Analysis Overview
SHA256
1f69ad54f28e4f9054e17e4670f244464b013008f71ad3aa145593d1770926ad
Threat Level: Shows suspicious behavior
The file 2024-06-13_1ac4bdff94046f98ab7c17cbb96ea98b_avoslocker_cobalt-strike was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks whether UAC is enabled
Downloads MZ/PE file
Checks computer location settings
Deletes itself
Loads dropped DLL
Drops file in Program Files directory
Executes dropped EXE
Enumerates physical storage devices
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 04:42
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 04:42
Reported
2024-06-13 04:45
Platform
win7-20240508-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ITS SB App Switch.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ITS SB App Switch.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-13_1ac4bdff94046f98ab7c17cbb96ea98b_avoslocker_cobalt-strike.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-13_1ac4bdff94046f98ab7c17cbb96ea98b_avoslocker_cobalt-strike.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-13_1ac4bdff94046f98ab7c17cbb96ea98b_avoslocker_cobalt-strike.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-13_1ac4bdff94046f98ab7c17cbb96ea98b_avoslocker_cobalt-strike.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_1ac4bdff94046f98ab7c17cbb96ea98b_avoslocker_cobalt-strike.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_1ac4bdff94046f98ab7c17cbb96ea98b_avoslocker_cobalt-strike.exe"
C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ITS SB App Switch.exe
"C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ITS SB App Switch.exe"
C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ITS SB App Switch.exe
"C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ITS SB App Switch.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.starttest.com | udp |
Files
\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ITS SB App Switch.exe
| MD5 | 368332fca74f48697d842c5f4698ae1d |
| SHA1 | 0275153a1e62bd0eca0b02168895517ed66aac56 |
| SHA256 | 3a4a5b128c3a042010824fd33b719466b0d9320aa051ca3d5f1690124766ad59 |
| SHA512 | fd9f1d1a4337e00fef5e9ea10a7fdf553e98df2cf2fdf818b68689a89de3c1d324de389e0c9ef863fef08a3dff8150db173b2203e9e92efaea67865e8d2805b5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 04:42
Reported
2024-06-13 04:45
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\ProgramData\ Compass Browser\ Compass Browser.exe | N/A |
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2024-06-13_1ac4bdff94046f98ab7c17cbb96ea98b_avoslocker_cobalt-strike.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ Compass Browser.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ Compass Browser.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_715545521\manifest.json | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-cu.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-cy.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-de-1996.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-es.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-eu.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-hr.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-mr.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-ta.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-te.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\manifest.json | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1611327970\kp_pinslist.pb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-en-us.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-hu.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-hy.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-kn.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-mn-cyrl.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1611327970\ct_config.pb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1611327970\manifest.fingerprint | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_715545521\manifest.fingerprint | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-as.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-de-ch-1901.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-et.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-la.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_715545521\protocols.json | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-bn.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-de-1901.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-en-gb.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-nn.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-pa.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-pt.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\_metadata\verified_contents.json | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\manifest.fingerprint | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-be.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-fr.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-hi.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-ml.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-nb.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-or.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-sl.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1611327970\manifest.json | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-ga.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-und-ethi.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1611327970\crs.pb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-gu.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-tk.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-bg.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-da.hyb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ITS SB App Switch.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ITS SB App Switch.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ Compass Browser.exe | N/A |
| N/A | N/A | C:\ProgramData\ Compass Browser\ITS SB App Switch.exe | N/A |
| N/A | N/A | C:\ProgramData\ Compass Browser\ITS SB App Switch.exe | N/A |
| N/A | N/A | C:\ProgramData\ Compass Browser\ Compass Browser.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ Compass Browser.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ Compass Browser.exe | N/A |
| N/A | N/A | C:\ProgramData\ Compass Browser\ Compass Browser.exe | N/A |
| N/A | N/A | C:\ProgramData\ Compass Browser\ Compass Browser.exe | N/A |
| N/A | N/A | C:\ProgramData\ Compass Browser\ Compass Browser.exe | N/A |
| N/A | N/A | C:\ProgramData\ Compass Browser\ Compass Browser.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627273726732233" | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\ Compass Browser\ Compass Browser.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ Compass Browser.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ Compass Browser.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ Compass Browser.exe | N/A |
| N/A | N/A | C:\ProgramData\ Compass Browser\ Compass Browser.exe | N/A |
| N/A | N/A | C:\ProgramData\ Compass Browser\ Compass Browser.exe | N/A |
| N/A | N/A | C:\ProgramData\ Compass Browser\ Compass Browser.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_1ac4bdff94046f98ab7c17cbb96ea98b_avoslocker_cobalt-strike.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_1ac4bdff94046f98ab7c17cbb96ea98b_avoslocker_cobalt-strike.exe"
C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ITS SB App Switch.exe
"C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ITS SB App Switch.exe"
C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ITS SB App Switch.exe
"C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ITS SB App Switch.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1520,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=1292 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ Compass Browser.exe
"C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ Compass Browser.exe" /url"https://ondemand-candidate.certiport.com:443/?accesscode=B90-F7-B1D" /LauncherDelete"C:\Users\Admin\AppData\Local\Temp\2024-06-13_1ac4bdff94046f98ab7c17cbb96ea98b_avoslocker_cobalt-strike.exe" /Institutioncode"0"
C:\ProgramData\ Compass Browser\ITS SB App Switch.exe
"C:\ProgramData\ Compass Browser\ITS SB App Switch.exe"
C:\ProgramData\ Compass Browser\ITS SB App Switch.exe
"C:\ProgramData\ Compass Browser\ITS SB App Switch.exe"
C:\ProgramData\ Compass Browser\ Compass Browser.exe
"C:\ProgramData\ Compass Browser\ Compass Browser.exe" /urlhttps://ondemand-candidate.certiport.com:443/?accesscode=B90-F7-B1D /LauncherDeleteC:\Users\Admin\AppData\Local\Temp\2024-06-13_1ac4bdff94046f98ab7c17cbb96ea98b_avoslocker_cobalt-strike.exe /Institutioncode0 /updateUrl"https://www.starttest.com/sbrowser/ws/getconfiguration.aspx?AgentIdentifier=WINCSECB&ProgramID=293&Environment=PRODUCTION&InstitutionID=0&CandidateID=0&Language=ENU&institutioncode=0&enc=1&cmd=xml&sc=10e550c04aee20f276140532a7fe92d11a6f20c0" /filePath"C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ Compass Browser.exe"
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=" Compass Browser.exe" --webview-exe-version=11.1.2.3 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=2952.1236.7157914046390683337
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=125.0.2535.92 --initial-client-data=0x160,0x164,0x168,0x13c,0x198,0x7ffca7cc4ef8,0x7ffca7cc4f04,0x7ffca7cc4f10
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x520
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView" --webview-exe-name=" Compass Browser.exe" --webview-exe-version=11.1.2.3 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1744,i,13869612125391513093,14914683492684580082,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1708 /prefetch:2
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView" --webview-exe-name=" Compass Browser.exe" --webview-exe-version=11.1.2.3 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --field-trial-handle=1908,i,13869612125391513093,14914683492684580082,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2032 /prefetch:3
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView" --webview-exe-name=" Compass Browser.exe" --webview-exe-version=11.1.2.3 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --field-trial-handle=1644,i,13869612125391513093,14914683492684580082,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2316 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView" --webview-exe-name=" Compass Browser.exe" --webview-exe-version=11.1.2.3 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3668,i,13869612125391513093,14914683492684580082,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3680 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView" --webview-exe-name=" Compass Browser.exe" --webview-exe-version=11.1.2.3 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3932,i,13869612125391513093,14914683492684580082,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4192 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView" --webview-exe-name=" Compass Browser.exe" --webview-exe-version=11.1.2.3 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --field-trial-handle=4736,i,13869612125391513093,14914683492684580082,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4800 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView" --webview-exe-name=" Compass Browser.exe" --webview-exe-version=11.1.2.3 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4936,i,13869612125391513093,14914683492684580082,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=752 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView" --webview-exe-name=" Compass Browser.exe" --webview-exe-version=11.1.2.3 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --field-trial-handle=4928,i,13869612125391513093,14914683492684580082,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4940 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView" --webview-exe-name=" Compass Browser.exe" --webview-exe-version=11.1.2.3 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --field-trial-handle=5052,i,13869612125391513093,14914683492684580082,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=5044 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.starttest.com | udp |
| US | 161.47.163.213:443 | www.starttest.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.163.47.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 161.47.163.213:443 | www.starttest.com | tcp |
| US | 161.47.163.213:443 | www.starttest.com | tcp |
| US | 8.8.8.8:53 | ondemand-candidate.certiport.com | udp |
| US | 8.8.8.8:53 | ondemand-candidate.certiport.com | udp |
| US | 8.8.8.8:53 | ondemand-candidate.certiport.com | udp |
| US | 13.107.246.64:443 | ondemand-candidate.certiport.com | tcp |
| US | 13.107.246.64:443 | ondemand-candidate.certiport.com | tcp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | pduc-cpod-chat-signalr.service.signalr.net | udp |
| US | 8.8.8.8:53 | pduc-cpod-chat-signalr.service.signalr.net | udp |
| US | 20.40.229.30:443 | pduc-cpod-chat-signalr.service.signalr.net | tcp |
| US | 8.8.8.8:53 | centralus-0.in.applicationinsights.azure.com | udp |
| US | 8.8.8.8:53 | centralus-0.in.applicationinsights.azure.com | udp |
| US | 20.118.198.34:443 | centralus-0.in.applicationinsights.azure.com | tcp |
| US | 20.40.229.30:443 | pduc-cpod-chat-signalr.service.signalr.net | tcp |
| US | 20.40.229.30:443 | pduc-cpod-chat-signalr.service.signalr.net | tcp |
| US | 8.8.8.8:53 | 30.229.40.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.198.118.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | ondemand-candidate.certiport.com | udp |
| US | 8.8.8.8:53 | ondemand-candidate.certiport.com | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 20.40.229.30:443 | pduc-cpod-chat-signalr.service.signalr.net | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 204.79.197.239:443 | tcp | |
| US | 8.8.8.8:53 | 239.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 152.199.19.161:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.4.4:443 | dns.google | udp |
Files
C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ITS SB App Switch.exe
| MD5 | 368332fca74f48697d842c5f4698ae1d |
| SHA1 | 0275153a1e62bd0eca0b02168895517ed66aac56 |
| SHA256 | 3a4a5b128c3a042010824fd33b719466b0d9320aa051ca3d5f1690124766ad59 |
| SHA512 | fd9f1d1a4337e00fef5e9ea10a7fdf553e98df2cf2fdf818b68689a89de3c1d324de389e0c9ef863fef08a3dff8150db173b2203e9e92efaea67865e8d2805b5 |
C:\Users\Admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ Compass Browser.exe
| MD5 | b8d0dbf56095d3d8e1b2b61816bbc714 |
| SHA1 | 6594d08981104d2d583bccea360e1fcbd5b52796 |
| SHA256 | a38a80c359f08dd5d9aae4f9924e2383609a026dc6d2e08b729602fbb6d019ae |
| SHA512 | 8da9b13886e6c1397666552a82e8737a6d3d0ed14ee1ba5d506a13961f828dc816dc9dd4da4e8a61dac662ce5226afed129bf540322ec04e0aa1dfc0bada02f5 |
C:\ProgramData\ Compass Browser\ITS SB App Switch.exe
| MD5 | 2e5d80446c6cf4d07a507365d69a322e |
| SHA1 | 17ed92506a81d342672688984a77d1d76443d2b7 |
| SHA256 | c2559b21ee927e39bebd6f90b1fa0cadb0c3c47e88a033afa3a928b362b506c3 |
| SHA512 | ce83a6c9a12d6a4c8f21be75ff7668dc9bfe79e94ec97b946d7561840ce77f6baa25fa13502f0c0d5d69673ff860af83cf556ff523b651780f98fd5c92790c76 |
C:\ProgramData\ Compass Browser\TestSecurity.11.1.2.3.dll
| MD5 | a70ab57c58aaa787b6642c231e5e2419 |
| SHA1 | 70a039357798127fb7bc622184208ea1daa1863e |
| SHA256 | aef6226b17ffc8bdc41b7acc7d75030128681da1ad8a348522b3b2fd68c23a55 |
| SHA512 | 97c5b2b0e3b68050bd8f7bf2eb22c7b634c38a82b5d652ce8386f15ed418951b4719821126c8b7b53749b66f79477476e7f0fe07eb1b3534097f0e87cee5e333 |
C:\ProgramData\ Compass Browser\Audio.dll
| MD5 | 050c464f20efb167008332c8a33dc7ae |
| SHA1 | bbaac1b98ade511c72bcf5239b98b7abb1143b81 |
| SHA256 | a971e9c9a5b97c91971a6d1b1656e0d4490a22b4eab759c2a6b8620e4f3e9a84 |
| SHA512 | bdbf50bb02e10e58afe0ff7dacb1bfa062c0cc105f216374a4d76f013c2b3c3f349bf2a43d53303543bf50928cb25e87ac88f0fc4d1d29c3d92627a27f7a49cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | aaf642c144cb3bd3525180135ccd9cd4 |
| SHA1 | 9090f98c36dfcaaaf9acbc11663625ef1bf8e251 |
| SHA256 | 7b74d59821064a65268409899c4dab29b31d5a3b03f0a711a8d531e3998f8a92 |
| SHA512 | 83c37ecb17feb1652e0b3f64968025be7f5fd605c9c16d958c1ef70bc395a4dc16ee8e2c030825d1fdd3c3f6466aea438c43f09bf916442b2982622db9ce5931 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | 32f3024851ce8107ba639062ab240989 |
| SHA1 | 07f250c9c69d023c150c56f14db5d067a8d5a75e |
| SHA256 | fede5cc81bc2dd34d7466591900fe30ed13aa142af67d90e60a5b458fe7d490a |
| SHA512 | 20733ce152f338d99816e7f852c47cf55bd5a10487ceef93f5e7325c74b937b2f926e6b7355c9e600080462abd79db76c47381492c4d0f527d037619560ea12b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
| MD5 | 411234050336222526457f4ad22eb858 |
| SHA1 | 4eb595b6446905aa8893856cc452039c0f8cb7f4 |
| SHA256 | 56564f513635f80d36411b96a58632d62cf7d65f21d99f74545cb58506a5ce05 |
| SHA512 | fa41a6ec8ff5ae2a3b038b54f4e809009909f896f9a0843e73ae17e116e02434f5336ce6f95d6a3baa02cbbed2fb9eb71fbcd312b708a05d100a5d69fbf6d62a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
| MD5 | ad393e5b7479efed96650bbb5ad97ffb |
| SHA1 | c308b8ded43223a619b8d9f647cdfdaa10053ca1 |
| SHA256 | 043f20b8a992abfd4629ea68fa871c92c4e1f1862c870fc426bb4ed24f903b6e |
| SHA512 | e8e7796e8641c74473c639f7adff6dcce6761824d24efc1702f74d748fb860b574b5b9a6e9f6834e75f9b555dba4dae277c3539116ae3d1f60b22df690357df7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ED30CBAEDFE4E4801CAE79815B01B295
| MD5 | 53b236d84cf4e47fe8f57c7b2f68b311 |
| SHA1 | b843e99ac695bb44564b3e393d167b16385f67ac |
| SHA256 | 965fdb00ec6d2b12bc619f0f7b8b71f5e2f46326233cdb291122220eece9343d |
| SHA512 | 5626fe6a69829a47ad60812aeebfb8aba87ca8fa5776144df6e873658630a09ea61694029c562ac8374491646bf77701efb14b0d4d00065ec81f6f58a3994055 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ED30CBAEDFE4E4801CAE79815B01B295
| MD5 | a50600210b514a07670c67cfeb26b94d |
| SHA1 | 3135f7d9bb91d3222e044715c42fd7c704ad6cf5 |
| SHA256 | c11cfbdc9fec23a35e8c70bc3fae310946a143625c91be7e4e00c310530ed91f |
| SHA512 | eeb814a4ebee6422f7b79f3d5e00d73c738ed06ecedb437064f86d644f79090a2b1b92a78f99fab144f863d991b5d95e3703c9f2036781b322fa8fcbde79b95d |
C:\ProgramData\ Compass Browser\ Compass Browser.exe
| MD5 | d03d3f7a7eea464bc2804a4604775ef3 |
| SHA1 | db463326f905cd0dfe5d18b985cfc24b58e76459 |
| SHA256 | 07aebbde5087c10f456fe157e87c1460dba294e5ba9b2c30ea6f49487e8a3bf8 |
| SHA512 | 9ee754485594f4a629cc47e8965a5d4e234c601d0282aba9511c6bcb43801337f4ebdb36f7ceff43e79126076721b979d087fc8d1aaa834e6bca3c4aaa7f988d |
C:\ProgramData\ Compass Browser\WebView2Loader.dll
| MD5 | 48f540c05200c510303475e4cf95b557 |
| SHA1 | c814cef05c39abcbc398f4e83bc120ff012dc803 |
| SHA256 | 1cae7b9ad51235ca43e86f561f4d4968ee81541aee9f759e24359ebd69ea6ec9 |
| SHA512 | 3c05bc448430b17acac02f89ca8a8619e220c53640e7d9b9a10cffdcbce0ca9558acbbda4db1e6ad946a3891fff49c3eba9cf2d619255d8c6d11d4feff1a2e9e |
C:\ProgramData\ Compass Browser\VCRUNTIME140.dll
| MD5 | 7e926644cb293ab4553cdab0714fb5fc |
| SHA1 | 6842cba2990df9e6d370a0d1bd70bdf43f16f6b2 |
| SHA256 | 4faea548b593cd06640c8999eec46af5e9d9c9506f27089fe5e109ba6282f688 |
| SHA512 | 4f42bbe40ed9a9845ef0ce3b43a0842db233f8e8fbbba454c853bfc5a3de7571b4760b57e0e02d4bac1f188796eb8210e0cd089d82b0995f41f6e2741783528d |
C:\ProgramData\ Compass Browser\Resources\institut.bin
| MD5 | d681d757df8042f8188ea56a31f091d6 |
| SHA1 | bcbc78b01ee26635195834c2dcf31e660fce85e3 |
| SHA256 | 7088eba5a674be8608ee1a8d62e3013e3106d0feeee0dc455911e93191993297 |
| SHA512 | 2d73db0f4b7e42dc5294b726ddbbe48a41e82ff8fdd2eb4918d828b85a7e82817a8c1f24ae892c4e949f39cba248b3cd97546a6a09e5a96ed1966e0dd2ee5fe1 |
C:\ProgramData\ Compass Browser\Resources\candidat.bin
| MD5 | 78e1d406caf8dfa31e61c3f92ddf9903 |
| SHA1 | 3a6cb72e0cdac52ca9b0815ae95e1370706c2dcd |
| SHA256 | 013d1b45db00fdfd47fa8ce3d551b521be79cd7e097a49c0eb3a375c8dbe7e71 |
| SHA512 | 6a1b0291525f9c01483091ae77862ec1f5b8e752047d144b47a6656c2f3c0e25d7b5abf70f206fdc70bad9835e60fef04651b4eb21f948a6de08950f7b3756d5 |
C:\ProgramData\ Compass Browser\Resources\environ.bin
| MD5 | 2607234695b8a62fc2f6b4888d9dedbe |
| SHA1 | 8323092ee28567078ac77b035b0c9d75b82576a8 |
| SHA256 | 165ea9b117a59cf3df296305a0e28d6c42a0b4a7018234591314e1fe49d739a5 |
| SHA512 | 3de7929651ab4c367de2ec81f6b131912500a7d7920ed186bf59ad9fd9dacc404bb71275c6f3f29733492298a4e15b1a8517033a68d803adfc167b513805dbfe |
C:\ProgramData\ Compass Browser\Resources\program.bin
| MD5 | 467c827a11a242ff2af4cfa02434c5bb |
| SHA1 | efbae6079b6845f54f0e54bfde4f0bfe300c92e4 |
| SHA256 | faf18ac4a4f95cecd98b62056fcc120aa544466343f48ae5f8fe16c9df80cd76 |
| SHA512 | ebdb62dd1cf91c99b05e9cd7e4d3aa2a932986ddc078db1d156460b04716e26c092b03fca69a88f3d960e454b377bd380f7b7e94ebc2e4f41de51bbde6f1743e |
C:\ProgramData\ Compass Browser\Resources\errorurl.bin
| MD5 | 34a886a7288b1916344fca6dde3f019c |
| SHA1 | 63e2891b45e8ee2e9e7217eaf120bf579ba5f9e1 |
| SHA256 | 2f98505f53a882c8d7b4324debbfe0597eee94afa79aaf15ff3c458c8151048e |
| SHA512 | ffefeab59d8f06667ecd59235c42f6e9538799db097fbb553141effc08c86a6d87a0346ce1438778c9a04433165a391e5853e7c554c8a373859c9a5e1d3820bf |
C:\ProgramData\ Compass Browser\Resources\language.bin
| MD5 | 03e6444501034e1a652e222bce6b3939 |
| SHA1 | b21dc05110c1c8bc879729ebe803027f016f3791 |
| SHA256 | 84a6eb41a55e4b1245ed340a009b7c2f6566e6422f4cab6d24cfe43613dfa833 |
| SHA512 | 3db5372e44cfdfde2c29fc3bd18507e2950298e81d015513d1712ead7ea3a7385807d6dc8f02ad76faff9f2a9c45bb91afbbb0ff99a30a97fa1c8f307d70a3bd |
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Crashpad\settings.dat
| MD5 | 7fe3d0295d615b38cfc408c03508c147 |
| SHA1 | d7d78375d4bfcdb65d0163f724ee5616830dc1b4 |
| SHA256 | f3c8ad378c98cf4a46a3c30e4054444e2d5ad36dc147bf5e4840be5fe31c5d24 |
| SHA512 | 5fdbfd1d0e17cd0d84653942b69175a269d46146644232af38ab035b65d917cf843761b3a4e35a464809ca3a18a692b6bb0f5593954e335ee130172b11c3620c |
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Crashpad\throttle_store.dat
| MD5 | 9e4e94633b73f4a7680240a0ffd6cd2c |
| SHA1 | e68e02453ce22736169a56fdb59043d33668368f |
| SHA256 | 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304 |
| SHA512 | 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337 |
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Local State
| MD5 | 1ef99d4915dd2b4de83403e996baf51e |
| SHA1 | b763be69c41c6b7b4bca3a27c69e24b575243c00 |
| SHA256 | 0db35674c71d4fdb43a66a05ce67cc19f20b4908949f72f0a84b167c598580a6 |
| SHA512 | 7430c124fb1c89dd440e1218999004bc53a9e916c146240df13a22a7f2012787c4e2d4c442ae79d2b7cc5122108d4d4ba0d841d26bcc72348d12ab676d60887c |
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Local State~RFe581642.TMP
| MD5 | d3798dfdf25bfb6cc1ed121cf540c8d0 |
| SHA1 | 9e3918d3a344b81cedf43bd1346cc2fce68f0e12 |
| SHA256 | d6b3e526d9b99ee48fc798d57dfb899893a446a767cf331270101158f4066cfb |
| SHA512 | 1a113d591186744720a97fb0f0984d441d6ac5595e976294f16ca0356c583093ed9a39e573834d0d23ac7fe153ad6fc0190643d243247c36c9f24fb1c9ae9f42 |
memory/4348-156-0x00007FFCCD580000-0x00007FFCCD581000-memory.dmp
\??\pipe\crashpad_2244_JONTVUQMMPKGSZVX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Default\Site Characteristics Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Local State
| MD5 | 1eabdfb2e3cb26db13b542ab958e10d6 |
| SHA1 | babaf1ddfe31155468ec757e42c1c1821b6efed8 |
| SHA256 | 430aea78f8591971650afbd546e4cadef2158f7cabdc0fdd35481f1a5d54acf0 |
| SHA512 | dae6f19ecc3c541fdbb1caed44c7bb7f38cda5b8534473782234be15111010332f0d418e831d118cf365ca03636a49bbe6a6a88f90124736c958120afc836fba |
memory/3624-211-0x00007FFCCF0A0000-0x00007FFCCF0A1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Local State
| MD5 | 1af5e033513308cc15e08abdd0033316 |
| SHA1 | a9cb6f8666a9a7be018f41dba6f75ad518e25ed3 |
| SHA256 | f20d2baa80e1f966b777de629fbdc6f69cc53cb7218fd953f4fa63a6a6e9b34b |
| SHA512 | 0bc07e1aa5f1cfdb78f8eb4c5a12aae4e806a567436579d12251fe5b036ab979339c267b8590efd53da7acd418f44329c3aeac47704f47287baa6f99a3e81c20 |
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Crashpad\settings.dat
| MD5 | d08c5f3e863a92e981b2067268654307 |
| SHA1 | ce01df0767677e22766615e0e4c3fd2ffd93496b |
| SHA256 | 7753995e4ad795f610781b03dd1db9f85d979c8dc80cac710fcf03e5a53b1bc4 |
| SHA512 | 07fa07f1c5da6779f1ce12d6d68c08e8bde985ce7236baeeb9e71665cfc6e415cfb9fbc22fb532721b82edf550a4b9a1e955032c3ee718acb3b65b649e6a5ab7 |
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Default\Extension Rules\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
memory/3624-210-0x00007FFCCF430000-0x00007FFCCF431000-memory.dmp
memory/2768-248-0x00007FFCCD580000-0x00007FFCCD581000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Default\DawnWebGPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Default\DawnWebGPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Default\DawnWebGPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Default\DawnWebGPUCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\ProgramData\ Compass Browser\BlankPage.html
| MD5 | 6bad41b157044645e274b7ba2fabb008 |
| SHA1 | dcd8f8ff69fbdfa5bcad0baba0e27e74d06fee1b |
| SHA256 | 18c93166602db6e1dfaf55d66c7011d4fb6172740882d20be99042928903d64a |
| SHA512 | f32d6cbb2b35a22f490346ecf17cb6c544468c92889c9e95b7e3072eb07bdc89f84e1d2acc3fe297d25a5fe7f96cec64cb28ec1d13f4b4b948012629f08e1c7f |
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Local State
| MD5 | 0859517ab7e78bdf761aa5ee92c0b0ab |
| SHA1 | 4f734030dee4b5b3a318c02c63ef60b5ebad5149 |
| SHA256 | 81a8b940c9d56ddc1f7beb0412c86a5609e862d12b9f0fcadffbe9acff3cc704 |
| SHA512 | ebae0c5a2e10c3601199216e143b8069f96ebe222beb3fa4bc5466f5023fe014f5ed987558bbad799cb49d41b6f77524e882da71865e97b2de09328dcc8b2b30 |
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b8fbeac29b4b305fe7c5c9a8751c99c7 |
| SHA1 | 63ab7cf48b3e9f8d124b9339aa5305395830c37a |
| SHA256 | c9acca4a1ecba148a5aa7f1bb3a82c538d9f601023605016f2dece3e04c1ce5a |
| SHA512 | 12412a12bb8edf2b77e3e9351b2989db907be9bd07127d5db6cefb0bb1b8338271df19fa47a440b969cbc7ea1a602e6eefcfe2651ace42a950e860325c934b00 |
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bff37620a9522341ced39c4971abaa71 |
| SHA1 | 3f740d5fdec27cc7e83c6f0a76167463306b18c1 |
| SHA256 | 0eaeeaf87f2a77cecea685d05bfa819373b483825e59847a63eaae1e7df8497d |
| SHA512 | 186110d99653d6cf4162f6d05358252ff997cbcb7dd59863280ad09d6907d1e5a0090e5d66d8d9d2c0593131b198b0473ff05d009eec200e7f3dc5dac40622ce |
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Default\c1cbe417-ba5b-44d5-aa05-27006d12137d.tmp
| MD5 | 721240d716b9127c930226a287570348 |
| SHA1 | c41f341afb3511c1893f73aae4184058b6b24111 |
| SHA256 | 241a6387db5989f7c26caa0b4abf61675f86f06652f305a8fa8f359afe1078c8 |
| SHA512 | 330227368154595a8860e5594474ceb0112e9fe0a0301988fa3c477bec06cc48088d5c95cc250661f25a2abeaef5979e8edc3b472e120599f9ad9b5bb9347f05 |
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Default\Network\Network Persistent State
| MD5 | 9c7f15093df57ad73c5e65debad64f63 |
| SHA1 | 2394df28e9a4e6942fd1fcb8a9629b1de054f73c |
| SHA256 | cc162ea0f3da07c1b89a35727114dee3d09008ef5d2615761ac80bc9a2859698 |
| SHA512 | 64232595ef0c441dd7532efcf15d74921913cbd0acc86e2a2625c577a3b4510e9ab00acd9f5da512150171477633cf2656eb9ffb337e8e39af3002f73f75eab7 |
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Default\Network\Network Persistent State~RFe592c85.TMP
| MD5 | 78bfcecb05ed1904edce3b60cb5c7e62 |
| SHA1 | bf77a7461de9d41d12aa88fba056ba758793d9ce |
| SHA256 | c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572 |
| SHA512 | 2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2244_715545521\manifest.fingerprint
| MD5 | 0c9218609241dbaa26eba66d5aaf08ab |
| SHA1 | 31f1437c07241e5f075268212c11a566ceb514ec |
| SHA256 | 52493422ac4c18918dc91ef5c4d0e50c130ea3aa99915fa542b890a79ea94f2b |
| SHA512 | 5d25a1fb8d9e902647673975f13d7ca11e1f00f3c19449973d6b466d333198768e777b8cae5becef5c66c9a0c0ef320a65116b5070c66e3b9844461bb0ffa47f |
C:\Program Files\chrome_Unpacker_BeginUnzipping2244_715545521\manifest.json
| MD5 | 58d3ca1189df439d0538a75912496bcf |
| SHA1 | 99af5b6a006a6929cc08744d1b54e3623fec2f36 |
| SHA256 | a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437 |
| SHA512 | afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2 |
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json
| MD5 | 6bbb18bb210b0af189f5d76a65f7ad80 |
| SHA1 | 87b804075e78af64293611a637504273fadfe718 |
| SHA256 | 01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c |
| SHA512 | 4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d |
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Default\Network\Network Persistent State
| MD5 | c52d9b10826aed65cdb652b6dd42fedd |
| SHA1 | 0fb973650b85c749c0ba81806805f806ab5c1070 |
| SHA256 | f9f043a9998903b7df2502d957f3aba32f4011553aacb37808743fa655547b4a |
| SHA512 | f3d0c5fcf8f79502c37149a0cb46f77d7edf6018bda00a55918ae0885c1e8039a8a7e68943f418048a8819dbf933d1a6301bcac7668a7f447cb667dca843a9ba |
memory/4088-483-0x0000020A83550000-0x0000020A83551000-memory.dmp
memory/4088-482-0x0000020A83550000-0x0000020A83551000-memory.dmp
memory/4088-481-0x0000020A83550000-0x0000020A83551000-memory.dmp
memory/4088-487-0x0000020A83550000-0x0000020A83551000-memory.dmp
memory/4088-489-0x0000020A83550000-0x0000020A83551000-memory.dmp
memory/4088-493-0x0000020A83550000-0x0000020A83551000-memory.dmp
memory/4088-492-0x0000020A83550000-0x0000020A83551000-memory.dmp
memory/4088-491-0x0000020A83550000-0x0000020A83551000-memory.dmp
memory/4088-490-0x0000020A83550000-0x0000020A83551000-memory.dmp
memory/4088-488-0x0000020A83550000-0x0000020A83551000-memory.dmp
C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-as.hyb
| MD5 | 8961fdd3db036dd43002659a4e4a7365 |
| SHA1 | 7b2fa321d50d5417e6c8d48145e86d15b7ff8321 |
| SHA256 | c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe |
| SHA512 | 531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-hi.hyb
| MD5 | 0807cf29fc4c5d7d87c1689eb2e0baaa |
| SHA1 | d0914fb069469d47a36d339ca70164253fccf022 |
| SHA256 | f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42 |
| SHA512 | 5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\hyph-nb.hyb
| MD5 | 677edd1a17d50f0bd11783f58725d0e7 |
| SHA1 | 98fedc5862c78f3b03daed1ff9efbe5e31c205ee |
| SHA256 | c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0 |
| SHA512 | c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff |
C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1297091522\manifest.json
| MD5 | 273755bb7d5cc315c91f47cab6d88db9 |
| SHA1 | c933c95cc07b91294c65016d76b5fa0fa25b323b |
| SHA256 | 0e22719a850c49b3fba3f23f69c8ff785ce3dee233030ed1ad6e6563c75a9902 |
| SHA512 | 0e375846a5b10cc29b7846b20a5a9193ea55ff802f668336519ff275fb3d179d8d6654fe1d410764992b85a309a3e001cede2f4acdec697957eb71bdeb234bd8 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1611327970\manifest.json
| MD5 | 8062e1b9705b274fd46fcd2dd53efc81 |
| SHA1 | 61912082d21780e22403555a43408c9a6cafc59a |
| SHA256 | 2f0e67d8b541936adc77ac9766c15a98e9b5de67477905b38624765e447fcd35 |
| SHA512 | 98609cf9b126c7c2ad29a6ec92f617659d35251d5f6e226fff78fd9f660f7984e4c188e890495ab05ae6cf3fbe9bf712c81d814fbd94d9f62cf4ff13bbd9521a |
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\PKIMetadata\13.0.0.0\kp_pinslist.pb
| MD5 | d43d041e531dc757a69a90cb657ef437 |
| SHA1 | 09138b427565bc276cfd3ba9f59b0c8bad78e91d |
| SHA256 | 9431360a5534ad2f8eddde157cce39704b99da035fcb6d2cca11220700b11ccb |
| SHA512 | 476a98122059b9cc19492b7ae557c61381842c8c347f85c686e0a493bfd0e8707ce3491b690e7978b3fb7d7d2a4daa2767e4a590398a50562519bf32e8d12ec6 |
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\PKIMetadata\13.0.0.0\crs.pb
| MD5 | 981a9155cad975103b6a26acef33a866 |
| SHA1 | 1965290a94d172c4def1ac7199736c26dccca33e |
| SHA256 | 971393390616fbe53c63865274a40a0b4a8e731c529664275bdc764f09a28e2d |
| SHA512 | 2d75ce25cb3a78f69f90fbd23f6e5c9f1a6ed92025f83ce0ab3e0320b64130d586fc2cd960f763e1ab2c82d35ef9650ebd7ff2a42a928a293e0e7428cc669119 |
C:\Users\Admin\AppData\Local\Temp\.WebView2\EBWebView\Default\Preferences
| MD5 | 37b19fef40274dc1af151c015d0a1979 |
| SHA1 | cc60afb75060577a7cc49ee220808204cfaefa7e |
| SHA256 | bbe263239eec326f8ce5ce3e127a19ba8ad686c65d2c69adc1a19eefacb462c6 |
| SHA512 | f32997a5c371c1f929eccace2b31257e8f347ef4257ded66da7d2c22a0cc22b85b8df833fe557e8287ddcaf448af88aaac7cc95678f5ac5e5772ac0962017221 |