10155e8a3d0746109004fff991656a0e8a80b4e2867fc7bcd8d74ac8f12af011

Analysis

max time kernel
136s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
18-02-2025 09:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

basonw.exe
Size

37.7MB
MD5

65882b333fdc6a16f7014786aee96626
SHA1

efc036d6ec98eb9c7840c08055f2546e72a76e53
SHA256

506103409670ba91e0574d96517e913ad6a0edac9ffb55e32297589ad101475b
SHA512

b699eece4466d243bf112eb532dea2ffe84aee26d81b5da6bebab80bde5a46e2687076d384e912007f0ea1de722d6d3c5e95c369dfff3055c10054eaa01d83a4
SSDEEP

786432:mDKiEY2Pjas9ewAr6fNzqi+jCEKpO6Aa+0:hN/jaRHOfNmvjgpr

Score

7^/10

defense_evasion discovery trojan

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Control Panel\International\Geo\Nation	basonw.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	basonw.exe

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3956	msedgewebview2.exe
3956	msedgewebview2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs

pid	Process
2420	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3940	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3940	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
3612	basonw.exe
3612	basonw.exe
3612	basonw.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
3612	basonw.exe
3612	basonw.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3612 wrote to memory of 2420	3612	basonw.exe	87
PID 3612 wrote to memory of 2420	3612	basonw.exe	87
PID 2420 wrote to memory of 5104	2420	msedgewebview2.exe	88
PID 2420 wrote to memory of 5104	2420	msedgewebview2.exe	88
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1828	2420	msedgewebview2.exe	89
PID 2420 wrote to memory of 1708	2420	msedgewebview2.exe	90
PID 2420 wrote to memory of 1708	2420	msedgewebview2.exe	90
PID 2420 wrote to memory of 3084	2420	msedgewebview2.exe	91
PID 2420 wrote to memory of 3084	2420	msedgewebview2.exe	91
PID 2420 wrote to memory of 3084	2420	msedgewebview2.exe	91
PID 2420 wrote to memory of 3084	2420	msedgewebview2.exe	91
PID 2420 wrote to memory of 3084	2420	msedgewebview2.exe	91
PID 2420 wrote to memory of 3084	2420	msedgewebview2.exe	91
PID 2420 wrote to memory of 3084	2420	msedgewebview2.exe	91

C:\Users\Admin\AppData\Local\Temp\basonw.exe
"C:\Users\Admin\AppData\Local\Temp\basonw.exe"
1⤵
- Checks computer location settings
- Checks whether UAC is enabled
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3612
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=basonw.exe --webview-exe-version=2.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --lang=en-US --mojo-named-platform-channel-pipe=3612.3784.3678021707529339693
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of WriteProcessMemory
  PID:2420
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ff80eabb078,0x7ff80eabb084,0x7ff80eabb090
    3⤵
    PID:5104
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView" --webview-exe-name=basonw.exe --webview-exe-version=2.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1720,i,5063955758420336588,4012243984102373357,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1716 /prefetch:2
    3⤵
    PID:1828
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView" --webview-exe-name=basonw.exe --webview-exe-version=2.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=1912,i,5063955758420336588,4012243984102373357,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1928 /prefetch:3
    3⤵
    PID:1708
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView" --webview-exe-name=basonw.exe --webview-exe-version=2.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2292,i,5063955758420336588,4012243984102373357,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2368 /prefetch:8
    3⤵
    PID:3084
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView" --webview-exe-name=basonw.exe --webview-exe-version=2.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3576,i,5063955758420336588,4012243984102373357,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3584 /prefetch:1
    3⤵
    PID:4460
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView" --webview-exe-name=basonw.exe --webview-exe-version=2.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4252,i,5063955758420336588,4012243984102373357,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4200 /prefetch:8
    3⤵
    PID:4740
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView" --webview-exe-name=basonw.exe --webview-exe-version=2.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4824,i,5063955758420336588,4012243984102373357,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4832 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3956

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3a8 0x518
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView\2a15cd36-06d1-4cbe-85d4-ca8f9cd01ebc.tmp

Filesize
17KB

MD5
3dc9520711eb367a52710de0ca122f02

SHA1
8fe6a7c7c82a2ba63cc51fe81806ec1f93cc2363

SHA256
1d28930c27eeee378321f85e69da6d113e46eed466cfea72f1f87c69401ec148

SHA512
8835b2b4b8a31ce333ae0cc193e5711d1f3422c48d478632cefb1bbc4f5e509a7081c8c2e3a0dfbc8527d1a7e6c4b4a2573f5caf0d190ca383c6e32324e7762f

Download Submit
C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
1f258b0a3e3e6b2b587d7e90eec8574e

SHA1
70f4c2b626a3ae8575a34190c4bb04ea42938e6b

SHA256
df485a6e6a00d2828bde537d7d9c36eb91f026e5ac9f414e0bfce79d978dde07

SHA512
1789cb00907de5077717f0e5ae28b33c9effd75f08f820b131640d75fd4da17fb7498dba0435510f645085c1694843ed876a83c95b4cc1ebbdf928deceefd9c0

Download Submit
C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
9faa2334d7296a8df9e9b1c4477db5be

SHA1
d0dca3cd6df4b3ff09440649f3b67656f7a98d41

SHA256
93c08ea739c56e23391920e6cb151c258f253c235a9f0f785a8b0f1d881a3ace

SHA512
080454ecdc5d7551d424d6cb3dc9f5544c6b10a2310cd653502dba3cb75d7287d220f59859b6647a519af5631f3753f5f1fb5c8f644d4360dffdf4c4f3f5511c

Download Submit
C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
426cf47d819ecd5cd280ef349de29b99

SHA1
ab463350699206f7f7a3741f4ba505935db06cb9

SHA256
a1a08d9f63362894aa7d441a98f9581f4155d0466bab1876c25d5a64ca25d483

SHA512
060beae6d876bab2dfe66764283e1c33e384ed49317e8533593a12f53b8228b75dd637d8092434694d019f09f3e9e9588c0cab416979fe01abcbba8a137c3a79

Download Submit
C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe5830cf.TMP

Filesize
48B

MD5
e5b0e165fe333bce64f87d99c3a15cac

SHA1
c08ece36dd3fa439e7f71c9921d61f2a8d16d1af

SHA256
12a6a2b970d55e10475f10c427a72acb36e819fb9f14e93d601a3b4e0a019026

SHA512
07317b1684f90a1b638fe8731f090194343da70292ad9e42584342c791527d5c728d84e439a4a5113be312bf2f4b4cdb1aefe2423269fdde79b16647bbfbd63a

Download Submit
C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView\Default\Network\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView\Default\Network\Network Persistent State

Filesize
437B

MD5
d1c16f01b55ad4324b6eea9f4248f704

SHA1
3de88f05bd1a9e652635d1635c254e49b66c2407

SHA256
45775b48266be4f54a890a64dd3a659f6af291e3928d7a2a429c2faab989ccc0

SHA512
d4e4b892582206ba6a8cb137d673c33c79b1ba136e0580d3ff0926ab5279195292e16f4211f6f8c8fd26fbe1042cf800031148043169583159f26cf5260b8874

Download Submit
C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView\Default\Network\def98634-b030-47c2-8459-5c68244d7281.tmp

Filesize
432B

MD5
dce055dd0763771c39d46fcb3d4f2a92

SHA1
d2a86477b61abb9e53538283c1e7e9f0c0a161b7

SHA256
7eb8f052b29dd778520097ce54809e1a0e17891a6a5b6beec9d77d103ce9e91e

SHA512
4c5c3e72f80ba17f65941f9a60a7f4e245d9c15d270dd0d9f419ca00c604ab9f160c38ce31751ab0b446a1f3c72994601429a43be16ee1cf868e0bb5e7c746e5

Download Submit
C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView\Default\Preferences

Filesize
6KB

MD5
edef0d19e47c2d65063439e10c89dbae

SHA1
91a28112fb8c507af56e9c78053af00a026bbd92

SHA256
e141efc6932b80c79f35390cd7ad3ba7e25549eddfa81ed54a1ff1192cba0728

SHA512
fbaf629777d51dc890eccf49870925e9e15285c2a5c60739ae20c7e13ff0ad37c0fb606b854d76d3f062c08d627dc03621c21e6c4c2055e65924c75b20de93b1

Download Submit
C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView\Default\Preferences~RFe582e9d.TMP

Filesize
6KB

MD5
4399852011176592d81504b9b52a0821

SHA1
be85e453bbd495e47ad94b1661a324c6c712be30

SHA256
a3b5b895372467ee1cfd3dfc683001d8b6a9d1c02bf113215fce3ca92f521f22

SHA512
2228549db9ba0f552f64b5b91ceb4988f4303a535b0f6fa84b0246791eaf56302eb180c6b2fc3dca6e385c9551fb10f4b7b5332e0970d0faf250d03404075e5a

Download Submit
C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView\Default\aa9f7a1e-ebc6-4e3b-ae56-42434c3d53f3.tmp

Filesize
6KB

MD5
c7d54bf5c583c59ba02ea9595427691a

SHA1
604e6c1e228976cceebc3609e2334ec3b91d9f05

SHA256
b3c821b71f6b761440921ae1698f96746581f5b2a1b3f888408ec2faf73f01ba

SHA512
5738f9d9c37a2607a36df250f1e6f9493081b5248e75d0b2ae6b9d2aab55670ec0a72f9dcd87bebbf1d1e6b4c1b60ba0ff5f1fdddad13049557c9f12f734600f

Download Submit
C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView\Local State

Filesize
1KB

MD5
ed0ffe4b6932c5fcf208ed3fe57c398c

SHA1
5e90601e3b68decdf055b18f576f0c401476d011

SHA256
6feedb6dc066c0bfb06525852d918ab07deb585c6be11a95a6baafa0ba757dee

SHA512
df6517db70091ef52ff002cd37e60ca5ec3a0390f8c835c2fb603d98112125f2ec0ca49c5b5e1e3262f86c5dbd6ba690100037733b5c7825c193b5fd400c9877

Download Submit
C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView\Local State

Filesize
2KB

MD5
7c8d5093e9fc03f095e2ef76bff15d1b

SHA1
3db84a0ffc25e17fd6c63f1b3839c400e51dc413

SHA256
1fff9afe2966ad37a9e1a159c4e17c9a617cb2ea97bc0c151179877f6cf9a1fd

SHA512
03b3ae945ff73ea2d09f7451a79da48b9633e951b6fbd1958feaf5c84f4b73d7f66a721d0d942d4dc28446997dcb728f0700c8cf408cae9409876c062b5dc970

Download Submit
C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView\Local State

Filesize
3KB

MD5
7b0d094d7280525ada7a35a5cf3eab21

SHA1
a1c6fcf31428fe66f06a2909dbc12a14c3dc26e2

SHA256
de7748aa65f8776be90bb394367922c7d104dc10536d648160860ef829a0acb6

SHA512
0ff090e3428145a099eb63774084ae18556a0296255b33e39000e78a10280cb73300fa0dfe8e7eee59e4a9843d03636181c49f96ca264949f5f63362cfa58dd9

Download Submit
C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView\Local State

Filesize
4KB

MD5
2a9ad06af53158614b46ebb0bb067800

SHA1
ea57efbf915a4a11085f1e9022c0c05fea6ffdbd

SHA256
ecc8ae705d1c673eded156fbaa5f2e390a7681adc4469b02118f42e5a3c1b370

SHA512
37bb04b93ebf275c51ec03a8ab5ef9134b5f953c7a02b2ca49dcdfcc051db2ec4ce204f4f3584fe08c1cca4e7226fb72785f4221f4f81a83efb1445213d0a953

Download Submit
C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView\Local State

Filesize
4KB

MD5
594882d6ab24d462d41b16bcf44385a8

SHA1
9568e3e0e877134584633bca6e79d9a981e7c220

SHA256
e8322ea09d09768fb52db5fc778e4ff7f48eba80e0856359a3e03f12e1d39794

SHA512
2ce403a9e7f50aa1b57d1844c14ffe0b4f8288e5dd9f502419837147ffe026e1486fb7e2043963d0c8fff895f383991772475ef487afd679fe65847d13519b5a

Download Submit
C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView\Local State

Filesize
4KB

MD5
825f05472775a29cc383192507552146

SHA1
fbb1eb7211ab68edd1c849e8d382e7ca76a89a8e

SHA256
dcd24a28a632077dbdb3af24be3ccd24daefd89cff12846657fd11db6c510d85

SHA512
1d841e8eeb6ea423b286e09afbd6903226114b1b9cbee4d7641e24161b0ee4fc8ef323aaba7b45a1b1336aa78bd792850b84b815a93a57f00a5eca45d934de39

Download Submit
C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView\Local State~RFe57dd7f.TMP

Filesize
1KB

MD5
7dc19cb5f86e2f63c123f7789c70934d

SHA1
7882483c4426fee85be6400c15ea29902965d27f

SHA256
63ed0d7cfc6e4e22507499b2d0106b13b4ac5d40b983db62a22c53d9a931e749

SHA512
54b521ae82fc4dd832c65a4842aadf1861e70150fdb8e9834a33d68298c54623fa74ef499d1163764d75c6048fad5d9951e981490539aebdfdf6ffcaf8fce755

Download Submit
C:\Users\Admin\AppData\Local\net.cubidron.baso\EBWebView\d9c1547c-f9f1-4bd0-b44f-6cefa6d970f6.tmp

Filesize
4KB

MD5
26c39c79039198ce8dc1a514d7ea0dfb

SHA1
10101b1e7dad092c82012c4899e7eb4bcc7f534b

SHA256
403316f8c66160c893c95f93f0e67e68aa2070b579c967f5b9f7eeb34c07a5e2

SHA512
7e1917c7673f9feffe9f761ace8f10f168d5330e8c704019d3831de414b734ff2fd992bdeb46dbc4e65c55932f62102f9c5fe6691c01d707bea6469564b71906

Download Submit
memory/1828-26-0x00007FF82B340000-0x00007FF82B341000-memory.dmp

Filesize
4KB

Download
memory/3084-49-0x00007FF82C810000-0x00007FF82C811000-memory.dmp

Filesize
4KB

Download
memory/3084-48-0x00007FF82C770000-0x00007FF82C771000-memory.dmp

Filesize
4KB

Download
memory/4460-144-0x00007FF82B340000-0x00007FF82B341000-memory.dmp

Filesize
4KB

Download