498ccb5e245b4a20f8a4aa7bd236fae1e017809b399bb810bc803fd6cb59ff1e

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 01:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe
Size

495KB
MD5

385d407abb78767b5d6f67b5a3492742
SHA1

c1b8e1cca335ff6beab36ca1994e42a69506c85a
SHA256

498ccb5e245b4a20f8a4aa7bd236fae1e017809b399bb810bc803fd6cb59ff1e
SHA512

19abac3c6931e1d0176cf06d93e5c6e6d5e580fb3aa6ac41e9bbd45ec2b9bafd51e48a111035d67e28cbb113d09d4f0852b4161d13f4f8b62a3d74cc83229a7d
SSDEEP

6144:g7WQ0j4ltziolIGlnE2deWdrlBu0R+J5JlLgPYfq8ZF02IlLZD30nXes2H:Ii4lZiopdfu0R+J5JlLgPbD30nF2H

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

Compass Browser.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA Compass Browser.exe
Downloads MZ/PE file

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Compass Browser.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe Compass Browser.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	Compass Browser.exe

Deletes itself 1 IoCs

Processes:

Compass Browser.exe

pid process

3964 Compass Browser.exe

Executes dropped EXE 6 IoCs

Processes:

ITS SB App Switch.exeITS SB App Switch.exe Compass Browser.exeITS SB App Switch.exeITS SB App Switch.exe Compass Browser.exe

pid	process
4680	ITS SB App Switch.exe
3056	ITS SB App Switch.exe
3964	Compass Browser.exe
3356	ITS SB App Switch.exe
4252	ITS SB App Switch.exe
1036	Compass Browser.exe

Loads dropped DLL 6 IoCs

Processes:

Compass Browser.exe Compass Browser.exe

pid	process
3964	Compass Browser.exe
3964	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedgewebview2.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

msedgewebview2.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133609023728773336"	msedgewebview2.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe Compass Browser.exe Compass Browser.exe

pid	process
376	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe
376	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe
376	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe
376	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe
3964	Compass Browser.exe
3964	Compass Browser.exe
3964	Compass Browser.exe
3964	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

msedgewebview2.exe

pid process

3040 msedgewebview2.exe
3040 msedgewebview2.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

Compass Browser.exe

pid process

1036 Compass Browser.exe

pid	process
3040	msedgewebview2.exe
3040	msedgewebview2.exe

pid	process
1036	Compass Browser.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

Compass Browser.exe Compass Browser.exe

pid	process
3964	Compass Browser.exe
3964	Compass Browser.exe
3964	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe
1036	Compass Browser.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe Compass Browser.exe Compass Browser.exemsedgewebview2.exe

description	pid	process	target process
PID 376 wrote to memory of 4680	376	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe	ITS SB App Switch.exe
PID 376 wrote to memory of 4680	376	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe	ITS SB App Switch.exe
PID 376 wrote to memory of 4680	376	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe	ITS SB App Switch.exe
PID 376 wrote to memory of 3056	376	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe	ITS SB App Switch.exe
PID 376 wrote to memory of 3056	376	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe	ITS SB App Switch.exe
PID 376 wrote to memory of 3056	376	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe	ITS SB App Switch.exe
PID 376 wrote to memory of 3964	376	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe	Compass Browser.exe
PID 376 wrote to memory of 3964	376	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe	Compass Browser.exe
PID 376 wrote to memory of 3964	376	2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe	Compass Browser.exe
PID 3964 wrote to memory of 3356	3964	Compass Browser.exe	ITS SB App Switch.exe
PID 3964 wrote to memory of 3356	3964	Compass Browser.exe	ITS SB App Switch.exe
PID 3964 wrote to memory of 3356	3964	Compass Browser.exe	ITS SB App Switch.exe
PID 3964 wrote to memory of 4252	3964	Compass Browser.exe	ITS SB App Switch.exe
PID 3964 wrote to memory of 4252	3964	Compass Browser.exe	ITS SB App Switch.exe
PID 3964 wrote to memory of 4252	3964	Compass Browser.exe	ITS SB App Switch.exe
PID 3964 wrote to memory of 1036	3964	Compass Browser.exe	Compass Browser.exe
PID 3964 wrote to memory of 1036	3964	Compass Browser.exe	Compass Browser.exe
PID 3964 wrote to memory of 1036	3964	Compass Browser.exe	Compass Browser.exe
PID 1036 wrote to memory of 1972	1036	Compass Browser.exe	cmd.exe
PID 1036 wrote to memory of 1972	1036	Compass Browser.exe	cmd.exe
PID 1036 wrote to memory of 1972	1036	Compass Browser.exe	cmd.exe
PID 1036 wrote to memory of 3040	1036	Compass Browser.exe	msedgewebview2.exe
PID 1036 wrote to memory of 3040	1036	Compass Browser.exe	msedgewebview2.exe
PID 3040 wrote to memory of 1392	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 1392	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe
PID 3040 wrote to memory of 3712	3040	msedgewebview2.exe	msedgewebview2.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:376

C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ITS SB App Switch.exe
"C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ITS SB App Switch.exe"
2⤵
- Executes dropped EXE
PID:4680

C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ITS SB App Switch.exe
"C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ITS SB App Switch.exe"
2⤵
- Executes dropped EXE
PID:3056

C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ Compass Browser.exe
"C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ Compass Browser.exe" /url"https://ondemand-candidate.certiport.com:443/?accesscode=B08-1F-035" /LauncherDelete"C:\Users\Admin\AppData\Local\Temp\2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe" /Institutioncode"0"
2⤵
- Checks computer location settings
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3964

C:\ProgramData\ Compass Browser\ITS SB App Switch.exe
"C:\ProgramData\ Compass Browser\ITS SB App Switch.exe"
3⤵
- Executes dropped EXE
PID:3356

C:\ProgramData\ Compass Browser\ITS SB App Switch.exe
"C:\ProgramData\ Compass Browser\ITS SB App Switch.exe"
3⤵
- Executes dropped EXE
PID:4252

C:\ProgramData\ Compass Browser\ Compass Browser.exe
"C:\ProgramData\ Compass Browser\ Compass Browser.exe" /urlhttps://ondemand-candidate.certiport.com:443/?accesscode=B08-1F-035 /LauncherDeleteC:\Users\Admin\AppData\Local\Temp\2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe /Institutioncode0 /updateUrl"https://www.starttest.com/sbrowser/ws/getconfiguration.aspx?AgentIdentifier=WINCSECB&ProgramID=293&Environment=PRODUCTION&InstitutionID=0&CandidateID=0&Language=ENU&institutioncode=0&enc=1&cmd=xml&sc=10e550c04aee20f276140532a7fe92d11a6f20c0" /filePath"C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ Compass Browser.exe"
3⤵
- Checks whether UAC is enabled
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1036

C:\Windows\SysWOW64\cmd.exe
cmd /c mklink /J "C:\Users\Admin\AppData\Local\Temp\.WebView2\EdgeStable" "C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80"
4⤵
PID:1972

C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=" Compass Browser.exe" --webview-exe-version=11.1.2.3 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=1036.3092.10068139282781313656
4⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of WriteProcessMemory
PID:3040

C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.118 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=124.0.2478.80 --initial-client-data=0x160,0x164,0x168,0x13c,0x170,0x7fffa353ceb8,0x7fffa353cec4,0x7fffa353ced0
5⤵
PID:1392

C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView" --webview-exe-name=" Compass Browser.exe" --webview-exe-version=11.1.2.3 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,3538462412878052168,17590126508023805176,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1816 /prefetch:2
5⤵
PID:3712

C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView" --webview-exe-name=" Compass Browser.exe" --webview-exe-version=11.1.2.3 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --no-appcompat-clear --field-trial-handle=1888,i,3538462412878052168,17590126508023805176,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2032 /prefetch:3
5⤵
PID:4240

C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView" --webview-exe-name=" Compass Browser.exe" --webview-exe-version=11.1.2.3 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --no-appcompat-clear --field-trial-handle=2084,i,3538462412878052168,17590126508023805176,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2260 /prefetch:8
5⤵
PID:1436

C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView" --webview-exe-name=" Compass Browser.exe" --webview-exe-version=11.1.2.3 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3548,i,3538462412878052168,17590126508023805176,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:1
5⤵
PID:5256

C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView" --webview-exe-name=" Compass Browser.exe" --webview-exe-version=11.1.2.3 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=2668,i,3538462412878052168,17590126508023805176,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2840 /prefetch:1
5⤵
PID:5828

C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView" --webview-exe-name=" Compass Browser.exe" --webview-exe-version=11.1.2.3 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=756,i,3538462412878052168,17590126508023805176,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4696 /prefetch:8
5⤵
PID:5012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1496,i,13544508926340531097,6671217806016090640,262144 --variations-seed-version --mojo-platform-channel-handle=3708 /prefetch:8
1⤵
PID:4292

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x490 0x338
1⤵
PID:5136

C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\elevation_service.exe"
1⤵
PID:5476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\ Compass Browser\ Compass Browser.exe

Filesize
1.0MB

MD5
d03d3f7a7eea464bc2804a4604775ef3

SHA1
db463326f905cd0dfe5d18b985cfc24b58e76459

SHA256
07aebbde5087c10f456fe157e87c1460dba294e5ba9b2c30ea6f49487e8a3bf8

SHA512
9ee754485594f4a629cc47e8965a5d4e234c601d0282aba9511c6bcb43801337f4ebdb36f7ceff43e79126076721b979d087fc8d1aaa834e6bca3c4aaa7f988d

Download Submit
C:\ProgramData\ Compass Browser\Audio.dll

Filesize
23KB

MD5
050c464f20efb167008332c8a33dc7ae

SHA1
bbaac1b98ade511c72bcf5239b98b7abb1143b81

SHA256
a971e9c9a5b97c91971a6d1b1656e0d4490a22b4eab759c2a6b8620e4f3e9a84

SHA512
bdbf50bb02e10e58afe0ff7dacb1bfa062c0cc105f216374a4d76f013c2b3c3f349bf2a43d53303543bf50928cb25e87ac88f0fc4d1d29c3d92627a27f7a49cd

Download Submit
C:\ProgramData\ Compass Browser\BlankPage.html

Filesize
170B

MD5
6bad41b157044645e274b7ba2fabb008

SHA1
dcd8f8ff69fbdfa5bcad0baba0e27e74d06fee1b

SHA256
18c93166602db6e1dfaf55d66c7011d4fb6172740882d20be99042928903d64a

SHA512
f32d6cbb2b35a22f490346ecf17cb6c544468c92889c9e95b7e3072eb07bdc89f84e1d2acc3fe297d25a5fe7f96cec64cb28ec1d13f4b4b948012629f08e1c7f

Download Submit
C:\ProgramData\ Compass Browser\ITS SB App Switch.exe

Filesize
81KB

MD5
2e5d80446c6cf4d07a507365d69a322e

SHA1
17ed92506a81d342672688984a77d1d76443d2b7

SHA256
c2559b21ee927e39bebd6f90b1fa0cadb0c3c47e88a033afa3a928b362b506c3

SHA512
ce83a6c9a12d6a4c8f21be75ff7668dc9bfe79e94ec97b946d7561840ce77f6baa25fa13502f0c0d5d69673ff860af83cf556ff523b651780f98fd5c92790c76

Download Submit
C:\ProgramData\ Compass Browser\Resources\candidat.bin

Filesize
32B

MD5
78e1d406caf8dfa31e61c3f92ddf9903

SHA1
3a6cb72e0cdac52ca9b0815ae95e1370706c2dcd

SHA256
013d1b45db00fdfd47fa8ce3d551b521be79cd7e097a49c0eb3a375c8dbe7e71

SHA512
6a1b0291525f9c01483091ae77862ec1f5b8e752047d144b47a6656c2f3c0e25d7b5abf70f206fdc70bad9835e60fef04651b4eb21f948a6de08950f7b3756d5

Download Submit
C:\ProgramData\ Compass Browser\Resources\environ.bin

Filesize
32B

MD5
2607234695b8a62fc2f6b4888d9dedbe

SHA1
8323092ee28567078ac77b035b0c9d75b82576a8

SHA256
165ea9b117a59cf3df296305a0e28d6c42a0b4a7018234591314e1fe49d739a5

SHA512
3de7929651ab4c367de2ec81f6b131912500a7d7920ed186bf59ad9fd9dacc404bb71275c6f3f29733492298a4e15b1a8517033a68d803adfc167b513805dbfe

Download Submit
C:\ProgramData\ Compass Browser\Resources\errorurl.bin

Filesize
383B

MD5
34a886a7288b1916344fca6dde3f019c

SHA1
63e2891b45e8ee2e9e7217eaf120bf579ba5f9e1

SHA256
2f98505f53a882c8d7b4324debbfe0597eee94afa79aaf15ff3c458c8151048e

SHA512
ffefeab59d8f06667ecd59235c42f6e9538799db097fbb553141effc08c86a6d87a0346ce1438778c9a04433165a391e5853e7c554c8a373859c9a5e1d3820bf

Download Submit
C:\ProgramData\ Compass Browser\Resources\institut.bin

Filesize
32B

MD5
d681d757df8042f8188ea56a31f091d6

SHA1
bcbc78b01ee26635195834c2dcf31e660fce85e3

SHA256
7088eba5a674be8608ee1a8d62e3013e3106d0feeee0dc455911e93191993297

SHA512
2d73db0f4b7e42dc5294b726ddbbe48a41e82ff8fdd2eb4918d828b85a7e82817a8c1f24ae892c4e949f39cba248b3cd97546a6a09e5a96ed1966e0dd2ee5fe1

Download Submit
C:\ProgramData\ Compass Browser\Resources\language.bin

Filesize
17B

MD5
03e6444501034e1a652e222bce6b3939

SHA1
b21dc05110c1c8bc879729ebe803027f016f3791

SHA256
84a6eb41a55e4b1245ed340a009b7c2f6566e6422f4cab6d24cfe43613dfa833

SHA512
3db5372e44cfdfde2c29fc3bd18507e2950298e81d015513d1712ead7ea3a7385807d6dc8f02ad76faff9f2a9c45bb91afbbb0ff99a30a97fa1c8f307d70a3bd

Download Submit
C:\ProgramData\ Compass Browser\Resources\program.bin

Filesize
32B

MD5
467c827a11a242ff2af4cfa02434c5bb

SHA1
efbae6079b6845f54f0e54bfde4f0bfe300c92e4

SHA256
faf18ac4a4f95cecd98b62056fcc120aa544466343f48ae5f8fe16c9df80cd76

SHA512
ebdb62dd1cf91c99b05e9cd7e4d3aa2a932986ddc078db1d156460b04716e26c092b03fca69a88f3d960e454b377bd380f7b7e94ebc2e4f41de51bbde6f1743e

Download Submit
C:\ProgramData\ Compass Browser\TestSecurity.11.1.2.3.dll

Filesize
1.2MB

MD5
a70ab57c58aaa787b6642c231e5e2419

SHA1
70a039357798127fb7bc622184208ea1daa1863e

SHA256
aef6226b17ffc8bdc41b7acc7d75030128681da1ad8a348522b3b2fd68c23a55

SHA512
97c5b2b0e3b68050bd8f7bf2eb22c7b634c38a82b5d652ce8386f15ed418951b4719821126c8b7b53749b66f79477476e7f0fe07eb1b3534097f0e87cee5e333

Download Submit
C:\ProgramData\ Compass Browser\VCRUNTIME140.dll

Filesize
93KB

MD5
7e926644cb293ab4553cdab0714fb5fc

SHA1
6842cba2990df9e6d370a0d1bd70bdf43f16f6b2

SHA256
4faea548b593cd06640c8999eec46af5e9d9c9506f27089fe5e109ba6282f688

SHA512
4f42bbe40ed9a9845ef0ce3b43a0842db233f8e8fbbba454c853bfc5a3de7571b4760b57e0e02d4bac1f188796eb8210e0cd089d82b0995f41f6e2741783528d

Download Submit
C:\ProgramData\ Compass Browser\WebView2Loader.dll

Filesize
107KB

MD5
48f540c05200c510303475e4cf95b557

SHA1
c814cef05c39abcbc398f4e83bc120ff012dc803

SHA256
1cae7b9ad51235ca43e86f561f4d4968ee81541aee9f759e24359ebd69ea6ec9

SHA512
3c05bc448430b17acac02f89ca8a8619e220c53640e7d9b9a10cffdcbce0ca9558acbbda4db1e6ad946a3891fff49c3eba9cf2d619255d8c6d11d4feff1a2e9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

Filesize
2KB

MD5
5ef67adddaae537d784eb27cf6b8a175

SHA1
7200a1ca01cfa4304c1c907dd3eaf96c8be446ac

SHA256
3e2dbf18863eece00175297c75d769c1ae1e134bc7140458a3cb1f55c49a11fc

SHA512
78862cc40aa5c8b94226f9eed1628c77141cf267505ed9e99be1b0040ad958e87d64acc1d7d6d8b27b106abfe2844c17c94257044ec0b0a886b0ca3a78a83140

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
1KB

MD5
d8e0e108bd3225ee4823e2501a9c59b8

SHA1
90ee76ccb7a8c1cee70959c25f1cfffcb399aaeb

SHA256
482fed17ea597c86abe64224786bd51836c64071c1047ca970c09ae96185c1cf

SHA512
d7bd3501cf8a9a5d1f8cc34c5bd88af6228f40c97bb48f58cdfdded4775769d215c8029fb9fad8cfb27628e2550092c1bd82574f1218540c4288da141d581d48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ED30CBAEDFE4E4801CAE79815B01B295

Filesize
472B

MD5
45eb0b3d0fc06bace7560a4e67372ac3

SHA1
2f9908af43dcb01219cca7bf9d5dc49426a8db36

SHA256
75e04a66bd7b5636d52dfd821dd70631f6ab7e4b7737ce3c03f93f819b34738d

SHA512
5d32c4bffea7c217b9dc37d47acdbb061c08ae00e7d13943e7d20ef41b6577e25c9b70a5755e33edf171d980ec8714307bb24ed3dc26a1f481df5d3903d98b32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

Filesize
488B

MD5
826c39c1dd4d857ebd16d2ed26fbf56e

SHA1
0fedc36abda6f479c21fb1998285b08dd2256af6

SHA256
04d673d44bc52edf812d99379bab0a0e43dd852ffe7b9004069a3463543eb85a

SHA512
63de187aed97f8ea18c196289aef6931212c261f9700e5fc782090452bf6e1fc3011ed7274789789c953ba3e89a3b5cbe696e6c1639ff0c862b9d5634d2ff80a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
482B

MD5
18668a4ad6280604d7eac9329a2ee5fd

SHA1
b2d73e6ef957ab6cdf8ecdda9544877fb1915b25

SHA256
d0b45f5f86477eaa26b316dcb61814189d2824aedce2916c25f2988f0f99310c

SHA512
f82926188db089c893d5cb1d8f8f72c43a1c0deeb5d11b6f92e8484170991eac74e7e79e38cbbfd011acd2475bde0b927ca0db41ff42b2f171aaf3bd6ac486ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ED30CBAEDFE4E4801CAE79815B01B295

Filesize
476B

MD5
2da8ad33f551fcdbea089d3ac08f9fc3

SHA1
45e6ec379823758efa0a6ddc6b60b581b271c953

SHA256
53ce0975499286ec26e14a0e023519a545a8f9d40f0b7ad758ec16bf7004ae9d

SHA512
3fca161cf9726de408432cd57fcf5c4fa64f917a85556b7a607bfa89df73810e4e1911e763ce1a905aa86e5199022285fdd90b6b5672989bf38d6567f626df19

Download Submit
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
873416643f7b4e353cd78439e77c3cce

SHA1
b04ac43f4d7b858afe2dd126f16705057a3f1271

SHA256
26a74e8a2a06af0cb3c5de9cf0e0c93dd71d7ebb311a3bba6b56705f86e1cd86

SHA512
186e759ae509dec7e0e45688162ae1ef54398c08a22e745cd17d80680b184a6e45fce44b5c86ca043bfffa9d902bed671b4931fe3a9931e3647294c5dcb7e7de

Download Submit
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
2eede3fbc2df1e498d6f7082c93da966

SHA1
0f36c64446f9fedcf3918c38074c1d4bc134b776

SHA256
ea564e3be6d8e3751cd50529ff10db61cddb99370b9f6d53ae144f8cb1b898c2

SHA512
82e54dc003e5f7dd399583fe61066ac08647cbbf8e0be46ae15666a3995d4a1aab4a160354a773a81532aa542bc0696cf8d6566a975c1a582e972e019cfc9dbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Default\17db05d3-7c1c-4a53-b74d-43a7723a950a.tmp

Filesize
6KB

MD5
57405ace9d1b6363fea2e26446991ef5

SHA1
9bd4f66d67f0ef4396de81e5796ebc1b37f46396

SHA256
35b5dd29410b9975b555c7602c635fa55cd9fb92a1e89f84ecfe4e8bcd796e9c

SHA512
9c9b47ca0ab0afb27267a9c9a0fb0304f413f4585bc9526314d0f937b25b469747c50c0d21d1bc9553edf3f0b99cb7dec83128c63b207118911258c13f406510

Download Submit
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
551d84cdfb44cf9e6601211776d84935

SHA1
8a6529e381e8fc8f4e2841bc8eab75cbcdc66e67

SHA256
7da7d33576f61b05d5d749ae3ba7e48e425ba1bd4a953635ce1fb75b22de7801

SHA512
871c4e27c81b771009614dd4ef233ab828928ef660824b810752749058642a0a15dcadaf3cec857a53c20878b3c54cf943432c1cae11e6015657d723e73a2bd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe5882f6.TMP

Filesize
48B

MD5
61c49152b03df6a2d05919234e3ee416

SHA1
2a4f53bdda7daa1cf677aea8d63636147f692d3e

SHA256
5bab41311746f12aa8a15c424117f297dfa5981beed832a1368984ea24312f44

SHA512
ab12117b8198143e220f5f01c34ba77f436c8b06f9e6cd1d6db47f9ba4db031d8659dbcc3ea31ddc9acf5bd5ab16c11e0c15f5f520d541ab21a928f7f3b9308d

Download Submit
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Default\Extension Rules\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Default\Extension Scripts\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Default\Network\Network Persistent State

Filesize
704B

MD5
f2d25c46c52f4bf6f3b2294182522ea6

SHA1
ea17ed7ff36e3ad16cfc06f3bce978e38a761654

SHA256
6e4a47479fd231b8fcd635b4eea67131a8c0c89a61b8db7b555f22b083441a7c

SHA512
db22d8b13ce8c13612d502e2c41da857b7739705e8d797b5e57cfd3ff97c7fe81bb6fa600b2e031fe077a3e44e99b73f19665d656b2249479ba52ee813bac200

Download Submit
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Default\Network\Network Persistent State~RFe5931c4.TMP

Filesize
59B

MD5
78bfcecb05ed1904edce3b60cb5c7e62

SHA1
bf77a7461de9d41d12aa88fba056ba758793d9ce

SHA256
c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572

SHA512
2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73

Download Submit
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Default\Preferences

Filesize
6KB

MD5
d0dea012d0819fb6e1d5bbfe870b0fbf

SHA1
e9c7866fe33dc9f27f5215c840246cc334895d0e

SHA256
0df1a5866c0d79607d151368e3fd4cbbe10b9581797b01686622cf660fb54f72

SHA512
074177fbb527b6e393aa8a6d29b9c59e3d5e8047d43e41ab0df23ef886806b1afe63459982bed66f64b76e5b44f1f903dbd5c4b72bc1c9a81057c1ba3a645f25

Download Submit
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\GrShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\GrShaderCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\GrShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\GrShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Local State

Filesize
2KB

MD5
ad8c12d454090a59f7f11d17c2034946

SHA1
46b1f3df3ee623f244d051e6e7da6aa02896807d

SHA256
4a8ab4239967e3da27b99272740917e98bb38d989972340a1f1f2c8c5ec1d20e

SHA512
f09a26977d11b4462851081f402dba46360e0ec342af49af3fe1d28a37020401a758ebee2c6a8f19fc4da7db9b25fb3a6bd6ba1e04266b10c89e320c30200a94

Download Submit
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Local State

Filesize
3KB

MD5
dc9b1e0775fe7faddb56eacc9f523401

SHA1
fc31d9558bed1c5f7382dbeeb62d4dc0aaecc6b9

SHA256
24b64b832ac3b59ea4d3db50e0d52629d7d99f3b1e75ffed596674d72d4a796e

SHA512
92281bf23fbd6bb144df8d8622f94ff1530a14b96a2bb874d72177b85c68709cb038d980e033b0f15f34c7b5d6e1e4ec7ab21935a893e4260ae610543710cfa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Local State

Filesize
17KB

MD5
74944951601498fa26ffe8725f857773

SHA1
7b699d026b0a5bb3cacce2829fd16cc94450bdb1

SHA256
0088a558b0dbc0f5f4aee34709ddca752b4e6149bbe6211d6cb8f4b2436b7653

SHA512
198d605b8ee37c282bb7518e5727c8e654b2d41441a110e07721872ec8c01752ad7bd91b280486264a9e6288bb75ce7c7d6b8990699ea8e7fcd6e4cb0b5a06ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Local State~RFe581a3a.TMP

Filesize
1KB

MD5
d0e2ac636436fe12986cc6faec90034c

SHA1
49b19d367b353361f54163da7aef61d6f63a9167

SHA256
df94c09e33731b7426b49c39e3d825ae8677a2616165433b8a914164a0fa069f

SHA512
6096a9cdf41bc7f03cf502f2bf62e356eb5e69430617079d559ac3f2e051f71c90bd2803fc1ea3f0afa011ac40e86648146c3d5028feffe9645420fc6c871ae9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ Compass Browser.exe

Filesize
3.5MB

MD5
b8d0dbf56095d3d8e1b2b61816bbc714

SHA1
6594d08981104d2d583bccea360e1fcbd5b52796

SHA256
a38a80c359f08dd5d9aae4f9924e2383609a026dc6d2e08b729602fbb6d019ae

SHA512
8da9b13886e6c1397666552a82e8737a6d3d0ed14ee1ba5d506a13961f828dc816dc9dd4da4e8a61dac662ce5226afed129bf540322ec04e0aa1dfc0bada02f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ITS SB App Switch.exe

Filesize
87KB

MD5
368332fca74f48697d842c5f4698ae1d

SHA1
0275153a1e62bd0eca0b02168895517ed66aac56

SHA256
3a4a5b128c3a042010824fd33b719466b0d9320aa051ca3d5f1690124766ad59

SHA512
fd9f1d1a4337e00fef5e9ea10a7fdf553e98df2cf2fdf818b68689a89de3c1d324de389e0c9ef863fef08a3dff8150db173b2203e9e92efaea67865e8d2805b5

Download Submit
\??\pipe\crashpad_3040_GXQNJQKALWODGLLY

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1436-209-0x00007FFFC92C0000-0x00007FFFC92C1000-memory.dmp

Filesize
4KB

Download
memory/1436-210-0x00007FFFCA200000-0x00007FFFCA201000-memory.dmp

Filesize
4KB

Download
memory/3712-367-0x00000231983D0000-0x0000023198571000-memory.dmp

Filesize
1.6MB

Download
memory/3712-148-0x00007FFFC9110000-0x00007FFFC9111000-memory.dmp

Filesize
4KB

Download
memory/5012-454-0x000001C88DA60000-0x000001C88DA61000-memory.dmp

Filesize
4KB

Download
memory/5012-453-0x000001C88DA60000-0x000001C88DA61000-memory.dmp

Filesize
4KB

Download
memory/5012-452-0x000001C88DA60000-0x000001C88DA61000-memory.dmp

Filesize
4KB

Download
memory/5012-451-0x000001C88DA60000-0x000001C88DA61000-memory.dmp

Filesize
4KB

Download
memory/5012-450-0x000001C88DA60000-0x000001C88DA61000-memory.dmp

Filesize
4KB

Download
memory/5012-449-0x000001C88DA60000-0x000001C88DA61000-memory.dmp

Filesize
4KB

Download
memory/5012-448-0x000001C88DA60000-0x000001C88DA61000-memory.dmp

Filesize
4KB

Download
memory/5012-444-0x000001C88DA60000-0x000001C88DA61000-memory.dmp

Filesize
4KB

Download
memory/5012-443-0x000001C88DA60000-0x000001C88DA61000-memory.dmp

Filesize
4KB

Download
memory/5012-442-0x000001C88DA60000-0x000001C88DA61000-memory.dmp

Filesize
4KB

Download
memory/5256-228-0x00007FFFC9110000-0x00007FFFC9111000-memory.dmp

Filesize
4KB

Download