22cae23405ef1d6162fdbe9de167ed431e3585b748a38bda5f7ef1090c22087a

Resubmissions

22/11/2024, 17:33

241122-v4yj7a1jfk 8

20/11/2024, 13:26

241120-qpxl5axmh1 8

20/11/2024, 13:23

241120-qm63saxbkf 8

19/11/2024, 14:21

241119-rn7ldawray 8

Analysis

max time kernel
73s
max time network
76s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
22/11/2024, 17:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DJAPPSTORE.exe
Size

1.4MB
MD5

6afc8290bc005d98203e4d28d1af8d06
SHA1

f145630a0f925865a0fb67f101b630e770f8029d
SHA256

90e14e6d711668b63a68e722abcffff1428fd82506411f1519fdd582c65d2929
SHA512

5fa0fae5d673d8735fed45ef75e1f950f8560c5d88d008ff50146643473d684a7db40eae4277eefb5f18ca87fd6e73da8ebc613711a0c4f529e5512f2e977d14
SSDEEP

3072:gKSaWbBpm3pm3pmcJdm6k8Kw2pmu64VwOAsbvjL357kuQ4wdXzsyP0ujm7pmzpR:b8byyn3mn8XEvVwOJjL357K90vS

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Deletes itself 1 IoCs

pid	Process
4280	UpdInstaller.exe

Executes dropped EXE 2 IoCs

pid	Process
3848	DJAPPSTORE.exe
912	DJAPPSTORE.exe

Loads dropped DLL 1 IoCs

pid	Process
912	DJAPPSTORE.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
6	raw.githubusercontent.com
11	raw.githubusercontent.com
1	raw.githubusercontent.com
2	raw.githubusercontent.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2212	msedgewebview2.exe
3876	msedgewebview2.exe
5056	msedgewebview2.exe
3408	msedgewebview2.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2408	msedgewebview2.exe
2408	msedgewebview2.exe
5056	msedgewebview2.exe
5056	msedgewebview2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs

pid	Process
412	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	3740	DJAPPSTORE.exe
Token: SeDebugPrivilege	3848	DJAPPSTORE.exe
Token: SeDebugPrivilege	912	DJAPPSTORE.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
412	msedgewebview2.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
912	DJAPPSTORE.exe
912	DJAPPSTORE.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3740 wrote to memory of 4280	3740	DJAPPSTORE.exe	81
PID 3740 wrote to memory of 4280	3740	DJAPPSTORE.exe	81
PID 4280 wrote to memory of 3848	4280	UpdInstaller.exe	83
PID 4280 wrote to memory of 3848	4280	UpdInstaller.exe	83
PID 3848 wrote to memory of 4796	3848	DJAPPSTORE.exe	86
PID 3848 wrote to memory of 4796	3848	DJAPPSTORE.exe	86
PID 4796 wrote to memory of 912	4796	UpdInstaller.exe	88
PID 4796 wrote to memory of 912	4796	UpdInstaller.exe	88
PID 912 wrote to memory of 412	912	DJAPPSTORE.exe	89
PID 912 wrote to memory of 412	912	DJAPPSTORE.exe	89
PID 412 wrote to memory of 1572	412	msedgewebview2.exe	90
PID 412 wrote to memory of 1572	412	msedgewebview2.exe	90
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 3408	412	msedgewebview2.exe	91
PID 412 wrote to memory of 2408	412	msedgewebview2.exe	92
PID 412 wrote to memory of 2408	412	msedgewebview2.exe	92
PID 412 wrote to memory of 2212	412	msedgewebview2.exe	94
PID 412 wrote to memory of 2212	412	msedgewebview2.exe	94
PID 412 wrote to memory of 2212	412	msedgewebview2.exe	94
PID 412 wrote to memory of 2212	412	msedgewebview2.exe	94
PID 412 wrote to memory of 2212	412	msedgewebview2.exe	94
PID 412 wrote to memory of 2212	412	msedgewebview2.exe	94
PID 412 wrote to memory of 2212	412	msedgewebview2.exe	94
PID 412 wrote to memory of 2212	412	msedgewebview2.exe	94
PID 412 wrote to memory of 2212	412	msedgewebview2.exe	94
PID 412 wrote to memory of 2212	412	msedgewebview2.exe	94

C:\Users\Admin\AppData\Local\Temp\DJAPPSTORE.exe
"C:\Users\Admin\AppData\Local\Temp\DJAPPSTORE.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3740
- C:\Users\Admin\AppData\Local\Temp\UpdInstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\UpdInstaller.exe"
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:4280
- - C:\Users\Admin\AppData\Local\Temp\DJAPPSTORE.exe
    "C:\Users\Admin\AppData\Local\Temp\DJAPPSTORE.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\UpdInstaller.exe
      "C:\Users\Admin\AppData\Local\Temp\UpdInstaller.exe"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\DJAPPSTORE.exe
        
        "C:\Users\Admin\AppData\Local\Temp\DJAPPSTORE.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:912
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=DJAPPSTORE.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\DJAPPSTORE_WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=912.3016.11910202215657227526
        6⤵
        Enumerates system info in registry
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of FindShellTrayWindow
        Suspicious use of WriteProcessMemory
        
        PID:412
        
        C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\DJAPPSTORE_WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\DJAPPSTORE_WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\DJAPPSTORE_WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x178,0x7ffdc6433cb8,0x7ffdc6433cc8,0x7ffdc6433cd8
        7⤵
        
        PID:1572
        
        C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1908,18349997825388975146,14142109563682935646,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\DJAPPSTORE_WebView2\EBWebView" --webview-exe-name=DJAPPSTORE.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
        7⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:3408
        
        C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,18349997825388975146,14142109563682935646,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\DJAPPSTORE_WebView2\EBWebView" --webview-exe-name=DJAPPSTORE.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2132 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2408
        
        C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,18349997825388975146,14142109563682935646,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\DJAPPSTORE_WebView2\EBWebView" --webview-exe-name=DJAPPSTORE.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2456 /prefetch:8
        7⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:2212
        
        C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1908,18349997825388975146,14142109563682935646,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\DJAPPSTORE_WebView2\EBWebView" --webview-exe-name=DJAPPSTORE.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3032 /prefetch:1
        7⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:3876
        
        C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,18349997825388975146,14142109563682935646,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\DJAPPSTORE_WebView2\EBWebView" --webview-exe-name=DJAPPSTORE.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=4068 /prefetch:8
        7⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:5056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\UpdInstaller.exe.log

Filesize
312B

MD5
94362876a82ea2b020cc31686fccce81

SHA1
54580aaf9e28b09ab7d65a166f4328767e143264

SHA256
a2fd92b60d00dc2281a0c8af75d76221e6e48d581e95213df4c715fd6fa0fe3f

SHA512
37b3ff098573bf00ab5e49a5fc3f66a2684691e28274282714f8137706b8aca5edd11fc50b1d8a0713e3897fe467c40d8ce60299d08b2376baf29c54f1a60687

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\DJAPPSTORE.exe.log

Filesize
1KB

MD5
3392533e5a911044c10543cfaf81cdcd

SHA1
7e2900a2a27fecbe81e59395690b0d8436421a4b

SHA256
b3f2d644973405253616e6aaffb35e19165c4369ba1828d82ce5c0c57c3868b5

SHA512
2c44cf950118637fc69a05e18004d7d1581e0177ab3aeb466ea533387b080cba4fd129f5493fb8ce3e14809185ddc1d916d8ee0cf99bcda9bc2258398c91127c

Download Submit
C:\Users\Admin\AppData\Local\Temp\DJAPPSTORE_WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
b97858bc0043b3d81640dcf9c100c754

SHA1
41b7c1879eac64c7be2fd0c7fe0e79fdc182a314

SHA256
e41631267aeb5ff77b25e3179e1392487d500d9c9e412a15e10a8199cc4621eb

SHA512
56000c9a043dd8367f9ec7f6489597e721b354a03f09890e36ba432e46367d42b04d1e7e7a84253586451722fc638a70c1dd27faa8871cf5ac186f6be7e7a19b

Download Submit
C:\Users\Admin\AppData\Local\Temp\DJAPPSTORE_WebView2\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Temp\DJAPPSTORE_WebView2\EBWebView\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\DJAPPSTORE_WebView2\EBWebView\Default\Sync Data\LevelDB\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\DJAPPSTORE_WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Temp\MarkdownSharp.dll

Filesize
61KB

MD5
a897e3fec49ca0ff86519950ba1f5ea4

SHA1
04792668e52d97a8800a15b92ff14d25e41de2bd

SHA256
6d2e1277659dafe5965be42fb074949b1891b1a31d3e9ca9757ea8a0abfbec44

SHA512
353b8cfcaed1ea22dfe5d9d7cd429fb7dbfb99431ed9a184a2e5f7be9414580b32763772be5b6711bc8e2fb9732e187f65d8b9ed519562e26fac401f9b579124

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft.Web.WebView2.Core.dll

Filesize
581KB

MD5
3d9465d5161ac2ab5a83265935514349

SHA1
5d40047faf2a166e6c25f106c244b5826bd0aad9

SHA256
24d1f432632c971456e6db676f609772b98d0cf3d3a5450c78d3dbb75744399e

SHA512
8d84de25fcb88ad6786de9f077612d356eed8726a50e9b6c44a3dff456ca8a160e0707cd1902b52e4890f97f4a5a72466ac149e71d1e790267141a6710ecc70d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft.Web.WebView2.WinForms.dll

Filesize
37KB

MD5
4b8bb9cd761a04f558e9b4a1a76be0bf

SHA1
0337e8418f1b991995b7adec1665a19f63e557a1

SHA256
c5a652cb75bcd84575347467c0647e6f66c207de40164d98f95ee8e6d4db6d57

SHA512
00168f4bf5455ea177730142b63ec5a4a6413acbeb965b8dd386631367e0be5c56117c0125552ea64f54c10395564206be585b31c93e441d9a357bae8ec7d261

Download Submit
C:\Users\Admin\AppData\Local\Temp\runtimes\win-x64\native\WebView2Loader.dll

Filesize
162KB

MD5
0ad9319fa14d39c0812583337546ca20

SHA1
0a76b27dc44f46756984a7a5f93f9a9b024aedb5

SHA256
1d963a02d8a7fa3e7eac2e936dad5559c4d63327f35b0a09787ffc1d58f9c18d

SHA512
01bfb6516ea8d2347863fdf6de7ce1bc598d0798a7a388a0b4478a8be4bad66362185f366ed52adb19008f518c05fbaedf46268051bbf26e448e23b017af669f

Download Submit
C:\Users\Admin\AppData\Local\Temp\upd.exe

Filesize
14KB

MD5
47da46b9ef37e731c3bc147f894b47f6

SHA1
28fb32b8fa7b2f34cb89c35814017c8a483d22e4

SHA256
fd693f8144d95bd93d9d09a1bcc243b42106cfc86639bdfa2719d04b6695b68e

SHA512
adaf1f1b5536b652054b2ff9b4531aca16ca498a31b6f55725886090a32d9484a600d16a9833085c9aa603949064bd8146207bfa4e39e571ab35ea9241d1b84e

Download Submit
C:\Users\Admin\AppData\Local\Temp\upd.exe

Filesize
2.4MB

MD5
d5b25faa7c27dae4a8ea956f75c5ecda

SHA1
4ab3bd667ebda1fbcd5ce7e1f72f820bdc19959a

SHA256
3d1e6ea3b92e85643ffa8fe6a3edc71b8a2c8d33fdcf9779820689807b139eef

SHA512
a994e0834263a96950d58a3086ef30f71cf91ad9a1f6e888537d761023bcdd46783823406d4edce4ebafc655d7747552a37b763ed5e365becfd0cbc0a5e7b05e

Download Submit
memory/912-51-0x0000028A82830000-0x0000028A82A92000-memory.dmp

Filesize
2.4MB

Download
memory/912-62-0x0000028A9DDD0000-0x0000028A9DE66000-memory.dmp

Filesize
600KB

Download
memory/912-60-0x0000028A9DD20000-0x0000028A9DD2E000-memory.dmp

Filesize
56KB

Download
memory/912-54-0x0000028A9FDF0000-0x0000028AA0318000-memory.dmp

Filesize
5.2MB

Download
memory/912-52-0x0000028A9E1F0000-0x0000028A9E3B2000-memory.dmp

Filesize
1.8MB

Download
memory/912-202-0x0000028A9E1B0000-0x0000028A9E1C6000-memory.dmp

Filesize
88KB

Download
memory/912-247-0x00000292A3000000-0x00000292A37A6000-memory.dmp

Filesize
7.6MB

Download
memory/2212-208-0x0000027119A40000-0x0000027119ADE000-memory.dmp

Filesize
632KB

Download
memory/3408-207-0x000002A1C5EF0000-0x000002A1C5F8E000-memory.dmp

Filesize
632KB

Download
memory/3408-86-0x00007FFDE82D0000-0x00007FFDE82D1000-memory.dmp

Filesize
4KB

Download
memory/3740-12-0x00007FFDC7F10000-0x00007FFDC88B1000-memory.dmp

Filesize
9.6MB

Download
memory/3740-6-0x0000000001870000-0x0000000001878000-memory.dmp

Filesize
32KB

Download
memory/3740-1-0x000000001BFE0000-0x000000001C086000-memory.dmp

Filesize
664KB

Download
memory/3740-2-0x000000001C560000-0x000000001CA2E000-memory.dmp

Filesize
4.8MB

Download
memory/3740-3-0x00007FFDC7F10000-0x00007FFDC88B1000-memory.dmp

Filesize
9.6MB

Download
memory/3740-4-0x000000001CAE0000-0x000000001CB7C000-memory.dmp

Filesize
624KB

Download
memory/3740-5-0x00007FFDC7F10000-0x00007FFDC88B1000-memory.dmp

Filesize
9.6MB

Download
memory/3740-7-0x000000001CD40000-0x000000001CD8C000-memory.dmp

Filesize
304KB

Download
memory/3740-19-0x00007FFDC7F10000-0x00007FFDC88B1000-memory.dmp

Filesize
9.6MB

Download
memory/3740-16-0x00007FFDC7F10000-0x00007FFDC88B1000-memory.dmp

Filesize
9.6MB

Download
memory/3740-15-0x00007FFDC7F10000-0x00007FFDC88B1000-memory.dmp

Filesize
9.6MB

Download
memory/3740-14-0x00007FFDC7F10000-0x00007FFDC88B1000-memory.dmp

Filesize
9.6MB

Download
memory/3740-13-0x00007FFDC7F10000-0x00007FFDC88B1000-memory.dmp

Filesize
9.6MB

Download
memory/3740-0-0x00007FFDC81C5000-0x00007FFDC81C6000-memory.dmp

Filesize
4KB

Download
memory/3740-11-0x00007FFDC81C5000-0x00007FFDC81C6000-memory.dmp

Filesize
4KB

Download
memory/3740-10-0x000000001DB60000-0x000000001DC9C000-memory.dmp

Filesize
1.2MB

Download
memory/3740-9-0x00007FFDC7F10000-0x00007FFDC88B1000-memory.dmp

Filesize
9.6MB

Download
memory/3740-8-0x00007FFDC7F10000-0x00007FFDC88B1000-memory.dmp

Filesize
9.6MB

Download
memory/3848-32-0x00000218F9720000-0x00000218F9732000-memory.dmp

Filesize
72KB

Download
memory/3848-27-0x00000218F7A30000-0x00000218F7A3A000-memory.dmp

Filesize
40KB

Download
memory/3848-28-0x00000218F7EB0000-0x00000218F7EBA000-memory.dmp

Filesize
40KB

Download
memory/3876-239-0x000001EDB7AD0000-0x000001EDB7B6E000-memory.dmp

Filesize
632KB

Download
memory/4280-20-0x00007FFDC7F10000-0x00007FFDC88B1000-memory.dmp

Filesize
9.6MB

Download
memory/4280-21-0x00007FFDC7F10000-0x00007FFDC88B1000-memory.dmp

Filesize
9.6MB

Download
memory/4280-22-0x00007FFDC7F10000-0x00007FFDC88B1000-memory.dmp

Filesize
9.6MB

Download
memory/4280-26-0x00007FFDC7F10000-0x00007FFDC88B1000-memory.dmp

Filesize
9.6MB

Download