02330d74ea7107a7f09db8e42214f87411ca1e462434937adad8c222382d2eea

Analysis

max time kernel
79s
max time network
82s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
23-04-2023 20:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

picwish-setup.exe
Size

1.9MB
MD5

e5a1cdc09c01b092a93b522c6f5854db
SHA1

bf6cace29da031b9ec7ea45d2db3ca77e7506eef
SHA256

02330d74ea7107a7f09db8e42214f87411ca1e462434937adad8c222382d2eea
SHA512

7511574898933988308fc8739c8b9ebc6b5d35550d351cc396338ca831e03062f727bdd3c6b8e6f5a1efb1c70985e0ea0de60c8939ccb0438b0b5e495d4eb809
SSDEEP

49152:ZQR6QAuAMLVImaAfqTTCEyNCSay7ATGGqogQxu2le5oUb2w:Zo6QLAMZoCEyNCfYogQa

Score

8^/10

discovery evasion

Malware Config

Signatures

Downloads MZ/PE file
Modifies Windows Firewall 1 TTPs 3 IoCs
evasion

Modify Existing Service
T1031

Processes:

netsh.exenetsh.exenetsh.exe

pid process

3312 netsh.exe
3392 netsh.exe
460 netsh.exe

pid	process
3312	netsh.exe
3392	netsh.exe
460	netsh.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

picwish-setup.exePinTaskbarTool.exePicWish.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	picwish-setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	PinTaskbarTool.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	PicWish.exe

Executes dropped EXE 4 IoCs

Processes:

installer.exeinstaller.tmpPinTaskbarTool.exePicWish.exe

pid process

2764 installer.exe
1420 installer.tmp
3556 PinTaskbarTool.exe
1048 PicWish.exe
Loads dropped DLL 1 IoCs

Processes:

installer.tmp

pid process

1420 installer.tmp
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

pid	process
2764	installer.exe
1420	installer.tmp
3556	PinTaskbarTool.exe
1048	PicWish.exe

Drops file in Program Files directory 64 IoCs

Processes:

installer.tmpsetup.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\GalaSoft.MvvmLight.Platform.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\SharpVectors.Runtime.Wpf.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\XmpCore.dll	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\unins000.dat	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-71SU9.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-F3OS5.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-B76VH.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-SD1AM.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-5KDO2.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-A7LBG.tmp	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\Aliyun.Log.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\LibEdge.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\PicWish.Resource.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\SharpVectors.Converters.Wpf.dll	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-R6LLK.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-DGVGG.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-FDU8L.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-ILI47.tmp	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\PicWish.exe	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\websocket-sharp.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\WXImage64.dll	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-29HHC.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-851PB.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-MV94V.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-UOT7I.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\Lang\is-ACA0L.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\Lang\is-MGLG2.tmp	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\setuplog.log	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\GalaSoft.MvvmLight.Extras.dll	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-VHC23.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\Lang\is-DSPP7.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\Lang\is-7QIAV.tmp	installer.tmp
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\de203d05-7016-43cd-a40b-9b9710823a0c.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\CommonServiceLocator.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\LZ4Sharp.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\SharpVectors.Dom.dll	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-PCJ2D.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-SDJSD.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-J7GSV.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-EM4ON.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\Lang\is-CJJE8.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\Lang\is-P1DOP.tmp	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\Microsoft.Expression.Interactions.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\GalaSoft.MvvmLight.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\SharpVectors.Model.dll	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-AQ5MS.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-QH6O3.tmp	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\Aliyun.OSS.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\Newtonsoft.Json.dll	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-3IHSI.tmp	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\LibEdge64.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\SharpVectors.Css.dll	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-84LCJ.tmp	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\LiteDB.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\EntityFramework.SqlServer.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\Gma.System.MouseKeyHook.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\PicWish.CustomControl.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\WXImage.dll	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\Lang\is-T4GF5.tmp	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\Google.ProtocolBuffers.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\MetadataExtractor.dll	installer.tmp
File opened for modification	C:\Program Files (x86)\PicWish\PicWish\SharpVectors.Rendering.Wpf.dll	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-DV7VV.tmp	installer.tmp
File created	C:\Program Files (x86)\PicWish\PicWish\is-HL08D.tmp	installer.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 8 IoCs

adware spyware

Modify Registry

T1112

Processes:

installer.tmp

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	installer.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\PicWish.exe = "11001"	installer.tmp
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	installer.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\PicWish.exe = "11001"	installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	installer.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\PicWish.exe = "11001"	installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	installer.tmp

Modifies registry class 3 IoCs

Processes:

PinTaskbarTool.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	PinTaskbarTool.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	PinTaskbarTool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.

Processes:

description flow ioc

HTTP User-Agent header 57 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

description	flow	ioc
HTTP User-Agent header	57	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 11 IoCs

Processes:

installer.tmpmsedge.exemsedge.exeidentity_helper.exePicWish.exe

pid	process
1420	installer.tmp
1420	installer.tmp
4940	msedge.exe
4940	msedge.exe
4344	msedge.exe
4344	msedge.exe
2728	identity_helper.exe
2728	identity_helper.exe
1048	PicWish.exe
1048	PicWish.exe
1048	PicWish.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

4344 msedge.exe
4344 msedge.exe
4344 msedge.exe
4344 msedge.exe
4344 msedge.exe
4344 msedge.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

PinTaskbarTool.exePicWish.exe

description pid process

Token: SeDebugPrivilege 3556 PinTaskbarTool.exe
Token: SeDebugPrivilege 1048 PicWish.exe
Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

installer.tmpmsedge.exe

pid process

1420 installer.tmp
4344 msedge.exe
4344 msedge.exe
4344 msedge.exe
4344 msedge.exe

pid	process
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe

description	pid	process
Token: SeDebugPrivilege	3556	PinTaskbarTool.exe
Token: SeDebugPrivilege	1048	PicWish.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

picwish-setup.exeinstaller.exeinstaller.tmpmsedge.exe

description	pid	process	target process
PID 1968 wrote to memory of 2764	1968	picwish-setup.exe	installer.exe
PID 1968 wrote to memory of 2764	1968	picwish-setup.exe	installer.exe
PID 1968 wrote to memory of 2764	1968	picwish-setup.exe	installer.exe
PID 2764 wrote to memory of 1420	2764	installer.exe	installer.tmp
PID 2764 wrote to memory of 1420	2764	installer.exe	installer.tmp
PID 2764 wrote to memory of 1420	2764	installer.exe	installer.tmp
PID 1420 wrote to memory of 3312	1420	installer.tmp	netsh.exe
PID 1420 wrote to memory of 3312	1420	installer.tmp	netsh.exe
PID 1420 wrote to memory of 3312	1420	installer.tmp	netsh.exe
PID 1420 wrote to memory of 3392	1420	installer.tmp	netsh.exe
PID 1420 wrote to memory of 3392	1420	installer.tmp	netsh.exe
PID 1420 wrote to memory of 3392	1420	installer.tmp	netsh.exe
PID 1420 wrote to memory of 460	1420	installer.tmp	netsh.exe
PID 1420 wrote to memory of 460	1420	installer.tmp	netsh.exe
PID 1420 wrote to memory of 460	1420	installer.tmp	netsh.exe
PID 1420 wrote to memory of 3556	1420	installer.tmp	PinTaskbarTool.exe
PID 1420 wrote to memory of 3556	1420	installer.tmp	PinTaskbarTool.exe
PID 1420 wrote to memory of 3556	1420	installer.tmp	PinTaskbarTool.exe
PID 1968 wrote to memory of 4344	1968	picwish-setup.exe	msedge.exe
PID 1968 wrote to memory of 4344	1968	picwish-setup.exe	msedge.exe
PID 4344 wrote to memory of 4656	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 4656	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 3240	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 4940	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 4940	4344	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\picwish-setup.exe
"C:\Users\Admin\AppData\Local\Temp\picwish-setup.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1968

C:\Users\Admin\AppData\Local\Temp\installer.exe
"C:\Users\Admin\AppData\Local\Temp\installer.exe" /VERYSILENT /SUPPRESSMSGBOXES /FORCECLOSEAPPLICATIONS /DIR="C:\Program Files (x86)\PicWish\PicWish" /LANG=Spanish
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2764

C:\Users\Admin\AppData\Local\Temp\is-4M2J4.tmp\installer.tmp
"C:\Users\Admin\AppData\Local\Temp\is-4M2J4.tmp\installer.tmp" /SL5="$D003A,19270345,749568,C:\Users\Admin\AppData\Local\Temp\installer.exe" /VERYSILENT /SUPPRESSMSGBOXES /FORCECLOSEAPPLICATIONS /DIR="C:\Program Files (x86)\PicWish\PicWish" /LANG=Spanish
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1420

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\system32\netsh.exe" advfirewall firewall delete rule name="PicWish" program="C:\Program Files (x86)\PicWish\PicWish\PicWish.exe"
4⤵
- Modifies Windows Firewall
PID:3312

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="PicWish" dir=in action=allow program="C:\Program Files (x86)\PicWish\PicWish\PicWish.exe" enable=yes
4⤵
- Modifies Windows Firewall
PID:3392

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="PicWish" dir=out action=allow program="C:\Program Files (x86)\PicWish\PicWish\PicWish.exe" enable=yes
4⤵
- Modifies Windows Firewall
PID:460

C:\Users\Admin\AppData\Local\Temp\is-PPUKV.tmp\PinTaskbarTool.exe
"C:\Users\Admin\AppData\Local\Temp\is-PPUKV.tmp\PinTaskbarTool.exe" /unpin "C:\Program Files (x86)\PicWish\PicWish\PicWish.exe"
4⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:3556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://r.aoscdn.com/jumper?type=install&product_id=492&language=es&unique_id=921b3356f8b8d4beeccf780ee088db5b&apptype=saas&appver=2.8.2.0&first_install_ts=1682288410&ts=1682288410&wxga=&ct=1677119499&mt=1677119499&h=e5a1cdc09c01b092a93b522c6f5854db&hash=4f19c12c22f3ba6c934abd9da708ba1a
2⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb38c646f8,0x7ffb38c64708,0x7ffb38c64718
3⤵
PID:4656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8604361767145559704,17062052037727630933,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
3⤵
PID:3240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,8604361767145559704,17062052037727630933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,8604361767145559704,17062052037727630933,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
3⤵
PID:2772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8604361767145559704,17062052037727630933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
3⤵
PID:2012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8604361767145559704,17062052037727630933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
3⤵
PID:5040

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,8604361767145559704,17062052037727630933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
3⤵
PID:4172

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
3⤵
- Drops file in Program Files directory
PID:1184

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0xe4,0x22c,0x7ff7a6705460,0x7ff7a6705470,0x7ff7a6705480
4⤵
PID:1652

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,8604361767145559704,17062052037727630933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8604361767145559704,17062052037727630933,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
3⤵
PID:2052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8604361767145559704,17062052037727630933,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
3⤵
PID:5004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8604361767145559704,17062052037727630933,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1
3⤵
PID:3704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8604361767145559704,17062052037727630933,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
3⤵
PID:1528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4224

C:\Program Files (x86)\PicWish\PicWish\PicWish.exe
"C:\Program Files (x86)\PicWish\PicWish\PicWish.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1048

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\PicWish\PicWish\Aliyun.Log.dll
Filesize
77KB

MD5
dcb7d24b7c24bdc474a4ddbce4404c97

SHA1
ddb03f0e22f632f28edbcd31208c35288d42d57e

SHA256
06d8f6f58ef29fd50fa89b5bf5e5a4f2a2c4cc39583d78fbb90e931914cb572f

SHA512
6e404ac3bd956e88df83ff067ea8188f3e1c1bc2319110073a108a5106495b1a4829dd3e0652a5bd3ee4d4c20ea86b589de2e46e29f139e3456a21bf7639d4a1

Download Submit
C:\Program Files (x86)\PicWish\PicWish\CommonServiceLocator.dll
Filesize
9KB

MD5
181fa402215022dd2e5a19d89db1392d

SHA1
90dd2343c497389798cc0aba53863eecdd5e65d8

SHA256
0901248381ecd6cb362727a7905f0ebe7b791317b4502f39a8caaaca3326a244

SHA512
a442e768a477b9237cd165610e11267d7fbfe608980663c20e597276b343fa745e830104f77e8a76fe705587f5e386ccc797e9676b073ae09da77472ed6d04a8

Download Submit
C:\Program Files (x86)\PicWish\PicWish\GalaSoft.MvvmLight.Extras.dll
Filesize
21KB

MD5
810e42e2bbfb536bdc01abf882a24938

SHA1
7bd37217aaf5ec27d2f993bb4212b0b8ab94d220

SHA256
cb4d844434a8ffbd33531470e094524be27b88ca42b2c2197492bbe8246ea1bb

SHA512
176769ef15d87373c53cc39241126bd39ce57b18af0df4d9d2cf68645868dd53090cb5ab93b8ba78303a3e6b5f3888d2150e6def57b26462df1b12fe7450f650

Download Submit
C:\Program Files (x86)\PicWish\PicWish\GalaSoft.MvvmLight.Platform.dll
Filesize
13KB

MD5
5b958b4229538ac23099ce9ed6f37de4

SHA1
32cd46e39c4f6334d28788d5e3afaa19d4fd1041

SHA256
2a1114c99533aae7442b298336247350b55caa193c06454ea606d6a394656573

SHA512
87b6a509d1cb262e6ba198819ffec3b8e03e4672b031ff918fe406307f750192a73c73dcd8140d8be5dcc8286a79e779fad59189ae7ac759cec6223e55b9b899

Download Submit
C:\Program Files (x86)\PicWish\PicWish\GalaSoft.MvvmLight.dll
Filesize
29KB

MD5
af04687248da9e95a7ff65ab538d0bcf

SHA1
7511184300e2b6f70bc92333392386a812b2dabf

SHA256
b097fca120a9e76fa870d82662bdd233adbf08fc34a3c509f31cc5ced0ac1ecf

SHA512
a5eab337f6386de5fb2cc809730bac7d17cdfb309afea32e65e9d8c457f97ac3e3f03cebd48535cf253e28f3aa600f234631c2060ec59acb917cb5f135f4b67a

Download Submit
C:\Program Files (x86)\PicWish\PicWish\Google.ProtocolBuffers.dll
Filesize
311KB

MD5
ef320e5a8bf540bc51a40786e629c9cf

SHA1
496d21952b74b8cc2681653fdffcda7de626ff4c

SHA256
a0d084502641c4ce258f42a9478ab37f797a5def8ef22af6be96a72678176277

SHA512
a42579a7836373ffeac435bfb2374ef82c09798973c7f03029f35fae1b8e6191ff7765981b65fd6a00f76dfdc1297f224e27388ce357148a14f248a00a45c1ce

Download Submit
C:\Program Files (x86)\PicWish\PicWish\LZ4Sharp.dll
Filesize
28KB

MD5
9b06c02ee1e4681437fcaac0a9128ea7

SHA1
8790f74c6bd5f0e97e95c6fecadcabe27a76b649

SHA256
f7d86e9097d16bfc170cbfad5e18a20bd9a48381308ba537695389594d8b53bf

SHA512
7219445240a7898f7c5b5b8d01913cb887923a21cb6d74d97a359e67ef40ebc2affc03f28f101c71384fbbe5e5fb9aa8b6f2776cb7c13f0fb76138660a5a67ec

Download Submit
C:\Program Files (x86)\PicWish\PicWish\Lang\ChineseSimplified.xml
Filesize
25KB

MD5
989f7bf666d3c095623e3c26626746d3

SHA1
b4a5121dde76163f0fbbe181653e5c1fc36daf91

SHA256
3f7c0af0419e0213563fe80f920bf1998013e71ca35f643e0acdef5576fb80c2

SHA512
73040a5fd24562719cc034b0c15d54a083413eccec0f54b95f348532b30043cb8982e490efa2815b039aa141ab8b967b73ce5dcdcf31951803e0e6a72525d1fe

Download Submit
C:\Program Files (x86)\PicWish\PicWish\Lang\ChineseTraditional.xml
Filesize
25KB

MD5
857ced5f3319098300d2bb15272caedc

SHA1
a949c348465d53577d5b4c7b24956ca2ca7ef896

SHA256
df6203ebb95218b6afc59b34e0f109c0fa71f4ae30414bd6dc74155b318db231

SHA512
a49fc9f4f4676148d0c3bb6c7d03385867e13427d3609528ff785d622a71949bf59886f14f5f7488ed21db7f52cad88e648435238fcd395c25755aaa76a287f5

Download Submit
C:\Program Files (x86)\PicWish\PicWish\Lang\English.xml
Filesize
24KB

MD5
9b8db7e0fbd43d7b59085260f8d3eedc

SHA1
3268554af58f7220d59b2326235bed4b3ee40c06

SHA256
6fdd9ae94d7da112ed4fe0442d7cdf7a8005378e931bdd089959ca2123c1a5ca

SHA512
6e07d66ceda97d77a5bc8e81ead197b630621acaa7f756d5e523d0cfee3104356969798d983cfa66ee1a679e8d30aecf0b4a7fa7f664cf58cdee58085cdc1027

Download Submit
C:\Program Files (x86)\PicWish\PicWish\Lang\French.xml
Filesize
26KB

MD5
712c5e9eddfe6a9f7137d2734ebff001

SHA1
58640d5d57c03b22aed318125f14b5c4646c246e

SHA256
e91541e5bbdb86525bb145fb414ce3f74ab31bc33e7eef3d365fa980dbd1afd7

SHA512
1f0cf056b714cddcf2692e92dfd80a5a8040cef7acae5d88b3bcdf909760bb74cac5ca677419ed7513128cbff938282dcbc2429779157f766156eb304e06258a

Download Submit
C:\Program Files (x86)\PicWish\PicWish\Lang\German.xml
Filesize
26KB

MD5
2cbc72cd428df65cb8e80128f5314fe9

SHA1
f0998a41d88efea58a91c3332200a29d289a5385

SHA256
02a10c26a3abb8ad2e9bcf509f5782dc31c4bbd5354bd1f09866dd1f049b93b4

SHA512
b7d3c6dd017f125008609b7aebe032f215cef9875172252fd0c30a01503bca67c4635e3b793f08763cf80bbad236658c90f432461e78d529a63a97578ef90bfb

Download Submit
C:\Program Files (x86)\PicWish\PicWish\Lang\Japanese.xml
Filesize
27KB

MD5
d750ddf857945b80ba3b94e19ac80be5

SHA1
9dfa4114749c3fcc8a6945720819c24850a6e7b5

SHA256
fa15de90f888c2a34320a65d267ebd937cf261d2af652df2b2c8500e05100f60

SHA512
d94f58615861b3837d7018798fc9ffae698024211bea956b5664cddaf63d202206703e013b9fc8cfb0ff88894663209275814c7d7cd8d6751c4042403f252567

Download Submit
C:\Program Files (x86)\PicWish\PicWish\Lang\Portuguese.xml
Filesize
24KB

MD5
c0c7a0daf6a34bda5f6c90a002623633

SHA1
2a2c81a672158bd8a75c643775eb95fa750b8f36

SHA256
bb28071e53037dff074d596e8d9bdfcda177e3575be0009947f3746ba696c450

SHA512
339bbfa5b4fd49c00d88ac8983e2a7e2dd9fe56c1e23eedf2ffae286ef0c585b275c21bdc32cd63922e4b5a627ef28fbaeae140e40a74a9ecfb0252580082110

Download Submit
C:\Program Files (x86)\PicWish\PicWish\Lang\PortugueseBrazil.xml
Filesize
24KB

MD5
51b823bbcbeb6bba728767a31a15d79a

SHA1
059dc338b904d50df65ef8e0f622a8ff5b596e5f

SHA256
3db139befd389078966d6cac574f3e64b68b55da78d5730dc53c22edb70bdb20

SHA512
b7349a7df467ce5fc5ed74fdb740a536c527ffe1c78c6828489100fb2978478c2b6bb28b412cfd41a6f96200f6bc19758bd9aed59a59284ea805c29eaa2cc75b

Download Submit
C:\Program Files (x86)\PicWish\PicWish\Lang\Spanish.xml
Filesize
26KB

MD5
2f1b7ff53a711c48c269a0ac39d027b7

SHA1
a564f40f7326ce25778cb8433cd0072bcb44eb43

SHA256
a09b29f88e0f07657bae996364b8224708987a796dbcf33c9af896807e9c06be

SHA512
e833559448811131f422fe0307aa184e2486e5fe5029cb394a27d93a638fa27164a3b121f40fa51340300fc4a95b9b1ceedd4b8fb8ca3dd348f5c0572a0a3267

Download Submit
C:\Program Files (x86)\PicWish\PicWish\LiteDB.dll
Filesize
478KB

MD5
6f6c0343f59fac35010a72d1f25bc459

SHA1
4f7b39dcbf32c14575bfcceccc9722721b00c66b

SHA256
87e27fac0e872614aff5a1bd7b93727d10352fe42c1e4b9bc2f41fcdd344b750

SHA512
9b0d20cdc921f0e338cb4d3fd39976eb860b38f6518afc4dadc041ff7d9ad5d13b8ca69fb142af8407a63f0471eda182b04d1c33ba70bbea29a39df8e3373b3c

Download Submit
C:\Program Files (x86)\PicWish\PicWish\Newtonsoft.Json.dll
Filesize
514KB

MD5
c53737821b861d454d5248034c3c097c

SHA1
6b0da75617a2269493dc1a685d7a0b07f2e48c75

SHA256
575e30f98e4ea42c9e516edc8bbb29ad8b50b173a3e6b36b5ba39e133cce9406

SHA512
289543f5eea472e9027030e24011bea1e49e91059241fe6eb732e78f51822313e47d1e4769fa1c9c7d6139f6a97dcfef2946836b3383e8643988bf8908162fb9

Download Submit
C:\Program Files (x86)\PicWish\PicWish\PicWish.CustomControl.dll
Filesize
258KB

MD5
45038ae75f6ada757f0104cb33ec919d

SHA1
26c9e4a6a4105aa6c011007384ff47ff877fa47d

SHA256
2069cb6d29d6de3917a8d0935c4d58a3d2518cf969f137f462be0525de2e31df

SHA512
baaab7941f5fd61bbfa529490a43cc4677452e12d093da12255bef11fe5ae3d1cc0bafa9022c1b4269779181d2fb2fb74de2b868e71c27747cb9081c73b8cca9

Download Submit
C:\Program Files (x86)\PicWish\PicWish\PicWish.Resource.dll
Filesize
9.4MB

MD5
9992eb209b678141120f3d60b3af6d65

SHA1
7a10fc8761d20468d0fcb7098a3f93110022e0cc

SHA256
1030f7f3ac3fc868c5dd957bda2531d13e9e47c5f87eb07f0c040831d0f845da

SHA512
aa5fdace374897a2b2bfb5e7056063b3980c33e3b515e3e0ecf0562d93f54975c5f650b72b9c7f50f1164ca266825280f3f5afe023cdfa4d2d874e70f0b93638

Download Submit
C:\Program Files (x86)\PicWish\PicWish\PicWish.exe
Filesize
5.4MB

MD5
734a36935e46b15532ea6152ea7dc671

SHA1
071430714665b7fd5466d1d8fb53b8db8d084b65

SHA256
0ed0f0063ae481cae000721349787c56f9a72c0e3bf7c579ec17276b1295b2a8

SHA512
3a8f8512993882fc1b2cc3429b60a65ee837ad9b43c7272b91541f44a0dd67f16f86de05f2a7dd7b2d8b34f2c050a80f944d82e155ad412d78456e66ec9bb155

Download Submit
C:\Program Files (x86)\PicWish\PicWish\PicWish.exe
Filesize
5.4MB

MD5
734a36935e46b15532ea6152ea7dc671

SHA1
071430714665b7fd5466d1d8fb53b8db8d084b65

SHA256
0ed0f0063ae481cae000721349787c56f9a72c0e3bf7c579ec17276b1295b2a8

SHA512
3a8f8512993882fc1b2cc3429b60a65ee837ad9b43c7272b91541f44a0dd67f16f86de05f2a7dd7b2d8b34f2c050a80f944d82e155ad412d78456e66ec9bb155

Download Submit
C:\Program Files (x86)\PicWish\PicWish\PicWish.exe
Filesize
5.4MB

MD5
734a36935e46b15532ea6152ea7dc671

SHA1
071430714665b7fd5466d1d8fb53b8db8d084b65

SHA256
0ed0f0063ae481cae000721349787c56f9a72c0e3bf7c579ec17276b1295b2a8

SHA512
3a8f8512993882fc1b2cc3429b60a65ee837ad9b43c7272b91541f44a0dd67f16f86de05f2a7dd7b2d8b34f2c050a80f944d82e155ad412d78456e66ec9bb155

Download Submit
C:\Program Files (x86)\PicWish\PicWish\PicWish.exe.config
Filesize
2KB

MD5
42c775c09ac6f0b279f7f2ea09e450cc

SHA1
01c96bbc775e07de97b6482fd69e39ef1956249d

SHA256
87d6127ee203a3be08b38087a263950e3495349b8696120dbae23978a2b1af37

SHA512
812206e25307dfe6f05f2c2c193e5e636e2db4e8e95eb51609cc51bf1944795d98026beaa5e14fb7ad73d6cbec3683f3a434c928838653f7a43e845cf50bd999

Download Submit
C:\Program Files (x86)\PicWish\PicWish\SharpVectors.Converters.Wpf.dll
Filesize
130KB

MD5
3f4ede50034cc5c476052ce3ee240d69

SHA1
206690d920b4de81c78f59d92758de4676d7cc36

SHA256
ada64205ff0036da2d880fc63de40917849e04108b7049003d204326adf9b92e

SHA512
89e8f56e3a9a28f6a4ac46e96e981436ab3c33339489cb42ab5c99fd8de404e0ea45b8566ad5308335596712dbd61118e6eae65e43c7dfe16af0e48e6d9c6280

Download Submit
C:\Program Files (x86)\PicWish\PicWish\SharpVectors.Core.dll
Filesize
179KB

MD5
cdd59706adc76e83412c9d59ded994be

SHA1
4f099d2139eec21c5563aaa27ba6238a5ede80c6

SHA256
f17545eb8c444b587c8fe5a40782bf699c1543e3fa728bf12bd5b9383beb3b80

SHA512
3f2ca21f6c8709a77394e1600b51db2fa90b607533151b9caddbc6e7e5f531d1dfccee4a5596188f81d7de05e85739b6564ffbc21dd3a86ff210f8eaac9ce934

Download Submit
C:\Program Files (x86)\PicWish\PicWish\SharpVectors.Css.dll
Filesize
89KB

MD5
8f0f9d50e275ae88bbbd9c8653cbe9d0

SHA1
cd242425a28aca8b230e165ec80da9a4b39a2b4d

SHA256
d3711842c4d3f17268c3e38e26ee50a93d38c539c8b9159d6236f789ad1e6985

SHA512
485de01505b4589855afe9b8433a73e26c8bf0f3c47a5ade1c0bdbdfe93ca496ac75c0b07c7d6129da21e48fdc54ab69e403748fa4da833ca7300fc03d6411e3

Download Submit
C:\Program Files (x86)\PicWish\PicWish\SharpVectors.Dom.dll
Filesize
32KB

MD5
c2c3ed996a141a6440de39dbd13ec777

SHA1
4dd8c82bb385f3ee166d3731b0c36464900c1845

SHA256
8235e63093dad1604cc33bf355f2efc49cca7b2ba3c3d1cc37c98bfc856c661b

SHA512
00c470767fbca5cb3a0d491da8ab0050984039aa5d8ee2e2b986ca897450b3a1081eb5acb9c706ae5311c8d53efa9cd484c47e07e84883a06765dce2a0df93ad

Download Submit
C:\Program Files (x86)\PicWish\PicWish\SharpVectors.Model.dll
Filesize
1.0MB

MD5
a31602e067542b1a79932690c93741cb

SHA1
ddb47f578223fc127549741fcb0343f5c38d2037

SHA256
6a739b85b241378d9d78b490053db2053ab7690fb45677f64157fd0de4e3b794

SHA512
9c8ed4cfa6e61efcffe31a7cf2f52f3dc7d429e71fed670a843a028bebebb18982672f3d6158e5ee00449ab8354607eb88805712c6e9332ae6d121a97298e85c

Download Submit
C:\Program Files (x86)\PicWish\PicWish\SharpVectors.Rendering.Wpf.dll
Filesize
225KB

MD5
cefd5b31fe148b6d48763d8f88ac4bbb

SHA1
1cc71edc00cfd9c96b4f6b4e9d9762c81d4799ca

SHA256
1133ee4026690ec2c59369c1211f4ac3ef0c862620c9812c27a2c9893d2c6f19

SHA512
35e032911482a388e02bc258f15d3f98531fee2b8889fe083b1841de98aa542259e7c56733506ff06a4485f8794116805570e33f201128b4d6d46ced2736b65f

Download Submit
C:\Program Files (x86)\PicWish\PicWish\SharpVectors.Runtime.Wpf.dll
Filesize
71KB

MD5
8da5cf5784c04e6b068c5d508b962641

SHA1
a4ced8562a9ed08c99ecc739aa83d191b1af8c61

SHA256
11ff9a3f74202409b0681535f34a223a1164f34527960990b63e966b3fa86141

SHA512
e8bd6511c1fc31a81c54fe45205dfcc30d91f6fb84f5a25e841aa5845241f2b5ce0cab6ef362558928ce3c1d185e1d953c16e578cb180a45c55d54a3daba6919

Download Submit
C:\Program Files (x86)\PicWish\PicWish\log4net.dll
Filesize
264KB

MD5
46319a38ce5d09020d2ac56b67829c6c

SHA1
ffe64ca4d4bc9e1dab1d195982d22121a6baa058

SHA256
1d45a6afa38f0b10814063f2a42e6efce45752853667650e765844b8566b3332

SHA512
0de61771a92ee71470e51bccf66d3a39c105ae23d60e73d8e4e7d44135dff4c8d1dddff9bbb6be72ff083d51c784e5ca829a6adefee87fd901d2de58db0ddb03

Download Submit
C:\Program Files (x86)\PicWish\PicWish\websocket-sharp.dll
Filesize
250KB

MD5
863e1abfe419267917e058a2f41c4651

SHA1
3db44c482c3a99428e3fe01c9268f50f4ca3e060

SHA256
d5167719bb575cdb6107093a126857c68a9e1c00c2c966774c280cbb3ba0c909

SHA512
49857102b7d68e73caeaba81462a5048b527d5c763b43dc55ab31c6f9880de20d0d88f9ae2ab3735dc255b06743bb6b902a9b297ff815db1baba2cd415a30543

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
0820611471c1bb55fa7be7430c7c6329

SHA1
5ce7a9712722684223aced2522764c1e3a43fbb9

SHA256
f00d04749a374843bd118b41f669f8b0a20d76526c34b554c3ccac5ebd2f4f75

SHA512
77ea022b4265f3962f5e07a0a790f428c885da0cc11be0975285ce0eee4a2eec0a7cda9ea8f366dc2a946679b5dd927c5f94b527de6515856b68b8d08e435148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
425e83cc5a7b1f8edfbec7d986058b01

SHA1
432a90a25e714c618ff30631d9fdbe3606b0d0df

SHA256
060a2e5f65b8f3b79a8d4a0c54b877cfe032f558beb0888d6f810aaeef8579bd

SHA512
4bf074de60e7849ade26119ef778fe67ea47691efff45f3d5e0b25de2d06fcc6f95a2cfcdbed85759a5c078bb371fe57de725babda2f44290b4dc42d7b6001af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
c294b90fc3355998884f2c97fbee38fb

SHA1
65c74a0eab1f48dd7d894dd53d825812a1f45c44

SHA256
eeb6191c9c904036579a29a22b0782f8ca48ccb2899375b5a003533d39101674

SHA512
18b09297e1bf79cab662abfeef11d4b55c0d42a6efbcf56fa2f429153a2ae2794a989d151dcac4bb1f011c5fc1a19c2fcf4e2e1a985bc34b75df44926d8ab9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
da8ac34e8bbc1f49f1e9fa9bab8dc087

SHA1
1e4e36e5e0c226eb3ad2932ec534ed007c95439b

SHA256
10a12f677a4224353a96254700b8cc783408e5a2927a2380cdc20324717d2eff

SHA512
e94d110a1db4e8c76ccd46dcbf2933f73c9c494a062c2c26d945d23283548b14821dc9a60917e071ece3e761ea7e79488f25f4a1e517a778ba9e36e6137a9a4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
123b0577a8d3234262dec7b3b754248e

SHA1
893b9da2c685b40f9e1cf52a0700c5cb24de5920

SHA256
7f58b64f9f6a962a2527825df9d4505f9f52469dcfbb7af1b65a0ed7b7361c29

SHA512
b81597b9e786e0318d01970a1b8114878b585cd0711b025fa0e242c97d18a8cc979405b176c667c0b8103103ec6240462e572a6d7362c8cbe527a06da3745a26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
4b85d3019f0c97d82bba6150a521dfc5

SHA1
0b90af7addaed52872923c68ba574b5699d77ff4

SHA256
9cc9f1afc644826bc0628153799012ae576aa14c0b6da0a7c22876df501408d5

SHA512
ddc0eba90b10916bd80205dc69e9ad560c06d862a1580d5e4d1c30ed43519334e2812cdccdc010c678997d0f0a9bafab4ad6aede8df19faf10bd85911ecdce50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
d53ac35ab3976e67caeed75c4d44ffc1

SHA1
c139ab66d75dc06f98ada34b5baf4d5693266176

SHA256
647867c7236bcb78b7d585b476d82a101a077fac43c78dc59e612253fbf69437

SHA512
391355c71734ded913239a6db10a3202087e756bccc8e29411108f21b3f2460d9a9c606619aadd785285be70eddcf61ef9519441cd387cd3823c1399a6967cc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
9be6174057dd42ac98c4ba43566327f4

SHA1
013bd9642329115da021745807f236c28aeb075f

SHA256
043c3cac3bfa903cd6810aa304b6479e83776dd0551d4273565a169f8d738af9

SHA512
022ed952fbc36537450bbb89a2128a8a26e5918bf010556022c2e25997955d07d5bad92c030cb6c21760351d4b0750e1bc69ac5cf5fec237a993ae6e1e4e4ee1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
d7ad3fe09256a80aa405a07cc0275f38

SHA1
f2feb9a06b8612e65e069915915f880581194af9

SHA256
088e76419cd291169fb14cde1b72261c683e66f8cdedf1526eca741f8b32a1ec

SHA512
9d13e2d5c810066914f51479722d951ba61485a2f474422119c12b1fdf9fbdb8954fccd4ef7f621f525a2bd0a741b8b7bf164618ff842fbf9bb7f3c923227581

Download Submit
C:\Users\Admin\AppData\Local\Temp\Setup Log 2023-04-23 #001.txt
Filesize
22KB

MD5
45d0107e8fea99aca2ee070c2adab5f0

SHA1
da68d78885095bf247ede94bebdaf3f9c516bdac

SHA256
94d5d10480d9fd8f321a690c922ad8db76815dfa7491bf5d13abe6478ce83648

SHA512
e77450a7d349e11b4a56e83ecb17f1fffabb56562a01e216c748824a1d55da8d75cb3834574b84eebaa6b537a6b10aff5724d4cec09931df2f1e2aebb40ccf2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\installer.exe
Filesize
19.3MB

MD5
cd7f8de463ffe88692388fd74fea1bb0

SHA1
3d24ca0f842b441a0c9954e03d18a0bc1e589108

SHA256
8af57db40ecd8fe18c79b2861e71bcf40636d4e92cbba24599ccefa1fd8a5915

SHA512
2f239a741581d31aa961f4216e7452fec334bc34bbac28a2942e3dd1655bb647c2a08d56eb0aa724a1be154beb8668e6757c1ec67522af83158d5a3f32965dbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\installer.exe
Filesize
19.3MB

MD5
cd7f8de463ffe88692388fd74fea1bb0

SHA1
3d24ca0f842b441a0c9954e03d18a0bc1e589108

SHA256
8af57db40ecd8fe18c79b2861e71bcf40636d4e92cbba24599ccefa1fd8a5915

SHA512
2f239a741581d31aa961f4216e7452fec334bc34bbac28a2942e3dd1655bb647c2a08d56eb0aa724a1be154beb8668e6757c1ec67522af83158d5a3f32965dbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\installer.exe
Filesize
19.3MB

MD5
cd7f8de463ffe88692388fd74fea1bb0

SHA1
3d24ca0f842b441a0c9954e03d18a0bc1e589108

SHA256
8af57db40ecd8fe18c79b2861e71bcf40636d4e92cbba24599ccefa1fd8a5915

SHA512
2f239a741581d31aa961f4216e7452fec334bc34bbac28a2942e3dd1655bb647c2a08d56eb0aa724a1be154beb8668e6757c1ec67522af83158d5a3f32965dbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4M2J4.tmp\installer.tmp
Filesize
2.4MB

MD5
3700f8cfed50376dc316f5cea9c7ce00

SHA1
614e53ec724d8e5adaa99722d698002fe0a8975d

SHA256
26cd6ea5dbdec06aadfe022f3c23a5546a217bfa93ff0bb1c95326e0e900ea75

SHA512
df79f7264a42a007ce0f8a68a1735f7f0e7d2dec6385e63308bc5b675ec247c36359af37f3a48d2289eaf1e57a6a74f2e7070c74005dcbb422de06a63cc76491

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4M2J4.tmp\installer.tmp
Filesize
2.4MB

MD5
3700f8cfed50376dc316f5cea9c7ce00

SHA1
614e53ec724d8e5adaa99722d698002fe0a8975d

SHA256
26cd6ea5dbdec06aadfe022f3c23a5546a217bfa93ff0bb1c95326e0e900ea75

SHA512
df79f7264a42a007ce0f8a68a1735f7f0e7d2dec6385e63308bc5b675ec247c36359af37f3a48d2289eaf1e57a6a74f2e7070c74005dcbb422de06a63cc76491

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-PPUKV.tmp\PinTaskbarTool.exe
Filesize
10KB

MD5
c00880561224f037feef7cd3dcd11314

SHA1
3435536555e29c387fd6f55f9d52381e6287fa94

SHA256
114963fc2ad618e25837b6f2d1f55d8e616216fe16c21af99c113889d39e92a7

SHA512
63050120886d8432c7632a7b8d4798176714156ce5934ec06971220e117a0ecd8fe76da482b51f95a00de579635db3056a8220493361ba69080f2b26bdf5e941

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-PPUKV.tmp\PinTaskbarTool.exe
Filesize
10KB

MD5
c00880561224f037feef7cd3dcd11314

SHA1
3435536555e29c387fd6f55f9d52381e6287fa94

SHA256
114963fc2ad618e25837b6f2d1f55d8e616216fe16c21af99c113889d39e92a7

SHA512
63050120886d8432c7632a7b8d4798176714156ce5934ec06971220e117a0ecd8fe76da482b51f95a00de579635db3056a8220493361ba69080f2b26bdf5e941

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-PPUKV.tmp\isxdl.dll
Filesize
130KB

MD5
f7b445a6cb2064d7b459451e86ca6b0e

SHA1
b05b74a1988c10df8c73eb9ca1a41af2a49647b7

SHA256
bd03543c37feb48432e166fe3898abc2a7fe854b1113ee4d5d284633b4605377

SHA512
9cf6d791132660d5246f55d25018ad0cf2791de9f6032531b9aca9a6c84396b8aeca7a9c0410f835637659f396817d8ba40f45d3b80c7907cccbe275a345a465

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
d1a9eea7bb531cb168753cb142af5b4c

SHA1
9734b7717b400e3821ac6a79b2f494a8b2320796

SHA256
845b63334caee5fa95ef856afc446c4d450d9fb730c5cb9b117dfecdc44a1db3

SHA512
22ca6ef4fd3eea92b79039cc6292a512dc35738cd9312a08968460ba806aac1a2c68c5097ccfc065e51cc10c9492e8aa183b5b6fc95c3d0aecf4e709a34dfe5f

Download Submit
C:\Users\Admin\AppData\Roaming\PicWish\PicWish\Config.ini
Filesize
131B

MD5
d494125c481733cee3953ff6ff7a8ab4

SHA1
f3407bd75393e700d5abf0d41ba98cda67d470dc

SHA256
16d15b44026ab88e3113a2d8cd4ca9b6afea3a6554eb34dfce8508aa7aea8295

SHA512
c9f30b024214828f2d8d2c9888f1bf01c772f3b4d0e521bdd0f09c4b35ce211c90355468bef58b25cffc3bf89cd1da3c6c7b6450e6935e9f2fcbdcd636cb238e

Download Submit
C:\Users\Admin\AppData\Roaming\PicWish\PicWish\config.ini
Filesize
131B

MD5
d494125c481733cee3953ff6ff7a8ab4

SHA1
f3407bd75393e700d5abf0d41ba98cda67d470dc

SHA256
16d15b44026ab88e3113a2d8cd4ca9b6afea3a6554eb34dfce8508aa7aea8295

SHA512
c9f30b024214828f2d8d2c9888f1bf01c772f3b4d0e521bdd0f09c4b35ce211c90355468bef58b25cffc3bf89cd1da3c6c7b6450e6935e9f2fcbdcd636cb238e

Download Submit
C:\Users\Admin\AppData\Roaming\PicWish\PicWish\config.ini
Filesize
131B

MD5
d494125c481733cee3953ff6ff7a8ab4

SHA1
f3407bd75393e700d5abf0d41ba98cda67d470dc

SHA256
16d15b44026ab88e3113a2d8cd4ca9b6afea3a6554eb34dfce8508aa7aea8295

SHA512
c9f30b024214828f2d8d2c9888f1bf01c772f3b4d0e521bdd0f09c4b35ce211c90355468bef58b25cffc3bf89cd1da3c6c7b6450e6935e9f2fcbdcd636cb238e

Download Submit
C:\Users\Admin\AppData\Roaming\PicWish\PicWish\log\Apowersoft.CommUtilities.Native.log
Filesize
4KB

MD5
6a88cd58624541050840c582100823a7

SHA1
2a96505c987217d894db0d8e99c82dd2370a613b

SHA256
6450f640264a5883df463bda882d6d8dea286efbad6d2b6512abdc69ab67497f

SHA512
512d189c8e91682bd9b0cefa1313ec64cd5bd33edeeba3f67e92285af2b473f938edcba2bd7334fdb8b4fa138e390f352902bedb58c4aeec9d8d58d1843fc326

Download Submit
\??\pipe\LOCAL\crashpad_4344_RGFTKSTYSQNZAAQS
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1048-657-0x0000023223580000-0x000002322358A000-memory.dmp

Filesize
40KB

Download
memory/1048-671-0x00000232236B0000-0x0000023223704000-memory.dmp

Filesize
336KB

Download
memory/1048-710-0x0000023222040000-0x0000023222050000-memory.dmp

Filesize
64KB

Download
memory/1048-709-0x0000023222040000-0x0000023222050000-memory.dmp

Filesize
64KB

Download
memory/1048-627-0x0000023222040000-0x0000023222050000-memory.dmp

Filesize
64KB

Download
memory/1048-635-0x0000023223920000-0x0000023223E48000-memory.dmp

Filesize
5.2MB

Download
memory/1048-615-0x0000023222DA0000-0x0000023222DC2000-memory.dmp

Filesize
136KB

Download
memory/1048-642-0x0000023223290000-0x0000023223298000-memory.dmp

Filesize
32KB

Download
memory/1048-644-0x00000232232A0000-0x00000232232AC000-memory.dmp

Filesize
48KB

Download
memory/1048-708-0x00000232228D0000-0x00000232229EF000-memory.dmp

Filesize
1.1MB

Download
memory/1048-645-0x00000232232B0000-0x00000232232B8000-memory.dmp

Filesize
32KB

Download
memory/1048-646-0x00000232232C0000-0x00000232232C8000-memory.dmp

Filesize
32KB

Download
memory/1048-647-0x00000232232D0000-0x00000232232D8000-memory.dmp

Filesize
32KB

Download
memory/1048-648-0x0000023223530000-0x0000023223538000-memory.dmp

Filesize
32KB

Download
memory/1048-649-0x0000023223540000-0x0000023223548000-memory.dmp

Filesize
32KB

Download
memory/1048-650-0x0000023223550000-0x0000023223558000-memory.dmp

Filesize
32KB

Download
memory/1048-651-0x0000023223560000-0x0000023223568000-memory.dmp

Filesize
32KB

Download
memory/1048-655-0x0000023223570000-0x0000023223578000-memory.dmp

Filesize
32KB

Download
memory/1048-706-0x0000023222040000-0x0000023222050000-memory.dmp

Filesize
64KB

Download
memory/1048-599-0x0000023207D50000-0x0000023207D5E000-memory.dmp

Filesize
56KB

Download
memory/1048-705-0x0000023222040000-0x0000023222050000-memory.dmp

Filesize
64KB

Download
memory/1048-659-0x00000232235D0000-0x000002322360E000-memory.dmp

Filesize
248KB

Download
memory/1048-661-0x00000232235B0000-0x00000232235C8000-memory.dmp

Filesize
96KB

Download
memory/1048-704-0x0000023222040000-0x0000023222050000-memory.dmp

Filesize
64KB

Download
memory/1048-614-0x0000023222E00000-0x0000023222E86000-memory.dmp

Filesize
536KB

Download
memory/1048-664-0x00000232247B0000-0x000002322510E000-memory.dmp

Filesize
9.4MB

Download
memory/1048-666-0x0000023223630000-0x000002322364A000-memory.dmp

Filesize
104KB

Download
memory/1048-611-0x0000023222040000-0x0000023222050000-memory.dmp

Filesize
64KB

Download
memory/1048-667-0x0000023223620000-0x0000023223628000-memory.dmp

Filesize
32KB

Download
memory/1048-617-0x0000023223110000-0x000002322318E000-memory.dmp

Filesize
504KB

Download
memory/1048-703-0x0000023222040000-0x0000023222050000-memory.dmp

Filesize
64KB

Download
memory/1048-672-0x0000023223660000-0x0000023223668000-memory.dmp

Filesize
32KB

Download
memory/1048-606-0x00000232229F0000-0x0000023222A34000-memory.dmp

Filesize
272KB

Download
memory/1048-676-0x0000023223740000-0x0000023223774000-memory.dmp

Filesize
208KB

Download
memory/1048-702-0x0000023222040000-0x0000023222050000-memory.dmp

Filesize
64KB

Download
memory/1048-674-0x0000023223710000-0x0000023223736000-memory.dmp

Filesize
152KB

Download
memory/1048-678-0x0000023223E50000-0x0000023223F5C000-memory.dmp

Filesize
1.0MB

Download
memory/1048-683-0x0000023223670000-0x000002322368C000-memory.dmp

Filesize
112KB

Download
memory/1048-687-0x0000023223650000-0x000002322365E000-memory.dmp

Filesize
56KB

Download
memory/1048-604-0x0000023221FB0000-0x0000023221FF6000-memory.dmp

Filesize
280KB

Download
memory/1048-685-0x0000023223610000-0x000002322361A000-memory.dmp

Filesize
40KB

Download
memory/1048-597-0x0000023207590000-0x0000023207AFA000-memory.dmp

Filesize
5.4MB

Download
memory/1048-602-0x0000023222040000-0x0000023222050000-memory.dmp

Filesize
64KB

Download
memory/1048-600-0x0000023207E60000-0x0000023207E6A000-memory.dmp

Filesize
40KB

Download
memory/1048-601-0x0000023207E70000-0x0000023207E78000-memory.dmp

Filesize
32KB

Download
memory/1048-689-0x00000232237D0000-0x0000023223814000-memory.dmp

Filesize
272KB

Download
memory/1048-692-0x00000232235A0000-0x00000232235A8000-memory.dmp

Filesize
32KB

Download
memory/1048-693-0x0000023223820000-0x0000023223858000-memory.dmp

Filesize
224KB

Download
memory/1048-694-0x0000023223690000-0x000002322369E000-memory.dmp

Filesize
56KB

Download
memory/1048-695-0x00000232228D0000-0x00000232229EF000-memory.dmp

Filesize
1.1MB

Download
memory/1420-168-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/1420-298-0x0000000000400000-0x0000000000680000-memory.dmp

Filesize
2.5MB

Download
memory/2764-156-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/2764-279-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/2764-299-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/3556-284-0x0000000000C90000-0x0000000000C98000-memory.dmp

Filesize
32KB

Download
memory/3556-285-0x00000000055C0000-0x0000000005636000-memory.dmp

Filesize
472KB

Download
memory/3556-286-0x0000000005CE0000-0x0000000005CFE000-memory.dmp

Filesize
120KB

Download
memory/3556-288-0x0000000005F40000-0x0000000005F50000-memory.dmp

Filesize
64KB

Download