498ccb5e245b4a20f8a4aa7bd236fae1e017809b399bb810bc803fd6cb59ff1e

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe
Size

495KB
MD5

385d407abb78767b5d6f67b5a3492742
SHA1

c1b8e1cca335ff6beab36ca1994e42a69506c85a
SHA256

498ccb5e245b4a20f8a4aa7bd236fae1e017809b399bb810bc803fd6cb59ff1e
SHA512

19abac3c6931e1d0176cf06d93e5c6e6d5e580fb3aa6ac41e9bbd45ec2b9bafd51e48a111035d67e28cbb113d09d4f0852b4161d13f4f8b62a3d74cc83229a7d
SSDEEP

6144:g7WQ0j4ltziolIGlnE2deWdrlBu0R+J5JlLgPYfq8ZF02IlLZD30nXes2H:Ii4lZiopdfu0R+J5JlLgPbD30nF2H

Score

6^/10

Malware Config

Signatures

Downloads MZ/PE file
Deletes itself 1 IoCs

Processes:

Compass Browser.exe

pid process

2492 Compass Browser.exe

pid	process
2492	Compass Browser.exe

Executes dropped EXE 6 IoCs

Processes:

ITS SB App Switch.exeITS SB App Switch.exe Compass Browser.exeITS SB App Switch.exeITS SB App Switch.exe Compass Browser.exe

pid	process
2584	ITS SB App Switch.exe
2512	ITS SB App Switch.exe
2492	Compass Browser.exe
1796	ITS SB App Switch.exe
688	ITS SB App Switch.exe
800	Compass Browser.exe

Loads dropped DLL 12 IoCs

Processes:

2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe Compass Browser.exe Compass Browser.exe

pid	process
2488	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe
2488	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe
2488	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe
2492	Compass Browser.exe
2492	Compass Browser.exe
2492	Compass Browser.exe
2492	Compass Browser.exe
2492	Compass Browser.exe
800	Compass Browser.exe
800	Compass Browser.exe
800	Compass Browser.exe
800	Compass Browser.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe Compass Browser.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	Compass Browser.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Compass Browser.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe Compass Browser.exe Compass Browser.exe

pid	process
2488	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe
2488	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe
2492	Compass Browser.exe
2492	Compass Browser.exe
800	Compass Browser.exe
800	Compass Browser.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

Compass Browser.exe Compass Browser.exe

pid process

2492 Compass Browser.exe
2492 Compass Browser.exe
2492 Compass Browser.exe
800 Compass Browser.exe

pid	process
2492	Compass Browser.exe
2492	Compass Browser.exe
2492	Compass Browser.exe
800	Compass Browser.exe

Suspicious use of WriteProcessMemory 24 IoCs

Processes:

2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe Compass Browser.exe

description	pid	process	target process
PID 2488 wrote to memory of 2584	2488	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe	ITS SB App Switch.exe
PID 2488 wrote to memory of 2584	2488	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe	ITS SB App Switch.exe
PID 2488 wrote to memory of 2584	2488	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe	ITS SB App Switch.exe
PID 2488 wrote to memory of 2584	2488	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe	ITS SB App Switch.exe
PID 2488 wrote to memory of 2512	2488	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe	ITS SB App Switch.exe
PID 2488 wrote to memory of 2512	2488	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe	ITS SB App Switch.exe
PID 2488 wrote to memory of 2512	2488	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe	ITS SB App Switch.exe
PID 2488 wrote to memory of 2512	2488	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe	ITS SB App Switch.exe
PID 2488 wrote to memory of 2492	2488	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe	Compass Browser.exe
PID 2488 wrote to memory of 2492	2488	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe	Compass Browser.exe
PID 2488 wrote to memory of 2492	2488	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe	Compass Browser.exe
PID 2488 wrote to memory of 2492	2488	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe	Compass Browser.exe
PID 2492 wrote to memory of 1796	2492	Compass Browser.exe	ITS SB App Switch.exe
PID 2492 wrote to memory of 1796	2492	Compass Browser.exe	ITS SB App Switch.exe
PID 2492 wrote to memory of 1796	2492	Compass Browser.exe	ITS SB App Switch.exe
PID 2492 wrote to memory of 1796	2492	Compass Browser.exe	ITS SB App Switch.exe
PID 2492 wrote to memory of 688	2492	Compass Browser.exe	ITS SB App Switch.exe
PID 2492 wrote to memory of 688	2492	Compass Browser.exe	ITS SB App Switch.exe
PID 2492 wrote to memory of 688	2492	Compass Browser.exe	ITS SB App Switch.exe
PID 2492 wrote to memory of 688	2492	Compass Browser.exe	ITS SB App Switch.exe
PID 2492 wrote to memory of 800	2492	Compass Browser.exe	Compass Browser.exe
PID 2492 wrote to memory of 800	2492	Compass Browser.exe	Compass Browser.exe
PID 2492 wrote to memory of 800	2492	Compass Browser.exe	Compass Browser.exe
PID 2492 wrote to memory of 800	2492	Compass Browser.exe	Compass Browser.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe"
1⤵
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2488

C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ITS SB App Switch.exe
"C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ITS SB App Switch.exe"
2⤵
- Executes dropped EXE
PID:2584

C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ITS SB App Switch.exe
"C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ITS SB App Switch.exe"
2⤵
- Executes dropped EXE
PID:2512

C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ Compass Browser.exe
"C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ Compass Browser.exe" /url"https://ondemand-candidate.certiport.com:443/?accesscode=B08-1F-035" /LauncherDelete"C:\Users\Admin\AppData\Local\Temp\2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe" /Institutioncode"0"
2⤵
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2492

C:\ProgramData\ Compass Browser\ITS SB App Switch.exe
"C:\ProgramData\ Compass Browser\ITS SB App Switch.exe"
3⤵
- Executes dropped EXE
PID:1796

C:\ProgramData\ Compass Browser\ITS SB App Switch.exe
"C:\ProgramData\ Compass Browser\ITS SB App Switch.exe"
3⤵
- Executes dropped EXE
PID:688

C:\ProgramData\ Compass Browser\ Compass Browser.exe
"C:\ProgramData\ Compass Browser\ Compass Browser.exe" /urlhttps://ondemand-candidate.certiport.com:443/?accesscode=B08-1F-035 /LauncherDeleteC:\Users\Admin\AppData\Local\Temp\2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe /Institutioncode0 /updateUrl"https://www.starttest.com/sbrowser/ws/getconfiguration.aspx?AgentIdentifier=WINCSECB&ProgramID=293&Environment=PRODUCTION&InstitutionID=0&CandidateID=0&Language=ENU&institutioncode=0&enc=1&cmd=xml&sc=10e550c04aee20f276140532a7fe92d11a6f20c0" /filePath"C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ Compass Browser.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:800

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\ Compass Browser\ Compass Browser.exe
Filesize
1.0MB

MD5
d03d3f7a7eea464bc2804a4604775ef3

SHA1
db463326f905cd0dfe5d18b985cfc24b58e76459

SHA256
07aebbde5087c10f456fe157e87c1460dba294e5ba9b2c30ea6f49487e8a3bf8

SHA512
9ee754485594f4a629cc47e8965a5d4e234c601d0282aba9511c6bcb43801337f4ebdb36f7ceff43e79126076721b979d087fc8d1aaa834e6bca3c4aaa7f988d

Download Submit
C:\ProgramData\ Compass Browser\Resources\candidat.bin
Filesize
32B

MD5
78e1d406caf8dfa31e61c3f92ddf9903

SHA1
3a6cb72e0cdac52ca9b0815ae95e1370706c2dcd

SHA256
013d1b45db00fdfd47fa8ce3d551b521be79cd7e097a49c0eb3a375c8dbe7e71

SHA512
6a1b0291525f9c01483091ae77862ec1f5b8e752047d144b47a6656c2f3c0e25d7b5abf70f206fdc70bad9835e60fef04651b4eb21f948a6de08950f7b3756d5

Download Submit
C:\ProgramData\ Compass Browser\Resources\environ.bin
Filesize
32B

MD5
2607234695b8a62fc2f6b4888d9dedbe

SHA1
8323092ee28567078ac77b035b0c9d75b82576a8

SHA256
165ea9b117a59cf3df296305a0e28d6c42a0b4a7018234591314e1fe49d739a5

SHA512
3de7929651ab4c367de2ec81f6b131912500a7d7920ed186bf59ad9fd9dacc404bb71275c6f3f29733492298a4e15b1a8517033a68d803adfc167b513805dbfe

Download Submit
C:\ProgramData\ Compass Browser\Resources\errorurl.bin
Filesize
383B

MD5
34a886a7288b1916344fca6dde3f019c

SHA1
63e2891b45e8ee2e9e7217eaf120bf579ba5f9e1

SHA256
2f98505f53a882c8d7b4324debbfe0597eee94afa79aaf15ff3c458c8151048e

SHA512
ffefeab59d8f06667ecd59235c42f6e9538799db097fbb553141effc08c86a6d87a0346ce1438778c9a04433165a391e5853e7c554c8a373859c9a5e1d3820bf

Download Submit
C:\ProgramData\ Compass Browser\Resources\institut.bin
Filesize
32B

MD5
d681d757df8042f8188ea56a31f091d6

SHA1
bcbc78b01ee26635195834c2dcf31e660fce85e3

SHA256
7088eba5a674be8608ee1a8d62e3013e3106d0feeee0dc455911e93191993297

SHA512
2d73db0f4b7e42dc5294b726ddbbe48a41e82ff8fdd2eb4918d828b85a7e82817a8c1f24ae892c4e949f39cba248b3cd97546a6a09e5a96ed1966e0dd2ee5fe1

Download Submit
C:\ProgramData\ Compass Browser\Resources\language.bin
Filesize
17B

MD5
03e6444501034e1a652e222bce6b3939

SHA1
b21dc05110c1c8bc879729ebe803027f016f3791

SHA256
84a6eb41a55e4b1245ed340a009b7c2f6566e6422f4cab6d24cfe43613dfa833

SHA512
3db5372e44cfdfde2c29fc3bd18507e2950298e81d015513d1712ead7ea3a7385807d6dc8f02ad76faff9f2a9c45bb91afbbb0ff99a30a97fa1c8f307d70a3bd

Download Submit
C:\ProgramData\ Compass Browser\Resources\program.bin
Filesize
32B

MD5
467c827a11a242ff2af4cfa02434c5bb

SHA1
efbae6079b6845f54f0e54bfde4f0bfe300c92e4

SHA256
faf18ac4a4f95cecd98b62056fcc120aa544466343f48ae5f8fe16c9df80cd76

SHA512
ebdb62dd1cf91c99b05e9cd7e4d3aa2a932986ddc078db1d156460b04716e26c092b03fca69a88f3d960e454b377bd380f7b7e94ebc2e4f41de51bbde6f1743e

Download Submit
C:\ProgramData\ Compass Browser\VCRUNTIME140.dll
Filesize
93KB

MD5
7e926644cb293ab4553cdab0714fb5fc

SHA1
6842cba2990df9e6d370a0d1bd70bdf43f16f6b2

SHA256
4faea548b593cd06640c8999eec46af5e9d9c9506f27089fe5e109ba6282f688

SHA512
4f42bbe40ed9a9845ef0ce3b43a0842db233f8e8fbbba454c853bfc5a3de7571b4760b57e0e02d4bac1f188796eb8210e0cd089d82b0995f41f6e2741783528d

Download Submit
C:\ProgramData\ Compass Browser\WebView2Loader.dll
Filesize
107KB

MD5
48f540c05200c510303475e4cf95b557

SHA1
c814cef05c39abcbc398f4e83bc120ff012dc803

SHA256
1cae7b9ad51235ca43e86f561f4d4968ee81541aee9f759e24359ebd69ea6ec9

SHA512
3c05bc448430b17acac02f89ca8a8619e220c53640e7d9b9a10cffdcbce0ca9558acbbda4db1e6ad946a3891fff49c3eba9cf2d619255d8c6d11d4feff1a2e9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
Filesize
2KB

MD5
5ef67adddaae537d784eb27cf6b8a175

SHA1
7200a1ca01cfa4304c1c907dd3eaf96c8be446ac

SHA256
3e2dbf18863eece00175297c75d769c1ae1e134bc7140458a3cb1f55c49a11fc

SHA512
78862cc40aa5c8b94226f9eed1628c77141cf267505ed9e99be1b0040ad958e87d64acc1d7d6d8b27b106abfe2844c17c94257044ec0b0a886b0ca3a78a83140

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
Filesize
1KB

MD5
d8e0e108bd3225ee4823e2501a9c59b8

SHA1
90ee76ccb7a8c1cee70959c25f1cfffcb399aaeb

SHA256
482fed17ea597c86abe64224786bd51836c64071c1047ca970c09ae96185c1cf

SHA512
d7bd3501cf8a9a5d1f8cc34c5bd88af6228f40c97bb48f58cdfdded4775769d215c8029fb9fad8cfb27628e2550092c1bd82574f1218540c4288da141d581d48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ED30CBAEDFE4E4801CAE79815B01B295
Filesize
472B

MD5
45eb0b3d0fc06bace7560a4e67372ac3

SHA1
2f9908af43dcb01219cca7bf9d5dc49426a8db36

SHA256
75e04a66bd7b5636d52dfd821dd70631f6ab7e4b7737ce3c03f93f819b34738d

SHA512
5d32c4bffea7c217b9dc37d47acdbb061c08ae00e7d13943e7d20ef41b6577e25c9b70a5755e33edf171d980ec8714307bb24ed3dc26a1f481df5d3903d98b32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
Filesize
488B

MD5
322b15cef74e3ec4babe9b2baa8f5c6d

SHA1
a17d6cef478f557dcbd2ba33928a2fc998157ace

SHA256
54320a88032821ff7896c8f843cb41537b218f0822c28a8f4a4278ed2259f04b

SHA512
edc1a124cffd4d71e414f5b30831c6e46d2b8ad0f0c42e4f94a21b6de617aba2d31bc292ead98b8b63d83db4bca5ff98d8a02e3979797b6c4bb0322317fb72e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
af7dc4eac3515093f991f86260e070c4

SHA1
61ba838a6eda974f1e21d83d813ba7d2be0cc049

SHA256
4d50c65422612ea9315608265435b871744ff5a7a6b7caa8285870a88829006c

SHA512
434a31315ac14c7d8243a3fb139152f3a38ef3d2e0bfabf4317eb9397a974d8ccb2c78d180ccf5d9c6cf7984df8078a0fb9e4974c30b5e6f541b6f9157e07edb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
Filesize
482B

MD5
ffd5ee3d537ab791a74f3ef73a1feac2

SHA1
ddff9d18a6393057f6ba79afc675a3e4c65935b1

SHA256
bf88fc943fe084212316386036aa5dee8feaed2abd2c40a1d541b6f1f1a01243

SHA512
d6dbccb79059b42f4fc690fba074434c1e440eaa74b261d040f4e63f90d2f915293b1afb91b8855275fc7d2b4606bf815ebbd1465ed9b5785b81bca5eedfd7fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ED30CBAEDFE4E4801CAE79815B01B295
Filesize
476B

MD5
fe2c7152670aa78302638f9c3f15669f

SHA1
69537a4bf55be7bf70f52fb182aad8d56a780ae7

SHA256
c8fb2c8cdaaa853b4b6db52ecfd6b6e01337dfe5bba9a0b8447465089b0ad15b

SHA512
fdd2197d95c721ed4d8973fa7e882169512c53cc335ae9bd347bd8459f31d69e6256635f9c9516aad6436cbfa7d08c6cdbbdbee27cdfb37a5e02d8a1bf929e29

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1EBE.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
\ProgramData\ Compass Browser\Audio.dll
Filesize
23KB

MD5
050c464f20efb167008332c8a33dc7ae

SHA1
bbaac1b98ade511c72bcf5239b98b7abb1143b81

SHA256
a971e9c9a5b97c91971a6d1b1656e0d4490a22b4eab759c2a6b8620e4f3e9a84

SHA512
bdbf50bb02e10e58afe0ff7dacb1bfa062c0cc105f216374a4d76f013c2b3c3f349bf2a43d53303543bf50928cb25e87ac88f0fc4d1d29c3d92627a27f7a49cd

Download Submit
\ProgramData\ Compass Browser\ITS SB App Switch.exe
Filesize
81KB

MD5
2e5d80446c6cf4d07a507365d69a322e

SHA1
17ed92506a81d342672688984a77d1d76443d2b7

SHA256
c2559b21ee927e39bebd6f90b1fa0cadb0c3c47e88a033afa3a928b362b506c3

SHA512
ce83a6c9a12d6a4c8f21be75ff7668dc9bfe79e94ec97b946d7561840ce77f6baa25fa13502f0c0d5d69673ff860af83cf556ff523b651780f98fd5c92790c76

Download Submit
\ProgramData\ Compass Browser\TestSecurity.11.1.2.3.dll
Filesize
1.2MB

MD5
a70ab57c58aaa787b6642c231e5e2419

SHA1
70a039357798127fb7bc622184208ea1daa1863e

SHA256
aef6226b17ffc8bdc41b7acc7d75030128681da1ad8a348522b3b2fd68c23a55

SHA512
97c5b2b0e3b68050bd8f7bf2eb22c7b634c38a82b5d652ce8386f15ed418951b4719821126c8b7b53749b66f79477476e7f0fe07eb1b3534097f0e87cee5e333

Download Submit
\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ Compass Browser.exe
Filesize
3.5MB

MD5
b8d0dbf56095d3d8e1b2b61816bbc714

SHA1
6594d08981104d2d583bccea360e1fcbd5b52796

SHA256
a38a80c359f08dd5d9aae4f9924e2383609a026dc6d2e08b729602fbb6d019ae

SHA512
8da9b13886e6c1397666552a82e8737a6d3d0ed14ee1ba5d506a13961f828dc816dc9dd4da4e8a61dac662ce5226afed129bf540322ec04e0aa1dfc0bada02f5

Download Submit
\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ITS SB App Switch.exe
Filesize
87KB

MD5
368332fca74f48697d842c5f4698ae1d

SHA1
0275153a1e62bd0eca0b02168895517ed66aac56

SHA256
3a4a5b128c3a042010824fd33b719466b0d9320aa051ca3d5f1690124766ad59

SHA512
fd9f1d1a4337e00fef5e9ea10a7fdf553e98df2cf2fdf818b68689a89de3c1d324de389e0c9ef863fef08a3dff8150db173b2203e9e92efaea67865e8d2805b5

Download Submit
memory/2512-75-0x00000000011E0000-0x00000000011F7000-memory.dmp

Filesize
92KB

Download