File name:

Compass Browser.exe

Full analysis: https://app.any.run/tasks/97f9c4e0-0b9a-4d3d-8721-b1415103c06b
Verdict: Malicious activity
Analysis date: January 14, 2025, 04:27:22
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

23781963E75DA074186D9545EDA82186

SHA1:

F59BF8645A0BB0779CE50586778DD45BE2BEC796

SHA256:

D23A03B3C867F7276FBF82CC77976909D811E83253DE5EE6CC7AFED589514740

SSDEEP:

12288:SVU242pr1QU2VB2mIKscfRNyY5yKbkfKeG:SVfr18nQayY5yJKeG

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • The DLL Hijacking

      • msedgewebview2.exe (PID: 4076)

    • Scans artifacts that could help determine the target

      • msedgewebview2.exe (PID: 4468)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • Compass Browser.exe (PID: 3560)
      • Compass Browser.exe (PID: 5300)
      • msedgewebview2.exe (PID: 4468)

    • Executable content was dropped or overwritten

      • Compass Browser.exe (PID: 3560)
      • Compass Browser.exe (PID: 5300)

    • Potential Corporate Privacy Violation

      • Compass Browser.exe (PID: 3560)
      • Compass Browser.exe (PID: 5300)

    • Reads the BIOS version

      • Compass Browser.exe (PID: 5300)

    • Application launched itself

      • msedgewebview2.exe (PID: 4468)

  • INFO

    • The sample compiled with english language support

      • Compass Browser.exe (PID: 3560)

    • Reads the computer name

      • Compass Browser.exe (PID: 3560)
      • ITS SB App Switch.exe (PID: 6300)
      • Compass Browser.exe (PID: 5300)
      • msedgewebview2.exe (PID: 2456)
      • msedgewebview2.exe (PID: 4468)
      • msedgewebview2.exe (PID: 6580)

    • Create files in a temporary directory

      • Compass Browser.exe (PID: 3560)
      • ITS SB App Switch.exe (PID: 6300)
      • Compass Browser.exe (PID: 5300)
      • msedgewebview2.exe (PID: 4468)
      • msedgewebview2.exe (PID: 2456)

    • Checks supported languages

      • Compass Browser.exe (PID: 3560)
      • ITS SB App Switch.exe (PID: 6300)
      • SignInfoConsole.exe (PID: 3812)
      • SignInfoConsole.exe (PID: 2612)
      • Compass Browser.exe (PID: 5300)
      • msedgewebview2.exe (PID: 4468)
      • msedgewebview2.exe (PID: 4592)
      • msedgewebview2.exe (PID: 6580)
      • msedgewebview2.exe (PID: 6544)

    • Checks proxy server information

      • Compass Browser.exe (PID: 3560)
      • Compass Browser.exe (PID: 5300)
      • msedgewebview2.exe (PID: 4468)

    • Process checks computer location settings

      • Compass Browser.exe (PID: 3560)
      • msedgewebview2.exe (PID: 4468)
      • Compass Browser.exe (PID: 5300)
      • msedgewebview2.exe (PID: 6544)

    • Creates files or folders in the user directory

      • Compass Browser.exe (PID: 3560)
      • msedgewebview2.exe (PID: 4468)

    • Reads the machine GUID from the registry

      • Compass Browser.exe (PID: 5300)
      • SignInfoConsole.exe (PID: 3812)

    • Reads the software policy settings

      • Compass Browser.exe (PID: 5300)

    • Disables trace logs

      • Compass Browser.exe (PID: 5300)

    • Reads Environment values

      • msedgewebview2.exe (PID: 4468)
      • msedgewebview2.exe (PID: 2456)
      • msedgewebview2.exe (PID: 6220)
      • msedgewebview2.exe (PID: 6580)
      • Compass Browser.exe (PID: 5300)

    • Sends debugging messages

      • msedgewebview2.exe (PID: 4468)

    • The process uses the downloaded file

      • Compass Browser.exe (PID: 5300)

    • Reads product name

      • Compass Browser.exe (PID: 5300)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:11:03 11:35:44+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 116736
InitializedDataSize: 378880
UninitializedDataSize: -
EntryPoint: 0x4ff7
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 2.5.0.2
ProductVersionNumber: 2.5.0.2
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
Comments: ITS GCO Bootstrap
CompanyName: Internet Testing Systems
FileDescription: ITS GCO Bootstrap
FileVersion: 2.5.0.2
InternalName: VerifyAndLaunch
LegalCopyright: (C) Internet Testing Systems
OriginalFileName: VerifyAndLaunch.exe
ProductName: ITS GCO Bootstrap
ProductVersion: 2.5.0.2
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
145
Monitored processes
17
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start compass browser.exe its sb app switch.exe no specs its sb app switch.exe no specs compass browser.exe signinfoconsole.exe no specs conhost.exe no specs signinfoconsole.exe no specs conhost.exe no specs signinfoconsole.exe no specs conhost.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1688\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeSignInfoConsole.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2456"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\Temp\.WebView2\EBWebView" --webview-exe-name=" Compass Browser.exe" --webview-exe-version=14.2.2.3 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --edge-webview-custom-scheme --no-appcompat-clear --mojo-platform-channel-handle=2424 --field-trial-handle=2128,i,4056768868227581056,9120613819237719001,262144 --enable-features=MojoIpcz --disable-features=OverscrollHistoryNavigation,msExperimentalScrolling --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\msedgewebview2.exe
msedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2612"C:\Users\admin\AppData\Local\Temp\OSB\SignInfoConsole.exe" "C:\Users\admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ Compass Browser.exe"C:\Users\admin\AppData\Local\Temp\OSB\SignInfoConsole.exe Compass Browser.exe
User:
admin
Integrity Level:
MEDIUM
Description:
SignInfoConsole
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\osb\signinfoconsole.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
2624"C:\Users\admin\AppData\Local\Temp\OSB\SignInfoConsole.exe" "C:\Users\admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ Compass Browser.exe"C:\Users\admin\AppData\Local\Temp\OSB\SignInfoConsole.exe Compass Browser.exe
User:
admin
Integrity Level:
MEDIUM
Description:
SignInfoConsole
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\osb\signinfoconsole.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
3560"C:\Users\admin\AppData\Local\Temp\Compass Browser.exe" C:\Users\admin\AppData\Local\Temp\Compass Browser.exe
explorer.exe
User:
admin
Company:
Internet Testing Systems
Integrity Level:
MEDIUM
Description:
ITS GCO Bootstrap
Exit code:
0
Version:
2.5.0.2
Modules
Images
c:\users\admin\appdata\local\temp\compass browser.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
3724\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeSignInfoConsole.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3812"C:\Users\admin\AppData\Local\Temp\OSB\SignInfoConsole.exe" "C:\Users\admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ Compass Browser.exe"C:\Users\admin\AppData\Local\Temp\OSB\SignInfoConsole.exe Compass Browser.exe
User:
admin
Integrity Level:
MEDIUM
Description:
SignInfoConsole
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\osb\signinfoconsole.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
3816\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeSignInfoConsole.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4076"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\Temp\.WebView2\EBWebView" --webview-exe-name=" Compass Browser.exe" --webview-exe-version=14.2.2.3 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --edge-webview-custom-scheme --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2116 --field-trial-handle=2128,i,4056768868227581056,9120613819237719001,262144 --enable-features=MojoIpcz --disable-features=OverscrollHistoryNavigation,msExperimentalScrolling --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
4468"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=" Compass Browser.exe" --webview-exe-version=14.2.2.3 --user-data-dir="C:\Users\admin\AppData\Local\Temp\.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --edge-webview-custom-scheme --autoplay-policy=no-user-gesture-required --disable-features=OverscrollHistoryNavigation,msExperimentalScrolling --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=5300.5236.9797070355036378964C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\msedgewebview2.exe
 Compass Browser.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
Total events
6 136
Read events
6 106
Write events
30
Delete events
0

Modification events

(PID) Process:(3560) Compass Browser.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(3560) Compass Browser.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:SecureProtocols
Value:
2560
(PID) Process:(3560) Compass Browser.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3560) Compass Browser.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3560) Compass Browser.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3560) Compass Browser.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:SecureProtocols
Value:
2688
(PID) Process:(5300)  Compass Browser.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:SecureProtocols
Value:
2560
(PID) Process:(5300)  Compass Browser.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ Compass Browser_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(5300)  Compass Browser.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ Compass Browser_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(5300)  Compass Browser.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ Compass Browser_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
Executable files
8
Suspicious files
112
Text files
28
Unknown types
10

Dropped files

PID
Process
Filename
Type
2624SignInfoConsole.exeC:\Users\admin\AppData\Local\Temp\Tmp4A56.tmpbinary
MD5:74A62B31EC975C521F36CA406FBCF552
SHA256:E0731F983AACF99FFE223A12B53796C3DA780D04336303C0A6136929D04380D9
3560Compass Browser.exeC:\Users\admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ITS SB App SwitchNew.exeexecutable
MD5:8E277C55B2B8F512823E5C384D0E2177
SHA256:BB9A8CD5A67AF174554EFFD9CBEBB23DCA4D1ACCCF4B06F183430E0A7A11F46E
3560Compass Browser.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Eder
MD5:24709D1B6E827E1FBBC2B6158654AEA8
SHA256:5CB0A4B9966D85A8DD66620B763A1235530C0D219446205550F8EDD7CD925B46
2612SignInfoConsole.exeC:\Users\admin\AppData\Local\Temp\Tmp52F1.tmpbinary
MD5:74A62B31EC975C521F36CA406FBCF552
SHA256:E0731F983AACF99FFE223A12B53796C3DA780D04336303C0A6136929D04380D9
3560Compass Browser.exeC:\Users\admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ITS SB App Switch.exeexecutable
MD5:8E277C55B2B8F512823E5C384D0E2177
SHA256:BB9A8CD5A67AF174554EFFD9CBEBB23DCA4D1ACCCF4B06F183430E0A7A11F46E
5300 Compass Browser.exeC:\Users\admin\AppData\Local\Temp\OSB\SignInfoConsole.exeexecutable
MD5:6A76A44F7D15AF3C6082A367321051AA
SHA256:40CFCF4EDEEDFB9BCF4EDC98E13D0F08142D85E9D31FE0F7A5CEEA3AD7FA153D
5300 Compass Browser.exeC:\Users\admin\AppData\Local\IsolatedStorage\qdoxpk1h.1w2\w2nq1czj.uo3\Url.ykxzfvy3rjeewq5up2kwgh01ilcz4hlc\identity.datbinary
MD5:743BF9DC45DE993C19E1A94981775501
SHA256:307F9B5851046C7459C2A2643495CD2F3252BDBEF64AA7230A776CBFA7C44F3B
3560Compass Browser.exeC:\Users\admin\AppData\Local\Temp\ITS\WINCSECB\293\Production\ Compass Browser.exeexecutable
MD5:8ADE5367E145B70BF4197643FD440F94
SHA256:12130E4D26A7AB68752605C078ACF49E5077364F54F0BB5DF1A3F45BB161F220
5300 Compass Browser.exeC:\Users\admin\AppData\Local\Temp\329c4626.dllexecutable
MD5:54567E082E0E1987F13A6FE7E3431761
SHA256:17DB2CE42B83BB8FE64B29F187D97C88598753C177A8868684F62F9EACF5E244
3560Compass Browser.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ED30CBAEDFE4E4801CAE79815B01B295der
MD5:91B64545B9F59FEC15014573EABF9B10
SHA256:07E4896712729D27CA4ED63BA40998D94A4D406C81EE5824C7C708C6EE4916A9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
46
DNS requests
32
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
2.16.241.14:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5856
svchost.exe
GET
200
2.16.241.14:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5856
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
3560
Compass Browser.exe
GET
200
172.64.149.23:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
unknown
whitelisted
3560
Compass Browser.exe
GET
200
172.64.149.23:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
unknown
whitelisted
3560
Compass Browser.exe
GET
200
104.18.38.233:80
http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEQCHFn0OpL7929mRORg8Fz0X
unknown
whitelisted
5064
SearchApp.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
1176
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6160
backgroundTaskHost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4712
MoUsoCoreWorker.exe
2.16.241.14:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5856
svchost.exe
2.16.241.14:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
5856
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
5064
SearchApp.exe
2.23.227.208:443
www.bing.com
Ooredoo Q.S.C.
QA
whitelisted
3560
Compass Browser.exe
161.47.163.213:443
www.starttest.com
RACKSPACE
US
whitelisted
3560
Compass Browser.exe
172.64.149.23:80
ocsp.comodoca.com
CLOUDFLARENET
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
crl.microsoft.com
  • 2.16.241.14
  • 2.16.241.19
whitelisted
www.microsoft.com
  • 95.101.149.131
  • 23.218.209.163
whitelisted
google.com
  • 142.250.185.78
whitelisted
www.bing.com
  • 2.23.227.208
  • 2.23.227.215
whitelisted
www.starttest.com
  • 161.47.163.213
whitelisted
ocsp.comodoca.com
  • 172.64.149.23
  • 104.18.38.233
whitelisted
ocsp.usertrust.com
  • 172.64.149.23
  • 104.18.38.233
whitelisted
ocsp.sectigo.com
  • 104.18.38.233
  • 172.64.149.23
whitelisted
login.live.com
  • 40.126.32.136
  • 40.126.32.74
  • 40.126.32.134
  • 20.190.160.20
  • 40.126.32.72
  • 20.190.160.17
  • 20.190.160.22
  • 40.126.32.140
whitelisted

Threats

Found threats are available for the paid subscriptions
2 ETPRO signatures available at the full report
Process
Message
msedgewebview2.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Local\Temp\.WebView2 directory exists )
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Compass Browser.exe