pid	process
868	installer.exe
5104	installer.tmp
3976	PinTaskbarTool.exe
2528	PicWish.exe

pid	process
5104	installer.tmp

Drops file in Program Files directory 64 IoCs

Processes:

installer.tmp

description	ioc	process
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\Gma.System.MouseKeyHook.dll	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\setuplog.log	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\GalaSoft.MvvmLight.Platform.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\SharpVectors.Converters.Wpf.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\SharpVectors.Css.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\SharpVectors.Model.dll	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-URM6I.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-SBMHF.tmp	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\setuplog.log	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\MetadataExtractor.dll	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-PTIN9.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-TM5SB.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-SVQ37.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-BAG6K.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\Lang\is-QA7NL.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\Lang\Lang\is-98U97.tmp	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\SharpVectors.Core.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\SharpVectors.Runtime.Wpf.dll	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-13I1B.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\Lang\is-SO2KF.tmp	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\Microsoft.Expression.Interactions.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\GalaSoft.MvvmLight.Extras.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\Newtonsoft.Json.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\WXImage.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\SharpVectors.Dom.dll	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-4UA0G.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-5T95F.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\Lang\is-V9SAJ.tmp	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\PicWish.exe	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-UTTF8.tmp	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\PicWish.CustomControl.dll	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-61HET.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-0MC1A.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-SEMUL.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\Lang\is-MI7GQ.tmp	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\Aliyun.Log.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\LibEdge64.dll	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-3UJOM.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-G6US6.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-8HMPP.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-A9BTM.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\Lang\is-KILRA.tmp	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\GalaSoft.MvvmLight.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\LibEdge.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\LZ4Sharp.dll	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-48LU9.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-4ROFL.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-1MKAR.tmp	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\LiteDB.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\Interop.Shell32.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\PicWish.Resource.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\websocket-sharp.dll	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\unins000.dat	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-QLHRR.tmp	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\CommonServiceLocator.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\EntityFramework.SqlServer.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\Google.ProtocolBuffers.dll	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-SL1HS.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-92KN4.tmp	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\Aliyun.OSS.dll	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-UJU3H.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-RNJPS.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-GQUT4.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-0M8L9.tmp	installer.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 8 IoCs

adware spyware

Modify Registry

T1112

Processes:

installer.tmp

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	installer.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\PicWish.exe = "11001"	installer.tmp
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	installer.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\PicWish.exe = "11001"	installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	installer.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\PicWish.exe = "11001"	installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	installer.tmp

Modifies registry class 29 IoCs

Processes:

PicWish.exePinTaskbarTool.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	PicWish.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	PicWish.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	PicWish.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	PinTaskbarTool.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	PicWish.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	PicWish.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	PicWish.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	PicWish.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	PicWish.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	PicWish.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	PicWish.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	PicWish.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	PinTaskbarTool.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	PicWish.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	PicWish.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 5a003100000000007e56b279100053797374656d33320000420009000400efbe874f77487e56b2792e000000b90c0000000001000000000000000000000000000000f96b8100530079007300740065006d0033003200000018000000	PicWish.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\NodeSlot = "1"	PicWish.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	PicWish.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	PicWish.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	PicWish.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	PicWish.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	PicWish.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	PicWish.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 56003100000000005456499a100057696e646f777300400009000400efbe874f77487e56c4792e000000000600000000010000000000000000000000000000004282be00570069006e0064006f0077007300000016000000	PicWish.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	PicWish.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	PicWish.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff	PicWish.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	PicWish.exe

Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.

Processes:

description flow ioc

HTTP User-Agent header 64 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

installer.tmpmsedge.exemsedge.exePicWish.exe

pid process

5104 installer.tmp
5104 installer.tmp
2112 msedge.exe
2112 msedge.exe
4456 msedge.exe
4456 msedge.exe
2528 PicWish.exe
2528 PicWish.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

msedge.exe

pid process

4456 msedge.exe
4456 msedge.exe
4456 msedge.exe
4456 msedge.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

PinTaskbarTool.exePicWish.exe

description pid process

Token: SeDebugPrivilege 3976 PinTaskbarTool.exe
Token: SeDebugPrivilege 2528 PicWish.exe
Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

installer.tmpmsedge.exe

pid process

5104 installer.tmp
4456 msedge.exe
4456 msedge.exe
4456 msedge.exe
4456 msedge.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

PicWish.exe

pid process

2528 PicWish.exe

description	flow	ioc
HTTP User-Agent header	64	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

pid	process
5104	installer.tmp
5104	installer.tmp
2112	msedge.exe
2112	msedge.exe
4456	msedge.exe
4456	msedge.exe
2528	PicWish.exe
2528	PicWish.exe

pid	process
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe

description	pid	process
Token: SeDebugPrivilege	3976	PinTaskbarTool.exe
Token: SeDebugPrivilege	2528	PicWish.exe

pid	process
5104	installer.tmp
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe

pid	process
2528	PicWish.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

picwish-setup.exeinstaller.exeinstaller.tmpmsedge.exe

description	pid	process	target process
PID 4724 wrote to memory of 868	4724	picwish-setup.exe	installer.exe
PID 4724 wrote to memory of 868	4724	picwish-setup.exe	installer.exe
PID 4724 wrote to memory of 868	4724	picwish-setup.exe	installer.exe
PID 868 wrote to memory of 5104	868	installer.exe	installer.tmp
PID 868 wrote to memory of 5104	868	installer.exe	installer.tmp
PID 868 wrote to memory of 5104	868	installer.exe	installer.tmp
PID 5104 wrote to memory of 4344	5104	installer.tmp	netsh.exe
PID 5104 wrote to memory of 4344	5104	installer.tmp	netsh.exe
PID 5104 wrote to memory of 4344	5104	installer.tmp	netsh.exe
PID 5104 wrote to memory of 1008	5104	installer.tmp	netsh.exe
PID 5104 wrote to memory of 1008	5104	installer.tmp	netsh.exe
PID 5104 wrote to memory of 1008	5104	installer.tmp	netsh.exe
PID 5104 wrote to memory of 1760	5104	installer.tmp	netsh.exe
PID 5104 wrote to memory of 1760	5104	installer.tmp	netsh.exe
PID 5104 wrote to memory of 1760	5104	installer.tmp	netsh.exe
PID 5104 wrote to memory of 3976	5104	installer.tmp	PinTaskbarTool.exe
PID 5104 wrote to memory of 3976	5104	installer.tmp	PinTaskbarTool.exe
PID 5104 wrote to memory of 3976	5104	installer.tmp	PinTaskbarTool.exe
PID 4724 wrote to memory of 4456	4724	picwish-setup.exe	msedge.exe
PID 4724 wrote to memory of 4456	4724	picwish-setup.exe	msedge.exe
PID 4456 wrote to memory of 2180	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 2180	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 1992	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 2112	4456	msedge.exe	msedge.exe
PID 4456 wrote to memory of 2112	4456	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\picwish-setup.exe
"C:\Users\Admin\AppData\Local\Temp\picwish-setup.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4724

C:\Users\Admin\AppData\Local\Temp\installer.exe
"C:\Users\Admin\AppData\Local\Temp\installer.exe" /VERYSILENT /SUPPRESSMSGBOXES /FORCECLOSEAPPLICATIONS /DIR="C:\Program Files (x86)\PicWish\PicWish" /LANG=Spanish
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:868

C:\Users\Admin\AppData\Local\Temp\is-C0VPM.tmp\installer.tmp
"C:\Users\Admin\AppData\Local\Temp\is-C0VPM.tmp\installer.tmp" /SL5="$D01B6,19157114,749568,C:\Users\Admin\AppData\Local\Temp\installer.exe" /VERYSILENT /SUPPRESSMSGBOXES /FORCECLOSEAPPLICATIONS /DIR="C:\Program Files (x86)\PicWish\PicWish" /LANG=Spanish
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:5104

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\system32\netsh.exe" advfirewall firewall delete rule name="PicWish" program="C:\Program Files (x86)\PicWish\PicWish\PicWish.exe"
4⤵
- Modifies Windows Firewall
PID:4344

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="PicWish" dir=in action=allow program="C:\Program Files (x86)\PicWish\PicWish\PicWish.exe" enable=yes
4⤵
- Modifies Windows Firewall
PID:1008

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="PicWish" dir=out action=allow program="C:\Program Files (x86)\PicWish\PicWish\PicWish.exe" enable=yes
4⤵
- Modifies Windows Firewall
PID:1760

C:\Users\Admin\AppData\Local\Temp\is-539AV.tmp\PinTaskbarTool.exe
"C:\Users\Admin\AppData\Local\Temp\is-539AV.tmp\PinTaskbarTool.exe" /unpin "C:\Program Files (x86)\PicWish\PicWish\PicWish.exe"
4⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:3976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://r.aoscdn.com/jumper?type=install&product_id=492&language=es&unique_id=17f90d5c5848880bf67f358fee7e06d3&apptype=saas&appver=2.8.0.0&first_install_ts=1680189247&ts=1680189247&wxga=&ct=1677161726&mt=1677161726&h=e5a1cdc09c01b092a93b522c6f5854db&hash=6d8fdcc7060442f599fb6eac563c6d63
2⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8aea746f8,0x7ff8aea74708,0x7ff8aea74718
3⤵
PID:2180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,12026971027508571350,14601162830847698104,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
3⤵
PID:1992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,12026971027508571350,14601162830847698104,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,12026971027508571350,14601162830847698104,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
3⤵
PID:3548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12026971027508571350,14601162830847698104,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
3⤵
PID:1384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12026971027508571350,14601162830847698104,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
3⤵
PID:1500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12026971027508571350,14601162830847698104,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
3⤵
PID:4108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12026971027508571350,14601162830847698104,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:1
3⤵
PID:1520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2352

C:\Program Files (x86)\PicWish\PicWish\PicWish.exe
"C:\Program Files (x86)\PicWish\PicWish\PicWish.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2528

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\PicWish\PicWish\Aliyun.Log.dll
Filesize
77KB

MD5
dcb7d24b7c24bdc474a4ddbce4404c97

SHA1
ddb03f0e22f632f28edbcd31208c35288d42d57e

SHA256
06d8f6f58ef29fd50fa89b5bf5e5a4f2a2c4cc39583d78fbb90e931914cb572f

SHA512
6e404ac3bd956e88df83ff067ea8188f3e1c1bc2319110073a108a5106495b1a4829dd3e0652a5bd3ee4d4c20ea86b589de2e46e29f139e3456a21bf7639d4a1

Download Submit
C:\Program Files (x86)\PicWish\PicWish\CommonServiceLocator.dll
Filesize
9KB

MD5
181fa402215022dd2e5a19d89db1392d

SHA1
90dd2343c497389798cc0aba53863eecdd5e65d8

SHA256
0901248381ecd6cb362727a7905f0ebe7b791317b4502f39a8caaaca3326a244

SHA512
a442e768a477b9237cd165610e11267d7fbfe608980663c20e597276b343fa745e830104f77e8a76fe705587f5e386ccc797e9676b073ae09da77472ed6d04a8

Download Submit
C:\Program Files (x86)\PicWish\PicWish\GalaSoft.MvvmLight.Extras.dll
Filesize
21KB

MD5
810e42e2bbfb536bdc01abf882a24938

SHA1
7bd37217aaf5ec27d2f993bb4212b0b8ab94d220

SHA256
cb4d844434a8ffbd33531470e094524be27b88ca42b2c2197492bbe8246ea1bb

SHA512
176769ef15d87373c53cc39241126bd39ce57b18af0df4d9d2cf68645868dd53090cb5ab93b8ba78303a3e6b5f3888d2150e6def57b26462df1b12fe7450f650

Download Submit
C:\Program Files (x86)\PicWish\PicWish\GalaSoft.MvvmLight.Platform.dll
Filesize
13KB

MD5
5b958b4229538ac23099ce9ed6f37de4

SHA1
32cd46e39c4f6334d28788d5e3afaa19d4fd1041

SHA256
2a1114c99533aae7442b298336247350b55caa193c06454ea606d6a394656573

SHA512
87b6a509d1cb262e6ba198819ffec3b8e03e4672b031ff918fe406307f750192a73c73dcd8140d8be5dcc8286a79e779fad59189ae7ac759cec6223e55b9b899

Download Submit
C:\Program Files (x86)\PicWish\PicWish\GalaSoft.MvvmLight.dll
Filesize
29KB

MD5
af04687248da9e95a7ff65ab538d0bcf

SHA1
7511184300e2b6f70bc92333392386a812b2dabf

SHA256
b097fca120a9e76fa870d82662bdd233adbf08fc34a3c509f31cc5ced0ac1ecf

SHA512
a5eab337f6386de5fb2cc809730bac7d17cdfb309afea32e65e9d8c457f97ac3e3f03cebd48535cf253e28f3aa600f234631c2060ec59acb917cb5f135f4b67a

Download Submit
C:\Program Files (x86)\PicWish\PicWish\Google.ProtocolBuffers.dll
Filesize
311KB

MD5
ef320e5a8bf540bc51a40786e629c9cf

SHA1
496d21952b74b8cc2681653fdffcda7de626ff4c

SHA256
a0d084502641c4ce258f42a9478ab37f797a5def8ef22af6be96a72678176277

SHA512
a42579a7836373ffeac435bfb2374ef82c09798973c7f03029f35fae1b8e6191ff7765981b65fd6a00f76dfdc1297f224e27388ce357148a14f248a00a45c1ce

Download Submit
C:\Program Files (x86)\PicWish\PicWish\Interop.shell32.dll
Filesize
52KB

MD5
953def8e6c502a9cce52a3b68957b1f6

SHA1
64cf258c92cc0656daf2c2d2ca8d21cc97326fb3

SHA256
eef5e91f8d59b8af8e374abd29bb1294819554f9f76a6b6398c1727c5731514d

SHA512
f63eaecfba402e4611273d9e11d31d295d7d0fd99146ca252221edf3d6901f2606eebf048c0e9f22bc20c2474b14aa8e6e8c9f528db073b789edb99a557168c8

Download Submit
C:\Program Files (x86)\PicWish\PicWish\LZ4Sharp.dll
Filesize
28KB

MD5
9b06c02ee1e4681437fcaac0a9128ea7

SHA1
8790f74c6bd5f0e97e95c6fecadcabe27a76b649

SHA256
f7d86e9097d16bfc170cbfad5e18a20bd9a48381308ba537695389594d8b53bf

SHA512
7219445240a7898f7c5b5b8d01913cb887923a21cb6d74d97a359e67ef40ebc2affc03f28f101c71384fbbe5e5fb9aa8b6f2776cb7c13f0fb76138660a5a67ec

Download Submit
C:\Program Files (x86)\PicWish\PicWish\Lang\ChineseSimplified.xml
Filesize
25KB

MD5
34a639866decb2f05c927d46ee7c4c3d

SHA1
6a3e83ce7f421188b0aa26f10669ec94391db51e

SHA256
7be41b434602f9585f75de3daea2f99a1e25db5998e71140041f97894ae18bdd

SHA512
76004d40b6c68a11471b9391a3b49474f0a4f65d56cf19fe99fff1e74abf47a3c6b941b329f0a2c922ad97810f41eb8144bcc4e638a04401a7cb58501327f0af

Download Submit
C:\Program Files (x86)\PicWish\PicWish\Lang\ChineseTraditional.xml
Filesize
24KB

MD5
580193647a96361423f5413e5a8049f7

SHA1
08596d85ea98f95f235700d0c51cfe36bc4db023

SHA256
1efafcdee4bdd8f8913518ac26046c792112b5a0319e7e83d3c87f4513f83bf6

SHA512
0633af45443f8d3dca49c99ea57ea2a609eba77f82bebbe0ff11e18f6314bdce1c3d7d6ae10e14792bfdd63f545fc6275df40aced606598e65d2da4a1d77cf00

Download Submit
C:\Program Files (x86)\PicWish\PicWish\Lang\English.xml
Filesize
23KB

MD5
63b84c27c36ceb107c7ee28e44e79ffd

SHA1
089db3574d9da3fb0d520999d1c9737db1a3d8d8

SHA256
26e33b3e657b4b5ab4d9368770bb005d72e87bd27a4c21bf41c0c6a3ee4008a2

SHA512
d1ca62f92ffe094b64f87fee8a032c3bf20e08bdfc096897c174de243c1ffd592575a41c03ce84b16ded65550e2d40cfbde9114980eef5382a68eb799d462703

Download Submit
C:\Program Files (x86)\PicWish\PicWish\Lang\French.xml
Filesize
26KB

MD5
b88e3ac581e3a2de7c98e7367852e211

SHA1
9ae6c2ddc3a4a93fab9765f121fd386c9ded46e2

SHA256
e5166ff3e9bcf1bc22038921f7f5f203be0eec3ac9025bf7bcff4c06eeb85f25

SHA512
4aa1be4afa1775d03c14144bfd21883b4a77786c4544746d207d3302c751b4d5d58b6523dac04c831b4005598da716e76753e2eac3342d70c36c8432e555a916

Download Submit
C:\Program Files (x86)\PicWish\PicWish\Lang\German.xml
Filesize
25KB

MD5
59783d1615e3e1658ebd886ca085aff0

SHA1
84a920944f5fd7d92742d10f0053eaa5fd917433

SHA256
e218edbd9e2dce9de4095d62640452c3450540ae0abe1f7ac024d19337c5f160

SHA512
240bca14cf875b00a8d28f95f839d550700e90e094d66c53fc46ee5ded44b1d90573e5b533b6455b37e1ba4a6314cf999399276534a9fa97f062f563140d9986

Download Submit
C:\Program Files (x86)\PicWish\PicWish\Lang\Japanese.xml
Filesize
27KB

MD5
9f06b49fa53725eaa1c4006f38ec074e

SHA1
efb889c1ba12def410b9f21f4e0b7c43a585c1e1

SHA256
ae1f3774f612509371494ae5e32905eb8df23618bd381b4021ae93f45bb3f780

SHA512
fcc32bd7432d1e40dea1ffa2fd9f0b2d43b878f6001136538227ac5f81479a0dcdb4f2fe2b6d33969e16249e355e04744e62ea1828b2d77796c520bc54cfca12

Download Submit
C:\Program Files (x86)\PicWish\PicWish\Lang\Portuguese.xml
Filesize
24KB

MD5
3e7f9a63b47852af9c21598fe9af2142

SHA1
b9cb2347008d219bbb608f22a2c7a3fb31bc44f1

SHA256
8ae07f2599a61bc0539bdb4abb7f189b2cab6b099ec4c77b1d5ea39531ff87f1

SHA512
4dcef99403624d6990e1ef744397cfa1e5ea95e6bfac267d47d2f8dbf598b38069d2ee2222b5e91d2cac9a7a50d7181daa53321a4f86cd6f0ccbab0a463d3679

Download Submit
C:\Program Files (x86)\PicWish\PicWish\Lang\PortugueseBrazil.xml
Filesize
24KB

MD5
b69bf7e25c8b4e28ddf20d3740ffa3b0

SHA1
0ce419199e7b3c9fa6cb9e357dd7b1ca3120fd66

SHA256
c8bbab10771cac60c855728d42c8ac656829c7e118e95236495cf40971ff3953

SHA512
28f511d3fb7906bfefd134bf7aa4a233eb9b6d03b16a54f06235d2c1fc16c4cca9086f5460abdc7a7bc0c9bb87cae5335804e0b6624cfdb8209ea06872d6ee19

Download Submit
C:\Program Files (x86)\PicWish\PicWish\Lang\Spanish.xml
Filesize
25KB

MD5
a31d2e88f72c65b82df06a29b53d3ab9

SHA1
cc3f63c81890636c6e51320e3aaaafe016e2f3df

SHA256
9f1b9cff8f57ed9957caecf4b58656a57e728a716776fdf6230695260af5435b

SHA512
b55d590209a31f94509007128c1caf45dd2ae701a084a2fd39e8d4e74326f18f05e5dacb3eb74e0294ae756a00301416c35b038346a79ba60f47984b00fd47b6

Download Submit
C:\Program Files (x86)\PicWish\PicWish\LiteDB.dll
Filesize
478KB

MD5
6f6c0343f59fac35010a72d1f25bc459

SHA1
4f7b39dcbf32c14575bfcceccc9722721b00c66b

SHA256
87e27fac0e872614aff5a1bd7b93727d10352fe42c1e4b9bc2f41fcdd344b750

SHA512
9b0d20cdc921f0e338cb4d3fd39976eb860b38f6518afc4dadc041ff7d9ad5d13b8ca69fb142af8407a63f0471eda182b04d1c33ba70bbea29a39df8e3373b3c

Download Submit
C:\Program Files (x86)\PicWish\PicWish\MetadataExtractor.dll
Filesize
707KB

MD5
c0a31b6b58c81809be69b3a21142569d

SHA1
7d885a0830ccd3efae1db04e4fff0b994452346c

SHA256
50a7a435f45a947e25b6f5ff56799058d3f9dd49cb06bdbcc0b4bf34fac5cc3d

SHA512
7305581d82c2ea55ed18cc3cfd03a79f362f0a364ca2c7c66980cf967cd82b48e34028670c6d3002565f4c9b73f5e3426934cdaca67c5bb094de09e5677a0c4e

Download Submit
C:\Program Files (x86)\PicWish\PicWish\Newtonsoft.Json.dll
Filesize
514KB

MD5
c53737821b861d454d5248034c3c097c

SHA1
6b0da75617a2269493dc1a685d7a0b07f2e48c75

SHA256
575e30f98e4ea42c9e516edc8bbb29ad8b50b173a3e6b36b5ba39e133cce9406

SHA512
289543f5eea472e9027030e24011bea1e49e91059241fe6eb732e78f51822313e47d1e4769fa1c9c7d6139f6a97dcfef2946836b3383e8643988bf8908162fb9

Download Submit
C:\Program Files (x86)\PicWish\PicWish\PicWish.CustomControl.dll
Filesize
258KB

MD5
c8ec4a00fea09874591a1547a70e227e

SHA1
91ab4d892bcf725712c92f31ba50f81f01bfb7e9

SHA256
9199c67649e8093995993123f326c7de1f00aa29d1813dbb90825382ecac34da

SHA512
bc6024718c244dc19c73dbda801872d8dd64371ea8d5a558956c2b50cb82abd78ff0cf4ef1ec475407295b8631efc83e3df7dfc9cad14492457ecc222dcd3f2d

Download Submit
C:\Program Files (x86)\PicWish\PicWish\PicWish.Resource.dll
Filesize
9.4MB

MD5
8b5377e340d27b8168029779b25d6abe

SHA1
e905e17ade4d83b99bff541579bb92fbb43d1208

SHA256
e9269bb815b0609fc9ecb538797ea9b24f3ab2f03f009b0b40ff4979fc24f976

SHA512
052a06568c4329725a16a850c92341ce03a619219f12bf5f98baf3e0f130b7691e1d5f9aad264f1335caadee0a7f6eddbfd91634a8b0e97078fe3ed99101b048

Download Submit
C:\Program Files (x86)\PicWish\PicWish\PicWish.exe
Filesize
5.3MB

MD5
337a99676e8b4bca9fd0dbf30cc6f625

SHA1
4dde02b794ed38b68b7102f5812db7db97e5356e

SHA256
5cf339259d857d366b199672e2f2054eb5e33babae1cac6af22b8bf94b86abfe

SHA512
d8cf70e1afaad4c0f27549e78ffd0e8866b6f5b0561190caf576dead5163d94543434cbc741df8f7208d9eae7ddd7761cb0116c1e39e7811ca50f6c52c25e0eb

Download Submit
C:\Program Files (x86)\PicWish\PicWish\PicWish.exe
Filesize
5.3MB

MD5
337a99676e8b4bca9fd0dbf30cc6f625

SHA1
4dde02b794ed38b68b7102f5812db7db97e5356e

SHA256
5cf339259d857d366b199672e2f2054eb5e33babae1cac6af22b8bf94b86abfe

SHA512
d8cf70e1afaad4c0f27549e78ffd0e8866b6f5b0561190caf576dead5163d94543434cbc741df8f7208d9eae7ddd7761cb0116c1e39e7811ca50f6c52c25e0eb

Download Submit
C:\Program Files (x86)\PicWish\PicWish\PicWish.exe
Filesize
5.3MB

MD5
337a99676e8b4bca9fd0dbf30cc6f625

SHA1
4dde02b794ed38b68b7102f5812db7db97e5356e

SHA256
5cf339259d857d366b199672e2f2054eb5e33babae1cac6af22b8bf94b86abfe

SHA512
d8cf70e1afaad4c0f27549e78ffd0e8866b6f5b0561190caf576dead5163d94543434cbc741df8f7208d9eae7ddd7761cb0116c1e39e7811ca50f6c52c25e0eb

Download Submit
C:\Program Files (x86)\PicWish\PicWish\PicWish.exe.config
Filesize
2KB

MD5
42c775c09ac6f0b279f7f2ea09e450cc

SHA1
01c96bbc775e07de97b6482fd69e39ef1956249d

SHA256
87d6127ee203a3be08b38087a263950e3495349b8696120dbae23978a2b1af37

SHA512
812206e25307dfe6f05f2c2c193e5e636e2db4e8e95eb51609cc51bf1944795d98026beaa5e14fb7ad73d6cbec3683f3a434c928838653f7a43e845cf50bd999

Download Submit
C:\Program Files (x86)\PicWish\PicWish\SharpVectors.Converters.Wpf.dll
Filesize
130KB

MD5
3f4ede50034cc5c476052ce3ee240d69

SHA1
206690d920b4de81c78f59d92758de4676d7cc36

SHA256
ada64205ff0036da2d880fc63de40917849e04108b7049003d204326adf9b92e

SHA512
89e8f56e3a9a28f6a4ac46e96e981436ab3c33339489cb42ab5c99fd8de404e0ea45b8566ad5308335596712dbd61118e6eae65e43c7dfe16af0e48e6d9c6280

Download Submit
C:\Program Files (x86)\PicWish\PicWish\SharpVectors.Core.dll
Filesize
179KB

MD5
cdd59706adc76e83412c9d59ded994be

SHA1
4f099d2139eec21c5563aaa27ba6238a5ede80c6

SHA256
f17545eb8c444b587c8fe5a40782bf699c1543e3fa728bf12bd5b9383beb3b80

SHA512
3f2ca21f6c8709a77394e1600b51db2fa90b607533151b9caddbc6e7e5f531d1dfccee4a5596188f81d7de05e85739b6564ffbc21dd3a86ff210f8eaac9ce934

Download Submit
C:\Program Files (x86)\PicWish\PicWish\SharpVectors.Css.dll
Filesize
89KB

MD5
8f0f9d50e275ae88bbbd9c8653cbe9d0

SHA1
cd242425a28aca8b230e165ec80da9a4b39a2b4d

SHA256
d3711842c4d3f17268c3e38e26ee50a93d38c539c8b9159d6236f789ad1e6985

SHA512
485de01505b4589855afe9b8433a73e26c8bf0f3c47a5ade1c0bdbdfe93ca496ac75c0b07c7d6129da21e48fdc54ab69e403748fa4da833ca7300fc03d6411e3

Download Submit
C:\Program Files (x86)\PicWish\PicWish\SharpVectors.Dom.dll
Filesize
32KB

MD5
c2c3ed996a141a6440de39dbd13ec777

SHA1
4dd8c82bb385f3ee166d3731b0c36464900c1845

SHA256
8235e63093dad1604cc33bf355f2efc49cca7b2ba3c3d1cc37c98bfc856c661b

SHA512
00c470767fbca5cb3a0d491da8ab0050984039aa5d8ee2e2b986ca897450b3a1081eb5acb9c706ae5311c8d53efa9cd484c47e07e84883a06765dce2a0df93ad

Download Submit
C:\Program Files (x86)\PicWish\PicWish\SharpVectors.Model.dll
Filesize
1.0MB

MD5
a31602e067542b1a79932690c93741cb

SHA1
ddb47f578223fc127549741fcb0343f5c38d2037

SHA256
6a739b85b241378d9d78b490053db2053ab7690fb45677f64157fd0de4e3b794

SHA512
9c8ed4cfa6e61efcffe31a7cf2f52f3dc7d429e71fed670a843a028bebebb18982672f3d6158e5ee00449ab8354607eb88805712c6e9332ae6d121a97298e85c

Download Submit
C:\Program Files (x86)\PicWish\PicWish\SharpVectors.Rendering.Wpf.dll
Filesize
225KB

MD5
cefd5b31fe148b6d48763d8f88ac4bbb

SHA1
1cc71edc00cfd9c96b4f6b4e9d9762c81d4799ca

SHA256
1133ee4026690ec2c59369c1211f4ac3ef0c862620c9812c27a2c9893d2c6f19

SHA512
35e032911482a388e02bc258f15d3f98531fee2b8889fe083b1841de98aa542259e7c56733506ff06a4485f8794116805570e33f201128b4d6d46ced2736b65f

Download Submit
C:\Program Files (x86)\PicWish\PicWish\SharpVectors.Runtime.Wpf.dll
Filesize
71KB

MD5
8da5cf5784c04e6b068c5d508b962641

SHA1
a4ced8562a9ed08c99ecc739aa83d191b1af8c61

SHA256
11ff9a3f74202409b0681535f34a223a1164f34527960990b63e966b3fa86141

SHA512
e8bd6511c1fc31a81c54fe45205dfcc30d91f6fb84f5a25e841aa5845241f2b5ce0cab6ef362558928ce3c1d185e1d953c16e578cb180a45c55d54a3daba6919

Download Submit
C:\Program Files (x86)\PicWish\PicWish\log4net.dll
Filesize
264KB

MD5
46319a38ce5d09020d2ac56b67829c6c

SHA1
ffe64ca4d4bc9e1dab1d195982d22121a6baa058

SHA256
1d45a6afa38f0b10814063f2a42e6efce45752853667650e765844b8566b3332

SHA512
0de61771a92ee71470e51bccf66d3a39c105ae23d60e73d8e4e7d44135dff4c8d1dddff9bbb6be72ff083d51c784e5ca829a6adefee87fd901d2de58db0ddb03

Download Submit
C:\Program Files (x86)\PicWish\PicWish\websocket-sharp.dll
Filesize
250KB

MD5
863e1abfe419267917e058a2f41c4651

SHA1
3db44c482c3a99428e3fe01c9268f50f4ca3e060

SHA256
d5167719bb575cdb6107093a126857c68a9e1c00c2c966774c280cbb3ba0c909

SHA512
49857102b7d68e73caeaba81462a5048b527d5c763b43dc55ab31c6f9880de20d0d88f9ae2ab3735dc255b06743bb6b902a9b297ff815db1baba2cd415a30543

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
aaeb1f5e097ab38083674077b84b8ed6

SHA1
7d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2

SHA256
1654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef

SHA512
130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
32a4b22d0e2a2d1886b28b46764843a1

SHA1
b497de329f9d8e8b0b458858e5d8b342829021ee

SHA256
5305576246116efa39abc32bb6d5189ecedad66927610ede3c48466a3828128d

SHA512
a394e102f2b262bae126e916882861ffc6e649d79a04ca64acad6c0baec8713f0c5dc4b0323ad124ecd493626611abfcfac482f2800c088f4ac91866cd73ccdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
600B

MD5
0a7f1e175365fbe4799d0048d6d33e3e

SHA1
f6ffa2097ffdd0fd00ddf7f5d3ab9e0604daad4c

SHA256
72d2fe6b699079fa17d6f23b0afbe794a643f895ef2e943aeddac50166d9a7b8

SHA512
5f8175db079f2ae46225d0cf3a373fd6be61229bded9c34ec02e7bc294a6a857aa71a27b88b4333c29d15e79bd7393f3ba58f02862bb514841960b28d24dd8e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
babf6350f07bd989f1b5580e2a5e9b1c

SHA1
be62e5822c4fde8b376b5b6af0321a56e68b39cf

SHA256
d0511ee04524f6a923c9962cc66fb6461ec34e27fb537940fa84a43aceffafa4

SHA512
1637c0c1ae5a1514fd559fb30eff2f9ff69e1026e9f2710777ef1414d86bc6a4e621c87e26db39d8d5c668ad3af8ee087dd455da871405fd1193fb53aab6ebf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
86a2cdfc59ec37ea40ee37078bc25c64

SHA1
49e15c20cf56bd43ffcddc3bc9baef751ac378ff

SHA256
5a0e8748ee7189f2ede415e6f20a3b0f4774558b6c31ea632bdb20f6b3183d44

SHA512
3ed12f411b812d9d57153b279e43ab7d9ad32bf5f4863c5eff7f24d3a3b6ead281a731ac03f3d26c6dacd95f17ba9e874be3829620cdc3429095706bc02de0af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
2cc262b8ef600e6149657b069d1f1af4

SHA1
ae2d57314b15ce7a445d3ad4e6da45a592cedbc6

SHA256
d4fa04c75963631e019c51edc128aa57a9ad52186cddf482cd8d63c344a55723

SHA512
e4116c9a9fdcb0b7accb6727c725ee30f4753b807c683cacc12de3d987e60d63e78a3e44d654c4526d7eb81551c777a06061390c903a11a044307fd671271ebe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
6579e10868f2114cbd8e6ca9d0df947b

SHA1
90a39531210e6eec33382e2147bcb6ce2b37aca1

SHA256
3194ac2e6cb3d39bb39c564b2ffcf34832b977b96505bbe6a04656c2e27887bf

SHA512
59f7a7817f40b7022bac0ad0de2d821eff705853c94a6deaaf0f5d37a6fb735d7c4885530d60db6685fabfb688cb4bbd854d8aa19004f320e872424460fe37e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
47e94a96372e6f095b8a3fd7edc48ec0

SHA1
377b68f34e5964ca8be1b1b0c1507dd7f0e5f005

SHA256
15c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e

SHA512
5bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
57231c3af6def6629058aaec5090437b

SHA1
36f3b1fe49954305d050033cb14f9720acf00b9a

SHA256
bc4c918c9667ccc1dd2187c4f756947f4bcef83d2a410ce4f65457127ccefb4d

SHA512
aa7519d41d1c6e57cf7a16a3c42123ac3b109594246a2df503399cb658d44e7e2822b0c5a1f2a655f7ace2d29bff078d28e4b2151d38c257a9d9f295422f36fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Setup Log 2023-03-30 #001.txt
Filesize
22KB

MD5
4636ff6462c73506667bf7377e8f4583

SHA1
cf3d32fb6433fb3fce835174906e7557c1ff97b0

SHA256
876443c6a0bf16a3774ed3e0226d05ccf4a3f3e6e9aa40d0f3bfee117da49fc5

SHA512
c4c8e2e985fe4d1e192b4e11db8df0d0b6af12316cfb68f58239f27f3d5ffd587b6407045ad5b84cd97c57ee723d7dee10681a11598263888ae52ca72f04c086

Download Submit
C:\Users\Admin\AppData\Local\Temp\installer.exe
Filesize
19.1MB

MD5
58c88bd3498b2748870f54e6e9fc6b97

SHA1
be2348348c2b9620c742eed0f3c452fbbac28cd5

SHA256
03e462d23ea4c8deed26292b4965bf4c0da3d60ae683dfe48fa9319558d0ae83

SHA512
f5c5e289287ade4c5b1345081d35085dd6e6a9eccace5e4607bcede3e20eb7fde02e2635e11facc4d872c86092bef19c963ba64c5bc94c7ec386b8ccc42224b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\installer.exe
Filesize
19.1MB

MD5
58c88bd3498b2748870f54e6e9fc6b97

SHA1
be2348348c2b9620c742eed0f3c452fbbac28cd5

SHA256
03e462d23ea4c8deed26292b4965bf4c0da3d60ae683dfe48fa9319558d0ae83

SHA512
f5c5e289287ade4c5b1345081d35085dd6e6a9eccace5e4607bcede3e20eb7fde02e2635e11facc4d872c86092bef19c963ba64c5bc94c7ec386b8ccc42224b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\installer.exe
Filesize
19.1MB

MD5
58c88bd3498b2748870f54e6e9fc6b97

SHA1
be2348348c2b9620c742eed0f3c452fbbac28cd5

SHA256
03e462d23ea4c8deed26292b4965bf4c0da3d60ae683dfe48fa9319558d0ae83

SHA512
f5c5e289287ade4c5b1345081d35085dd6e6a9eccace5e4607bcede3e20eb7fde02e2635e11facc4d872c86092bef19c963ba64c5bc94c7ec386b8ccc42224b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-539AV.tmp\PinTaskbarTool.exe
Filesize
10KB

MD5
c00880561224f037feef7cd3dcd11314

SHA1
3435536555e29c387fd6f55f9d52381e6287fa94

SHA256
114963fc2ad618e25837b6f2d1f55d8e616216fe16c21af99c113889d39e92a7

SHA512
63050120886d8432c7632a7b8d4798176714156ce5934ec06971220e117a0ecd8fe76da482b51f95a00de579635db3056a8220493361ba69080f2b26bdf5e941

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-539AV.tmp\PinTaskbarTool.exe
Filesize
10KB

MD5
c00880561224f037feef7cd3dcd11314

SHA1
3435536555e29c387fd6f55f9d52381e6287fa94

SHA256
114963fc2ad618e25837b6f2d1f55d8e616216fe16c21af99c113889d39e92a7

SHA512
63050120886d8432c7632a7b8d4798176714156ce5934ec06971220e117a0ecd8fe76da482b51f95a00de579635db3056a8220493361ba69080f2b26bdf5e941

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-539AV.tmp\isxdl.dll
Filesize
130KB

MD5
f7b445a6cb2064d7b459451e86ca6b0e

SHA1
b05b74a1988c10df8c73eb9ca1a41af2a49647b7

SHA256
bd03543c37feb48432e166fe3898abc2a7fe854b1113ee4d5d284633b4605377

SHA512
9cf6d791132660d5246f55d25018ad0cf2791de9f6032531b9aca9a6c84396b8aeca7a9c0410f835637659f396817d8ba40f45d3b80c7907cccbe275a345a465

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-C0VPM.tmp\installer.tmp
Filesize
2.4MB

MD5
3700f8cfed50376dc316f5cea9c7ce00

SHA1
614e53ec724d8e5adaa99722d698002fe0a8975d

SHA256
26cd6ea5dbdec06aadfe022f3c23a5546a217bfa93ff0bb1c95326e0e900ea75

SHA512
df79f7264a42a007ce0f8a68a1735f7f0e7d2dec6385e63308bc5b675ec247c36359af37f3a48d2289eaf1e57a6a74f2e7070c74005dcbb422de06a63cc76491

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-C0VPM.tmp\installer.tmp
Filesize
2.4MB

MD5
3700f8cfed50376dc316f5cea9c7ce00

SHA1
614e53ec724d8e5adaa99722d698002fe0a8975d

SHA256
26cd6ea5dbdec06aadfe022f3c23a5546a217bfa93ff0bb1c95326e0e900ea75

SHA512
df79f7264a42a007ce0f8a68a1735f7f0e7d2dec6385e63308bc5b675ec247c36359af37f3a48d2289eaf1e57a6a74f2e7070c74005dcbb422de06a63cc76491

Download Submit
C:\Users\Admin\AppData\Roaming\PicWish\PicWish\Config.ini
Filesize
131B

MD5
25e625216d270290f27751271198a4a6

SHA1
a6c1651874da2684af9ad7cf921a791e67a06665

SHA256
2c453d9f889634bb14c9583a8acf28696ccc3d2994b10180d41be6595553cfc3

SHA512
efe745cbebb1eb30e502f3848fc7deef9632f5b3aff79d9167debaf1eb1a8aac57c8920ff99430beec96ad79e06ae1c7eeec1f0fe1f9970bc59564202dd51dc9

Download Submit
C:\Users\Admin\AppData\Roaming\PicWish\PicWish\config.ini
Filesize
131B

MD5
25e625216d270290f27751271198a4a6

SHA1
a6c1651874da2684af9ad7cf921a791e67a06665

SHA256
2c453d9f889634bb14c9583a8acf28696ccc3d2994b10180d41be6595553cfc3

SHA512
efe745cbebb1eb30e502f3848fc7deef9632f5b3aff79d9167debaf1eb1a8aac57c8920ff99430beec96ad79e06ae1c7eeec1f0fe1f9970bc59564202dd51dc9

Download Submit
C:\Users\Admin\AppData\Roaming\PicWish\PicWish\config.ini
Filesize
131B

MD5
25e625216d270290f27751271198a4a6

SHA1
a6c1651874da2684af9ad7cf921a791e67a06665

SHA256
2c453d9f889634bb14c9583a8acf28696ccc3d2994b10180d41be6595553cfc3

SHA512
efe745cbebb1eb30e502f3848fc7deef9632f5b3aff79d9167debaf1eb1a8aac57c8920ff99430beec96ad79e06ae1c7eeec1f0fe1f9970bc59564202dd51dc9

Download Submit
C:\Users\Admin\AppData\Roaming\PicWish\PicWish\log\Apowersoft.CommUtilities.Native.log
Filesize
4KB

MD5
fdc6fbca63727decf127e05c72af81aa

SHA1
c0e3c3edd6c9b4c568898c1a103dacff54b0c75a

SHA256
3f2bca5b649794d583a7586abed0dd07ac1d55a384f6673d9669e9865c22b3f5

SHA512
589a1aae79fb626a7b4bdd0b9011466eb09b66f290623efaa4395aa19f43328951804b83000e4e00bfa3ca229fbc77498bc76ef011c6b19eabfedb432f3db96a

Download Submit
\??\pipe\LOCAL\crashpad_4456_MSVJIODEJABEXKUP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/868-299-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/868-285-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/868-156-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/2528-633-0x00000226345E0000-0x0000022634B08000-memory.dmp

Filesize
5.2MB

Download
memory/2528-599-0x000002261A280000-0x000002261A28A000-memory.dmp

Filesize
40KB

Download
memory/2528-635-0x000002261A2F0000-0x000002261A300000-memory.dmp

Filesize
64KB

Download
memory/2528-642-0x0000022633B50000-0x0000022633B58000-memory.dmp

Filesize
32KB

Download
memory/2528-644-0x0000022633B60000-0x0000022633B6C000-memory.dmp

Filesize
48KB

Download
memory/2528-616-0x0000022633B90000-0x0000022633C0E000-memory.dmp

Filesize
504KB

Download
memory/2528-645-0x0000022633B70000-0x0000022633B78000-memory.dmp

Filesize
32KB

Download
memory/2528-646-0x0000022633B80000-0x0000022633B88000-memory.dmp

Filesize
32KB

Download
memory/2528-647-0x0000022633F10000-0x0000022633F18000-memory.dmp

Filesize
32KB

Download
memory/2528-648-0x0000022633F20000-0x0000022633F28000-memory.dmp

Filesize
32KB

Download
memory/2528-649-0x0000022633F30000-0x0000022633F38000-memory.dmp

Filesize
32KB

Download
memory/2528-650-0x0000022633F40000-0x0000022633F48000-memory.dmp

Filesize
32KB

Download
memory/2528-651-0x0000022633F60000-0x0000022633F68000-memory.dmp

Filesize
32KB

Download
memory/2528-652-0x0000022633F70000-0x0000022633F78000-memory.dmp

Filesize
32KB

Download
memory/2528-614-0x00000226339F0000-0x0000022633A12000-memory.dmp

Filesize
136KB

Download
memory/2528-654-0x0000022633F80000-0x0000022633F8A000-memory.dmp

Filesize
40KB

Download
memory/2528-613-0x0000022633A80000-0x0000022633B06000-memory.dmp

Filesize
536KB

Download
memory/2528-656-0x0000022634260000-0x000002263429E000-memory.dmp

Filesize
248KB

Download
memory/2528-606-0x00000226334F0000-0x0000022633534000-memory.dmp

Filesize
272KB

Download
memory/2528-658-0x0000022634240000-0x0000022634258000-memory.dmp

Filesize
96KB

Download
memory/2528-604-0x00000226334A0000-0x00000226334E6000-memory.dmp

Filesize
280KB

Download
memory/2528-663-0x0000022635470000-0x0000022635DCE000-memory.dmp

Filesize
9.4MB

Download
memory/2528-664-0x0000022633F90000-0x0000022633F98000-memory.dmp

Filesize
32KB

Download
memory/2528-666-0x00000226342A0000-0x00000226342BA000-memory.dmp

Filesize
104KB

Download
memory/2528-602-0x00000226335B0000-0x00000226336B2000-memory.dmp

Filesize
1.0MB

Download
memory/2528-601-0x000002261A2F0000-0x000002261A300000-memory.dmp

Filesize
64KB

Download
memory/2528-668-0x0000022634320000-0x0000022634374000-memory.dmp

Filesize
336KB

Download
memory/2528-670-0x0000022634230000-0x0000022634238000-memory.dmp

Filesize
32KB

Download
memory/2528-674-0x0000022634380000-0x00000226343A6000-memory.dmp

Filesize
152KB

Download
memory/2528-600-0x000002261A290000-0x000002261A298000-memory.dmp

Filesize
32KB

Download
memory/2528-678-0x00000226342D0000-0x00000226342DA000-memory.dmp

Filesize
40KB

Download
memory/2528-634-0x000002261A2F0000-0x000002261A300000-memory.dmp

Filesize
64KB

Download
memory/2528-676-0x00000226343B0000-0x00000226343E4000-memory.dmp

Filesize
208KB

Download
memory/2528-598-0x000002261A270000-0x000002261A27E000-memory.dmp

Filesize
56KB

Download
memory/2528-683-0x0000022634B10000-0x0000022634C1C000-memory.dmp

Filesize
1.0MB

Download
memory/2528-685-0x0000022634300000-0x000002263431C000-memory.dmp

Filesize
112KB

Download
memory/2528-687-0x0000022634220000-0x000002263422E000-memory.dmp

Filesize
56KB

Download
memory/2528-596-0x0000022618220000-0x000002261876E000-memory.dmp

Filesize
5.3MB

Download
memory/2528-688-0x00000226343F0000-0x0000022634430000-memory.dmp

Filesize
256KB

Download
memory/2528-691-0x0000022634480000-0x00000226344C4000-memory.dmp

Filesize
272KB

Download
memory/2528-693-0x00000226342E0000-0x00000226342E8000-memory.dmp

Filesize
32KB

Download
memory/2528-694-0x00000226344D0000-0x0000022634508000-memory.dmp

Filesize
224KB

Download
memory/2528-695-0x00000226342F0000-0x00000226342FE000-memory.dmp

Filesize
56KB

Download
memory/2528-696-0x0000022634510000-0x0000022634556000-memory.dmp

Filesize
280KB

Download
memory/2528-697-0x0000022634450000-0x0000022634470000-memory.dmp

Filesize
128KB

Download
memory/2528-701-0x000002261A2F0000-0x000002261A300000-memory.dmp

Filesize
64KB

Download
memory/2528-702-0x000002261A2F0000-0x000002261A300000-memory.dmp

Filesize
64KB

Download
memory/2528-706-0x000002261A2F0000-0x000002261A300000-memory.dmp

Filesize
64KB

Download
memory/2528-722-0x000002261A2F0000-0x000002261A300000-memory.dmp

Filesize
64KB

Download
memory/2528-721-0x000002263ED30000-0x000002263EDE6000-memory.dmp

Filesize
728KB

Download
memory/2528-708-0x000002261A2F0000-0x000002261A300000-memory.dmp

Filesize
64KB

Download
memory/2528-709-0x000002261A2F0000-0x000002261A300000-memory.dmp

Filesize
64KB

Download
memory/2528-710-0x000002263A7E0000-0x000002263A966000-memory.dmp

Filesize
1.5MB

Download
memory/2528-711-0x000002263A970000-0x000002263AA80000-memory.dmp

Filesize
1.1MB

Download
memory/2528-712-0x000002261A2F0000-0x000002261A300000-memory.dmp

Filesize
64KB

Download
memory/2528-713-0x000002261A2F0000-0x000002261A300000-memory.dmp

Filesize
64KB

Download
memory/2528-717-0x000002261A2F0000-0x000002261A300000-memory.dmp

Filesize
64KB

Download
memory/2528-719-0x0000022639950000-0x0000022639960000-memory.dmp

Filesize
64KB

Download
memory/3976-284-0x0000000005300000-0x0000000005376000-memory.dmp

Filesize
472KB

Download
memory/3976-283-0x00000000009C0000-0x00000000009C8000-memory.dmp

Filesize
32KB

Download
memory/3976-286-0x0000000005A60000-0x0000000005A7E000-memory.dmp

Filesize
120KB

Download
memory/3976-288-0x0000000005A50000-0x0000000005A60000-memory.dmp

Filesize
64KB

Download
memory/5104-298-0x0000000000400000-0x0000000000680000-memory.dmp

Filesize
2.5MB

Download
memory/5104-168-0x0000000000860000-0x0000000000861000-memory.dmp

Filesize
4KB

Download