Analysis
-
max time kernel
83s -
max time network
88s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
27-04-2023 02:13
General
-
Target
picwish-setup.exe
-
Size
1.9MB
-
MD5
e5a1cdc09c01b092a93b522c6f5854db
-
SHA1
bf6cace29da031b9ec7ea45d2db3ca77e7506eef
-
SHA256
02330d74ea7107a7f09db8e42214f87411ca1e462434937adad8c222382d2eea
-
SHA512
7511574898933988308fc8739c8b9ebc6b5d35550d351cc396338ca831e03062f727bdd3c6b8e6f5a1efb1c70985e0ea0de60c8939ccb0438b0b5e495d4eb809
-
SSDEEP
49152:ZQR6QAuAMLVImaAfqTTCEyNCSay7ATGGqogQxu2le5oUb2w:Zo6QLAMZoCEyNCfYogQa
Malware Config
Signatures
-
Downloads MZ/PE file
-
Modifies Windows Firewall 1 TTPs 3 IoCs
-
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 4 IoCs
-
Loads dropped DLL 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 8 IoCs
-
Modifies registry class 3 IoCs
-
Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 5 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\picwish-setup.exe"C:\Users\Admin\AppData\Local\Temp\picwish-setup.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\installer.exe"C:\Users\Admin\AppData\Local\Temp\installer.exe" /VERYSILENT /SUPPRESSMSGBOXES /FORCECLOSEAPPLICATIONS /DIR="C:\Program Files (x86)\PicWish\PicWish" /LANG=English2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-TU8N7.tmp\installer.tmp"C:\Users\Admin\AppData\Local\Temp\is-TU8N7.tmp\installer.tmp" /SL5="$1001C4,19270345,749568,C:\Users\Admin\AppData\Local\Temp\installer.exe" /VERYSILENT /SUPPRESSMSGBOXES /FORCECLOSEAPPLICATIONS /DIR="C:\Program Files (x86)\PicWish\PicWish" /LANG=English3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\netsh.exe"C:\Windows\system32\netsh.exe" advfirewall firewall delete rule name="PicWish" program="C:\Program Files (x86)\PicWish\PicWish\PicWish.exe"4⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\netsh.exe"C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="PicWish" dir=in action=allow program="C:\Program Files (x86)\PicWish\PicWish\PicWish.exe" enable=yes4⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\netsh.exe"C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="PicWish" dir=out action=allow program="C:\Program Files (x86)\PicWish\PicWish\PicWish.exe" enable=yes4⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\is-8H874.tmp\PinTaskbarTool.exe"C:\Users\Admin\AppData\Local\Temp\is-8H874.tmp\PinTaskbarTool.exe" /unpin "C:\Program Files (x86)\PicWish\PicWish\PicWish.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://r.aoscdn.com/jumper?type=install&product_id=492&language=en&unique_id=24a002a03bcc1a5605705925159fd7ea&apptype=saas&appver=2.8.2.0&first_install_ts=1682568868&ts=1682568868&wxga=&ct=1677117914&mt=1677117914&h=e5a1cdc09c01b092a93b522c6f5854db&hash=c91127aa041e309d61e37ea54e2177e32⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd1cfa46f8,0x7ffd1cfa4708,0x7ffd1cfa47183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15761846683478355153,4696376603649722290,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,15761846683478355153,4696376603649722290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,15761846683478355153,4696376603649722290,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2604 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15761846683478355153,4696376603649722290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15761846683478355153,4696376603649722290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15761846683478355153,4696376603649722290,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15761846683478355153,4696376603649722290,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:13⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files (x86)\PicWish\PicWish\PicWish.exe"C:\Program Files (x86)\PicWish\PicWish\PicWish.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\PicWish\PicWish\Aliyun.Log.dllFilesize
77KB
MD5dcb7d24b7c24bdc474a4ddbce4404c97
SHA1ddb03f0e22f632f28edbcd31208c35288d42d57e
SHA25606d8f6f58ef29fd50fa89b5bf5e5a4f2a2c4cc39583d78fbb90e931914cb572f
SHA5126e404ac3bd956e88df83ff067ea8188f3e1c1bc2319110073a108a5106495b1a4829dd3e0652a5bd3ee4d4c20ea86b589de2e46e29f139e3456a21bf7639d4a1
-
C:\Program Files (x86)\PicWish\PicWish\CommonServiceLocator.dllFilesize
9KB
MD5181fa402215022dd2e5a19d89db1392d
SHA190dd2343c497389798cc0aba53863eecdd5e65d8
SHA2560901248381ecd6cb362727a7905f0ebe7b791317b4502f39a8caaaca3326a244
SHA512a442e768a477b9237cd165610e11267d7fbfe608980663c20e597276b343fa745e830104f77e8a76fe705587f5e386ccc797e9676b073ae09da77472ed6d04a8
-
C:\Program Files (x86)\PicWish\PicWish\GalaSoft.MvvmLight.Extras.dllFilesize
21KB
MD5810e42e2bbfb536bdc01abf882a24938
SHA17bd37217aaf5ec27d2f993bb4212b0b8ab94d220
SHA256cb4d844434a8ffbd33531470e094524be27b88ca42b2c2197492bbe8246ea1bb
SHA512176769ef15d87373c53cc39241126bd39ce57b18af0df4d9d2cf68645868dd53090cb5ab93b8ba78303a3e6b5f3888d2150e6def57b26462df1b12fe7450f650
-
C:\Program Files (x86)\PicWish\PicWish\GalaSoft.MvvmLight.Platform.dllFilesize
13KB
MD55b958b4229538ac23099ce9ed6f37de4
SHA132cd46e39c4f6334d28788d5e3afaa19d4fd1041
SHA2562a1114c99533aae7442b298336247350b55caa193c06454ea606d6a394656573
SHA51287b6a509d1cb262e6ba198819ffec3b8e03e4672b031ff918fe406307f750192a73c73dcd8140d8be5dcc8286a79e779fad59189ae7ac759cec6223e55b9b899
-
C:\Program Files (x86)\PicWish\PicWish\GalaSoft.MvvmLight.dllFilesize
29KB
MD5af04687248da9e95a7ff65ab538d0bcf
SHA17511184300e2b6f70bc92333392386a812b2dabf
SHA256b097fca120a9e76fa870d82662bdd233adbf08fc34a3c509f31cc5ced0ac1ecf
SHA512a5eab337f6386de5fb2cc809730bac7d17cdfb309afea32e65e9d8c457f97ac3e3f03cebd48535cf253e28f3aa600f234631c2060ec59acb917cb5f135f4b67a
-
C:\Program Files (x86)\PicWish\PicWish\Google.ProtocolBuffers.dllFilesize
311KB
MD5ef320e5a8bf540bc51a40786e629c9cf
SHA1496d21952b74b8cc2681653fdffcda7de626ff4c
SHA256a0d084502641c4ce258f42a9478ab37f797a5def8ef22af6be96a72678176277
SHA512a42579a7836373ffeac435bfb2374ef82c09798973c7f03029f35fae1b8e6191ff7765981b65fd6a00f76dfdc1297f224e27388ce357148a14f248a00a45c1ce
-
C:\Program Files (x86)\PicWish\PicWish\LZ4Sharp.dllFilesize
28KB
MD59b06c02ee1e4681437fcaac0a9128ea7
SHA18790f74c6bd5f0e97e95c6fecadcabe27a76b649
SHA256f7d86e9097d16bfc170cbfad5e18a20bd9a48381308ba537695389594d8b53bf
SHA5127219445240a7898f7c5b5b8d01913cb887923a21cb6d74d97a359e67ef40ebc2affc03f28f101c71384fbbe5e5fb9aa8b6f2776cb7c13f0fb76138660a5a67ec
-
C:\Program Files (x86)\PicWish\PicWish\Lang\ChineseSimplified.xmlFilesize
25KB
MD5989f7bf666d3c095623e3c26626746d3
SHA1b4a5121dde76163f0fbbe181653e5c1fc36daf91
SHA2563f7c0af0419e0213563fe80f920bf1998013e71ca35f643e0acdef5576fb80c2
SHA51273040a5fd24562719cc034b0c15d54a083413eccec0f54b95f348532b30043cb8982e490efa2815b039aa141ab8b967b73ce5dcdcf31951803e0e6a72525d1fe
-
C:\Program Files (x86)\PicWish\PicWish\Lang\ChineseTraditional.xmlFilesize
25KB
MD5857ced5f3319098300d2bb15272caedc
SHA1a949c348465d53577d5b4c7b24956ca2ca7ef896
SHA256df6203ebb95218b6afc59b34e0f109c0fa71f4ae30414bd6dc74155b318db231
SHA512a49fc9f4f4676148d0c3bb6c7d03385867e13427d3609528ff785d622a71949bf59886f14f5f7488ed21db7f52cad88e648435238fcd395c25755aaa76a287f5
-
C:\Program Files (x86)\PicWish\PicWish\Lang\English.xmlFilesize
24KB
MD59b8db7e0fbd43d7b59085260f8d3eedc
SHA13268554af58f7220d59b2326235bed4b3ee40c06
SHA2566fdd9ae94d7da112ed4fe0442d7cdf7a8005378e931bdd089959ca2123c1a5ca
SHA5126e07d66ceda97d77a5bc8e81ead197b630621acaa7f756d5e523d0cfee3104356969798d983cfa66ee1a679e8d30aecf0b4a7fa7f664cf58cdee58085cdc1027
-
C:\Program Files (x86)\PicWish\PicWish\Lang\French.xmlFilesize
26KB
MD5712c5e9eddfe6a9f7137d2734ebff001
SHA158640d5d57c03b22aed318125f14b5c4646c246e
SHA256e91541e5bbdb86525bb145fb414ce3f74ab31bc33e7eef3d365fa980dbd1afd7
SHA5121f0cf056b714cddcf2692e92dfd80a5a8040cef7acae5d88b3bcdf909760bb74cac5ca677419ed7513128cbff938282dcbc2429779157f766156eb304e06258a
-
C:\Program Files (x86)\PicWish\PicWish\Lang\German.xmlFilesize
26KB
MD52cbc72cd428df65cb8e80128f5314fe9
SHA1f0998a41d88efea58a91c3332200a29d289a5385
SHA25602a10c26a3abb8ad2e9bcf509f5782dc31c4bbd5354bd1f09866dd1f049b93b4
SHA512b7d3c6dd017f125008609b7aebe032f215cef9875172252fd0c30a01503bca67c4635e3b793f08763cf80bbad236658c90f432461e78d529a63a97578ef90bfb
-
C:\Program Files (x86)\PicWish\PicWish\Lang\Japanese.xmlFilesize
27KB
MD5d750ddf857945b80ba3b94e19ac80be5
SHA19dfa4114749c3fcc8a6945720819c24850a6e7b5
SHA256fa15de90f888c2a34320a65d267ebd937cf261d2af652df2b2c8500e05100f60
SHA512d94f58615861b3837d7018798fc9ffae698024211bea956b5664cddaf63d202206703e013b9fc8cfb0ff88894663209275814c7d7cd8d6751c4042403f252567
-
C:\Program Files (x86)\PicWish\PicWish\Lang\Portuguese.xmlFilesize
24KB
MD5c0c7a0daf6a34bda5f6c90a002623633
SHA12a2c81a672158bd8a75c643775eb95fa750b8f36
SHA256bb28071e53037dff074d596e8d9bdfcda177e3575be0009947f3746ba696c450
SHA512339bbfa5b4fd49c00d88ac8983e2a7e2dd9fe56c1e23eedf2ffae286ef0c585b275c21bdc32cd63922e4b5a627ef28fbaeae140e40a74a9ecfb0252580082110
-
C:\Program Files (x86)\PicWish\PicWish\Lang\PortugueseBrazil.xmlFilesize
24KB
MD551b823bbcbeb6bba728767a31a15d79a
SHA1059dc338b904d50df65ef8e0f622a8ff5b596e5f
SHA2563db139befd389078966d6cac574f3e64b68b55da78d5730dc53c22edb70bdb20
SHA512b7349a7df467ce5fc5ed74fdb740a536c527ffe1c78c6828489100fb2978478c2b6bb28b412cfd41a6f96200f6bc19758bd9aed59a59284ea805c29eaa2cc75b
-
C:\Program Files (x86)\PicWish\PicWish\Lang\Spanish.xmlFilesize
26KB
MD52f1b7ff53a711c48c269a0ac39d027b7
SHA1a564f40f7326ce25778cb8433cd0072bcb44eb43
SHA256a09b29f88e0f07657bae996364b8224708987a796dbcf33c9af896807e9c06be
SHA512e833559448811131f422fe0307aa184e2486e5fe5029cb394a27d93a638fa27164a3b121f40fa51340300fc4a95b9b1ceedd4b8fb8ca3dd348f5c0572a0a3267
-
C:\Program Files (x86)\PicWish\PicWish\LiteDB.dllFilesize
478KB
MD56f6c0343f59fac35010a72d1f25bc459
SHA14f7b39dcbf32c14575bfcceccc9722721b00c66b
SHA25687e27fac0e872614aff5a1bd7b93727d10352fe42c1e4b9bc2f41fcdd344b750
SHA5129b0d20cdc921f0e338cb4d3fd39976eb860b38f6518afc4dadc041ff7d9ad5d13b8ca69fb142af8407a63f0471eda182b04d1c33ba70bbea29a39df8e3373b3c
-
C:\Program Files (x86)\PicWish\PicWish\Newtonsoft.Json.dllFilesize
514KB
MD5c53737821b861d454d5248034c3c097c
SHA16b0da75617a2269493dc1a685d7a0b07f2e48c75
SHA256575e30f98e4ea42c9e516edc8bbb29ad8b50b173a3e6b36b5ba39e133cce9406
SHA512289543f5eea472e9027030e24011bea1e49e91059241fe6eb732e78f51822313e47d1e4769fa1c9c7d6139f6a97dcfef2946836b3383e8643988bf8908162fb9
-
C:\Program Files (x86)\PicWish\PicWish\PicWish.CustomControl.dllFilesize
258KB
MD545038ae75f6ada757f0104cb33ec919d
SHA126c9e4a6a4105aa6c011007384ff47ff877fa47d
SHA2562069cb6d29d6de3917a8d0935c4d58a3d2518cf969f137f462be0525de2e31df
SHA512baaab7941f5fd61bbfa529490a43cc4677452e12d093da12255bef11fe5ae3d1cc0bafa9022c1b4269779181d2fb2fb74de2b868e71c27747cb9081c73b8cca9
-
C:\Program Files (x86)\PicWish\PicWish\PicWish.Resource.dllFilesize
9.4MB
MD59992eb209b678141120f3d60b3af6d65
SHA17a10fc8761d20468d0fcb7098a3f93110022e0cc
SHA2561030f7f3ac3fc868c5dd957bda2531d13e9e47c5f87eb07f0c040831d0f845da
SHA512aa5fdace374897a2b2bfb5e7056063b3980c33e3b515e3e0ecf0562d93f54975c5f650b72b9c7f50f1164ca266825280f3f5afe023cdfa4d2d874e70f0b93638
-
C:\Program Files (x86)\PicWish\PicWish\PicWish.exeFilesize
5.4MB
MD5734a36935e46b15532ea6152ea7dc671
SHA1071430714665b7fd5466d1d8fb53b8db8d084b65
SHA2560ed0f0063ae481cae000721349787c56f9a72c0e3bf7c579ec17276b1295b2a8
SHA5123a8f8512993882fc1b2cc3429b60a65ee837ad9b43c7272b91541f44a0dd67f16f86de05f2a7dd7b2d8b34f2c050a80f944d82e155ad412d78456e66ec9bb155
-
C:\Program Files (x86)\PicWish\PicWish\PicWish.exeFilesize
5.4MB
MD5734a36935e46b15532ea6152ea7dc671
SHA1071430714665b7fd5466d1d8fb53b8db8d084b65
SHA2560ed0f0063ae481cae000721349787c56f9a72c0e3bf7c579ec17276b1295b2a8
SHA5123a8f8512993882fc1b2cc3429b60a65ee837ad9b43c7272b91541f44a0dd67f16f86de05f2a7dd7b2d8b34f2c050a80f944d82e155ad412d78456e66ec9bb155
-
C:\Program Files (x86)\PicWish\PicWish\PicWish.exeFilesize
5.4MB
MD5734a36935e46b15532ea6152ea7dc671
SHA1071430714665b7fd5466d1d8fb53b8db8d084b65
SHA2560ed0f0063ae481cae000721349787c56f9a72c0e3bf7c579ec17276b1295b2a8
SHA5123a8f8512993882fc1b2cc3429b60a65ee837ad9b43c7272b91541f44a0dd67f16f86de05f2a7dd7b2d8b34f2c050a80f944d82e155ad412d78456e66ec9bb155
-
C:\Program Files (x86)\PicWish\PicWish\PicWish.exe.configFilesize
2KB
MD542c775c09ac6f0b279f7f2ea09e450cc
SHA101c96bbc775e07de97b6482fd69e39ef1956249d
SHA25687d6127ee203a3be08b38087a263950e3495349b8696120dbae23978a2b1af37
SHA512812206e25307dfe6f05f2c2c193e5e636e2db4e8e95eb51609cc51bf1944795d98026beaa5e14fb7ad73d6cbec3683f3a434c928838653f7a43e845cf50bd999
-
C:\Program Files (x86)\PicWish\PicWish\SharpVectors.Converters.Wpf.dllFilesize
130KB
MD53f4ede50034cc5c476052ce3ee240d69
SHA1206690d920b4de81c78f59d92758de4676d7cc36
SHA256ada64205ff0036da2d880fc63de40917849e04108b7049003d204326adf9b92e
SHA51289e8f56e3a9a28f6a4ac46e96e981436ab3c33339489cb42ab5c99fd8de404e0ea45b8566ad5308335596712dbd61118e6eae65e43c7dfe16af0e48e6d9c6280
-
C:\Program Files (x86)\PicWish\PicWish\SharpVectors.Core.dllFilesize
179KB
MD5cdd59706adc76e83412c9d59ded994be
SHA14f099d2139eec21c5563aaa27ba6238a5ede80c6
SHA256f17545eb8c444b587c8fe5a40782bf699c1543e3fa728bf12bd5b9383beb3b80
SHA5123f2ca21f6c8709a77394e1600b51db2fa90b607533151b9caddbc6e7e5f531d1dfccee4a5596188f81d7de05e85739b6564ffbc21dd3a86ff210f8eaac9ce934
-
C:\Program Files (x86)\PicWish\PicWish\SharpVectors.Css.dllFilesize
89KB
MD58f0f9d50e275ae88bbbd9c8653cbe9d0
SHA1cd242425a28aca8b230e165ec80da9a4b39a2b4d
SHA256d3711842c4d3f17268c3e38e26ee50a93d38c539c8b9159d6236f789ad1e6985
SHA512485de01505b4589855afe9b8433a73e26c8bf0f3c47a5ade1c0bdbdfe93ca496ac75c0b07c7d6129da21e48fdc54ab69e403748fa4da833ca7300fc03d6411e3
-
C:\Program Files (x86)\PicWish\PicWish\SharpVectors.Dom.dllFilesize
32KB
MD5c2c3ed996a141a6440de39dbd13ec777
SHA14dd8c82bb385f3ee166d3731b0c36464900c1845
SHA2568235e63093dad1604cc33bf355f2efc49cca7b2ba3c3d1cc37c98bfc856c661b
SHA51200c470767fbca5cb3a0d491da8ab0050984039aa5d8ee2e2b986ca897450b3a1081eb5acb9c706ae5311c8d53efa9cd484c47e07e84883a06765dce2a0df93ad
-
C:\Program Files (x86)\PicWish\PicWish\SharpVectors.Model.dllFilesize
1.0MB
MD5a31602e067542b1a79932690c93741cb
SHA1ddb47f578223fc127549741fcb0343f5c38d2037
SHA2566a739b85b241378d9d78b490053db2053ab7690fb45677f64157fd0de4e3b794
SHA5129c8ed4cfa6e61efcffe31a7cf2f52f3dc7d429e71fed670a843a028bebebb18982672f3d6158e5ee00449ab8354607eb88805712c6e9332ae6d121a97298e85c
-
C:\Program Files (x86)\PicWish\PicWish\SharpVectors.Rendering.Wpf.dllFilesize
225KB
MD5cefd5b31fe148b6d48763d8f88ac4bbb
SHA11cc71edc00cfd9c96b4f6b4e9d9762c81d4799ca
SHA2561133ee4026690ec2c59369c1211f4ac3ef0c862620c9812c27a2c9893d2c6f19
SHA51235e032911482a388e02bc258f15d3f98531fee2b8889fe083b1841de98aa542259e7c56733506ff06a4485f8794116805570e33f201128b4d6d46ced2736b65f
-
C:\Program Files (x86)\PicWish\PicWish\SharpVectors.Runtime.Wpf.dllFilesize
71KB
MD58da5cf5784c04e6b068c5d508b962641
SHA1a4ced8562a9ed08c99ecc739aa83d191b1af8c61
SHA25611ff9a3f74202409b0681535f34a223a1164f34527960990b63e966b3fa86141
SHA512e8bd6511c1fc31a81c54fe45205dfcc30d91f6fb84f5a25e841aa5845241f2b5ce0cab6ef362558928ce3c1d185e1d953c16e578cb180a45c55d54a3daba6919
-
C:\Program Files (x86)\PicWish\PicWish\log4net.dllFilesize
264KB
MD546319a38ce5d09020d2ac56b67829c6c
SHA1ffe64ca4d4bc9e1dab1d195982d22121a6baa058
SHA2561d45a6afa38f0b10814063f2a42e6efce45752853667650e765844b8566b3332
SHA5120de61771a92ee71470e51bccf66d3a39c105ae23d60e73d8e4e7d44135dff4c8d1dddff9bbb6be72ff083d51c784e5ca829a6adefee87fd901d2de58db0ddb03
-
C:\Program Files (x86)\PicWish\PicWish\websocket-sharp.dllFilesize
250KB
MD5863e1abfe419267917e058a2f41c4651
SHA13db44c482c3a99428e3fe01c9268f50f4ca3e060
SHA256d5167719bb575cdb6107093a126857c68a9e1c00c2c966774c280cbb3ba0c909
SHA51249857102b7d68e73caeaba81462a5048b527d5c763b43dc55ab31c6f9880de20d0d88f9ae2ab3735dc255b06743bb6b902a9b297ff815db1baba2cd415a30543
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5aaeb1f5e097ab38083674077b84b8ed6
SHA17d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2
SHA2561654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef
SHA512130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
48B
MD59076742239d4573be6543430d0f3f233
SHA1407f0dff3e071b4e9284cc3b3c812ac74a421d00
SHA256f6ee67927b28bc461b412325e6e62b16662a81aeddf4bfb998716c98a3bffbbc
SHA512dc1cb7f3181debd27297598f0f6b3c99dc1fed38e2a473d9832d1624e95b70e3028f97163fbeb1ec27e27787040bd2f49ca619a6e404f7681d92e7c1b7175de6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
624B
MD5017a3b8104027be350ae0a78c395a7ff
SHA1f908fea3a43406f61b24d8f76f15d0cfc3a1b4e9
SHA25651a224ab6b6918904892691f94394e1aa5b98c26a033f42b71692abedd6234e0
SHA512f2cbd68c6b414459f9087f983a86433aca3cbaab879134313fc9e97a9a41ba3d314d078ed2023b819b473d377c53930cb333fb8abcec6ea0b97db3b96a1ca402
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.icoFilesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnkFilesize
2KB
MD5a2d3e7cfc70277552a66ba300fb14f5a
SHA1bf273001f395e08688b09da4f9be4d0e00e059ef
SHA256f69f8eb5f7d4f3c8b69f4df297044b300b8616fe5beb97024def9f588d73568b
SHA512eecf9038a66a84d6548c44ec6f6844279e3bd2b9267427b040a8a26e6369d741bfe603a8435c487fbbf03d11579e96935a9c24f6370614a00da5c6efefb79f62
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD5a613492af96bd6c2d10275a7d0bc1a96
SHA177b3e335237ea07085898f155c5096fad91afabe
SHA2566a07dd1d9ef85d352201384b59f2ee181d6fe7556cf97180b3ef958777e4a97a
SHA51273645dab1939a12da6143a43b2dd7884f958663dd5f95ae918c3237626eee03a7a94c25d6c17a0de3b7cf9509feef04369fbfeba29de3626e3e5f6d3062e6e61
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
4KB
MD5b3bddb07e42906faabb6c4c04b74e0d1
SHA11d680ade91f8413b434694dc6a182da36204f042
SHA256cebd6ed2cf09a91469bc5b4825c414fe702d6348112f570c5fdffb0158642deb
SHA5128832a7244abede3fdcb8eb77562cd9e8dacd27016a162d37fe1b606ffb732691e93ded7ffbc5ba0b26c727455ba8181cbff8d2892e954d11729d3fbe31b708a0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5e6e23fec569dd680eaa6383a025ebce2
SHA16ffac70191c9c3561762d213ffc0f61eff6cd1ad
SHA256142454b1c002c7460a6e9600b45ddc69bde1b44f99680796a91ada176cc1e707
SHA512ea6e4a8c1091cec85e641da5bf3201793c67708616a0e8677fe22abfc53af2368d93e8efa61dfa2a077b4b92c16b5ed4f363c5d0f95fe048593dadd527f8c655
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
24KB
MD547e94a96372e6f095b8a3fd7edc48ec0
SHA1377b68f34e5964ca8be1b1b0c1507dd7f0e5f005
SHA25615c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e
SHA5125bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
9KB
MD5e624ac133156ffaffdbc94b2c3923d0b
SHA102e17c520cac21f317fab2bd40fde9a742fbdd2e
SHA256eaa6a11621cb18ae1e99961037b1597aa6174fe8c790b7735dfd88950d659db0
SHA512c5e8d5c646e1df9e880dfa27a93426f451d6ae6837083e984166ede1bf5ab8081591a080d7accdf71394df35431fcea0c12a5da8ee0145718b0032da225396a8
-
C:\Users\Admin\AppData\Local\Temp\Setup Log 2023-04-27 #001.txtFilesize
22KB
MD5290ea1affa50a79c82353d63decf86e3
SHA13075e6a60ab81f1dd36d3a28943f8aae7f32bc55
SHA256f893b69ced852ace1922697cc5a3c4b3dbaff8cf282608d8772bc8787352f61f
SHA5127817f06ed99f520487431a91406abd4c6841d9675e273037989f4a77d1e3ee6882109522d7230afa3f903e0682ca0ea90ed2a085c49fa6458dcc782e33d7367d
-
C:\Users\Admin\AppData\Local\Temp\installer.exeFilesize
19.3MB
MD5cd7f8de463ffe88692388fd74fea1bb0
SHA13d24ca0f842b441a0c9954e03d18a0bc1e589108
SHA2568af57db40ecd8fe18c79b2861e71bcf40636d4e92cbba24599ccefa1fd8a5915
SHA5122f239a741581d31aa961f4216e7452fec334bc34bbac28a2942e3dd1655bb647c2a08d56eb0aa724a1be154beb8668e6757c1ec67522af83158d5a3f32965dbb
-
C:\Users\Admin\AppData\Local\Temp\installer.exeFilesize
19.3MB
MD5cd7f8de463ffe88692388fd74fea1bb0
SHA13d24ca0f842b441a0c9954e03d18a0bc1e589108
SHA2568af57db40ecd8fe18c79b2861e71bcf40636d4e92cbba24599ccefa1fd8a5915
SHA5122f239a741581d31aa961f4216e7452fec334bc34bbac28a2942e3dd1655bb647c2a08d56eb0aa724a1be154beb8668e6757c1ec67522af83158d5a3f32965dbb
-
C:\Users\Admin\AppData\Local\Temp\installer.exeFilesize
19.3MB
MD5cd7f8de463ffe88692388fd74fea1bb0
SHA13d24ca0f842b441a0c9954e03d18a0bc1e589108
SHA2568af57db40ecd8fe18c79b2861e71bcf40636d4e92cbba24599ccefa1fd8a5915
SHA5122f239a741581d31aa961f4216e7452fec334bc34bbac28a2942e3dd1655bb647c2a08d56eb0aa724a1be154beb8668e6757c1ec67522af83158d5a3f32965dbb
-
C:\Users\Admin\AppData\Local\Temp\is-8H874.tmp\PinTaskbarTool.exeFilesize
10KB
MD5c00880561224f037feef7cd3dcd11314
SHA13435536555e29c387fd6f55f9d52381e6287fa94
SHA256114963fc2ad618e25837b6f2d1f55d8e616216fe16c21af99c113889d39e92a7
SHA51263050120886d8432c7632a7b8d4798176714156ce5934ec06971220e117a0ecd8fe76da482b51f95a00de579635db3056a8220493361ba69080f2b26bdf5e941
-
C:\Users\Admin\AppData\Local\Temp\is-8H874.tmp\PinTaskbarTool.exeFilesize
10KB
MD5c00880561224f037feef7cd3dcd11314
SHA13435536555e29c387fd6f55f9d52381e6287fa94
SHA256114963fc2ad618e25837b6f2d1f55d8e616216fe16c21af99c113889d39e92a7
SHA51263050120886d8432c7632a7b8d4798176714156ce5934ec06971220e117a0ecd8fe76da482b51f95a00de579635db3056a8220493361ba69080f2b26bdf5e941
-
C:\Users\Admin\AppData\Local\Temp\is-8H874.tmp\isxdl.dllFilesize
130KB
MD5f7b445a6cb2064d7b459451e86ca6b0e
SHA1b05b74a1988c10df8c73eb9ca1a41af2a49647b7
SHA256bd03543c37feb48432e166fe3898abc2a7fe854b1113ee4d5d284633b4605377
SHA5129cf6d791132660d5246f55d25018ad0cf2791de9f6032531b9aca9a6c84396b8aeca7a9c0410f835637659f396817d8ba40f45d3b80c7907cccbe275a345a465
-
C:\Users\Admin\AppData\Local\Temp\is-TU8N7.tmp\installer.tmpFilesize
2.4MB
MD53700f8cfed50376dc316f5cea9c7ce00
SHA1614e53ec724d8e5adaa99722d698002fe0a8975d
SHA25626cd6ea5dbdec06aadfe022f3c23a5546a217bfa93ff0bb1c95326e0e900ea75
SHA512df79f7264a42a007ce0f8a68a1735f7f0e7d2dec6385e63308bc5b675ec247c36359af37f3a48d2289eaf1e57a6a74f2e7070c74005dcbb422de06a63cc76491
-
C:\Users\Admin\AppData\Local\Temp\is-TU8N7.tmp\installer.tmpFilesize
2.4MB
MD53700f8cfed50376dc316f5cea9c7ce00
SHA1614e53ec724d8e5adaa99722d698002fe0a8975d
SHA25626cd6ea5dbdec06aadfe022f3c23a5546a217bfa93ff0bb1c95326e0e900ea75
SHA512df79f7264a42a007ce0f8a68a1735f7f0e7d2dec6385e63308bc5b675ec247c36359af37f3a48d2289eaf1e57a6a74f2e7070c74005dcbb422de06a63cc76491
-
C:\Users\Admin\AppData\Roaming\PicWish\PicWish\Config.iniFilesize
131B
MD5215edf6f0852e2c005e47bc56f7f5bd9
SHA16df46843b67c481f480febf414932bb95c9c9297
SHA2566ba78c9c38d27aaa2c0cd65f51eba96db44cfb83eaab129d238cb83dccd685bf
SHA51275b52fd8b328862820d8acff097a9590381e4ae1fdc4d34b079dfbacbe21517a7c87448999e0045e1e9211d916d506384c1e1b22296ba118b37445f85beeb68c
-
C:\Users\Admin\AppData\Roaming\PicWish\PicWish\config.iniFilesize
72B
MD5598e5bbfbf3f3d60868a3fafebd26d4b
SHA1c5257da6899f7b75bfa9e154e8f4cfda92cb5794
SHA256d9542856e61b27effbf49026135c51b8e5fd7da2b97efcbb2687e556adbac064
SHA512186bfd18ceaad730d81793652ef4edbfdb37c5379e84bbbd22550c20793910a8eba5561af9d0ae9c0cde3647487a404cf9b6cfa2d56aec499b2790ecb46e29f9
-
C:\Users\Admin\AppData\Roaming\PicWish\PicWish\log\Apowersoft.CommUtilities.Native.logFilesize
641B
MD5faa3e4e4cd0247c8752a191fc0c11b93
SHA1054182cbc502396b37fc2076b15d6e09fef6bc0f
SHA25680ace0ccc729f5d736471a8dcf21c339bfc7625539f152711ad7b5ccbf734ba1
SHA512e8f3c150421407ae97f0d64f334d31d0409d3db7ffd0fbe6e73313c4e90d51ffbcb7d327ba25081f47ae1613518d6f32669d42d9721515f4999f606b449c705d
-
C:\Users\Admin\AppData\Roaming\PicWish\PicWish\log\Apowersoft.CommUtilities.Native.logFilesize
4KB
MD5cb43694853e5f16b1921bf0a30b1a74a
SHA135431e92d827a97ab537ec8efc074b810dc57483
SHA25647cf081bbbb0c70313737f744743aa1f2007daf89796b0a059bec5b30c938063
SHA51245f1d82c7a5a37db908e9be4126cbfbb49af6feab09f10efb7f6525d9a0b07e3bf08aa378f37b9eb457d03fecf2e2bf07c9d0f2862911461c064abd9a34a6f93
-
\??\pipe\LOCAL\crashpad_1872_LFJQJQFHMFNPHLMBMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1276-298-0x0000000000400000-0x0000000000680000-memory.dmpFilesize
2.5MB
-
memory/1276-168-0x0000000000940000-0x0000000000941000-memory.dmpFilesize
4KB
-
memory/1748-283-0x00000000005D0000-0x00000000005D8000-memory.dmpFilesize
32KB
-
memory/1748-285-0x0000000005620000-0x000000000563E000-memory.dmpFilesize
120KB
-
memory/1748-284-0x0000000004FA0000-0x0000000005016000-memory.dmpFilesize
472KB
-
memory/1748-287-0x00000000058C0000-0x00000000058D0000-memory.dmpFilesize
64KB
-
memory/4904-286-0x0000000000400000-0x00000000004C5000-memory.dmpFilesize
788KB
-
memory/4904-156-0x0000000000400000-0x00000000004C5000-memory.dmpFilesize
788KB
-
memory/4904-299-0x0000000000400000-0x00000000004C5000-memory.dmpFilesize
788KB
-
memory/5036-663-0x000001C39CA00000-0x000001C39CA08000-memory.dmpFilesize
32KB
-
memory/5036-689-0x000001C39CA60000-0x000001C39CA68000-memory.dmpFilesize
32KB
-
memory/5036-662-0x000001C39C9F0000-0x000001C39C9F8000-memory.dmpFilesize
32KB
-
memory/5036-660-0x000001C39C9D0000-0x000001C39C9DC000-memory.dmpFilesize
48KB
-
memory/5036-664-0x000001C39CA10000-0x000001C39CA18000-memory.dmpFilesize
32KB
-
memory/5036-665-0x000001C39CA20000-0x000001C39CA28000-memory.dmpFilesize
32KB
-
memory/5036-666-0x000001C39CA30000-0x000001C39CA38000-memory.dmpFilesize
32KB
-
memory/5036-667-0x000001C39CA40000-0x000001C39CA48000-memory.dmpFilesize
32KB
-
memory/5036-668-0x000001C39CA50000-0x000001C39CA58000-memory.dmpFilesize
32KB
-
memory/5036-658-0x000001C39C9C0000-0x000001C39C9C8000-memory.dmpFilesize
32KB
-
memory/5036-675-0x000001C39CD00000-0x000001C39CD0A000-memory.dmpFilesize
40KB
-
memory/5036-651-0x000001C3816A0000-0x000001C3816B0000-memory.dmpFilesize
64KB
-
memory/5036-673-0x000001C39CCE0000-0x000001C39CCFA000-memory.dmpFilesize
104KB
-
memory/5036-677-0x000001C39CD70000-0x000001C39CDC4000-memory.dmpFilesize
336KB
-
memory/5036-650-0x000001C39D0C0000-0x000001C39D5E8000-memory.dmpFilesize
5.2MB
-
memory/5036-680-0x000001C39CDD0000-0x000001C39CE0E000-memory.dmpFilesize
248KB
-
memory/5036-682-0x000001C39CD10000-0x000001C39CD28000-memory.dmpFilesize
96KB
-
memory/5036-634-0x000001C39C630000-0x000001C39C6AE000-memory.dmpFilesize
504KB
-
memory/5036-632-0x000001C39C4C0000-0x000001C39C4E2000-memory.dmpFilesize
136KB
-
memory/5036-631-0x000001C39C520000-0x000001C39C5A6000-memory.dmpFilesize
536KB
-
memory/5036-685-0x000001C39CA70000-0x000001C39CA7A000-memory.dmpFilesize
40KB
-
memory/5036-686-0x000001C39DF50000-0x000001C39E8AE000-memory.dmpFilesize
9.4MB
-
memory/5036-624-0x000001C3816A0000-0x000001C3816B0000-memory.dmpFilesize
64KB
-
memory/5036-661-0x000001C39C9E0000-0x000001C39C9E8000-memory.dmpFilesize
32KB
-
memory/5036-694-0x000001C39CCD0000-0x000001C39CCD8000-memory.dmpFilesize
32KB
-
memory/5036-696-0x000001C39CE10000-0x000001C39CE36000-memory.dmpFilesize
152KB
-
memory/5036-623-0x000001C39B920000-0x000001C39B964000-memory.dmpFilesize
272KB
-
memory/5036-698-0x000001C39CE40000-0x000001C39CE74000-memory.dmpFilesize
208KB
-
memory/5036-621-0x000001C382FA0000-0x000001C382FE6000-memory.dmpFilesize
280KB
-
memory/5036-619-0x000001C3816A0000-0x000001C3816B0000-memory.dmpFilesize
64KB
-
memory/5036-700-0x000001C39CF90000-0x000001C39D09C000-memory.dmpFilesize
1.0MB
-
memory/5036-618-0x000001C3816C0000-0x000001C3816C8000-memory.dmpFilesize
32KB
-
memory/5036-702-0x000001C39CD50000-0x000001C39CD6C000-memory.dmpFilesize
112KB
-
memory/5036-704-0x000001C39CD30000-0x000001C39CD3E000-memory.dmpFilesize
56KB
-
memory/5036-617-0x000001C3816B0000-0x000001C3816BA000-memory.dmpFilesize
40KB
-
memory/5036-706-0x000001C39CED0000-0x000001C39CF14000-memory.dmpFilesize
272KB
-
memory/5036-616-0x000001C381690000-0x000001C38169E000-memory.dmpFilesize
56KB
-
memory/5036-708-0x000001C39CE80000-0x000001C39CE88000-memory.dmpFilesize
32KB
-
memory/5036-709-0x000001C39CF20000-0x000001C39CF58000-memory.dmpFilesize
224KB
-
memory/5036-710-0x000001C39CE90000-0x000001C39CE9E000-memory.dmpFilesize
56KB
-
memory/5036-714-0x000001C3816A0000-0x000001C3816B0000-memory.dmpFilesize
64KB
-
memory/5036-614-0x000001C380DE0000-0x000001C38134A000-memory.dmpFilesize
5.4MB
-
memory/5036-718-0x000001C3816A0000-0x000001C3816B0000-memory.dmpFilesize
64KB
-
memory/5036-719-0x000001C3816A0000-0x000001C3816B0000-memory.dmpFilesize
64KB
-
memory/5036-720-0x000001C3816A0000-0x000001C3816B0000-memory.dmpFilesize
64KB
-
memory/5036-722-0x000001C3816A0000-0x000001C3816B0000-memory.dmpFilesize
64KB
-
memory/5036-724-0x000001C3816A0000-0x000001C3816B0000-memory.dmpFilesize
64KB