hxxps://google[.]com

max time kernel
530s
max time network
532s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
12-03-2023 12:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://google.com

Score

7^/10

discovery persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	WebCompanionInstaller.exe

Executes dropped EXE 5 IoCs

pid	Process
2080	Setup_WebCompanion.exe
3872	WebCompanionInstaller.exe
408	WebCompanion.exe
2996	WebCompanion.exe
3836	WebCompanion.exe

Loads dropped DLL 64 IoCs

pid	Process
3872	WebCompanionInstaller.exe
3872	WebCompanionInstaller.exe
3872	WebCompanionInstaller.exe
3872	WebCompanionInstaller.exe
3872	WebCompanionInstaller.exe
3872	WebCompanionInstaller.exe
3872	WebCompanionInstaller.exe
3872	WebCompanionInstaller.exe
3872	WebCompanionInstaller.exe
3872	WebCompanionInstaller.exe
3872	WebCompanionInstaller.exe
3872	WebCompanionInstaller.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
408	WebCompanion.exe
2996	WebCompanion.exe
2996	WebCompanion.exe
2996	WebCompanion.exe
2996	WebCompanion.exe
2996	WebCompanion.exe
2996	WebCompanion.exe
2996	WebCompanion.exe
2996	WebCompanion.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Web Companion = "C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Web Companion\\Application\\WebCompanion.exe --minimize "	WebCompanion.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.new	WebCompanion.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch.new	WebCompanion.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.new	WebCompanionInstaller.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch.new	WebCompanionInstaller.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133231017310433103"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	chrome.exe

Modifies system certificate store 2 TTPs 10 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d42000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd942000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 5c000000010000000400000000080000190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd940400000001000000100000004be2c99196650cf40e5a9392a00afeb22000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0400000001000000100000004be2c99196650cf40e5a9392a00afeb20f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d4190000000100000010000000fa46ce7cbb85cfb4310075313a09ee052000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	WebCompanionInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	WebCompanionInstaller.exe

Suspicious behavior: EnumeratesProcesses 27 IoCs

pid	Process
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
2988	chrome.exe
2988	chrome.exe
3872	WebCompanionInstaller.exe
3872	WebCompanionInstaller.exe
3872	WebCompanionInstaller.exe
3872	WebCompanionInstaller.exe
4332	chrome.exe
4332	chrome.exe
3036	taskmgr.exe
3036	taskmgr.exe
3036	taskmgr.exe
3036	taskmgr.exe
3036	taskmgr.exe
3036	taskmgr.exe
3036	taskmgr.exe
3036	taskmgr.exe
3036	taskmgr.exe
3036	taskmgr.exe
3036	taskmgr.exe
3036	taskmgr.exe
3036	taskmgr.exe
3036	taskmgr.exe
3036	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
3036	taskmgr.exe
3036	taskmgr.exe
3036	taskmgr.exe
3036	taskmgr.exe
3036	taskmgr.exe
3036	taskmgr.exe
3036	taskmgr.exe
3036	taskmgr.exe
3036	taskmgr.exe
3036	taskmgr.exe
3036	taskmgr.exe
3036	taskmgr.exe
3036	taskmgr.exe
3036	taskmgr.exe
3036	taskmgr.exe
3036	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5076 wrote to memory of 5104	5076	chrome.exe	82
PID 5076 wrote to memory of 5104	5076	chrome.exe	82
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 4308	5076	chrome.exe	84
PID 5076 wrote to memory of 2632	5076	chrome.exe	85
PID 5076 wrote to memory of 2632	5076	chrome.exe	85
PID 5076 wrote to memory of 2028	5076	chrome.exe	86
PID 5076 wrote to memory of 2028	5076	chrome.exe	86
PID 5076 wrote to memory of 2028	5076	chrome.exe	86
PID 5076 wrote to memory of 2028	5076	chrome.exe	86
PID 5076 wrote to memory of 2028	5076	chrome.exe	86
PID 5076 wrote to memory of 2028	5076	chrome.exe	86
PID 5076 wrote to memory of 2028	5076	chrome.exe	86
PID 5076 wrote to memory of 2028	5076	chrome.exe	86
PID 5076 wrote to memory of 2028	5076	chrome.exe	86
PID 5076 wrote to memory of 2028	5076	chrome.exe	86
PID 5076 wrote to memory of 2028	5076	chrome.exe	86
PID 5076 wrote to memory of 2028	5076	chrome.exe	86
PID 5076 wrote to memory of 2028	5076	chrome.exe	86
PID 5076 wrote to memory of 2028	5076	chrome.exe	86
PID 5076 wrote to memory of 2028	5076	chrome.exe	86
PID 5076 wrote to memory of 2028	5076	chrome.exe	86
PID 5076 wrote to memory of 2028	5076	chrome.exe	86
PID 5076 wrote to memory of 2028	5076	chrome.exe	86
PID 5076 wrote to memory of 2028	5076	chrome.exe	86
PID 5076 wrote to memory of 2028	5076	chrome.exe	86
PID 5076 wrote to memory of 2028	5076	chrome.exe	86
PID 5076 wrote to memory of 2028	5076	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://google.com
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1f279758,0x7ffe1f279768,0x7ffe1f279778
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1832,i,16897696628107950085,7496622896202332706,131072 /prefetch:2
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1832,i,16897696628107950085,7496622896202332706,131072 /prefetch:8
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1832,i,16897696628107950085,7496622896202332706,131072 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3216 --field-trial-handle=1832,i,16897696628107950085,7496622896202332706,131072 /prefetch:1
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3228 --field-trial-handle=1832,i,16897696628107950085,7496622896202332706,131072 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4144 --field-trial-handle=1832,i,16897696628107950085,7496622896202332706,131072 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1832,i,16897696628107950085,7496622896202332706,131072 /prefetch:8
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5076 --field-trial-handle=1832,i,16897696628107950085,7496622896202332706,131072 /prefetch:8
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1832,i,16897696628107950085,7496622896202332706,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5060 --field-trial-handle=1832,i,16897696628107950085,7496622896202332706,131072 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5192 --field-trial-handle=1832,i,16897696628107950085,7496622896202332706,131072 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5204 --field-trial-handle=1832,i,16897696628107950085,7496622896202332706,131072 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5652 --field-trial-handle=1832,i,16897696628107950085,7496622896202332706,131072 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5872 --field-trial-handle=1832,i,16897696628107950085,7496622896202332706,131072 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6188 --field-trial-handle=1832,i,16897696628107950085,7496622896202332706,131072 /prefetch:8
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6396 --field-trial-handle=1832,i,16897696628107950085,7496622896202332706,131072 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6352 --field-trial-handle=1832,i,16897696628107950085,7496622896202332706,131072 /prefetch:8
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1832,i,16897696628107950085,7496622896202332706,131072 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5500 --field-trial-handle=1832,i,16897696628107950085,7496622896202332706,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3024 --field-trial-handle=1832,i,16897696628107950085,7496622896202332706,131072 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4052 --field-trial-handle=1832,i,16897696628107950085,7496622896202332706,131072 /prefetch:8
  2⤵
  PID:100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3364 --field-trial-handle=1832,i,16897696628107950085,7496622896202332706,131072 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4964 --field-trial-handle=1832,i,16897696628107950085,7496622896202332706,131072 /prefetch:8
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=924 --field-trial-handle=1832,i,16897696628107950085,7496622896202332706,131072 /prefetch:8
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2724 --field-trial-handle=1832,i,16897696628107950085,7496622896202332706,131072 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6560 --field-trial-handle=1832,i,16897696628107950085,7496622896202332706,131072 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6540 --field-trial-handle=1832,i,16897696628107950085,7496622896202332706,131072 /prefetch:8
  2⤵
  PID:1984
- C:\Users\Admin\Downloads\Setup_WebCompanion.exe
  "C:\Users\Admin\Downloads\Setup_WebCompanion.exe"
  2⤵
  - Executes dropped EXE
  PID:2080
- - C:\Users\Admin\AppData\Local\Temp\7zS028ED87C\WebCompanionInstaller.exe
    .\WebCompanionInstaller.exe --savename=Setup_WebCompanion.exe --partner=IN220101 --nonadmin --direct --tych --campaign --version=10.901.2.519
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    PID:3872
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C netsh http add urlacl url=http://+:9007/ user=Everyone
      4⤵
      PID:3432
    - - C:\Windows\SysWOW64\netsh.exe
        
        netsh http add urlacl url=http://+:9007/ user=Everyone
        5⤵
        
        PID:744
  - - C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
      "C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --install --geo=
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Drops file in Windows directory
      PID:408
  - - C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
      "C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --afterinstall
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2996
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" https://webcompanion.com/en/install.php?partner=IN220101&campaign=
      4⤵
      Adds Run key to start application
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of SendNotifyMessage
      PID:4332
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe1f279758,0x7ffe1f279768,0x7ffe1f279778
        5⤵
        
        PID:2600
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1932,i,15084300778387009044,3859925975434484309,131072 /prefetch:2
        5⤵
        
        PID:3488
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1920 --field-trial-handle=1932,i,15084300778387009044,3859925975434484309,131072 /prefetch:8
        5⤵
        
        PID:3428
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2128 --field-trial-handle=1932,i,15084300778387009044,3859925975434484309,131072 /prefetch:8
        5⤵
        
        PID:1020
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3236 --field-trial-handle=1932,i,15084300778387009044,3859925975434484309,131072 /prefetch:1
        5⤵
        
        PID:368
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3264 --field-trial-handle=1932,i,15084300778387009044,3859925975434484309,131072 /prefetch:1
        5⤵
        
        PID:3864
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4612 --field-trial-handle=1932,i,15084300778387009044,3859925975434484309,131072 /prefetch:1
        5⤵
        
        PID:832
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1932,i,15084300778387009044,3859925975434484309,131072 /prefetch:8
        5⤵
        
        PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=972 --field-trial-handle=1832,i,16897696628107950085,7496622896202332706,131072 /prefetch:8
  2⤵
  PID:1108

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3656

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4104

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
1⤵
PID:1276

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4552

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:3036

C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
"C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --startmenu
1⤵
- Executes dropped EXE
PID:3836

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF

Filesize
812B

MD5
25c5faca96f6451a176f9e3776b22324

SHA1
66339a1e2c9fa166c00bc135a42c9a35b1fed9f2

SHA256
5ca35412eb9395b3a5ff2002aeaff77cf582f76f33647116ed6004f6e79eaddd

SHA512
f868a52d12fe853c28ad4b8c8a0208793341a84aa3bdfa7a1bb8c2088801883f6f08c5212c973c0ecf00261fd47cab72e2d82e25f7b69301510258628a68fc93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43D

Filesize
1KB

MD5
d5fefc0e3b3cc3ff3fbbb0718fd87b49

SHA1
9405336ce435364dc728ab4bf7934375ee8f18a7

SHA256
b446d2b69418278b18174776f6f0deba4af33e534a54d613be49bb8430b9013d

SHA512
800a110814a5ec7a4ac7e135c52182aae3e21d87349f786d711616217cd16f3efdf209c3191fc6f6bb33c9891b171be3f15ed6e0ba56a9050a0dc4b8fc31804c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AF360AACB1570042DEFBC833317997D0_93C5E7D2F5BD89D6A7C66D051902DA8D

Filesize
806B

MD5
a2cefa54cdbdf6b741ca8430e7f9ab76

SHA1
94d91d796e0a95bf9f71cf399c47a6a34a4fd5a9

SHA256
b9a439144faf348070de64bc1624919ffdbd170f014a5ad740c866d3abbeadcb

SHA512
9e6fc1a013999a22a9df649301203c90b45debf1bdddca54b68628d4af1921a9620845e3fd5e2a510497da39657ef3eca1b2f8b0a688e203c87031154eb8d46d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF

Filesize
540B

MD5
c073bcea15918b419c9a277809a857af

SHA1
864299fdb0bf6b24686e9acab7d940049371029a

SHA256
5917b691caf8812b812798174f5eba5f225f715a937b6c5ef80ff34d5e8f1e1b

SHA512
c919cc943a309d59188744adb57683d50d5f4b025314989dee4cd6b1035bfcecb0edafaebf805ded64e63578662574db47bf40c07395285c6f2a0387fa4dee41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43D

Filesize
528B

MD5
00347d89152fae843f5211c034b0306e

SHA1
13dff05dbe5cd0ed499bf7bee6069840772dcb3f

SHA256
ce17f3124a55696ab3ef0dd1f64b0306a4d8d9b3e2ff8c83f98b71f467ff7b0c

SHA512
066b4144b0d7dd45ece776cba90954186151b0588d2b77b2a8ded1afbed3bfa0c487d59c8b4b2361c3b3b1338bfe367e706702b44e2885b6763af399a0bcd001

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF360AACB1570042DEFBC833317997D0_93C5E7D2F5BD89D6A7C66D051902DA8D

Filesize
540B

MD5
ddb96a5c50fdf333a226da7ca9ed7ca0

SHA1
dfd23f7b5341de4bdd1088f4d4662504474cd70f

SHA256
cb6231d5950f4cd6c8088482f15ae445e0638ba6151ba4237180166a69eec5ac

SHA512
617c09251463fb3359be73bc4b47ade5f8fac953701827cf76b2f8da1d4d645ab14fb162caa05b07c6d7106759805ef9e3f65c42718f933f610e734bdb733ea9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
d5aa436f438bef1f8801fe7aea488da4

SHA1
fe3fccaeaee75c2addcb31ddb74a609fa9e47873

SHA256
53e51ffd114b6690845f9206d0584783c37637db83a91286d25703a725d25200

SHA512
f4d08c551c6ff43c7136199806da7d6db8d3aed894d81f60123ac9021cad165d03052ac5f5b6b1feb92f67f590d06e40ba9871daabeacc80c3be392992c4f1ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
26KB

MD5
3dedc7d2783d6225615b4005ddd031c8

SHA1
fe7939ed38c2ab625a2b49f021d0389c7501c729

SHA256
129f96f1528f034e6195f49f0eb9368b0c2a21ad068caabc4c6fa0760697eda1

SHA512
8aef5dfff859c6f97bfc28bac1bb91fc1d8dce67735acf2ffc1aeed0da67f7d349b52527f597917b774a06e81391e5bae3527f5e6ef06832a7c7af8f1298a37f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
28KB

MD5
8828d4e89af87efb6f0546fb2b1af48e

SHA1
0a2ae6e898460c334351a3be6506d15553f40814

SHA256
a6f6f80d6ab7a48c34c5f075f9d62252beaf2c410a1208006a0bb522021b09a9

SHA512
089d32b49f58c7460780a5ab9450f728e1cc980d12ef1f0c51bf99da71b70f0745c39704c6f886e33ccacbeed190216480bc384b1e4970c0b3ca2b708d6ce9f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
299ebc65d7e64a1146e71d5f14e814d5

SHA1
bb8cd0ec4253b136cbd14c901adb7948f8ae48b1

SHA256
4477fa17e3da0237587e4a90c605abd75681ff7961f430b61be2d4888b7607f2

SHA512
dfdcf44b0645e2dd8ffd697e9c2ef45f22c3879868afa52c98defc683e1545e105efd69df14db9de27c2c6d16a4fb18d941363927e8da57c0d5bca217c0ea01e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f6139188a0c4088ac896023ab4d5e9c6

SHA1
373158a664ed48f8f10ddca41be4c450258c4729

SHA256
ea60e3b66f62cdfb0bbba6475e82253db691224eed6ca84d3aaa61b42a9ef47b

SHA512
eb93ca49c153f5ead92548af3ca145ef09de9267d5f3237e11ff81a2596ba8bc331bd3eae919728d329d3bcb2e36fcd01515fd76e2ab1ec370877dbc0cd288ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
336a222b9ce0040a31eaac28b419854e

SHA1
e645f48352de55712c52b6107382151d29d00f73

SHA256
dc1c9a9a8915a019ad4be93883785e73155cdae15eb3575ac554d8589b6589dc

SHA512
2f7106f6ef0a972175d53fda05425d7e6601aba892ca12c3dd75212ca4ce3d4f1baab8889154d8bc0a3b2c2277bf994aa2a2996d2b6887eed5f2782281e4877b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
9ccca0793b3091668ea7a9aebc8818f5

SHA1
c99c7ef928292050da137fdd03832048ecd5641f

SHA256
344e97c295d49fb9668130cb9bd713072e78948533452d02c32683675e8efe14

SHA512
5920fde34b295cb5de55b1a6c13cd29334b08f56a545a2a44a4f500af174e450f3283997e1346f5788e2a05bc0409f18f05a32821e72932cce7a20d74af9f1a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
87afd670d95949678de993407a2f7608

SHA1
132fa1fdea4928cf81dca171901844b56c9ce6d4

SHA256
8096f603b6e6fceb66088b77c5c16038f0a8efe19051647e1203239d141f476a

SHA512
9c546b0229c182e9408fe1e2e17385dd6df80cf406b41eb187046803b24086d9e22a3829b900e65284020a7c4dd538d6d0c492908aa113c2a9be320203ac9fb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
acdde7d353a1b29f6f3f9b632d608914

SHA1
9bb0633374dd38262c010fb6a69f5ea9a6c028eb

SHA256
96418354b5eeb00ced41b12ca91be54090a719fc6af38a19daedb38ab9e1b211

SHA512
6b3cdeafde23e71485d06fe044310322979dd8a929eca34d6d778b71bc8cf6a9e0a3a6c19bcc92ce32126b70b6f3756450dce792d67e8004c58812f5acec54cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
ca7a1ca35f7463b759af006a7e64189f

SHA1
68b55e1828e10e58191cf44bac28cca7d89371d4

SHA256
8e9796ebb8dee05c5fbe6cafda0c2463a27b89662b4504410ca1ff46eb0aa6cf

SHA512
7ccf73bde31a182ed8f3678797880acdfa2a0d6ad3f8acad04daff1aebf3922ee24f51686168fed0c97540b3fb67ad383875d5a6d61f2c32a7f173018b01d0f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
a8cb7ec7336c361a0f2c1a14f9eff5ec

SHA1
7d7f70d39c10e6668e7183b2a3045c9f9519be1d

SHA256
16413cacea9143a24eba7d2f12f94f7b4443af98868b3ea6f4356c25b0404847

SHA512
036efb7983e07a4921ef5144e35d985f23b8195a28c9df33aa8e82af3d221612632634a190dd34b50f6b2b002731f9a1a216c68343f50973aa89c50e96acee9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
3bd09a069e42e921482aafba4ad7f028

SHA1
8a04b75949e8ba0fe39f424b14174ddc67da5149

SHA256
6d57af847ad19eb85707fad1fb3a37904b91f5c8e3ad2d778c56e3838ddedc80

SHA512
05f9a83ace48822beb7931f25a33120c218d1221ecfbe38905ef5aaf1d474c53e69cc9a055b2616ed018d8aa9bfa781e02e90b92218d8e3cfd7c6e146540ac83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ff85cb18265b4dd3157deb4ba5cc2f00

SHA1
d6e3f29a3759c033d44165640ecb7202c3389085

SHA256
fc67408e674f016747bcaf7abdbf6fa17eb05ef5367bcd8bdc800bc17d2362d5

SHA512
73e941ad43b540cbfb85c876d1388e1ad3f772a31421177adec5f03a087a45bbc7c50b3e81c0ec8c7571939d9fa881c76e99466f39fa324bb82e4d6cd5ce80e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
db18b018e471c43675c69507ef808eca

SHA1
eb7276ba62b21b4eed509cc749eac9e005dd3c25

SHA256
29feb862f7b42007b6f0b8b49113e76fd9d5f54d73e7af7a7d06b8c742d716ab

SHA512
8fa579009ac3078f2ea34e94cad4d4b81c8b33a2f0929093c09cf932c01f7f9d353a5d33b5a8f58b05f9546887a9bb626722583ffc20348e0dcb8f7d792f4b66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f86735c3836efdbabdbf1683e6bce969

SHA1
032ac48e0828d955bf962fa3403d1cde7f61f81f

SHA256
bf7f5904685131c39ded9abd9f8350e863c294aafd5d434738c1dc4161f81bdc

SHA512
b505e5570d14753d23c8f3d56f4a2223de69b4666a665d020bd3b55638c45463d71d3f21f6703b1536f4b28482dfb08fe022e031c93b110cfb1daa950d37addf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
65caebf1143b4b32ac263451aac2a885

SHA1
6d45460dcb6e0ff0562e206675df0e33daa7c780

SHA256
f100554f15c00e691c08c99a0462194365d8163e4e6d40780167450b987758b0

SHA512
ad96255dd7ea8c8d7c1cd8f9cbef3c1b317f4f44cdd6179b6de2d858f7f21ed90e2ac331018a1c7521fce6499c3988470a7090e45a90092ab6e35b839e870ae9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
09e33681873bbd940b75b35d9ce6b76e

SHA1
97d3b240be04ac1aa779601bb99eb98d8d5723b3

SHA256
9a457f7e76dda14dfeba34e59d2288220311db4a3b2d213a6eb279a178403b31

SHA512
8f7ae0658b0b645e938d24a73f7ec309085cef6d4ebd244831d2fbf212ab5c1217f818915e31b5b788edd0c47332f90b872d41417fc5e49e612b76c2efa3c95f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e9e7ddb8bcb87b1f5fbf375e61b4a73b

SHA1
1ff0c5d3222416331e14acd02e5a7c792b5257b9

SHA256
7186455478bb148259301a2504e381420dc94974fe42e37bd5e705daa61fb093

SHA512
4a2c5b070a36e4c3d3337f802d0b41e0e6c9d13a51c1ca2dfc6ac5ccf3601151ed5160552f1d167518b85d5c99a56471acb960322fdef82e177e2d13d1d6ab26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8cba23fdb7666f3022e85bfe32b1d954

SHA1
3f09f8627d584ba00c1e45ca084197d19363a0a1

SHA256
f1e111c395ef32eee9047c7a581c12916b13765ce28bf34933b6a4ca078d9176

SHA512
db3a090184e0cb0cf31ebea2ca51551fc8133bf167b57d4a2a97e73c44d94a249abb29f47c7ff86818b2de409e836d879d6d48a1f890d6f5000e3d75700c47dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
fcf3b0eaaa5d73d591d6132548da6cba

SHA1
0b3d1bd7ea9fe309764dbc222993212bb5cb34d7

SHA256
4da5a4c619e728333657f5dbaec487f627bcf7a717f7c10da90e31daefc53744

SHA512
d192de55277a045cd6329a5965c92aa4530eb06d551f3fa85b0aedb1b8c9bb6ecce6c96384f5de171baaef1d3914d2ea3c67518657c404b3cb2d93c7f91d512b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5e18247f763ed32b5d740f1c976cdbcd

SHA1
356e8dc51230586e776c4965094d7dacef35e591

SHA256
af6fbe2ffa6353d03bb3044b4569ce6c1a68f66fb9c675af158fb7984a1d4589

SHA512
410f68c6ceccc6084e9bf8f95c28b22602af5001807f3513848176ed0aea8fc8d6bf88ebc12a6877fa0667c0a147abc9f7cd8393f28c52ebfea7bbfa8d3c0886

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d120904d0d3c67415b3b819ea4a61d79

SHA1
c5ed95228d9684531fd43eca74d4536fabca816d

SHA256
846c72707f9555db7d28ee0bd10f19d7c44374b8ce8110fd014942f28fc29b51

SHA512
ff36942e35e55225f4a0ee4293b1c4573280460cfd0f0c2a52a52348e99bd4d1e8d6ee2c335c5cdbefaec883d2a3abdefdfd16adbdc5668cdfe649b3ba750848

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ddef06e5e2b7064890fe74ed141f8ae8

SHA1
c3137029c855fe87b41843b0ad5f8b6513bbe678

SHA256
c3123694536ab7767462edb9f272dd5c39fac1b0d439f165457a725b37631226

SHA512
b7adf18d0e2469cc90d68c9068571faaa17c54fc148aedf0163f75eaff74cbf15543cd6ec700f4dbc521492cd8ff2890f40ce4cda5210c9092849bfdf779ace2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
1dc419db24df136c893cdeb96b98af1d

SHA1
a048f87c7cc207c859278ea6cc682661db161c87

SHA256
488622d01cac1d6c9bc8367fa2dc2954fd57fbb99f022fd021f90ee0e29e388e

SHA512
e9dd207419a9259d01edf279d8e4c30b570d65cc246fff19133b5b03712063bb6eb86491ef74f2bbd19848d2257706cf6ed2200c4e273c607e63b99de440aa7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
146KB

MD5
4342b6aa5fd908684889ba377358d19f

SHA1
f0fa8f630a1a38a725c846c855ae590f9a9cd68b

SHA256
2d0d45a1fd03557ad95863a27f3e4b911b3b50492c6e6dfa567552d222e44f16

SHA512
acc93504d69b361bd90753ecf52bf1a3356d139cd9ea180d2df804cc0e7bd05877f23dcba7cd3f786e5d765e9bc912a83b40f1158e29760a759eab805f0e0246

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
4b33e61eb65378ccd5b13956ec5bb06d

SHA1
a314061c769ba1a960a64491a5ac1192bee6095d

SHA256
fecbca49f754c135886c01e349bb42535ee4461e42063741ed756f805d1511d4

SHA512
b59e5cea3c3b3e29b75168e595416377a70862cf3b1a50361e0e3fc7b4a7ac674140f4ffecf1ea67d5569e1c6d57ba86021cf75a759c8c60a5413d00ee37a544

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
dde6e5082e80782bb3ba989120a3c544

SHA1
f111105ce5002186adaadd6117b346c6407e1ef2

SHA256
370f6026251b240ec73205e5f2d20517cc3442c7e8b366ca4f1a2cf8feb72405

SHA512
693028ea89dd908464262a268a36327c1a0e32f5e55a0f13e4094ad33954f9af391dcac72d87e424cd04238fe5113609b71da8251a67a01bca8132c4f59832b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
165KB

MD5
35f5a44b4ee10a6a6f72edad339d5718

SHA1
8725ac26b3556b50903991d2570faaf0c997009f

SHA256
99ea7dcc760fac73ace1d46d0043d26f361589912cc59b96e10635b2eaacfe09

SHA512
5792868f431892beae4f886c474f12616d0bce8c04a4c7fc19fd83c0b50eefb432a684c16f341c11f77ad830c68eb3f81d2be13187d2894c26b2e205a17314de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
96KB

MD5
d627ae158584c53741f59f133fc8b3e1

SHA1
1915fc4eb0371d8385d044716d7af96a83a7086a

SHA256
c5943db83ba34c450599b5fd84222bfb14125e184f96e7f9b20c6bf45ec6b33c

SHA512
a18fe6daa0a232a88a48cbd4722c42bd6f62c14f3fa1a8b553c5405b9186a7873ce6f7bda3c81cdace823047aca2c6dc6bef4a8f4b6b5008a7fe5ea475ca7bd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
f683e51fc8579c642e40fe7c10cfc293

SHA1
c4e58932db624fd3df37804cb5c4883b4acdb4a4

SHA256
433b15f9b586aa06c3a33e39c2afb4b3792a7cd890f529ff171b215473e7b1bc

SHA512
8f94843e655c266229b683747004032a2bbeff72e278d1b8dbcfab4cc3969f0d00e71a944ba890b09b1dc4298aeff86afdcbfc4529b60a3f543a674ae635af31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
51a26cc98c766d0aa83eb467d40bbdcb

SHA1
a86722eacb6f237f775fcda7a0c8d6aca097500d

SHA256
4faa7fe8920dca1d9ca41c32438bf2dd1a41df099cb2e80ce1a1253a6864f7b3

SHA512
abdcfc04b32af18185428a897717e79e68398c84ee0a290e34c34aaf12b08306ee13aa1902d0ce82aa28b02b48cb412c36dd992763e02a8edbdfe2e9e28c81f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
113KB

MD5
29ce3d3c6a5e96e00caace2e68fc4478

SHA1
1a061b9345bb0f176e3dcd26c0ea800d9f967b52

SHA256
b1cd2c52f08ad26389b65c6cd38bcb8d3fcc24992986af2fc4bc768ea6dffdf1

SHA512
414027c4d77dcb81b605c9b31fdfc36e1be77bff8d1416caaa891a9d6ae61160b885d7ce01fc2362be7ebafb3857ef5ae0f67f2375245740fa2c775402e6d220

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
118KB

MD5
8611ac98b57f62a1c79ac91004c04bb8

SHA1
7beaad68cb6ca41b49d7c3fc0a63d50b34ec9c44

SHA256
e71e71cca5701bf4228f77c0e7fa36cd918c1ae25408a596491c93cb69933c22

SHA512
24153e825c8b5fd50de57f9db118dec8d150fc8a1b7e3e7abb3798176676e253a62158ddbc58ebfc03674ec2f5469a38f9f960e54cb1b9f73b3c3ab8948cd9dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
7328fb2c1dc9066d1c435e13519c5b70

SHA1
bd7cbc5467b576faad76a4f552148fb79ed060ae

SHA256
005df57728faf77465642b971972abf013193ccbef54f25927f000f3e7104664

SHA512
41429fe0243081f4651c9f2bda7be03e0080675f9a3ab05434f68da2f672931d5693fcc9273d556566e6fd5c98ed24b9c637148358cb0e470d3c47fe4d5f457a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe572599.TMP

Filesize
98KB

MD5
8226092c1fa7112afeae5be3d52c833c

SHA1
e214f56cb3a76e4161d9f1e4403093522df0c3e4

SHA256
c5625c183ef2ae31fb45300f569a4497b7672adad3a49a9ddbb5b1a9bdb3d2dd

SHA512
a17582f2554cb307eeb9bcfef2a4a2e732be00906fff9d05e6b5e9484f2bcde44ebd631e7897c729555d73ff59b498c3d34a4aaca8db3da20d5671090ac456af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log

Filesize
4KB

MD5
1fbdd514509f1c6b5418f4a9b3714513

SHA1
6e7ff41b692444a668ab263cd56c1f59cbde22ff

SHA256
11007dcfc58e8e764271bc32c38be0458cbd675ccede3c12592632c38107e0a1

SHA512
b1602b94a0f3b209f748dae9440cae97fa4a566c0a22f1208849ffe7c5364df959310727c6b8c09e79981cb318ac23bc0edb290e4a686475d44a8158d4d4293c

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\2t1i90_o.newcfg

Filesize
603B

MD5
928907641771bcbe87627aeabea72f7e

SHA1
67bce5ead9d152a23906f2ff40b542c345ba9c95

SHA256
cf35a56778c1931c2a820101d4096c51437bf7973494e1bcf2ab32ac534f610c

SHA512
6ef8daf1d7ea23aa592b8321f80393f091d02ed17c917ab242e914fccd49585bb92a79a70a01ed5bb70c0ce2104a493e9cdeb0465996fd2bf1d2915a93c66237

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\erp_koog.newcfg

Filesize
604B

MD5
492ce67b52366d8bc01056a2f8a989ce

SHA1
faf044bd35bd6de2905573f136521cad3cdc76f7

SHA256
89aef1a2391d2ef049bcea5670a2b77722f375595507a8160a159c76de9fdfd9

SHA512
49102ea970dde30c0fe3d8a1c4c9449a73f7c29246a5d30f5f828e0729a2cba8d56c4f3441b0497ee2610559378f7bb508c4c6af9019dbf85ac5853cb4e21b0b

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\h2z-zxn8.newcfg

Filesize
479B

MD5
c4ff37b285a1919b340948afd3d0fd17

SHA1
e4c3b237d234d8e9ca74f61d58e4617abb4594c2

SHA256
a6e03f445d8e224fa5d9da6ba262143b1de5691c1721842598f3735122c734be

SHA512
dc5724bbfadf81b2c19f541268336f1e96756ad6f0cb81e15f5c2565d0d0dcdf26be9cd6bc123ea5be95fbd00cc6c7203e4c8d375e232e442650a4591379449e

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\hvk3zpwu.newcfg

Filesize
335B

MD5
45ad2721e5b9087dce44cca6fba9c236

SHA1
373296f4d3b26b499e4c6b9deeb43915df5fe909

SHA256
b11ba0f27ce0c699a3ca3a8aca9f0ff047998002870422020117ecbae7f9396e

SHA512
4f1d344bf563baf2b3be051eddab6a67477a0ac0e75cf241f14eaed2f023a4393785c9bfdd7ced68709cbbd673f13bebbd83619f7bdebe163929793ce112796b

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\jtihhobq.newcfg

Filesize
1KB

MD5
8f441c1fad2708816d7bf3aec973fa66

SHA1
a623e094b072ac717c1f6d8b3d38aa5f70298cbe

SHA256
21dd20c36c90ab9b125b2f4ddef6218ad64f3c33d0691f9e2032d77fd946cdef

SHA512
438bad8f328a9b4384b988197bbbc6f9e5e8f0541fa8cd3b87b1ab7c492b9f25416ba65c68efcc677f53c4fadd0eccecf856d20458ac39575f752f025468efc8

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\pnzzl_pz.newcfg

Filesize
470B

MD5
64c71bbabbada7b8824b3c637b404ae6

SHA1
58908d0f0a3dca96ffed1ff36da5bdf761f56338

SHA256
58b78f4ef263136491df59bcf5c510b03116bd7c18ae319c868367296c7041a7

SHA512
e8fdd3ff659bd7c1b581b6245dd059247bd382c0971411347bbbc8adc75c1108671a3b019021d615739ad8aabef92acf342b72316647ea324eef78f2b3161337

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\user.config

Filesize
341B

MD5
173c8e5d53012fcd93034042f8464a19

SHA1
226fafb255a07ee20e0522a8902638844afb88f1

SHA256
5ba3803c178a75c84f9868bae53edb497f63869de941dc21578546185c269d77

SHA512
d1ca7efbb86066cc8e1d0dc91b122d3b7f98c56f49f449da405d36304e73905986eb697604360ec4bf6b2fa6603ad3020624428d2a67db050cd141e23780eeb5

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\yzkfle0b.newcfg

Filesize
483B

MD5
7517ed6b052e425f8a9687d2f2ed4385

SHA1
358ee762a633025647c6e4c289acede579637370

SHA256
68b331156b92716511b0eee43f6a003f5195d2606aa5afdfdd6d394bdb479e64

SHA512
6b2e26d6d4f9beb993b48c1c26a8317f18e5577dee4d3d26d24f9d5e8a0bd0d12ac888bf171043c76b8ef0b9d8e0a85bfad9d13bb0068b3f2a3f12bc937ee86f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS028ED87C\ICSharpCode.SharpZipLib.dll

Filesize
207KB

MD5
1e16bad4f6a563c46161bb4fb0cfec4f

SHA1
e86ee8b835814ff6e6d6709a00694d0308cc83f3

SHA256
c7b5080ea8b2753751cb6252a3e9edd2a292d8a141de9e65cd3d0005ebe041e9

SHA512
a0a52c24bde70dfd22d0c7b57a2ae53927a5efd2a6dd18a325f7d03a6fd94eeb6c5885b63c7e135bac786bc4bde82640584e76ab04d9a9e6bf24923b9f05e7e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS028ED87C\ICSharpCode.SharpZipLib.dll

Filesize
207KB

MD5
1e16bad4f6a563c46161bb4fb0cfec4f

SHA1
e86ee8b835814ff6e6d6709a00694d0308cc83f3

SHA256
c7b5080ea8b2753751cb6252a3e9edd2a292d8a141de9e65cd3d0005ebe041e9

SHA512
a0a52c24bde70dfd22d0c7b57a2ae53927a5efd2a6dd18a325f7d03a6fd94eeb6c5885b63c7e135bac786bc4bde82640584e76ab04d9a9e6bf24923b9f05e7e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS028ED87C\ICSharpCode.SharpZipLib.dll

Filesize
207KB

MD5
1e16bad4f6a563c46161bb4fb0cfec4f

SHA1
e86ee8b835814ff6e6d6709a00694d0308cc83f3

SHA256
c7b5080ea8b2753751cb6252a3e9edd2a292d8a141de9e65cd3d0005ebe041e9

SHA512
a0a52c24bde70dfd22d0c7b57a2ae53927a5efd2a6dd18a325f7d03a6fd94eeb6c5885b63c7e135bac786bc4bde82640584e76ab04d9a9e6bf24923b9f05e7e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS028ED87C\ICSharpCode.SharpZipLib.dll

Filesize
207KB

MD5
1e16bad4f6a563c46161bb4fb0cfec4f

SHA1
e86ee8b835814ff6e6d6709a00694d0308cc83f3

SHA256
c7b5080ea8b2753751cb6252a3e9edd2a292d8a141de9e65cd3d0005ebe041e9

SHA512
a0a52c24bde70dfd22d0c7b57a2ae53927a5efd2a6dd18a325f7d03a6fd94eeb6c5885b63c7e135bac786bc4bde82640584e76ab04d9a9e6bf24923b9f05e7e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS028ED87C\ICSharpCode.SharpZipLib.dll

Filesize
207KB

MD5
1e16bad4f6a563c46161bb4fb0cfec4f

SHA1
e86ee8b835814ff6e6d6709a00694d0308cc83f3

SHA256
c7b5080ea8b2753751cb6252a3e9edd2a292d8a141de9e65cd3d0005ebe041e9

SHA512
a0a52c24bde70dfd22d0c7b57a2ae53927a5efd2a6dd18a325f7d03a6fd94eeb6c5885b63c7e135bac786bc4bde82640584e76ab04d9a9e6bf24923b9f05e7e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS028ED87C\Newtonsoft.Json.dll

Filesize
426KB

MD5
6fe086f542ae0dde2ab0162a87b63192

SHA1
a940664ce30f1938fed543d23e3715732315ab2f

SHA256
484a60598618c20e518c0acb0a2d5296fb64d15dea2edda698a178caba16ce27

SHA512
ca4c8682b169385a2b2795a3c128b985123d40670a55b8d5d5545e3377568be396d370808d14d099c583991e3ca438e1d48963c4e1620131e1ba4691f8f40ca2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS028ED87C\Newtonsoft.Json.dll

Filesize
426KB

MD5
6fe086f542ae0dde2ab0162a87b63192

SHA1
a940664ce30f1938fed543d23e3715732315ab2f

SHA256
484a60598618c20e518c0acb0a2d5296fb64d15dea2edda698a178caba16ce27

SHA512
ca4c8682b169385a2b2795a3c128b985123d40670a55b8d5d5545e3377568be396d370808d14d099c583991e3ca438e1d48963c4e1620131e1ba4691f8f40ca2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS028ED87C\Newtonsoft.Json.dll

Filesize
426KB

MD5
6fe086f542ae0dde2ab0162a87b63192

SHA1
a940664ce30f1938fed543d23e3715732315ab2f

SHA256
484a60598618c20e518c0acb0a2d5296fb64d15dea2edda698a178caba16ce27

SHA512
ca4c8682b169385a2b2795a3c128b985123d40670a55b8d5d5545e3377568be396d370808d14d099c583991e3ca438e1d48963c4e1620131e1ba4691f8f40ca2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS028ED87C\Newtonsoft.Json.dll

Filesize
426KB

MD5
6fe086f542ae0dde2ab0162a87b63192

SHA1
a940664ce30f1938fed543d23e3715732315ab2f

SHA256
484a60598618c20e518c0acb0a2d5296fb64d15dea2edda698a178caba16ce27

SHA512
ca4c8682b169385a2b2795a3c128b985123d40670a55b8d5d5545e3377568be396d370808d14d099c583991e3ca438e1d48963c4e1620131e1ba4691f8f40ca2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS028ED87C\Newtonsoft.Json.dll

Filesize
426KB

MD5
6fe086f542ae0dde2ab0162a87b63192

SHA1
a940664ce30f1938fed543d23e3715732315ab2f

SHA256
484a60598618c20e518c0acb0a2d5296fb64d15dea2edda698a178caba16ce27

SHA512
ca4c8682b169385a2b2795a3c128b985123d40670a55b8d5d5545e3377568be396d370808d14d099c583991e3ca438e1d48963c4e1620131e1ba4691f8f40ca2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS028ED87C\WebCompanionInstaller.exe

Filesize
461KB

MD5
4a5b051edbc60c58d0fa08810ab2fa0a

SHA1
0430c9096463c70cfabd1e831df7121fc39ba811

SHA256
4f388b54e9ba62572013722783938e1603fe3e76b5b02031ed33df09c1c73eaa

SHA512
9a9e0e5f85ff379d5927fe0525592b8378b40b6237e8f0b9c34fa667246140ebe26883575d3d8e0c437e3a2571cd0bc39337f3fac88694537c4fefe227ad63cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS028ED87C\WebCompanionInstaller.exe

Filesize
461KB

MD5
4a5b051edbc60c58d0fa08810ab2fa0a

SHA1
0430c9096463c70cfabd1e831df7121fc39ba811

SHA256
4f388b54e9ba62572013722783938e1603fe3e76b5b02031ed33df09c1c73eaa

SHA512
9a9e0e5f85ff379d5927fe0525592b8378b40b6237e8f0b9c34fa667246140ebe26883575d3d8e0c437e3a2571cd0bc39337f3fac88694537c4fefe227ad63cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS028ED87C\WebCompanionInstaller.exe.config

Filesize
2KB

MD5
ebacec1e9929bd429c709a9fd0c210ac

SHA1
a6a847fd94fa1d243108ecac6eb75e14033a93c0

SHA256
ae0e80f5549f5ad5ef0996882a2e0f997ff3724e63a35c9bca9001b10f58dee6

SHA512
8a7f4dccf0fd9888d19f01358c751a917d707c5b2ce01852224a4d3f70440d0e026dd824ac51f07942ad7722d07e949798cc044dccd32559f35651f01efcd196

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS028ED87C\es-ES\WebCompanionInstaller.resources.dll

Filesize
10KB

MD5
09681ef51303e2e6cd5e6713ff294435

SHA1
cb9e18aa9d899b8e75c9260066cb56dcaae93154

SHA256
38eb66e04d8eef91d6ebf0808d76e55de1f347d4d464bbd5bf545e11900de6c6

SHA512
0ae7388399f67b3d14e09e3f7bc47dd18dff87ccaee279f7cceb614a053d3327062e898ffd2eddfade8b0d5b8cc074beaf439abb8e9964199817fc43cc7659ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS028ED87C\es-ES\WebCompanionInstaller.resources.dll

Filesize
10KB

MD5
09681ef51303e2e6cd5e6713ff294435

SHA1
cb9e18aa9d899b8e75c9260066cb56dcaae93154

SHA256
38eb66e04d8eef91d6ebf0808d76e55de1f347d4d464bbd5bf545e11900de6c6

SHA512
0ae7388399f67b3d14e09e3f7bc47dd18dff87ccaee279f7cceb614a053d3327062e898ffd2eddfade8b0d5b8cc074beaf439abb8e9964199817fc43cc7659ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS028ED87C\es-ES\WebCompanionInstaller.resources.dll

Filesize
10KB

MD5
09681ef51303e2e6cd5e6713ff294435

SHA1
cb9e18aa9d899b8e75c9260066cb56dcaae93154

SHA256
38eb66e04d8eef91d6ebf0808d76e55de1f347d4d464bbd5bf545e11900de6c6

SHA512
0ae7388399f67b3d14e09e3f7bc47dd18dff87ccaee279f7cceb614a053d3327062e898ffd2eddfade8b0d5b8cc074beaf439abb8e9964199817fc43cc7659ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS028ED87C\es-ES\WebCompanionInstaller.resources.dll

Filesize
10KB

MD5
09681ef51303e2e6cd5e6713ff294435

SHA1
cb9e18aa9d899b8e75c9260066cb56dcaae93154

SHA256
38eb66e04d8eef91d6ebf0808d76e55de1f347d4d464bbd5bf545e11900de6c6

SHA512
0ae7388399f67b3d14e09e3f7bc47dd18dff87ccaee279f7cceb614a053d3327062e898ffd2eddfade8b0d5b8cc074beaf439abb8e9964199817fc43cc7659ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS028ED87C\es-ES\WebCompanionInstaller.resources.dll

Filesize
10KB

MD5
09681ef51303e2e6cd5e6713ff294435

SHA1
cb9e18aa9d899b8e75c9260066cb56dcaae93154

SHA256
38eb66e04d8eef91d6ebf0808d76e55de1f347d4d464bbd5bf545e11900de6c6

SHA512
0ae7388399f67b3d14e09e3f7bc47dd18dff87ccaee279f7cceb614a053d3327062e898ffd2eddfade8b0d5b8cc074beaf439abb8e9964199817fc43cc7659ab

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll

Filesize
199KB

MD5
719abfcdfe4a420ed8db4b1f407b27c0

SHA1
d8b5b8b670e10a00c3b2b21d147568b6c4a68edd

SHA256
4fd95a547d9604810e3ec80d63a564492a1a2d050f985bc228a191e3fdf5631c

SHA512
b970be97e23a5f97d70d9ae87512a596e0bec22ec6e76e8198318ec0c8a2b36cfa9064ed6e7bf514ab44d6dfde07a0c37c67167c54bfebded1ecb3b94d9ce7e6

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe

Filesize
9.2MB

MD5
7bb65bb24e9a4a04e8d3423d12cf4665

SHA1
29a28ec509fd7e46eead9730d910bc9261babd1e

SHA256
263d145e44bbef5f1a7b33d5d22ea33a941ef339a567d853e257e5b07540049e

SHA512
893a9538efc74bf9c2f55c537abc6a227e02a992d42321d29e81b45bd7394cb1b4729371dbc1536fa8e75442b4f48cfdce1b09af829c8a381e848527f52aa01e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe

Filesize
9.2MB

MD5
7bb65bb24e9a4a04e8d3423d12cf4665

SHA1
29a28ec509fd7e46eead9730d910bc9261babd1e

SHA256
263d145e44bbef5f1a7b33d5d22ea33a941ef339a567d853e257e5b07540049e

SHA512
893a9538efc74bf9c2f55c537abc6a227e02a992d42321d29e81b45bd7394cb1b4729371dbc1536fa8e75442b4f48cfdce1b09af829c8a381e848527f52aa01e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe.config

Filesize
19KB

MD5
1f6d2003038e80d41622133f99babbfb

SHA1
15d65abfa15dcca59ea4b31dac689377497e4596

SHA256
00686f103e7774f6ec676fd9fecfe5424bdfb31cd1dd82625fd8c7d3e2f427f7

SHA512
87b61780297fe072e2054269d7effd69ea85bf414279d12c0232cecebefb07435a727bc69a234681e7a2be862699a73ca79a83b1354406936cf9286d96cc8fd0

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\log4net.dll

Filesize
315KB

MD5
1d468bb4ca5c3664f208dea11633d570

SHA1
2ea73e477abd6ae06fde8aebd1bd72ebd569fb2b

SHA256
73c4b4c46095f46aa422f0caf810bb053704c3ca6cc938a8c74b8db2ab1e5318

SHA512
7a7b8f34a4797c02bed552cce89db5a02a4952355dd45be4ac4bab6a8f283a1c7036f343516a1778243a978745537d23e3e382c9dc9e496b79cf909aefd5ba7e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\log4net.dll

Filesize
315KB

MD5
1d468bb4ca5c3664f208dea11633d570

SHA1
2ea73e477abd6ae06fde8aebd1bd72ebd569fb2b

SHA256
73c4b4c46095f46aa422f0caf810bb053704c3ca6cc938a8c74b8db2ab1e5318

SHA512
7a7b8f34a4797c02bed552cce89db5a02a4952355dd45be4ac4bab6a8f283a1c7036f343516a1778243a978745537d23e3e382c9dc9e496b79cf909aefd5ba7e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\log4net.dll

Filesize
315KB

MD5
1d468bb4ca5c3664f208dea11633d570

SHA1
2ea73e477abd6ae06fde8aebd1bd72ebd569fb2b

SHA256
73c4b4c46095f46aa422f0caf810bb053704c3ca6cc938a8c74b8db2ab1e5318

SHA512
7a7b8f34a4797c02bed552cce89db5a02a4952355dd45be4ac4bab6a8f283a1c7036f343516a1778243a978745537d23e3e382c9dc9e496b79cf909aefd5ba7e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\log4net.dll

Filesize
315KB

MD5
1d468bb4ca5c3664f208dea11633d570

SHA1
2ea73e477abd6ae06fde8aebd1bd72ebd569fb2b

SHA256
73c4b4c46095f46aa422f0caf810bb053704c3ca6cc938a8c74b8db2ab1e5318

SHA512
7a7b8f34a4797c02bed552cce89db5a02a4952355dd45be4ac4bab6a8f283a1c7036f343516a1778243a978745537d23e3e382c9dc9e496b79cf909aefd5ba7e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\log4net.dll

Filesize
315KB

MD5
1d468bb4ca5c3664f208dea11633d570

SHA1
2ea73e477abd6ae06fde8aebd1bd72ebd569fb2b

SHA256
73c4b4c46095f46aa422f0caf810bb053704c3ca6cc938a8c74b8db2ab1e5318

SHA512
7a7b8f34a4797c02bed552cce89db5a02a4952355dd45be4ac4bab6a8f283a1c7036f343516a1778243a978745537d23e3e382c9dc9e496b79cf909aefd5ba7e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\ActiveFeatures.zip

Filesize
394B

MD5
db0f10e7deb256d7cccdc7ee913e3d77

SHA1
c8aada9c4069b63023e646e75f88fcfe21b09ed0

SHA256
e35a3c016523c2fd013df5190373ad4c16435c3b66aaa77b2742b2d51654e7b6

SHA512
0d13700f658a00ece91f76bb539558697ca8a350887e5e70589e1e88386c6124c591bc04bd9e44b2849df41a096d5bb61cc6f332fe2b25392fb25520f58e0a26

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\ServicePartnerInfo.txt

Filesize
174B

MD5
7a367b721fcb0f37797915b1816a2c51

SHA1
972fcdc13c5214712bf8caeb74307528e2eaf14b

SHA256
2a71aa9b810c34a1e3b71ca6fedacac650bc88d228e46576f64f32c04a717bbb

SHA512
b08147ab7e8a81e7c7a907ca1469fbe09570eb88027369a1d5e92a54789ed82c1a74e13527505e949d3a884c7dd869dff4cc83a705e0cd20e49fbe0e6ba53eff

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.new

Filesize
978B

MD5
1e745bb48ac335877971d99aaa50e05e

SHA1
00123b21acd0a51315cae3c1bdbb35a807bf9293

SHA256
84ee548b68eba2296314da89c14afe58b2071e3ec4623569b7c7781b588e9847

SHA512
7b989369bc7b809e30bd031b4d46c3ba9f2c24e180b2cbf6780d4f8a7a51e05e1f21f0573c949f0403686778afe35a0c54b6ca00a0c460999f1ff0d3bd7e2353

Download Submit
C:\Users\Admin\Downloads\Setup_WebCompanion.exe

Filesize
553KB

MD5
2d16d0af6183803a79d9ef5c744286c4

SHA1
57951659a97cae22515930ade52b0dd2aea9bbe6

SHA256
1c74e7421f2021b46ee256e5f02d94c1bce15da107c8c997c611055412de1ac1

SHA512
080a0ca0f923f57db6e400bac89c462852d56c537da55916154613809e4333484a09341b675140b676a74578f924f4ca93c512eeb00e2655822aaef4630c2fe1

Download Submit
C:\Users\Admin\Downloads\Setup_WebCompanion.exe

Filesize
553KB

MD5
2d16d0af6183803a79d9ef5c744286c4

SHA1
57951659a97cae22515930ade52b0dd2aea9bbe6

SHA256
1c74e7421f2021b46ee256e5f02d94c1bce15da107c8c997c611055412de1ac1

SHA512
080a0ca0f923f57db6e400bac89c462852d56c537da55916154613809e4333484a09341b675140b676a74578f924f4ca93c512eeb00e2655822aaef4630c2fe1

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 477781.crdownload

Filesize
553KB

MD5
2d16d0af6183803a79d9ef5c744286c4

SHA1
57951659a97cae22515930ade52b0dd2aea9bbe6

SHA256
1c74e7421f2021b46ee256e5f02d94c1bce15da107c8c997c611055412de1ac1

SHA512
080a0ca0f923f57db6e400bac89c462852d56c537da55916154613809e4333484a09341b675140b676a74578f924f4ca93c512eeb00e2655822aaef4630c2fe1

Download Submit
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new

Filesize
466B

MD5
1cf302409907fcb3aab33903d50ec99c

SHA1
2003e286b7cff3621bed43540352daaf0dc9d010

SHA256
1e31e4be7327a7f31bec727a55f49d74959a0837f3b0e17400faa354bfab8d19

SHA512
686dc633f55069c618232c6412d359fcf0d413dc59214a816989e4df8d6fc73df85fc7492d98b0fdc713a6a26c312c562cdeab978d11a3146b115709a9b2f9dd

Download Submit
memory/408-1200-0x0000000001BF0000-0x0000000001C00000-memory.dmp

Filesize
64KB

Download
memory/408-1015-0x0000000001BF0000-0x0000000001C00000-memory.dmp

Filesize
64KB

Download
memory/1276-754-0x0000000000BB0000-0x0000000000BC0000-memory.dmp

Filesize
64KB

Download
memory/1276-758-0x000000001A860000-0x000000001A996000-memory.dmp

Filesize
1.2MB

Download
memory/1276-755-0x00000000001F0000-0x00000000001FC000-memory.dmp

Filesize
48KB

Download
memory/1276-994-0x0000000000BB0000-0x0000000000BC0000-memory.dmp

Filesize
64KB

Download
memory/1276-756-0x0000000000B80000-0x0000000000BA0000-memory.dmp

Filesize
128KB

Download
memory/1276-757-0x000000001A150000-0x000000001A524000-memory.dmp

Filesize
3.8MB

Download
memory/1276-781-0x0000000000BB0000-0x0000000000BC0000-memory.dmp

Filesize
64KB

Download
memory/2996-2402-0x0000000001140000-0x0000000001150000-memory.dmp

Filesize
64KB

Download
memory/2996-2146-0x0000000001140000-0x0000000001150000-memory.dmp

Filesize
64KB

Download
memory/3036-2471-0x00000214B5770000-0x00000214B5771000-memory.dmp

Filesize
4KB

Download
memory/3036-2468-0x00000214B5770000-0x00000214B5771000-memory.dmp

Filesize
4KB

Download
memory/3036-2474-0x00000214B5770000-0x00000214B5771000-memory.dmp

Filesize
4KB

Download
memory/3036-2473-0x00000214B5770000-0x00000214B5771000-memory.dmp

Filesize
4KB

Download
memory/3036-2472-0x00000214B5770000-0x00000214B5771000-memory.dmp

Filesize
4KB

Download
memory/3036-2462-0x00000214B5770000-0x00000214B5771000-memory.dmp

Filesize
4KB

Download
memory/3036-2461-0x00000214B5770000-0x00000214B5771000-memory.dmp

Filesize
4KB

Download
memory/3036-2460-0x00000214B5770000-0x00000214B5771000-memory.dmp

Filesize
4KB

Download
memory/3036-2467-0x00000214B5770000-0x00000214B5771000-memory.dmp

Filesize
4KB

Download
memory/3036-2469-0x00000214B5770000-0x00000214B5771000-memory.dmp

Filesize
4KB

Download
memory/3836-2633-0x0000000001F40000-0x0000000001F50000-memory.dmp

Filesize
64KB

Download
memory/3836-2829-0x0000000001F40000-0x0000000001F50000-memory.dmp

Filesize
64KB

Download
memory/3872-780-0x00000000016E0000-0x00000000016F0000-memory.dmp

Filesize
64KB

Download
memory/3872-997-0x00000000016E0000-0x00000000016F0000-memory.dmp

Filesize
64KB

Download
memory/3872-753-0x00000000016E0000-0x00000000016F0000-memory.dmp

Filesize
64KB

Download
memory/3872-721-0x00000000016E0000-0x00000000016F0000-memory.dmp

Filesize
64KB

Download
memory/3872-768-0x00000000016E0000-0x00000000016F0000-memory.dmp

Filesize
64KB

Download
memory/3872-770-0x00000000016E0000-0x00000000016F0000-memory.dmp

Filesize
64KB

Download
memory/3872-998-0x00000000016E0000-0x00000000016F0000-memory.dmp

Filesize
64KB

Download
memory/3872-769-0x00000000016E0000-0x00000000016F0000-memory.dmp

Filesize
64KB

Download