ba6fbfa10028baca880d44b2d490ac0a01af2775909cb18878961b56de32a7c0

Analysis

max time kernel
208s
max time network
205s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 10:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

edi-texteditor-setup-v3.103.exe
Size

54.9MB
MD5

1c694f4b347508c2b1b68d1f2c55ea62
SHA1

1ed28b59e45dea29ba87dea1a715bdd3d17f3309
SHA256

ba6fbfa10028baca880d44b2d490ac0a01af2775909cb18878961b56de32a7c0
SHA512

1a1224e1097c368a77e1c4833afc6786d443e0b4c1ae2d9ee325c2168d3a554bc2ee3877442527ad74c4728d40fe038b5d758f9d83cf8bb07081b36ce88b406a
SSDEEP

1572864:hhoYOQgOLCnmAQGI106ICd+8la05gEQmQY7PMt6IDWoTUm4:/oYCtnmAQGI10OX5gEQg7PO3R4

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Edi - Text Editor 3\bin\Serilog.Sinks.Console.dll	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\is-D23HF.tmp	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\is-8U8CT.tmp	edi-texteditor-setup-v3.103.tmp
File opened for modification	C:\Program Files (x86)\Edi - Text Editor 3\bin\DevExpress.Data.v23.1.dll	edi-texteditor-setup-v3.103.tmp
File opened for modification	C:\Program Files (x86)\Edi - Text Editor 3\bin\de\DevExpress.Spreadsheet.v23.1.Core.resources.dll	edi-texteditor-setup-v3.103.tmp
File opened for modification	C:\Program Files (x86)\Edi - Text Editor 3\bin\de\DevExpress.XtraNavBar.v23.1.resources.dll	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\is-VIG6R.tmp	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\de\is-FLV0L.tmp	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\unins000.msg	edi-texteditor-setup-v3.103.tmp
File opened for modification	C:\Program Files (x86)\Edi - Text Editor 3\bin\DevExpress.XtraLayout.v23.1.dll	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\is-BOFG1.tmp	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\is-4NO5H.tmp	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\de\is-2MO94.tmp	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\de\is-VKDKS.tmp	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\Icons\is-F5487.tmp	edi-texteditor-setup-v3.103.tmp
File opened for modification	C:\Program Files (x86)\Edi - Text Editor 3\bin\DevExpress.Data.Desktop.v23.1.dll	edi-texteditor-setup-v3.103.tmp
File opened for modification	C:\Program Files (x86)\Edi - Text Editor 3\bin\Microsoft.OData.Edm.dll	edi-texteditor-setup-v3.103.tmp
File opened for modification	C:\Program Files (x86)\Edi - Text Editor 3\bin\Unity.Container.dll	edi-texteditor-setup-v3.103.tmp
File opened for modification	C:\Program Files (x86)\Edi - Text Editor 3\bin\DevExpress.Utils.v23.1.dll	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\is-Q7MAO.tmp	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\is-9PBSI.tmp	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\is-A19L6.tmp	edi-texteditor-setup-v3.103.tmp
File opened for modification	C:\Program Files (x86)\Edi - Text Editor 3\bin\DevExpress.Mvvm.v23.1.dll	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\de\is-CQ90K.tmp	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\Templates\is-HGDCJ.tmp	edi-texteditor-setup-v3.103.tmp
File opened for modification	C:\Program Files (x86)\Edi - Text Editor 3\bin\DevExpress.Snap.v23.1.Core.dll	edi-texteditor-setup-v3.103.tmp
File opened for modification	C:\Program Files (x86)\Edi - Text Editor 3\bin\DevExpress.XtraTreeList.v23.1.dll	edi-texteditor-setup-v3.103.tmp
File opened for modification	C:\Program Files (x86)\Edi - Text Editor 3\bin\de\DevExpress.Utils.v23.1.resources.dll	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\is-N2NQK.tmp	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\is-R9LEF.tmp	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\is-BK7M9.tmp	edi-texteditor-setup-v3.103.tmp
File opened for modification	C:\Program Files (x86)\Edi - Text Editor 3\Edi.exe	edi-texteditor-setup-v3.103.tmp
File opened for modification	C:\Program Files (x86)\Edi - Text Editor 3\bin\de\DevExpress.Xpo.v23.1.resources.dll	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\is-TVPJR.tmp	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\pl\is-HQ7LS.tmp	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\Templates\is-CRI3E.tmp	edi-texteditor-setup-v3.103.tmp
File opened for modification	C:\Program Files (x86)\Edi - Text Editor 3\bin\DevExpress.DataAccess.v23.1.dll	edi-texteditor-setup-v3.103.tmp
File opened for modification	C:\Program Files (x86)\Edi - Text Editor 3\bin\de\DevExpress.Data.v23.1.resources.dll	edi-texteditor-setup-v3.103.tmp
File opened for modification	C:\Program Files (x86)\Edi - Text Editor 3\bin\de\DevExpress.Sparkline.v23.1.Core.resources.dll	edi-texteditor-setup-v3.103.tmp
File opened for modification	C:\Program Files (x86)\Edi - Text Editor 3\bin\DevExpress.Sparkline.v23.1.Core.dll	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\is-ANDJR.tmp	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\is-GDVJ4.tmp	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\Icons\is-BB867.tmp	edi-texteditor-setup-v3.103.tmp
File opened for modification	C:\Program Files (x86)\Edi - Text Editor 3\bin\DevExpress.XtraVerticalGrid.v23.1.dll	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\is-QM87K.tmp	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\is-MNQG5.tmp	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\is-SCGL5.tmp	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\de\is-EA7G9.tmp	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\de\is-2DSMC.tmp	edi-texteditor-setup-v3.103.tmp
File opened for modification	C:\Program Files (x86)\Edi - Text Editor 3\bin\DevExpress.CodeParser.v23.1.dll	edi-texteditor-setup-v3.103.tmp
File opened for modification	C:\Program Files (x86)\Edi - Text Editor 3\bin\DevExpress.TreeMap.v23.1.Core.dll	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\is-1NEGK.tmp	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\de\is-E9L0N.tmp	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\de\is-QCAID.tmp	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\is-2QNIC.tmp	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\is-F5MC1.tmp	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\is-4TQVE.tmp	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\is-L6OTH.tmp	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\is-BOSJR.tmp	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\de\is-5OFU2.tmp	edi-texteditor-setup-v3.103.tmp
File opened for modification	C:\Program Files (x86)\Edi - Text Editor 3\system.mdb	Edi.exe
File opened for modification	C:\Program Files (x86)\Edi - Text Editor 3\bin\Serilog.dll	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\is-7SNNB.tmp	edi-texteditor-setup-v3.103.tmp
File created	C:\Program Files (x86)\Edi - Text Editor 3\bin\de\is-DVTG6.tmp	edi-texteditor-setup-v3.103.tmp

Executes dropped EXE 3 IoCs

pid	Process
3032	edi-texteditor-setup-v3.103.tmp
2668	Edi.exe
1628	Edi.exe

Loads dropped DLL 64 IoCs

pid	Process
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe
2668	Edi.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\Software\CLASSES\CID\{74004F00-6700-3000-3200-490071005200}	Edi.exe
Key created	\REGISTRY\USER\Software	Edi.exe
Key created	\REGISTRY\USER\Software\CLASSES\CID\{74004F00-6700-3000-3200-490071005200}	Edi.exe
Key created	\REGISTRY\USER\Software	Edi.exe

Modifies registry class 57 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\EdiTextEditor3Project\shell\open\command	edi-texteditor-setup-v3.103.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\.edikey	edi-texteditor-setup-v3.103.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EdiTextEditor3LicenseKey\ = "Edi - Text Editor License Key"	edi-texteditor-setup-v3.103.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EdiTextEditor3Project\ = "Edi - Text Editor Project"	edi-texteditor-setup-v3.103.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EdiTextEditor3Project\shell	edi-texteditor-setup-v3.103.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\EdiTextEditor3LicenseKey\shell\open\command	edi-texteditor-setup-v3.103.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EdiTextEditor3LicenseKey\shell\open\command	edi-texteditor-setup-v3.103.tmp
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\CID\{74004F00-6700-3000-3200-490071005200}	Edi.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23"	SearchApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EdiTextEditor3Project\DefaultIcon\ = "C:\\Program Files (x86)\\Edi - Text Editor 3\\Edi.exe,0"	edi-texteditor-setup-v3.103.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.edikey\ = "EdiTextEditor3LicenseKey"	edi-texteditor-setup-v3.103.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\CID\{74004F00-6700-3000-3200-490071005200}\1 = "OwxfpDCf5pFAw46UrljZgHY+lLn9LepRWt3vd+3qsUS9G+vNQT4s1nOjUuhQ6zGKCY3mNnw6WtRSXnEIZ/+b8AAlNRxPOwlIymYSDmYNT7CDbbblQ6g8KfqSJwNOSUr14QbpOrmHU1WeFTp9VplXAHZ8N+rPbS2Ib+DxITxoe4aR+f+brG1xbZ7m5huSdv8NR5ywkNb2Ahy0wJoX4wl6y8UDm9LSYGqaSI6yJvXM70R7ANgNC9KGCQ64pr3fdDxPY3TK5Fhks32bkPSPOZxovGOjhP+N/ZuCr3pcyXUuH7Gqe0fM/D5c9W9/Zf3cKb+t8yquB/F4QHRg3oOwjwo4n5z8HHMPOzPPPtaC8iph5sK4/oZ19TzhqLp4PqwaffzNQls5Yy8gfBeN9zzF6bfDcghc6D+Apj6xZSQWmnqFe90/7WbRZiH6fd0TwU1CvYa4vYQAMpXdeBkPQJP48LNcez9wPwqDB3ccobsYhwoDWhKu6FUemACh+9L3yifH9sNR"	Edi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EdiTextEditor3LicenseKey\shell\open\command\ = "\"C:\\Program Files (x86)\\Edi - Text Editor 3\\Edi.exe\" \"%1\""	edi-texteditor-setup-v3.103.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Software\CLASSES\CID\{74004F00-6700-3000-3200-490071005200}	Edi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\CLASSES\CID\{74004F00-6700-3000-3200-490071005200}	Edi.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23"	SearchApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EdiTextEditor3Project	edi-texteditor-setup-v3.103.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Software	Edi.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search	SearchApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\CLASSES	Edi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\CLASSES\CID	Edi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchApp.exe
Key created	\REGISTRY\MACHINE\Software\Classes\EdiTextEditor3Project\DefaultIcon	edi-texteditor-setup-v3.103.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CID\{74004F00-6700-3000-3200-490071005200}\1 = "OwxfpDCf5pFAw46UrljZgHY+lLn9LepRWt3vd+3qsUS9G+vNQT4s1nOjUuhQ6zGKCY3mNnw6WtRSXnEIZ/+b8AAlNRxPOwlIymYSDmYNT7CDbbblQ6g8KfqSJwNOSUr14QbpOrmHU1WeFTp9VplXAHZ8N+rPbS2Ib+DxITxoe4aR+f+brG1xbZ7m5huSdv8NR5ywkNb2Ahy0wJoX4wl6y8UDm9LSYGqaSI6yJvXM70R7ANgNC9KGCQ64pr3fdDxPY3TK5Fhks32bkPSPOZxovGOjhP+N/ZuCr3pcyXUuH7Gqe0fM/D5c9W9/Zf3cKb+t8yquB/F4QHRg3oOwjwo4n5z8HHMPOzPPPtaC8iph5sK4/oZ19TzhqLp4PqwaffzNQls5Yy8gfBeN9zzF6bfDcghc6D+Apj6xZSQWmnqFe90/7WbRZiH6fd0TwU1CvYa4vYQAMpXdeBkPQJP48LNcez9wPwqDB3ccobsYhwoDWhKu6FUemACh+9L3yifH9sNR"	Edi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EdiTextEditor3LicenseKey\shell	edi-texteditor-setup-v3.103.tmp
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search	SearchApp.exe
Key created	\REGISTRY\MACHINE\Software\Classes\EdiTextEditor3LicenseKey	edi-texteditor-setup-v3.103.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EdiTextEditor3LicenseKey\shell\open	edi-texteditor-setup-v3.103.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\EdiTextEditor3LicenseKey\DefaultIcon	edi-texteditor-setup-v3.103.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CID\{74004F00-6700-3000-3200-490071005200}\1 = "OwxfpDCf5pFAw46UrljZgHY+lLn9LepRWt3vd+3qsUS9G+vNQT4s1nOjUuhQ6zGKCY3mNnw6WtRSXnEIZ/+b8AAlNRxPOwlIymYSDmYNT7CDbbblQ6g8KfqSJwNOSUr14QbpOrmHU1WeFTp9VplXAHZ8N+rPbS2Ib+DxITxoe4aR+f+brG1xbZ7m5huSdv8NR5ywkNb2Ahy0wJoX4wl6y8UDm9LSYGqaSI6yJvXM70R7ANgNC9KGCQ64pr3fdDxPY3TK5Fhks32bkPSPOZxovGOjhP+N/ZuCr3pcyXUuH7Gqe0fM/D5c9W9/Zf3cKb+t8yquB/F4QHRg3oOwjwo4n5z8HHMPOzPPPtaC8iph5sK4/oZ19TzhqLp4PqwaffzNQls5Yy8gfBeN9zzF6bfDcghc6D+Apj6xZSQWmnqFe90/7WbRZiH6fd0TwU1CvYa4vYQAMpXdeBkPQJP48LNcez9wPwqDB3ccobsYhwoDWhKu6FUemACh+9L3yifH9sNR"	Edi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ediproj\ = "EdiTextEditor3Project"	edi-texteditor-setup-v3.103.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EdiTextEditor3Project\shell\open\command	edi-texteditor-setup-v3.103.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\.ediproj	edi-texteditor-setup-v3.103.tmp
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\CID	Edi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\CLASSES\CID\{74004F00-6700-3000-3200-490071005200}\1 = "OwxfpDCf5pFAw46UrljZgHY+lLn9LepRWt3vd+3qsUS9G+vNQT4s1nOjUuhQ6zGKCY3mNnw6WtRSXnEIZ/+b8AAlNRxPOwlIymYSDmYNT7CDbbblQ6g8KfqSJwNOSUr14QbpOrmHU1WeFTp9VplXAHZ8N+rPbS2Ib+DxITxoe4aR+f+brG1xbZ7m5huSdv8NR5ywkNb2Ahy0wJoX4wl6y8UDm9LSYGqaSI6yJvXM70R7ANgNC9KGCQ64pr3fdDxPY3TK5Fhks32bkPSPOZxovGOjhP+N/ZuCr3pcyXUuH7Gqe0fM/D5c9W9/Zf3cKb+t8yquB/F4QHRg3oOwjwo4n5z8HHMPOzPPPtaC8iph5sK4/oZ19TzhqLp4PqwaffzNQls5Yy8gfBeN9zzF6bfDcghc6D+Apj6xZSQWmnqFe90/7WbRZiH6fd0TwU1CvYa4vYQAMpXdeBkPQJP48LNcez9wPwqDB3ccobsYhwoDWhKu6FUemACh+9L3yifH9sNR"	Edi.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\CID\{74004F00-6700-3000-3200-490071005200}\1 = "OwxfpDCf5pFAw46UrljZgHY+lLn9LepRWt3vd+3qsUS9G+vNQT4s1nOjUuhQ6zGKCY3mNnw6WtRSXnEIZ/+b8AAlNRxPOwlIymYSDmYNT7CDbbblQ6g8KfqSJwNOSUr14QbpOrmHU1WeFTp9VplXAHZ8N+rPbS2Ib+DxITxoe4aR+f+brG1xbZ7m5huSdv8NR5ywkNb2Ahy0wJoX4wl6y8UDm9LSYGqaSI6yJvXM70R7ANgNC9KGCQ64pr3fdDxPY3TK5Fhks32bkPSPOZxovGOjhP+N/ZuCr3pcyXUuH7Gqe0fM/D5c9W9/Zf3cKb+t8yquB/F4QHRg3oOwjwo4n5z8HHMPOzPPPtaC8iph5sK4/oZ19TzhqLp4PqwaffzNQls5Yy8gfBeN9zzF6bfDcghc6D+Apj6xZSQWmnqFe90/7WbRZiH6fd0TwU1CvYa4vYQAMpXdeBkPQJP48LNcez9wPwqDB3ccobsYhwoDWhKu6FUemACh+9L3yifH9sNR"	Edi.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\CID\{74004F00-6700-3000-3200-490071005200}	Edi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152"	SearchApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EdiTextEditor3LicenseKey\DefaultIcon\ = "C:\\Program Files (x86)\\Edi - Text Editor 3\\Icons\\DocumentWrite_Key-48x48.ico"	edi-texteditor-setup-v3.103.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EdiTextEditor3LicenseKey	edi-texteditor-setup-v3.103.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EdiTextEditor3Project\shell\open\command\ = "\"C:\\Program Files (x86)\\Edi - Text Editor 3\\Edi.exe\" \"%1\""	edi-texteditor-setup-v3.103.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\CLASSES\CID\{74004F00-6700-3000-3200-490071005200}\1 = "OwxfpDCf5pFAw46UrljZgHY+lLn9LepRWt3vd+3qsUS9G+vNQT4s1nOjUuhQ6zGKCY3mNnw6WtRSXnEIZ/+b8AAlNRxPOwlIymYSDmYNT7CDbbblQ6g8KfqSJwNOSUr14QbpOrmHU1WeFTp9VplXAHZ8N+rPbS2Ib+DxITxoe4aR+f+brG1xbZ7m5huSdv8NR5ywkNb2Ahy0wJoX4wl6y8UDm9LSYGqaSI6yJvXM70R7ANgNC9KGCQ64pr3fdDxPY3TK5Fhks32bkPSPOZxovGOjhP+N/ZuCr3pcyXUuH7Gqe0fM/D5c9W9/Zf3cKb+t8yquB/F4QHRg3oOwjwo4n5z8HHMPOzPPPtaC8iph5sK4/oZ19TzhqLp4PqwaffzNQls5Yy8gfBeN9zzF6bfDcghc6D+Apj6xZSQWmnqFe90/7WbRZiH6fd0TwU1CvYa4vYQAMpXdeBkPQJP48LNcez9wPwqDB3ccobsYhwoDWhKu6FUemACh+9L3yifH9sNR"	Edi.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185"	SearchApp.exe
Key created	\REGISTRY\MACHINE\Software\Classes\EdiTextEditor3Project	edi-texteditor-setup-v3.103.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EdiTextEditor3Project\shell\open	edi-texteditor-setup-v3.103.tmp

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 5c0000000100000004000000000800001900000001000000100000001f7e750b566b128ac0b8d6576d2a70a503000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1d0000000100000010000000e3f9af952c6df2aaa41706a77a44c2031400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f76200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e0b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b002000430041000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df1040000000100000010000000d5e98140c51869fc462c8975620faa782000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	Edi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E	Edi.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 040000000100000010000000d5e98140c51869fc462c8975620faa780f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df153000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b0020004300410000006200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e1400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f71d0000000100000010000000e3f9af952c6df2aaa41706a77a44c20303000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1900000001000000100000001f7e750b566b128ac0b8d6576d2a70a52000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	Edi.exe

NTFS ADS 6 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Edi - Text Editor 3:{74004F00-6700-3000-3200-490071005200}	Edi.exe
File created	C:\Users\Admin\Documents\My Music:{74004F00-6700-3000-3200-490071005200}	Edi.exe
File created	C:\PerfLogs:{74004F00-6700-3000-3200-490071005200}	Edi.exe
File opened for modification	C:\Program Files (x86)\Edi - Text Editor 3:{74004F00-6700-3000-3200-490071005200}	Edi.exe
File created	C:\Users\Admin\Documents\My Music:{74004F00-6700-3000-3200-490071005200}	Edi.exe
File opened for modification	C:\PerfLogs:{74004F00-6700-3000-3200-490071005200}	Edi.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3032	edi-texteditor-setup-v3.103.tmp
3032	edi-texteditor-setup-v3.103.tmp
2668	Edi.exe
2668	Edi.exe
1628	Edi.exe
1628	Edi.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2668	Edi.exe
1628	Edi.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2668	Edi.exe
Token: SeDebugPrivilege	1628	Edi.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3032	edi-texteditor-setup-v3.103.tmp

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2668	Edi.exe
2668	Edi.exe
1752	SearchApp.exe
1628	Edi.exe
1628	Edi.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3320 wrote to memory of 3032	3320	edi-texteditor-setup-v3.103.exe	84
PID 3320 wrote to memory of 3032	3320	edi-texteditor-setup-v3.103.exe	84
PID 3320 wrote to memory of 3032	3320	edi-texteditor-setup-v3.103.exe	84
PID 3032 wrote to memory of 2668	3032	edi-texteditor-setup-v3.103.tmp	90
PID 3032 wrote to memory of 2668	3032	edi-texteditor-setup-v3.103.tmp	90
PID 3032 wrote to memory of 2668	3032	edi-texteditor-setup-v3.103.tmp	90

C:\Users\Admin\AppData\Local\Temp\edi-texteditor-setup-v3.103.exe
"C:\Users\Admin\AppData\Local\Temp\edi-texteditor-setup-v3.103.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3320
- C:\Users\Admin\AppData\Local\Temp\is-1V9DA.tmp\edi-texteditor-setup-v3.103.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-1V9DA.tmp\edi-texteditor-setup-v3.103.tmp" /SL5="$A011E,56639786,801792,C:\Users\Admin\AppData\Local\Temp\edi-texteditor-setup-v3.103.exe"
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3032
- - C:\Program Files (x86)\Edi - Text Editor 3\Edi.exe
    "C:\Program Files (x86)\Edi - Text Editor 3\Edi.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies data under HKEY_USERS
    - Modifies registry class
    - Modifies system certificate store
    - NTFS ADS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:2668

C:\Windows\system32\werfault.exe
werfault.exe /hc /shared Global\4590d012674f4386a5db83b0681e82d2 /t 4052 /p 4024
1⤵
PID:3068

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1752

C:\Program Files (x86)\Edi - Text Editor 3\Edi.exe
"C:\Program Files (x86)\Edi - Text Editor 3\Edi.exe"
1⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Edi - Text Editor 3:{74004F00-6700-3000-3200-490071005200}

Filesize
512B

MD5
d811469f1a24594116cb6f9531d5e4ab

SHA1
b1cdb30570c672352bd30dab361c082019105024

SHA256
d70734441217cb5a9be79c6e25ef3b7fd49858bb524c54f893ec3b3fde1acef8

SHA512
b38d14e50217582a1c39ca8ebd496ce6c10ed25a9a121c834dfad655bf1736ae6f5272a8ccbcf17139b5e2a65c312e9450a1d1eb43f3e19d6ff5cb8f60d237bd

Download Submit
C:\Program Files (x86)\Edi - Text Editor 3\Edi.exe

Filesize
3.7MB

MD5
2463fff01c63619b4611926c750bc60b

SHA1
9c8f8763c4cb2ec2f09e1639dd005b0d4813ead1

SHA256
392b6a9e463e193f1b8c48897f49467ddb158eefdf814b8c84402055a7ea2ecf

SHA512
6bcefdac56e8de345e57db281623c94ab48436dd96d8929f8943cb9c8097b25f81fd0d1c8012eb4605cea84fae7f9e8da3fd82f3946afc80af579e9c0ca05af6

Download Submit
C:\Program Files (x86)\Edi - Text Editor 3\Edi.exe.config

Filesize
4KB

MD5
f3fd4fb21260636906461be995fe030a

SHA1
a9ccd13eccfa04e2a9378522db4f1802232dc581

SHA256
5d796a3ba28c7c5f1bbaa2a3ac4cb639e1cfe2f29011921cce073ae90ef0da1b

SHA512
47177645303b4df4ff5829a8f2c2b8b4366acd2f9864440fdc524870dcacf3c0c7d45a1a140889924d1c131c04ea5d16dee017cb3d51390b4e8bce8f96c5d203

Download Submit
C:\Program Files (x86)\Edi - Text Editor 3\bin\DevExpress.BonusSkins.v23.1.dll

Filesize
21.6MB

MD5
1b56b7686af762b549fd40a00996247e

SHA1
e3da94c20c955db91163b270fec7d48f52d781c8

SHA256
bd725991175b191c7894c6ff886a7f1721107493d79851cf946a1948c001ea95

SHA512
6f0663e6c6962a447220187931f41d7be758a75121874dbc1fc54dde9bd4b9f5af2f96e1c10e807b8224f1038e207b0c70c5ce22e2920195bd599797fc086296

Download Submit
C:\Program Files (x86)\Edi - Text Editor 3\bin\DevExpress.Data.Desktop.v23.1.dll

Filesize
916KB

MD5
f9511153084a4347650128ea7ef35b44

SHA1
0f2471b97572013e35d4f8ddc05d5539ca93c7dc

SHA256
e616892ebf07e31af4748333949e4841ac33083d5a1570216dfa35c6926eb247

SHA512
7bc0718a7d3050426f02ddda9e38749d95098a6736e59250c9a7c51b09bdaaf5607c046164eaf3db185fd8fc89714d91f12218c9951123813c2595c0652596a4

Download Submit
C:\Program Files (x86)\Edi - Text Editor 3\bin\DevExpress.Data.v23.1.dll

Filesize
5.2MB

MD5
8ba5ca9559317fd703981c7b0e227a95

SHA1
a5064a243c7e9f12c42d765eafcb250c37020e7a

SHA256
2cd6bd7a006fe85eb31e99df5235e539ba2a473c01172ad2a9f4e4b6e4118b90

SHA512
dd104a31614289ebf33361896007e1e785a929525c89ae4cf81e99d50c0fd33d673ff4c9f291c9aec7f0f690faf2af17f04168efa8d12e4fedfb4c3f05e2cbbe

Download Submit
C:\Program Files (x86)\Edi - Text Editor 3\bin\DevExpress.Docs.v23.1.dll

Filesize
459KB

MD5
e50351b1dbd4c27b6bd43ac52a122461

SHA1
cdc8a1d7c7ed02009364b48e363b8bf2aeaaa881

SHA256
77403f30da6035cd9e6c6ff1b1f797341a3e1927e5f9accc8152fca90d4898a8

SHA512
0c99e9a9bdd10485290dd4d461593e9726eec994bb8b392ed30def74de599e295f3b3b3a9c016761558637971bfda852d00a7f3586238c48916ee1b88e5e3741

Download Submit
C:\Program Files (x86)\Edi - Text Editor 3\bin\DevExpress.Drawing.v23.1.dll

Filesize
905KB

MD5
77b3dfff4f6e8171e6fa52a02d7bd7b8

SHA1
526ae207e2f502263b77d540cf369325aa4ead83

SHA256
36b9795169c54d5621a6a773f8e537aa371b226404e09c36fd66da428e68b8fb

SHA512
cca0e260b35cbc766d1141dc5cc1d2b486fd5b0657e92e3c696b1e056b1c3e006ffaab9255f5846a16c857e1f9762e9e88c4633182f414bddc7ac1c10a0f8256

Download Submit
C:\Program Files (x86)\Edi - Text Editor 3\bin\DevExpress.Mvvm.v23.1.dll

Filesize
1.5MB

MD5
aba7411dbc6d2190e473a36ef27d8252

SHA1
ac107730100a97aaa38ea0cbf6fd149ad394cf28

SHA256
28db74538576a4034c98dad0f59fb44ea7f7881c58dc1f925413c0d8f75b0490

SHA512
373d49c37aa53d94e172000a1470acf18c5b06c7c36e52e9d60da94737b44dd7cea1011b4e635d0e2abe48b110703667659d98ebddc4a20509c0a37a14885a96

Download Submit
C:\Program Files (x86)\Edi - Text Editor 3\bin\DevExpress.Office.v23.1.Core.dll

Filesize
3.7MB

MD5
6984fed0041cd75a1f3fde0a97fce88c

SHA1
50cd5e1dbb9814a53927bacb4cf7fa81d6f79627

SHA256
45f0daf30cfeea4ef68b05b8bcb1765a5788bad3e2dea1e05f010f2c254e9159

SHA512
e3cec8f5f21d8a650e2202324954d83f61cb2e03b6ee2943490a22ad505c9fc1b08ca96940dc2dad65b8568569204ecdd439c818fe8340c51f4750b024849a55

Download Submit
C:\Program Files (x86)\Edi - Text Editor 3\bin\DevExpress.Printing.v23.1.Core.dll

Filesize
4.3MB

MD5
a787953054570c96328bde0c50eab64c

SHA1
c849fdb9078bd8b871f69c53a97cf102d583e6bb

SHA256
e466d99170823535fd8298c3ef601eb8b05ca93819a602489a97cbcc03539833

SHA512
8eacc4d03ff1bb1e9fdc55be4419e2533f2846ea1801a6b11715f80a099744c80bb33eeeb574d17a235a708533bea4850cc9ac9e0da40519a073f6138e236f7e

Download Submit
C:\Program Files (x86)\Edi - Text Editor 3\bin\DevExpress.RichEdit.v23.1.Core.dll

Filesize
8.5MB

MD5
bdc1e343e4aa05a11ff5be319b7921a2

SHA1
b206056be70cbcff32284c700649a7a09d64d8e0

SHA256
60b3d69ad325d9f4413f8a5fea7527ba46ceac13f5832756f692555032b51b26

SHA512
f61035729f175a626b2d5208c31d9bb20b02c9b79cdf7ffc81852f81af35c22714f455bbb5e5690aceffcea6bbfc54a93387228de7d9f5386f7cfbe32fdf5784

Download Submit
C:\Program Files (x86)\Edi - Text Editor 3\bin\DevExpress.Spreadsheet.v23.1.Core.dll

Filesize
16.5MB

MD5
c37ed80bd5e084f6e28fe9a9226e6ac8

SHA1
73efd47c13772b0d7586c42aa874e884600515af

SHA256
dbd23066919308aec993f89054c1d66bdb9e9db11a43dbc236e0e176f88559af

SHA512
6fef574a8f6bb5733a8e0ceff17c4bf760479767d69d59b244005174f960ce84e1db3e416eede97febf983c4a8e0455cbcf74277d451460617893629e3ab49f7

Download Submit
C:\Program Files (x86)\Edi - Text Editor 3\bin\DevExpress.Utils.v23.1.dll

Filesize
19.7MB

MD5
51bb73df804ddc5a77efe16f29731d4e

SHA1
31c04ac824637d067d91e5f8ce9b884b4ef697ad

SHA256
801df3c4f6563f0e569ae265a28ad7d94ea728767b6afed63d1fb8b7d4ed6b48

SHA512
a184842b6b4fe7e5f4c128606dacd8d47ce01a494d3ce2e06c6869da7689c249eb8077d24bd076f8f3c9ceb911a9ff600c494fb6d06353d3f30d5acb83d09b35

Download Submit
C:\Program Files (x86)\Edi - Text Editor 3\bin\DevExpress.Xpo.v23.1.dll

Filesize
2.2MB

MD5
91550104d6c8b03293d297f9c764348e

SHA1
9c585a7657582ef8b1b5c77d16197fc75d91c6b7

SHA256
dd01d882d16bb5393c8758b095735137d945e014f230658c425d649939c4a96e

SHA512
0d22f5e7c5a030c828d28caf5dabd1298a3beef54bbe5d1b9432a5291f1dd3aa9fbe9d2077ec2b59bcb899758ed320c21b81bbcb981d379f5648db4e3a85f1b7

Download Submit
C:\Program Files (x86)\Edi - Text Editor 3\bin\DevExpress.XtraBars.v23.1.dll

Filesize
6.7MB

MD5
e1159d4465488d800498b9474a4c31bc

SHA1
f34165f0b9b1c5c99fa52cdd9cd8b9b29df23feb

SHA256
5f09cdb53bf401ca56ab75c84abde4a48e66c8bb696962c3aa5679725be8ed4f

SHA512
3f5ab0018b4c45ee4dc714b42d5e5b961e3457df9b8a0c8779cb2c2c7118229f7b968cecc060d0e940496556581e55218b4ae6e7bc8f112751245ea19cb9f95f

Download Submit
C:\Program Files (x86)\Edi - Text Editor 3\bin\DevExpress.XtraEditors.v23.1.dll

Filesize
7.8MB

MD5
8a10dc9d04b64c91e82c7584d537a122

SHA1
14d11ce888e6d85d3bbb8a08745404ae518175f6

SHA256
e494c1a13c59e27ba1aebcac17ded157ccadeefa4cf059afc82474f0e97fd03b

SHA512
faf7bb6b5946579b62cf1dc37db1069819b4312b99e5dd1b109b303a726be5ddd403483d63859685e62b1c023e98ced430c64d80d9f8c3356b33228054e67b24

Download Submit
C:\Program Files (x86)\Edi - Text Editor 3\bin\DevExpress.XtraGrid.v23.1.dll

Filesize
3.6MB

MD5
6f5e0c60e26ce28b1e1d1da62c1c6ccc

SHA1
a9a3c12ebacb4f709e440f453a6def375fb8fa70

SHA256
5bf66e7a715d1ecbdf6aa9bad19e016788c3664bc65561c054261e58d239025f

SHA512
ee440889ea15990ff92ba5fc75b38945c1daeb43760b400d8c037860b1b92b202831dce000d9be69cf045696ee2986ace9551c024c657ed6f5d23f49b4850b9f

Download Submit
C:\Program Files (x86)\Edi - Text Editor 3\bin\DevExpress.XtraLayout.v23.1.dll

Filesize
2.1MB

MD5
0246a8105abf32b526f2d80453f290f8

SHA1
7aa65babe4f951ba37f0c3c84751df326082996e

SHA256
b0d8baada8544431772c2eba62df86416c14e29f23535bbf97e68af7fae93ae8

SHA512
c6e06ff7db4ffdcfefdc03220c9d8cd6231eca3d8c12954fe1339cc0129498ecf66abc4eedf0018c284868d475e63208d05ebfe004e0b41ee5e5390f16abd2e5

Download Submit
C:\Program Files (x86)\Edi - Text Editor 3\bin\DevExpress.XtraRichEdit.v23.1.dll

Filesize
2.9MB

MD5
ada4ccca1908d4261cd4373646721d05

SHA1
61af22df614c447985b1fe153c7ebdf21e6b65b0

SHA256
f734786e12fc20565d36cd2b8d9a04fdde695aae214411e38470189cc4d101a8

SHA512
543b8ea3dd4a51d59baac691e6b340a873725657e62d67b22310948c3902eec0ffbc7007473e4f7a727b226f10877bd86e1129df594108ecf91f4dfc97170f36

Download Submit
C:\Program Files (x86)\Edi - Text Editor 3\bin\DevExpress.XtraSpreadsheet.v23.1.dll

Filesize
4.8MB

MD5
b229fd4bd7b30d7dfea33c5d38b7a1f4

SHA1
9ad4acf0e67f47d295ef31f9df89592bf70b5096

SHA256
0ef94b99068866ea61e8f3d7e70e38663086504a5b72a1d1758229285f35967b

SHA512
49f0f5d699009ff903bc00dc17f91c1b531cf3f232b36d3f95174d42725e3b8c168a1929852a5f76fb833a33d2ce1da93569fd2b85ca6b8ef4a7bb111231fdeb

Download Submit
C:\Program Files (x86)\Edi - Text Editor 3\bin\Microsoft.OData.Client.dll

Filesize
745KB

MD5
1453febcf8a83f152b341a6eb16d19cc

SHA1
e816029bf78256d881d0d4116dccf675e93b82b0

SHA256
9caf9dd4863e11d88452ec728ce23f2ac10037e934e7b489684acba691940f85

SHA512
9aeeeaaf3cb02aa546db216094f41ce3320cbf4c7aa3d6457270ad70ce9fe768d22f01626d3cd08322ec950909a1cbf9bbb86c3860ee057d161ddc1a0db28018

Download Submit
C:\Program Files (x86)\Edi - Text Editor 3\bin\Serilog.dll

Filesize
115KB

MD5
b7d6a42b4f3b86e53665251e2f60abd2

SHA1
7861ada4bed3ea56a9b81e947ed9ed5a2803f1c6

SHA256
7d22c67708e448f174969cd09c13ca7edbf683511bd457812352973667a84656

SHA512
944a3686e45c4b08a66c896c61bfa3ba9de152dc8aeaa63ddf7ccce2af71ccbf8b2d893ddc6298de9a7db929c591505d70816d86be75fc42f4751fb4961ba337

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133602444301371754.txt

Filesize
76KB

MD5
2461fadfab026620a3ab7ff6de7bf049

SHA1
d9cd3ece8f779d9821d5d4fd6476cc0b2d6428cb

SHA256
d05ecb91cc2887dbfd98bafe8438134b60df9d4a8fe7aae2c267c57c2295a9f4

SHA512
48280beffa6199740d9cd4c6183771f9ca16e2e18e8d050ec655b92d7207899b2daf90bed8be0804621cf7c48e9bfb60bce971c5ef4ddde2a7b597abf34e2b34

Download Submit
C:\Users\Admin\AppData\Local\Polenter_-_Software_Solut\Edi.exe_Url_s2m0pqs3iblc20tew530qscaaquukrwy\3.103.0.0\user.config

Filesize
1KB

MD5
862e293637da75c63e70036d62db58e7

SHA1
642700f9c59a4b9c2dee0bd8bb9ba49e2875eb6b

SHA256
73ce07bd2f5ca42ba02cdf0c3315ebc546fa1b44ef35fa84704d0f5f8c6d654a

SHA512
a6f4efbf781a836c9831990d8a7d097be410fc9edf3f45129fe1002db32448bf709491fef37b61e5742a7276e02cff78b95d42ab5868c23e802eed9bdf233b3d

Download Submit
C:\Users\Admin\AppData\Local\Polenter_-_Software_Solut\Edi.exe_Url_s2m0pqs3iblc20tew530qscaaquukrwy\3.103.0.0\user.config

Filesize
1000B

MD5
8c57e93378d153851f611a01c9d02565

SHA1
5426ed444b9b6cc3ae5dfdd8643b57be654b3fa3

SHA256
6b4594265da64d4239a441163d6d2f1f0da8a258e5887640b9fcc1df15bd67da

SHA512
821bf6757c07425a9f50205d69fb729a2df644767df04adb676c5c8c55fe435d7f6b795668b1b698135f190f989a11c0219615f5ee37197765f2cb8cbe17cf50

Download Submit
C:\Users\Admin\AppData\Local\Polenter_-_Software_Solut\Edi.exe_Url_s2m0pqs3iblc20tew530qscaaquukrwy\3.103.0.0\user.config

Filesize
313B

MD5
12e695090da00010e035e58402d99f74

SHA1
74d1fff34a4ae4656a0d2173d86c6bfc5e56a5fd

SHA256
0519d90545e3900b3e649ee544dbc1b3f63980a3b529151493bf6f364de17fcd

SHA512
237836ddc646c359f34dc9a77ce09f276c8d04740f699c485c630f481d08602c1976063336c2010842043caf0264a352eb2f7f9794cf3a73d4799f38f8fa5be3

Download Submit
C:\Users\Admin\AppData\Local\Polenter_-_Software_Solut\Edi.exe_Url_s2m0pqs3iblc20tew530qscaaquukrwy\3.103.0.0\w5f4ne04.newcfg

Filesize
1KB

MD5
861388dd73a3557500745ceca6ef2ffb

SHA1
f7f3fd657ae7c9acb9b01c9856c8d049bd3cb919

SHA256
7fb22c368a0eae224610002426c65fa2693826259b555e91bd67f6105dd9699f

SHA512
f8e6b89073e87436679c2b5afd82c497e37f788a6c1344ddce40dc22b80d473d1692ac44d47c1965851356abc7785518d46f2387b7810478135a8caeec867963

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1V9DA.tmp\edi-texteditor-setup-v3.103.tmp

Filesize
3.0MB

MD5
08a7d9358e6512a0bbd2219176b811c3

SHA1
3f8cedc082f4cce604ff5cc65bd94e10c0ae172a

SHA256
8a70d1f6abe5d6fbe6c74cc8828638cc5a6008155be33913d3220e54634767d9

SHA512
ad9827020ff8a19042bf5c061e0a1129f85c32fec41126e365c4df766572d0e1afdd09217fcec4fcf193777a9bbec93fb3e43d4e2d5a0fb2dad54db5ef882931

Download Submit
memory/1628-650-0x000000001E000000-0x000000001E021000-memory.dmp

Filesize
132KB

Download
memory/1628-648-0x0000000019440000-0x000000001948C000-memory.dmp

Filesize
304KB

Download
memory/1628-647-0x0000000011940000-0x0000000011C94000-memory.dmp

Filesize
3.3MB

Download
memory/1628-651-0x000000001E820000-0x000000001E882000-memory.dmp

Filesize
392KB

Download
memory/1752-356-0x000002A93D760000-0x000002A93D860000-memory.dmp

Filesize
1024KB

Download
memory/1752-361-0x000002A93E6C0000-0x000002A93E6E0000-memory.dmp

Filesize
128KB

Download
memory/1752-368-0x000002A93E680000-0x000002A93E6A0000-memory.dmp

Filesize
128KB

Download
memory/1752-392-0x000002A93ECA0000-0x000002A93ECC0000-memory.dmp

Filesize
128KB

Download
memory/2668-268-0x0000000007820000-0x00000000078B2000-memory.dmp

Filesize
584KB

Download
memory/2668-234-0x0000000007D90000-0x000000000913E000-memory.dmp

Filesize
19.7MB

Download
memory/2668-308-0x0000000009AE0000-0x0000000009BC8000-memory.dmp

Filesize
928KB

Download
memory/2668-300-0x000000000DAA0000-0x000000000DCDE000-memory.dmp

Filesize
2.2MB

Download
memory/2668-316-0x000000000F2B0000-0x000000000F788000-memory.dmp

Filesize
4.8MB

Download
memory/2668-317-0x0000000009A40000-0x0000000009A60000-memory.dmp

Filesize
128KB

Download
memory/2668-292-0x0000000007B70000-0x0000000007C56000-memory.dmp

Filesize
920KB

Download
memory/2668-320-0x0000000009A90000-0x0000000009AB4000-memory.dmp

Filesize
144KB

Download
memory/2668-288-0x000000000A8C0000-0x000000000AC78000-memory.dmp

Filesize
3.7MB

Download
memory/2668-321-0x0000000009CA0000-0x0000000009D6E000-memory.dmp

Filesize
824KB

Download
memory/2668-284-0x000000000E330000-0x000000000EBB4000-memory.dmp

Filesize
8.5MB

Download
memory/2668-280-0x000000000A470000-0x000000000A8C0000-memory.dmp

Filesize
4.3MB

Download
memory/2668-312-0x000000000EBC0000-0x000000000EDD0000-memory.dmp

Filesize
2.1MB

Download
memory/2668-276-0x00000000096F0000-0x00000000099E6000-memory.dmp

Filesize
3.0MB

Download
memory/2668-272-0x000000000D2C0000-0x000000000DA92000-memory.dmp

Filesize
7.8MB

Download
memory/2668-607-0x0000000072A40000-0x00000000731F0000-memory.dmp

Filesize
7.7MB

Download
memory/2668-267-0x0000000009DB0000-0x000000000A464000-memory.dmp

Filesize
6.7MB

Download
memory/2668-263-0x0000000007690000-0x000000000781A000-memory.dmp

Filesize
1.5MB

Download
memory/2668-296-0x0000000007C60000-0x0000000007CD6000-memory.dmp

Filesize
472KB

Download
memory/2668-259-0x000000000C230000-0x000000000D2C0000-memory.dmp

Filesize
16.6MB

Download
memory/2668-255-0x0000000006CE0000-0x0000000006D9C000-memory.dmp

Filesize
752KB

Download
memory/2668-243-0x0000000009140000-0x00000000096E4000-memory.dmp

Filesize
5.6MB

Download
memory/2668-322-0x000000000AC90000-0x000000000C226000-memory.dmp

Filesize
21.6MB

Download
memory/2668-323-0x0000000009A80000-0x0000000009A8C000-memory.dmp

Filesize
48KB

Download
memory/2668-343-0x000000000E290000-0x000000000E2BA000-memory.dmp

Filesize
168KB

Download
memory/2668-344-0x000000000E0B0000-0x000000000E0C6000-memory.dmp

Filesize
88KB

Download
memory/2668-347-0x000000000F240000-0x000000000F24A000-memory.dmp

Filesize
40KB

Download
memory/2668-583-0x0000000072A40000-0x00000000731F0000-memory.dmp

Filesize
7.7MB

Download
memory/2668-240-0x0000000006F10000-0x0000000007440000-memory.dmp

Filesize
5.2MB

Download
memory/2668-353-0x00000000120E0000-0x0000000012434000-memory.dmp

Filesize
3.3MB

Download
memory/2668-582-0x0000000072A4E000-0x0000000072A4F000-memory.dmp

Filesize
4KB

Download
memory/2668-355-0x00000000134E0000-0x0000000013CF6000-memory.dmp

Filesize
8.1MB

Download
memory/2668-238-0x0000000072A40000-0x00000000731F0000-memory.dmp

Filesize
7.7MB

Download
memory/2668-304-0x000000000DCE0000-0x000000000E086000-memory.dmp

Filesize
3.6MB

Download
memory/2668-232-0x0000000006340000-0x00000000063A6000-memory.dmp

Filesize
408KB

Download
memory/2668-410-0x0000000013D00000-0x000000001422C000-memory.dmp

Filesize
5.2MB

Download
memory/2668-231-0x00000000063C0000-0x00000000069D8000-memory.dmp

Filesize
6.1MB

Download
memory/2668-509-0x00000000146E0000-0x000000001481C000-memory.dmp

Filesize
1.2MB

Download
memory/2668-520-0x0000000014C20000-0x0000000014CCA000-memory.dmp

Filesize
680KB

Download
memory/2668-531-0x0000000014DF0000-0x0000000014F06000-memory.dmp

Filesize
1.1MB

Download
memory/2668-532-0x0000000015400000-0x0000000015528000-memory.dmp

Filesize
1.2MB

Download
memory/2668-533-0x0000000015C10000-0x0000000015E96000-memory.dmp

Filesize
2.5MB

Download
memory/2668-534-0x0000000015310000-0x0000000015326000-memory.dmp

Filesize
88KB

Download
memory/2668-535-0x00000000159F0000-0x0000000015A3C000-memory.dmp

Filesize
304KB

Download
memory/2668-544-0x000000001B760000-0x000000001B79C000-memory.dmp

Filesize
240KB

Download
memory/2668-545-0x000000001B720000-0x000000001B741000-memory.dmp

Filesize
132KB

Download
memory/2668-546-0x000000001B860000-0x000000001B8CE000-memory.dmp

Filesize
440KB

Download
memory/2668-547-0x0000000020120000-0x00000000202C4000-memory.dmp

Filesize
1.6MB

Download
memory/2668-548-0x00000000202D0000-0x0000000020420000-memory.dmp

Filesize
1.3MB

Download
memory/2668-549-0x0000000020720000-0x0000000020A1A000-memory.dmp

Filesize
3.0MB

Download
memory/2668-550-0x0000000020EF0000-0x00000000213BC000-memory.dmp

Filesize
4.8MB

Download
memory/2668-551-0x0000000020A20000-0x0000000020BCC000-memory.dmp

Filesize
1.7MB

Download
memory/2668-552-0x0000000020010000-0x0000000020032000-memory.dmp

Filesize
136KB

Download
memory/2668-553-0x0000000020090000-0x00000000200F2000-memory.dmp

Filesize
392KB

Download
memory/2668-227-0x0000000000CD0000-0x0000000001090000-memory.dmp

Filesize
3.8MB

Download
memory/2668-567-0x00000000205D0000-0x00000000205D8000-memory.dmp

Filesize
32KB

Download
memory/2668-568-0x00000000205E0000-0x00000000205EA000-memory.dmp

Filesize
40KB

Download
memory/2668-569-0x0000000020C80000-0x0000000020D26000-memory.dmp

Filesize
664KB

Download
memory/2668-226-0x0000000072A4E000-0x0000000072A4F000-memory.dmp

Filesize
4KB

Download
memory/2668-581-0x000000001BE20000-0x000000001BE3A000-memory.dmp

Filesize
104KB

Download
memory/3032-241-0x0000000000400000-0x000000000070C000-memory.dmp

Filesize
3.0MB

Download
memory/3032-225-0x0000000000400000-0x000000000070C000-memory.dmp

Filesize
3.0MB

Download
memory/3032-9-0x0000000000400000-0x000000000070C000-memory.dmp

Filesize
3.0MB

Download
memory/3032-6-0x0000000000400000-0x000000000070C000-memory.dmp

Filesize
3.0MB

Download
memory/3320-242-0x0000000000400000-0x00000000004D1000-memory.dmp

Filesize
836KB

Download
memory/3320-0-0x0000000000400000-0x00000000004D1000-memory.dmp

Filesize
836KB

Download
memory/3320-8-0x0000000000400000-0x00000000004D1000-memory.dmp

Filesize
836KB

Download
memory/3320-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download