gcleaner | 8fe23c7ce77f896f97eb21dc5551854519c68efe224c646f6146e7e21683d820

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
01/06/2023, 07:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Adobe Photoshop 2023 29.7.5.320 (x64) + Crack.exe
Size

7.9MB
MD5

2d998c4036a0b19b9c774ba6f6e757fa
SHA1

f5439f14e60f82ae08e4fcf6fe1a7064af62bd95
SHA256

8fe23c7ce77f896f97eb21dc5551854519c68efe224c646f6146e7e21683d820
SHA512

42e9cb87da3028988aac976f810ba055a8e7bf222bdd929a49fa34ae960b897bed67b6a25d4fd619a55e52441a666e5f82590630ddee7bc6825c0630e06e868f
SSDEEP

196608:dYODeNKfSlDUi8FMkMYTdbdODeNKfSlDUDt5o9x:OKEK6LiMkMwKEK60o9x

Score

10^/10

gcleaner discovery loader persistence

Malware Config

Extracted

Family

gcleaner

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Signatures

GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
loader gcleaner
Creates new service(s) 1 TTPs
persistence

New Service
T1050
Downloads MZ/PE file

Drops file in Drivers directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\DRIVERS\SETFF75.tmp	RunDLL32.Exe
File created	C:\Windows\system32\DRIVERS\SETFF75.tmp	RunDLL32.Exe
File opened for modification	C:\Windows\system32\DRIVERS\bddci.sys	RunDLL32.Exe

Executes dropped EXE 9 IoCs

pid	Process
1996	Adobe Photoshop 2023 29.7.5.320 (x64) + Crack.tmp
1744	setup.exe
1620	setup.tmp
1696	s0.exe
1628	s1.exe
1924	WebCompanionInstaller.exe
460	Process not Found
1516	DCIService.exe
1484	WebCompanion.exe

Loads dropped DLL 64 IoCs

pid	Process
1400	Adobe Photoshop 2023 29.7.5.320 (x64) + Crack.exe
1996	Adobe Photoshop 2023 29.7.5.320 (x64) + Crack.tmp
1996	Adobe Photoshop 2023 29.7.5.320 (x64) + Crack.tmp
1996	Adobe Photoshop 2023 29.7.5.320 (x64) + Crack.tmp
1996	Adobe Photoshop 2023 29.7.5.320 (x64) + Crack.tmp
1996	Adobe Photoshop 2023 29.7.5.320 (x64) + Crack.tmp
1744	setup.exe
1620	setup.tmp
1620	setup.tmp
1620	setup.tmp
1620	setup.tmp
1628	s1.exe
1924	WebCompanionInstaller.exe
1924	WebCompanionInstaller.exe
1924	WebCompanionInstaller.exe
1924	WebCompanionInstaller.exe
1924	WebCompanionInstaller.exe
1924	WebCompanionInstaller.exe
1516	DCIService.exe
1516	DCIService.exe
1516	DCIService.exe
1516	DCIService.exe
1516	DCIService.exe
1516	DCIService.exe
1516	DCIService.exe
1516	DCIService.exe
1516	DCIService.exe
1516	DCIService.exe
1516	DCIService.exe
1516	DCIService.exe
1516	DCIService.exe
1516	DCIService.exe
1516	DCIService.exe
1516	DCIService.exe
1516	DCIService.exe
1516	DCIService.exe
1516	DCIService.exe
1516	DCIService.exe
1516	DCIService.exe
1516	DCIService.exe
1924	WebCompanionInstaller.exe
1924	WebCompanionInstaller.exe
1924	WebCompanionInstaller.exe
1484	WebCompanion.exe
1484	WebCompanion.exe
1484	WebCompanion.exe
1484	WebCompanion.exe
1484	WebCompanion.exe
1484	WebCompanion.exe
1484	WebCompanion.exe
1484	WebCompanion.exe
1484	WebCompanion.exe
1484	WebCompanion.exe
1484	WebCompanion.exe
1484	WebCompanion.exe
1484	WebCompanion.exe
1484	WebCompanion.exe
1484	WebCompanion.exe
1484	WebCompanion.exe
1484	WebCompanion.exe
1484	WebCompanion.exe
1484	WebCompanion.exe
1484	WebCompanion.exe
1484	WebCompanion.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o"	RunDLL32.Exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Application\BCUEngineS.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Search.exe	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\bddci_uninstall.cmd	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\bridge_start.cmd	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Application\Esent.Interop.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\Win32\scan.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-crt-runtime-l1-1-0.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\bdnc.ini	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\http.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Automation.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-crt-private-l1-1-0.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\bddci_reinstall_boot.cmd	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe.config	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\Win32\api-ms-win-core-localization-l1-2-0.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\Win32\api-ms-win-crt-time-l1-1-0.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-crt-environment-l1-1-0.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Application\fr-CA\WebCompanion.resources.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe.config	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-crt-string-l1-1-0.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\bridge_install.cmd	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\Win32\api-ms-win-crt-locale-l1-1-0.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\Win32\msvcp140.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\vcruntime140_1.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Application\acs17.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\Win32\bddci_reinstall.cmd	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\Win32\concrt140.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-crt-math-l1-1-0.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-core-file-l1-2-0.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Application\Interop.LavasoftTcpServiceLib.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\Win32\api-ms-win-core-errorhandling-l1-1-0.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\Win32\bddci_start.cmd	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\Win32\bridge_stop.cmd	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-crt-heap-l1-1-0.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-crt-utility-l1-1-0.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Application\ru-RU\WebCompanionInstaller.resources.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-core-file-l1-1-0.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-core-libraryloader-l1-1-0.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\lsa.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Application\pt-BR\WebCompanionInstaller.resources.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\Win32\api-ms-win-core-processthreads-l1-1-1.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-core-heap-l1-1-0.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-crt-multibyte-l1-1-0.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\Win32\bddci.sys	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\Win32\vcruntime140.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\Win32\DCIService.exe	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-core-debug-l1-1-0.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\Win32\api-ms-win-core-console-l1-1-0.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\Win32\api-ms-win-core-handle-l1-1-0.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\Win32\bridge_start.cmd	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\bridge_stop.cmd	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\Win32\api-ms-win-core-interlocked-l1-1-0.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\Win32\api-ms-win-core-synch-l1-2-0.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\msvcp140_1.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Application\Microsoft.mshtml.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\Win32\api-ms-win-crt-runtime-l1-1-0.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Application\Interop.IWshRuntimeLibrary.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionIcon_Pro.ico	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\Win32\api-ms-win-crt-multibyte-l1-1-0.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\Win32\api-ms-win-core-rtlsupport-l1-1-0.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-core-localization-l1-2-0.dll	WebCompanionInstaller.exe
File created	C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\pop3.dll	WebCompanionInstaller.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.app.log	RunDLL32.Exe

Launches sc.exe 6 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
1696	sc.exe
2036	sc.exe
1956	sc.exe
552	sc.exe
1212	sc.exe
1888	sc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	runonce.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	runonce.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
964	taskkill.exe

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	WebCompanionInstaller.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1996	Adobe Photoshop 2023 29.7.5.320 (x64) + Crack.tmp
1996	Adobe Photoshop 2023 29.7.5.320 (x64) + Crack.tmp
1924	WebCompanionInstaller.exe
1924	WebCompanionInstaller.exe
1924	WebCompanionInstaller.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1620	setup.tmp

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
460	Process not Found

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	1924	WebCompanionInstaller.exe
Token: SeRestorePrivilege	1552	RunDLL32.Exe
Token: SeRestorePrivilege	1552	RunDLL32.Exe
Token: SeRestorePrivilege	1552	RunDLL32.Exe
Token: SeRestorePrivilege	1552	RunDLL32.Exe
Token: SeRestorePrivilege	1552	RunDLL32.Exe
Token: SeRestorePrivilege	1552	RunDLL32.Exe
Token: SeRestorePrivilege	1552	RunDLL32.Exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1996	Adobe Photoshop 2023 29.7.5.320 (x64) + Crack.tmp

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1400 wrote to memory of 1996	1400	Adobe Photoshop 2023 29.7.5.320 (x64) + Crack.exe	27
PID 1400 wrote to memory of 1996	1400	Adobe Photoshop 2023 29.7.5.320 (x64) + Crack.exe	27
PID 1400 wrote to memory of 1996	1400	Adobe Photoshop 2023 29.7.5.320 (x64) + Crack.exe	27
PID 1400 wrote to memory of 1996	1400	Adobe Photoshop 2023 29.7.5.320 (x64) + Crack.exe	27
PID 1400 wrote to memory of 1996	1400	Adobe Photoshop 2023 29.7.5.320 (x64) + Crack.exe	27
PID 1400 wrote to memory of 1996	1400	Adobe Photoshop 2023 29.7.5.320 (x64) + Crack.exe	27
PID 1400 wrote to memory of 1996	1400	Adobe Photoshop 2023 29.7.5.320 (x64) + Crack.exe	27
PID 1996 wrote to memory of 1744	1996	Adobe Photoshop 2023 29.7.5.320 (x64) + Crack.tmp	28
PID 1996 wrote to memory of 1744	1996	Adobe Photoshop 2023 29.7.5.320 (x64) + Crack.tmp	28
PID 1996 wrote to memory of 1744	1996	Adobe Photoshop 2023 29.7.5.320 (x64) + Crack.tmp	28
PID 1996 wrote to memory of 1744	1996	Adobe Photoshop 2023 29.7.5.320 (x64) + Crack.tmp	28
PID 1996 wrote to memory of 1744	1996	Adobe Photoshop 2023 29.7.5.320 (x64) + Crack.tmp	28
PID 1996 wrote to memory of 1744	1996	Adobe Photoshop 2023 29.7.5.320 (x64) + Crack.tmp	28
PID 1996 wrote to memory of 1744	1996	Adobe Photoshop 2023 29.7.5.320 (x64) + Crack.tmp	28
PID 1744 wrote to memory of 1620	1744	setup.exe	29
PID 1744 wrote to memory of 1620	1744	setup.exe	29
PID 1744 wrote to memory of 1620	1744	setup.exe	29
PID 1744 wrote to memory of 1620	1744	setup.exe	29
PID 1744 wrote to memory of 1620	1744	setup.exe	29
PID 1744 wrote to memory of 1620	1744	setup.exe	29
PID 1744 wrote to memory of 1620	1744	setup.exe	29
PID 1620 wrote to memory of 1696	1620	setup.tmp	32
PID 1620 wrote to memory of 1696	1620	setup.tmp	32
PID 1620 wrote to memory of 1696	1620	setup.tmp	32
PID 1620 wrote to memory of 1696	1620	setup.tmp	32
PID 1696 wrote to memory of 1876	1696	s0.exe	33
PID 1696 wrote to memory of 1876	1696	s0.exe	33
PID 1696 wrote to memory of 1876	1696	s0.exe	33
PID 1696 wrote to memory of 1876	1696	s0.exe	33
PID 1876 wrote to memory of 964	1876	cmd.exe	35
PID 1876 wrote to memory of 964	1876	cmd.exe	35
PID 1876 wrote to memory of 964	1876	cmd.exe	35
PID 1876 wrote to memory of 964	1876	cmd.exe	35
PID 1620 wrote to memory of 1628	1620	setup.tmp	37
PID 1620 wrote to memory of 1628	1620	setup.tmp	37
PID 1620 wrote to memory of 1628	1620	setup.tmp	37
PID 1620 wrote to memory of 1628	1620	setup.tmp	37
PID 1620 wrote to memory of 1628	1620	setup.tmp	37
PID 1620 wrote to memory of 1628	1620	setup.tmp	37
PID 1620 wrote to memory of 1628	1620	setup.tmp	37
PID 1628 wrote to memory of 1924	1628	s1.exe	38
PID 1628 wrote to memory of 1924	1628	s1.exe	38
PID 1628 wrote to memory of 1924	1628	s1.exe	38
PID 1628 wrote to memory of 1924	1628	s1.exe	38
PID 1628 wrote to memory of 1924	1628	s1.exe	38
PID 1628 wrote to memory of 1924	1628	s1.exe	38
PID 1628 wrote to memory of 1924	1628	s1.exe	38
PID 1924 wrote to memory of 2036	1924	WebCompanionInstaller.exe	39
PID 1924 wrote to memory of 2036	1924	WebCompanionInstaller.exe	39
PID 1924 wrote to memory of 2036	1924	WebCompanionInstaller.exe	39
PID 1924 wrote to memory of 2036	1924	WebCompanionInstaller.exe	39
PID 1924 wrote to memory of 1956	1924	WebCompanionInstaller.exe	41
PID 1924 wrote to memory of 1956	1924	WebCompanionInstaller.exe	41
PID 1924 wrote to memory of 1956	1924	WebCompanionInstaller.exe	41
PID 1924 wrote to memory of 1956	1924	WebCompanionInstaller.exe	41
PID 1924 wrote to memory of 552	1924	WebCompanionInstaller.exe	43
PID 1924 wrote to memory of 552	1924	WebCompanionInstaller.exe	43
PID 1924 wrote to memory of 552	1924	WebCompanionInstaller.exe	43
PID 1924 wrote to memory of 552	1924	WebCompanionInstaller.exe	43
PID 1924 wrote to memory of 1552	1924	WebCompanionInstaller.exe	45
PID 1924 wrote to memory of 1552	1924	WebCompanionInstaller.exe	45
PID 1924 wrote to memory of 1552	1924	WebCompanionInstaller.exe	45
PID 1924 wrote to memory of 1552	1924	WebCompanionInstaller.exe	45
PID 1552 wrote to memory of 676	1552	RunDLL32.Exe	46

C:\Users\Admin\AppData\Local\Temp\Adobe Photoshop 2023 29.7.5.320 (x64) + Crack.exe
"C:\Users\Admin\AppData\Local\Temp\Adobe Photoshop 2023 29.7.5.320 (x64) + Crack.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1400
- C:\Users\Admin\AppData\Local\Temp\is-QG3IG.tmp\Adobe Photoshop 2023 29.7.5.320 (x64) + Crack.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-QG3IG.tmp\Adobe Photoshop 2023 29.7.5.320 (x64) + Crack.tmp" /SL5="$70126,7406371,832512,C:\Users\Admin\AppData\Local\Temp\Adobe Photoshop 2023 29.7.5.320 (x64) + Crack.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1996
- - C:\Users\Admin\AppData\Local\Temp\is-VOS2D.tmp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\is-VOS2D.tmp\setup.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1744
  - - C:\Users\Admin\AppData\Local\Temp\is-2Q9IN.tmp\setup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-2Q9IN.tmp\setup.tmp" /SL5="$101B6,922170,832512,C:\Users\Admin\AppData\Local\Temp\is-VOS2D.tmp\setup.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of WriteProcessMemory
      PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\is-SVUN0.tmp\s0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\is-SVUN0.tmp\s0.exe" /mixten SUB=2500
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1696
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c taskkill /im "s0.exe" /f & erase "C:\Users\Admin\AppData\Local\Temp\is-SVUN0.tmp\s0.exe" & exit
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:1876
        
        C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im "s0.exe" /f
        7⤵
        Kills process with taskkill
        
        PID:964
    - - C:\Users\Admin\AppData\Local\Temp\is-SVUN0.tmp\s1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\is-SVUN0.tmp\s1.exe" --silent --partner=IT210801
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\7zSC56E7EBC\WebCompanionInstaller.exe
        
        .\WebCompanionInstaller.exe --partner=IT210801 --version=8.9.0.371 --silent --partner=IT210801
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Program Files directory
        Modifies system certificate store
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1924
        
        C:\Windows\SysWOW64\sc.exe
        
        "sc.exe" Create "WCAssistantService" binPath= "C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe" DisplayName= "WC Assistant" start= auto
        7⤵
        Launches sc.exe
        
        PID:2036
        
        C:\Windows\SysWOW64\sc.exe
        
        "sc.exe" failure WCAssistantService reset= 30 actions= restart/60000
        7⤵
        Launches sc.exe
        
        PID:1956
        
        C:\Windows\SysWOW64\sc.exe
        
        "sc.exe" description "WCAssistantService" "Ad-Aware Web Companion Internet security service"
        7⤵
        Launches sc.exe
        
        PID:552
        
        C:\Windows\system32\RunDLL32.Exe
        
        "C:\Windows\sysnative\RunDLL32.Exe" syssetup,SetupInfObjectInstallAction BootInstall 128 C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\bddci.inf
        7⤵
        Drops file in Drivers directory
        Adds Run key to start application
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1552
        
        C:\Windows\system32\runonce.exe
        
        "C:\Windows\system32\runonce.exe" -r
        8⤵
        Checks processor information in registry
        
        PID:676
        
        C:\Windows\System32\grpconv.exe
        
        "C:\Windows\System32\grpconv.exe" -o
        9⤵
        
        PID:1960
        
        C:\Windows\system32\net.exe
        
        "C:\Windows\sysnative\net.exe" start bddci
        7⤵
        
        PID:1812
        
        C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 start bddci
        8⤵
        
        PID:1884
        
        C:\Windows\SysWOW64\sc.exe
        
        "sc.exe" Create "DCIService" binPath= "C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe" DisplayName= "DCIService" start= auto
        7⤵
        Launches sc.exe
        
        PID:1212
        
        C:\Windows\SysWOW64\sc.exe
        
        "sc.exe" description "DCIService" "Webprotection Bridge service"
        7⤵
        Launches sc.exe
        
        PID:1888
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C "C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\bridge_start.cmd"
        7⤵
        
        PID:1876
        
        C:\Windows\SysWOW64\sc.exe
        
        sc start DCIService
        8⤵
        Launches sc.exe
        
        PID:1696
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C netsh http add urlacl url=http://+:9007/ user=Everyone
        7⤵
        
        PID:480
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh http add urlacl url=http://+:9007/ user=Everyone
        8⤵
        
        PID:580
        
        C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
        
        "C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe" --silent --install --geo=
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1484

C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe
"C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1516

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

New Service

T1050

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

New Service

T1050

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~2\Lavasoft\WEBCOM~1\Service\x64\bddci.sys

Filesize
358KB

MD5
7e8d2dd117579f79f574f8f410364f42

SHA1
44d730b09ac3d193680a0bb2bc985765d636225a

SHA256
bd44c3509f3095551bc3d9379e3e06ca49aac622a6c9d878e07eeb714141530e

SHA512
781dea6b7692646eec06216433c01d1852504c0740560d7083de78f78f186ec0bb7ed992d1dd32950513c66e38921062b5f93094da93799a7cba857e498059fc

Download Submit
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe

Filesize
8.8MB

MD5
2ddb76595361427259ad2733c0e2a92b

SHA1
1b0c897a1ae58c470f20fda67fee7f8f38936c04

SHA256
bbebe32f082f3277298a7a0f72ef8f66b639d91290c1c6bfd4ca4df4f7379690

SHA512
ad1b881eada6dd53ad307991746fbdb2a7e0c772f7c6f9d19e1708d42c18dd461ef20972f7ead5dfc722a61411159f47d9a27c5a5ae2c20eaf6a6d9027836798

Download Submit
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe

Filesize
3.3MB

MD5
3f48b52e8516a306407bb51b0336a228

SHA1
23c5ebd76217dcdd27a89e3f8f73f7825ad29092

SHA256
749622c27fb3fb25531d29dcc0325a9b252e0168e3ce57b7182e88704451763d

SHA512
e9d0b18f92de2f6ff1012b4bd7525d20bebbd97e32248ae2fd75b254eb37c3ce8d35f10a773081437dfd0b7fb03b7020652d868eeb6ce54e85c3c6dd312d632a

Download Submit
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\MSVCP140.dll

Filesize
576KB

MD5
e74caf5d94aa08d046a44ed6ed84a3c5

SHA1
ed9f696fa0902a7c16b257da9b22fb605b72b12e

SHA256
3dedef76c87db736c005d06a8e0d084204b836af361a6bd2ee4651d9c45675e8

SHA512
d3128587bc8d62e4d53f8b5f95eb687bc117a6d5678c08dc6b59b72ea9178a7fd6ae8faa9094d21977c406739d6c38a440134c1c1f6f9a44809e80d162723254

Download Submit
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\VCRUNTIME140.dll

Filesize
99KB

MD5
8697c106593e93c11adc34faa483c4a0

SHA1
cd080c51a97aa288ce6394d6c029c06ccb783790

SHA256
ff43e813785ee948a937b642b03050bb4b1c6a5e23049646b891a66f65d4c833

SHA512
724bbed7ce6f7506e5d0b43399fb3861dda6457a2ad2fafe734f8921c9a4393b480cdd8a435dbdbd188b90236cb98583d5d005e24fa80b5a0622a6322e6f3987

Download Submit
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
7041205ea1a1d9ba68c70333086e6b48

SHA1
5034155f7ec4f91e882eae61fd3481b5a1c62eb0

SHA256
eff4703a71c42bec1166e540aea9eeaf3dc7dfcc453fedcb79c0f3b80807869d

SHA512
aea052076059a8b4230b73936ef8864eb4bb06a8534e34fe9d03cc92102dd01b0635bfce58f4e8c073f47abfd95fb19b6fbfcdaf3bc058a188665ac8d5633eb1

Download Submit
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
8fd05f79565c563a50f23b960f4d77a6

SHA1
98e5e665ef4a3dd6f149733b180c970c60932538

SHA256
3eb57cda91752a2338ee6b83b5e31347be08831d76e7010892bfd97d6ace9b73

SHA512
587a39aecb40eff8e4c58149477ebaeb16db8028d8f7bea9114d34e22cd4074718490a4e3721385995a2b477fe33894a044058880414c9a668657b90b76d464f

Download Submit
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-core-localization-l1-2-0.dll

Filesize
13KB

MD5
769bf2930e7b0ce2e3fb2cbc6630ba2e

SHA1
b9df24d2d37ca8b52ca7eb5c6de414cb3159488a

SHA256
d10ff3164acd8784fe8cc75f5b12f32ce85b12261adb22b8a08e9704b1e5991a

SHA512
9abdcccc8ee21b35f305a91ea001c0b8964d8475680fa95b4afbdc2d42797df543b95fc1bcd72d3d2ccc1d26dff5b3c4e91f1e66753626837602dbf73fc8369b

Download Submit
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
11KB

MD5
6486e2f519a80511ac3de235487bee79

SHA1
b43fd61e62d98eea74cf8eb54ca16c8f8e10c906

SHA256
24cc30d7a3e679989e173ddc0a9e185d6539913af589ee6683c03bf3de485667

SHA512
02331c5b15d9ee5a86a7aaf93d07f9050c9254b0cd5969d51eff329e97e29eea0cb5f2dccfe2bfa30e0e9fc4b222b89719f40a46bd762e3ff0479dbac704792c

Download Submit
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-core-synch-l1-2-0.dll

Filesize
11KB

MD5
a639c64c03544491cd196f1ba08ae6e0

SHA1
3ee08712c85aab71cfbdb43dbef06833daa36ab2

SHA256
a4e57620f941947a570b5559ca5cce2f79e25e046fcb6519e777f32737e5fd60

SHA512
c940d1f4e41067e6d24c96687a22be1cb5ffd6b2b8959d9667ba8db91e64d777d4cd274d5877380d4cfef13f6486b4f0867af02110f96c040686cc0242d5234b

Download Submit
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-core-timezone-l1-1-0.dll

Filesize
11KB

MD5
6f9f9d52087ae4d8d180954b9d42778b

SHA1
67419967a40cc82a0ca4151589677de8226f9693

SHA256
ef1d71fe621341c9751ee59e50cbec1d22947622ffaf8fb1f034c693f1091ef0

SHA512
22a0488613377746c13db9742f2e517f9e31bd563352cc394c3ae12809a22aa1961711e3c0648520e2e11f94411b82d3bb05c7ea1f4d1887aacf85045cf119d7

Download Submit
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-crt-convert-l1-1-0.dll

Filesize
15KB

MD5
ebac9545734cc1bec37c1c32ffaff7d8

SHA1
2b716ce57f0af28d1223f4794cc8696d49ae2f29

SHA256
d09b49f2a30dcc13b7f0de8242fa57d0bdeb22f3b7e6c224be73bc4dd98d3c26

SHA512
0396ea24a6744d48ce18f9ccb270880f74c4b6eab40f8f8baf5fd9b4ad2ac79b830f9b33c13a3fec0206a95ad3824395db6b1825302d1d401d26bdc9eef003b2

Download Submit
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-crt-heap-l1-1-0.dll

Filesize
12KB

MD5
fbfcf220f1bf1051e82a40f349d4beae

SHA1
43154ea6705ab1c34207b66a0a544ac211c1f37d

SHA256
9b9a43b9a32a3d3c3de72b2acca41e051b1e604b45be84985b6a62fb03355e6d

SHA512
e9ab17ceb5449e8303027a08afdbdd118cb59eaea0d5173819d66d3ee01f0cd370d7230a7d609a226b186b151fe2b13e811339fa21f3ec45f843075cedc2a5c0

Download Submit
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
15KB

MD5
a3f630a32d715214d6c46f7c87761213

SHA1
1078c77010065c933a7394d10da93bfb81be2a95

SHA256
d16db68b4020287bb6ce701b71312a9d887874c0d26b9ebd82c3c9b965029562

SHA512
920bb08310eadd7832011ac80edd3e12ce68e54e510949dbbde90adaac497debe050e2b73b9b22d9dc105386c45d558c3f9e37e1c51ed4700dd82b00e80410bc

Download Submit
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
17KB

MD5
c99c9eea4f83a985daf48eed9f79531b

SHA1
56486407c84beecadb88858d69300035e693d9a6

SHA256
7c416d52a7e8d6113ff85bf833cae3e11c45d1c2215b061a5bbd47432b2244a5

SHA512
78b8fd1faada381b7c4b7b6721454a19969011c1d1105fc02ba8246b477440b83dc16f0e0ce0b953a946da9d1971b65315ac29dbb6df237a11becb3d981b16b9

Download Submit
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-crt-string-l1-1-0.dll

Filesize
17KB

MD5
d3d72d7f4c048d46d81a34e4186600b4

SHA1
cdcad0a3df99f9aee0f49c549758ee386a3d915f

SHA256
fd8a73640a158857dd76173c5d97ceeba190e3c3eabf39446936b24032b54116

SHA512
6bf9d2fdc5c2d8cd08bf543ef7a0cdcb69d7658a12bee5601eeb9381b11d78d3c42ef9dd7e132e37d1ec34cc3dc66df0f50aefadfdc927904b520fdc2f994f18

Download Submit
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\bddci.inf

Filesize
2KB

MD5
58b2e13bac1f78e521a408ec5ca8a606

SHA1
e40139e0a3f8b2f5d3a457d1701b527b83bc1541

SHA256
a84e4b890c7cfd488653eaf6cf38f283d8b7e12f467f241a2046818cb9e762de

SHA512
5e25997da0769f2d1217c754efa2b72a1117f1849ec86c90ad3945ec899f52b9237d0d39d8c43df3fdf93b52c26b47f6eafe6009e7cc62389e96d26f84a3f96e

Download Submit
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\bridge_start.cmd

Filesize
49B

MD5
95e8c6cd0a911f1ab4969c06b8cf77a2

SHA1
be1b1f8abd0420f59ecab7bcf8120cdc2ce34195

SHA256
de795f6d8591577054813bee79e7c5b4ee13360039d29aa73971c6b985d26ebd

SHA512
e5eefaf761be7bf3cea207e22e98398093fa0a9d3b459af7df22bfbf07755816737a7b8b261acf01aec8b10b5d8f0d90132a4ecdd83c242b2cde883039fac1ff

Download Submit
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\ucrtbase.DLL

Filesize
938KB

MD5
d4b22fb86c88c071335fe2fb623e40ce

SHA1
cc722eb1098b3a630a990dbceb62e3338b064110

SHA256
2195fef9bd0a01d6b10a2ab77ff4f5bbca01d65d5f6590befc98d80102372605

SHA512
369fb5d80535cb1f8d46512234d7777754648aeab6a3ff1536edc64ca0097a8e8eaa7c68feeabf756de474706f0c7c896b14c4c39cbd5916ad9258f2ed3fcdf1

Download Submit
C:\ProgramData\Lavasoft\Web Companion\Options\ActiveFeatures.zip

Filesize
17KB

MD5
f73194a31d358c8b154bddb32cb3845b

SHA1
5eba0a11c128a564be4bd35ccf331d326f07090f

SHA256
365d64720bf60a75f792f2c3253806f96229ccb2ec8e587bb75c2e7613ecf2ad

SHA512
d00868310865bb483a9a728ecf211941e38cad0c83c3e59a7c841bbaee11b1d50af873e9c687da771c30a693cbcfa40c18722459d3301916ca563161b2ec7167

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.371\ibcgrdvl.newcfg

Filesize
1KB

MD5
e4308a22084be6f951aa99648cdbe1c2

SHA1
dbef8d6b73e101397816c3ade09d4f156987a53b

SHA256
f96bacba602816427d078505dea2b0423bd391313950e8b60258471d7372b446

SHA512
8d1aa1380a5623d247fea0d8e0178cc1dbb61141c7dc45c095930a420a904efbf7f80f3febb5411cb8a152ee12e5e667f6466cf33de58dcdf89e0199fd959867

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.371\user.config

Filesize
338B

MD5
0a35fbae99f45bc0dccdb777ecfd0436

SHA1
65e295fde91f90d55b107680e060895654fe66e4

SHA256
19af84c48a15820c94367390d58588ddad8164b0ac4056c258a766c726329550

SHA512
db3a0973a373c039603c750f0f196cbf65553cddb83739f1942402eaacbe178a775be87c4b034feb706830ae69d20158c3e3ecad8d5d3febc45146b487c3c42c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC56E7EBC\ICSharpCode.SharpZipLib.dll

Filesize
203KB

MD5
a93dac647ee7cddb93f549dcd783b323

SHA1
8569eeb79bf29c67b8bb4aeaa305f37bb3288ed8

SHA256
4f6eb0fe1f4cb547cf03ff19f9a1c051bf0cac1c793b88650f174c360ded3e39

SHA512
44a82d60a560f32aea5370871f1d4b38b0f20bcac0ed46686093efc45a361470085fcc0071e8cc91cdab99fc00438adf220faba802343f84a3cebd46b32d4886

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC56E7EBC\Newtonsoft.Json.dll

Filesize
423KB

MD5
32d2b354d49a144ad9cc73fda584c11c

SHA1
8024998509d082f984b84f8235637b626944ba78

SHA256
ed30e38e44c49b859b801d05621d8e902d04d502ebf5de676de04c23825b0290

SHA512
c8d94823790264a0b3e9158c3453e4babf6523cd38ce626091f84d9b100e5fc5ab39d7ef6e082b207b54171e26136cce2033a99b7e2d1a17d8f0b2996723f491

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC56E7EBC\WebCompanionInstaller.exe

Filesize
451KB

MD5
fb2ce6e0d7d5944e86697425c10cd11f

SHA1
0d4bee7a0b9350a3906bc4704cae72159dd83729

SHA256
ded4d86bf32884b7ad4639e26b4c79c0140060b8bca23660d31ebbcd66fa25b8

SHA512
e6daec17cf11ce4d9ccb28a489be80f1960a0a639138d2c770a5f84ddf7593f64824078796df7aa72e8407aae596333f646fea225207563f3e46dfcb1140eb8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC56E7EBC\WebCompanionInstaller.exe

Filesize
451KB

MD5
fb2ce6e0d7d5944e86697425c10cd11f

SHA1
0d4bee7a0b9350a3906bc4704cae72159dd83729

SHA256
ded4d86bf32884b7ad4639e26b4c79c0140060b8bca23660d31ebbcd66fa25b8

SHA512
e6daec17cf11ce4d9ccb28a489be80f1960a0a639138d2c770a5f84ddf7593f64824078796df7aa72e8407aae596333f646fea225207563f3e46dfcb1140eb8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC56E7EBC\WebCompanionInstaller.exe.config

Filesize
2KB

MD5
d9385bdc6e1554260cb7d30f6464dd9e

SHA1
b26637f3a18a503f5fd0fcf5d6cc20c087082052

SHA256
80a15ac4f887309d99b0e6566644a6fb95c028e8e90b130ceec54d808879a81c

SHA512
4dee0f7e2dae834f171766c3f7097660faf0bcbdaa57dd248c5c484c290e36d1b9e5599edd75dbdf2cc730ff872ce3bf7a5329941c84475bfac0bb25f01f4667

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBBE3.tmp

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBC43.tmp

Filesize
161KB

MD5
73b4b714b42fc9a6aaefd0ae59adb009

SHA1
efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

SHA256
c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

SHA512
73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBF57.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2Q9IN.tmp\setup.tmp

Filesize
3.1MB

MD5
8c50315d0a2325deaafa9cd9daa82cbf

SHA1
0e6cdc38d606805e98ceb863e468f445274815ae

SHA256
5c50d35d3436f667810b54e61aa844130415c117e8ae1283304e0cc772be6a4c

SHA512
e8a0ef621f84a4d45989d06d0e810c30e0e017da3c71f7cd6052ee41c2d96ed317d8d837a6d816070c31d60b067a5a7c003a2bb5858eddad221d86c569228a39

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2Q9IN.tmp\setup.tmp

Filesize
3.1MB

MD5
8c50315d0a2325deaafa9cd9daa82cbf

SHA1
0e6cdc38d606805e98ceb863e468f445274815ae

SHA256
5c50d35d3436f667810b54e61aa844130415c117e8ae1283304e0cc772be6a4c

SHA512
e8a0ef621f84a4d45989d06d0e810c30e0e017da3c71f7cd6052ee41c2d96ed317d8d837a6d816070c31d60b067a5a7c003a2bb5858eddad221d86c569228a39

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QG3IG.tmp\Adobe Photoshop 2023 29.7.5.320 (x64) + Crack.tmp

Filesize
3.1MB

MD5
92dcce0bc1ac275d46b591ea6a3656de

SHA1
3ee8b7c0f3cd7fa492b886bf4291c6e575defc6d

SHA256
bfd241454512188710a86c84c74b625fd260333abc7fc8e15bfacc7fe1750988

SHA512
6f96af5dc358479fc8131e455a6c8e1dc339a993a1549a1e90310fedd4d95bdf7a8d6892347f4a9509e7c4b1fe95fa4d155e32d7ec617683604c2efef9240499

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QG3IG.tmp\Adobe Photoshop 2023 29.7.5.320 (x64) + Crack.tmp

Filesize
3.1MB

MD5
92dcce0bc1ac275d46b591ea6a3656de

SHA1
3ee8b7c0f3cd7fa492b886bf4291c6e575defc6d

SHA256
bfd241454512188710a86c84c74b625fd260333abc7fc8e15bfacc7fe1750988

SHA512
6f96af5dc358479fc8131e455a6c8e1dc339a993a1549a1e90310fedd4d95bdf7a8d6892347f4a9509e7c4b1fe95fa4d155e32d7ec617683604c2efef9240499

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-SVUN0.tmp\s0.exe

Filesize
280KB

MD5
9b785f5fd2ae2d63b26ed46e7a11c082

SHA1
5faf5c3fcdb0677252ee7349c791365aa1c84f93

SHA256
469e2bfe039b0800faa99bbd49197946532c42c44de30245c9fd526cdd088a15

SHA512
e529020264e55d7e12b23c21b74f73a61f0a4d0bbca2e1c5c5aeef73368312b0bcbbebdd9fe686c3a7a421bfdeeb6b0a00e3ffe9d682cb4b50342a8a11ed4abc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-SVUN0.tmp\s0.exe

Filesize
280KB

MD5
9b785f5fd2ae2d63b26ed46e7a11c082

SHA1
5faf5c3fcdb0677252ee7349c791365aa1c84f93

SHA256
469e2bfe039b0800faa99bbd49197946532c42c44de30245c9fd526cdd088a15

SHA512
e529020264e55d7e12b23c21b74f73a61f0a4d0bbca2e1c5c5aeef73368312b0bcbbebdd9fe686c3a7a421bfdeeb6b0a00e3ffe9d682cb4b50342a8a11ed4abc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-SVUN0.tmp\s0.exe

Filesize
280KB

MD5
9b785f5fd2ae2d63b26ed46e7a11c082

SHA1
5faf5c3fcdb0677252ee7349c791365aa1c84f93

SHA256
469e2bfe039b0800faa99bbd49197946532c42c44de30245c9fd526cdd088a15

SHA512
e529020264e55d7e12b23c21b74f73a61f0a4d0bbca2e1c5c5aeef73368312b0bcbbebdd9fe686c3a7a421bfdeeb6b0a00e3ffe9d682cb4b50342a8a11ed4abc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-SVUN0.tmp\s1.exe

Filesize
542KB

MD5
1fe97398b67bd17b9dacc347da9d5aec

SHA1
59411d138e4a77895e5f280ea63f2b47fce00723

SHA256
e384df976f21e80cda75ebfd070f3ddf564b21d313c198bec6b3d8c1c84c36d5

SHA512
f8736c58b1bb6de8ae0e18c01e2fcad4764275665bbca84ed0ae79620897f846f6a4ffec440d04615d734b8935901c8e7a124d3a7b81bf836d7e227ac7d5da8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-SVUN0.tmp\s1.exe

Filesize
542KB

MD5
1fe97398b67bd17b9dacc347da9d5aec

SHA1
59411d138e4a77895e5f280ea63f2b47fce00723

SHA256
e384df976f21e80cda75ebfd070f3ddf564b21d313c198bec6b3d8c1c84c36d5

SHA512
f8736c58b1bb6de8ae0e18c01e2fcad4764275665bbca84ed0ae79620897f846f6a4ffec440d04615d734b8935901c8e7a124d3a7b81bf836d7e227ac7d5da8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VOS2D.tmp\setup.exe

Filesize
1.7MB

MD5
06b9def138d9a62dcb0032978264e89a

SHA1
c2690f268f82c228ac699d72726a1af484918603

SHA256
f17533345efe0b88151b44376e873c6bd980e03afc10045132023bb4c834a53f

SHA512
5957ef801ac7b457f5dc0ed250faeece9e70d81e43ddf3ceeb6bf8c2c1886014a78eefe495817bdb4977dbfc1601d410fc28010f123dd2de0c021ea3ac87c67c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VOS2D.tmp\setup.exe

Filesize
1.7MB

MD5
06b9def138d9a62dcb0032978264e89a

SHA1
c2690f268f82c228ac699d72726a1af484918603

SHA256
f17533345efe0b88151b44376e873c6bd980e03afc10045132023bb4c834a53f

SHA512
5957ef801ac7b457f5dc0ed250faeece9e70d81e43ddf3ceeb6bf8c2c1886014a78eefe495817bdb4977dbfc1601d410fc28010f123dd2de0c021ea3ac87c67c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VOS2D.tmp\setup.exe

Filesize
1.7MB

MD5
06b9def138d9a62dcb0032978264e89a

SHA1
c2690f268f82c228ac699d72726a1af484918603

SHA256
f17533345efe0b88151b44376e873c6bd980e03afc10045132023bb4c834a53f

SHA512
5957ef801ac7b457f5dc0ed250faeece9e70d81e43ddf3ceeb6bf8c2c1886014a78eefe495817bdb4977dbfc1601d410fc28010f123dd2de0c021ea3ac87c67c

Download Submit
\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe

Filesize
3.3MB

MD5
3f48b52e8516a306407bb51b0336a228

SHA1
23c5ebd76217dcdd27a89e3f8f73f7825ad29092

SHA256
749622c27fb3fb25531d29dcc0325a9b252e0168e3ce57b7182e88704451763d

SHA512
e9d0b18f92de2f6ff1012b4bd7525d20bebbd97e32248ae2fd75b254eb37c3ce8d35f10a773081437dfd0b7fb03b7020652d868eeb6ce54e85c3c6dd312d632a

Download Submit
\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
7041205ea1a1d9ba68c70333086e6b48

SHA1
5034155f7ec4f91e882eae61fd3481b5a1c62eb0

SHA256
eff4703a71c42bec1166e540aea9eeaf3dc7dfcc453fedcb79c0f3b80807869d

SHA512
aea052076059a8b4230b73936ef8864eb4bb06a8534e34fe9d03cc92102dd01b0635bfce58f4e8c073f47abfd95fb19b6fbfcdaf3bc058a188665ac8d5633eb1

Download Submit
\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
8fd05f79565c563a50f23b960f4d77a6

SHA1
98e5e665ef4a3dd6f149733b180c970c60932538

SHA256
3eb57cda91752a2338ee6b83b5e31347be08831d76e7010892bfd97d6ace9b73

SHA512
587a39aecb40eff8e4c58149477ebaeb16db8028d8f7bea9114d34e22cd4074718490a4e3721385995a2b477fe33894a044058880414c9a668657b90b76d464f

Download Submit
\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-core-localization-l1-2-0.dll

Filesize
13KB

MD5
769bf2930e7b0ce2e3fb2cbc6630ba2e

SHA1
b9df24d2d37ca8b52ca7eb5c6de414cb3159488a

SHA256
d10ff3164acd8784fe8cc75f5b12f32ce85b12261adb22b8a08e9704b1e5991a

SHA512
9abdcccc8ee21b35f305a91ea001c0b8964d8475680fa95b4afbdc2d42797df543b95fc1bcd72d3d2ccc1d26dff5b3c4e91f1e66753626837602dbf73fc8369b

Download Submit
\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
11KB

MD5
6486e2f519a80511ac3de235487bee79

SHA1
b43fd61e62d98eea74cf8eb54ca16c8f8e10c906

SHA256
24cc30d7a3e679989e173ddc0a9e185d6539913af589ee6683c03bf3de485667

SHA512
02331c5b15d9ee5a86a7aaf93d07f9050c9254b0cd5969d51eff329e97e29eea0cb5f2dccfe2bfa30e0e9fc4b222b89719f40a46bd762e3ff0479dbac704792c

Download Submit
\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-core-synch-l1-2-0.dll

Filesize
11KB

MD5
a639c64c03544491cd196f1ba08ae6e0

SHA1
3ee08712c85aab71cfbdb43dbef06833daa36ab2

SHA256
a4e57620f941947a570b5559ca5cce2f79e25e046fcb6519e777f32737e5fd60

SHA512
c940d1f4e41067e6d24c96687a22be1cb5ffd6b2b8959d9667ba8db91e64d777d4cd274d5877380d4cfef13f6486b4f0867af02110f96c040686cc0242d5234b

Download Submit
\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-core-timezone-l1-1-0.dll

Filesize
11KB

MD5
6f9f9d52087ae4d8d180954b9d42778b

SHA1
67419967a40cc82a0ca4151589677de8226f9693

SHA256
ef1d71fe621341c9751ee59e50cbec1d22947622ffaf8fb1f034c693f1091ef0

SHA512
22a0488613377746c13db9742f2e517f9e31bd563352cc394c3ae12809a22aa1961711e3c0648520e2e11f94411b82d3bb05c7ea1f4d1887aacf85045cf119d7

Download Submit
\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-crt-heap-l1-1-0.dll

Filesize
12KB

MD5
fbfcf220f1bf1051e82a40f349d4beae

SHA1
43154ea6705ab1c34207b66a0a544ac211c1f37d

SHA256
9b9a43b9a32a3d3c3de72b2acca41e051b1e604b45be84985b6a62fb03355e6d

SHA512
e9ab17ceb5449e8303027a08afdbdd118cb59eaea0d5173819d66d3ee01f0cd370d7230a7d609a226b186b151fe2b13e811339fa21f3ec45f843075cedc2a5c0

Download Submit
\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
15KB

MD5
a3f630a32d715214d6c46f7c87761213

SHA1
1078c77010065c933a7394d10da93bfb81be2a95

SHA256
d16db68b4020287bb6ce701b71312a9d887874c0d26b9ebd82c3c9b965029562

SHA512
920bb08310eadd7832011ac80edd3e12ce68e54e510949dbbde90adaac497debe050e2b73b9b22d9dc105386c45d558c3f9e37e1c51ed4700dd82b00e80410bc

Download Submit
\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
17KB

MD5
c99c9eea4f83a985daf48eed9f79531b

SHA1
56486407c84beecadb88858d69300035e693d9a6

SHA256
7c416d52a7e8d6113ff85bf833cae3e11c45d1c2215b061a5bbd47432b2244a5

SHA512
78b8fd1faada381b7c4b7b6721454a19969011c1d1105fc02ba8246b477440b83dc16f0e0ce0b953a946da9d1971b65315ac29dbb6df237a11becb3d981b16b9

Download Submit
\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-crt-string-l1-1-0.dll

Filesize
17KB

MD5
d3d72d7f4c048d46d81a34e4186600b4

SHA1
cdcad0a3df99f9aee0f49c549758ee386a3d915f

SHA256
fd8a73640a158857dd76173c5d97ceeba190e3c3eabf39446936b24032b54116

SHA512
6bf9d2fdc5c2d8cd08bf543ef7a0cdcb69d7658a12bee5601eeb9381b11d78d3c42ef9dd7e132e37d1ec34cc3dc66df0f50aefadfdc927904b520fdc2f994f18

Download Submit
\Program Files (x86)\Lavasoft\Web Companion\Service\x64\msvcp140.dll

Filesize
576KB

MD5
e74caf5d94aa08d046a44ed6ed84a3c5

SHA1
ed9f696fa0902a7c16b257da9b22fb605b72b12e

SHA256
3dedef76c87db736c005d06a8e0d084204b836af361a6bd2ee4651d9c45675e8

SHA512
d3128587bc8d62e4d53f8b5f95eb687bc117a6d5678c08dc6b59b72ea9178a7fd6ae8faa9094d21977c406739d6c38a440134c1c1f6f9a44809e80d162723254

Download Submit
\Program Files (x86)\Lavasoft\Web Companion\Service\x64\ucrtbase.dll

Filesize
938KB

MD5
d4b22fb86c88c071335fe2fb623e40ce

SHA1
cc722eb1098b3a630a990dbceb62e3338b064110

SHA256
2195fef9bd0a01d6b10a2ab77ff4f5bbca01d65d5f6590befc98d80102372605

SHA512
369fb5d80535cb1f8d46512234d7777754648aeab6a3ff1536edc64ca0097a8e8eaa7c68feeabf756de474706f0c7c896b14c4c39cbd5916ad9258f2ed3fcdf1

Download Submit
\Program Files (x86)\Lavasoft\Web Companion\Service\x64\vcruntime140.dll

Filesize
99KB

MD5
8697c106593e93c11adc34faa483c4a0

SHA1
cd080c51a97aa288ce6394d6c029c06ccb783790

SHA256
ff43e813785ee948a937b642b03050bb4b1c6a5e23049646b891a66f65d4c833

SHA512
724bbed7ce6f7506e5d0b43399fb3861dda6457a2ad2fafe734f8921c9a4393b480cdd8a435dbdbd188b90236cb98583d5d005e24fa80b5a0622a6322e6f3987

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC56E7EBC\ICSharpCode.SharpZipLib.dll

Filesize
203KB

MD5
a93dac647ee7cddb93f549dcd783b323

SHA1
8569eeb79bf29c67b8bb4aeaa305f37bb3288ed8

SHA256
4f6eb0fe1f4cb547cf03ff19f9a1c051bf0cac1c793b88650f174c360ded3e39

SHA512
44a82d60a560f32aea5370871f1d4b38b0f20bcac0ed46686093efc45a361470085fcc0071e8cc91cdab99fc00438adf220faba802343f84a3cebd46b32d4886

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC56E7EBC\ICSharpCode.SharpZipLib.dll

Filesize
203KB

MD5
a93dac647ee7cddb93f549dcd783b323

SHA1
8569eeb79bf29c67b8bb4aeaa305f37bb3288ed8

SHA256
4f6eb0fe1f4cb547cf03ff19f9a1c051bf0cac1c793b88650f174c360ded3e39

SHA512
44a82d60a560f32aea5370871f1d4b38b0f20bcac0ed46686093efc45a361470085fcc0071e8cc91cdab99fc00438adf220faba802343f84a3cebd46b32d4886

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC56E7EBC\ICSharpCode.SharpZipLib.dll

Filesize
203KB

MD5
a93dac647ee7cddb93f549dcd783b323

SHA1
8569eeb79bf29c67b8bb4aeaa305f37bb3288ed8

SHA256
4f6eb0fe1f4cb547cf03ff19f9a1c051bf0cac1c793b88650f174c360ded3e39

SHA512
44a82d60a560f32aea5370871f1d4b38b0f20bcac0ed46686093efc45a361470085fcc0071e8cc91cdab99fc00438adf220faba802343f84a3cebd46b32d4886

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC56E7EBC\Newtonsoft.Json.dll

Filesize
423KB

MD5
32d2b354d49a144ad9cc73fda584c11c

SHA1
8024998509d082f984b84f8235637b626944ba78

SHA256
ed30e38e44c49b859b801d05621d8e902d04d502ebf5de676de04c23825b0290

SHA512
c8d94823790264a0b3e9158c3453e4babf6523cd38ce626091f84d9b100e5fc5ab39d7ef6e082b207b54171e26136cce2033a99b7e2d1a17d8f0b2996723f491

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC56E7EBC\Newtonsoft.Json.dll

Filesize
423KB

MD5
32d2b354d49a144ad9cc73fda584c11c

SHA1
8024998509d082f984b84f8235637b626944ba78

SHA256
ed30e38e44c49b859b801d05621d8e902d04d502ebf5de676de04c23825b0290

SHA512
c8d94823790264a0b3e9158c3453e4babf6523cd38ce626091f84d9b100e5fc5ab39d7ef6e082b207b54171e26136cce2033a99b7e2d1a17d8f0b2996723f491

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC56E7EBC\Newtonsoft.Json.dll

Filesize
423KB

MD5
32d2b354d49a144ad9cc73fda584c11c

SHA1
8024998509d082f984b84f8235637b626944ba78

SHA256
ed30e38e44c49b859b801d05621d8e902d04d502ebf5de676de04c23825b0290

SHA512
c8d94823790264a0b3e9158c3453e4babf6523cd38ce626091f84d9b100e5fc5ab39d7ef6e082b207b54171e26136cce2033a99b7e2d1a17d8f0b2996723f491

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC56E7EBC\WebCompanionInstaller.exe

Filesize
451KB

MD5
fb2ce6e0d7d5944e86697425c10cd11f

SHA1
0d4bee7a0b9350a3906bc4704cae72159dd83729

SHA256
ded4d86bf32884b7ad4639e26b4c79c0140060b8bca23660d31ebbcd66fa25b8

SHA512
e6daec17cf11ce4d9ccb28a489be80f1960a0a639138d2c770a5f84ddf7593f64824078796df7aa72e8407aae596333f646fea225207563f3e46dfcb1140eb8d

Download Submit
\Users\Admin\AppData\Local\Temp\is-2Q9IN.tmp\setup.tmp

Filesize
3.1MB

MD5
8c50315d0a2325deaafa9cd9daa82cbf

SHA1
0e6cdc38d606805e98ceb863e468f445274815ae

SHA256
5c50d35d3436f667810b54e61aa844130415c117e8ae1283304e0cc772be6a4c

SHA512
e8a0ef621f84a4d45989d06d0e810c30e0e017da3c71f7cd6052ee41c2d96ed317d8d837a6d816070c31d60b067a5a7c003a2bb5858eddad221d86c569228a39

Download Submit
\Users\Admin\AppData\Local\Temp\is-QG3IG.tmp\Adobe Photoshop 2023 29.7.5.320 (x64) + Crack.tmp

Filesize
3.1MB

MD5
92dcce0bc1ac275d46b591ea6a3656de

SHA1
3ee8b7c0f3cd7fa492b886bf4291c6e575defc6d

SHA256
bfd241454512188710a86c84c74b625fd260333abc7fc8e15bfacc7fe1750988

SHA512
6f96af5dc358479fc8131e455a6c8e1dc339a993a1549a1e90310fedd4d95bdf7a8d6892347f4a9509e7c4b1fe95fa4d155e32d7ec617683604c2efef9240499

Download Submit
\Users\Admin\AppData\Local\Temp\is-SVUN0.tmp\idp.dll

Filesize
232KB

MD5
55c310c0319260d798757557ab3bf636

SHA1
0892eb7ed31d8bb20a56c6835990749011a2d8de

SHA256
54e7e0ad32a22b775131a6288f083ed3286a9a436941377fc20f85dd9ad983ed

SHA512
e0082109737097658677d7963cbf28d412dca3fa8f5812c2567e53849336ce45ebae2c0430df74bfe16c0f3eebb46961bc1a10f32ca7947692a900162128ae57

Download Submit
\Users\Admin\AppData\Local\Temp\is-SVUN0.tmp\s0.exe

Filesize
280KB

MD5
9b785f5fd2ae2d63b26ed46e7a11c082

SHA1
5faf5c3fcdb0677252ee7349c791365aa1c84f93

SHA256
469e2bfe039b0800faa99bbd49197946532c42c44de30245c9fd526cdd088a15

SHA512
e529020264e55d7e12b23c21b74f73a61f0a4d0bbca2e1c5c5aeef73368312b0bcbbebdd9fe686c3a7a421bfdeeb6b0a00e3ffe9d682cb4b50342a8a11ed4abc

Download Submit
\Users\Admin\AppData\Local\Temp\is-SVUN0.tmp\s0.exe

Filesize
280KB

MD5
9b785f5fd2ae2d63b26ed46e7a11c082

SHA1
5faf5c3fcdb0677252ee7349c791365aa1c84f93

SHA256
469e2bfe039b0800faa99bbd49197946532c42c44de30245c9fd526cdd088a15

SHA512
e529020264e55d7e12b23c21b74f73a61f0a4d0bbca2e1c5c5aeef73368312b0bcbbebdd9fe686c3a7a421bfdeeb6b0a00e3ffe9d682cb4b50342a8a11ed4abc

Download Submit
\Users\Admin\AppData\Local\Temp\is-SVUN0.tmp\s1.exe

Filesize
542KB

MD5
1fe97398b67bd17b9dacc347da9d5aec

SHA1
59411d138e4a77895e5f280ea63f2b47fce00723

SHA256
e384df976f21e80cda75ebfd070f3ddf564b21d313c198bec6b3d8c1c84c36d5

SHA512
f8736c58b1bb6de8ae0e18c01e2fcad4764275665bbca84ed0ae79620897f846f6a4ffec440d04615d734b8935901c8e7a124d3a7b81bf836d7e227ac7d5da8a

Download Submit
\Users\Admin\AppData\Local\Temp\is-VOS2D.tmp\setup.exe

Filesize
1.7MB

MD5
06b9def138d9a62dcb0032978264e89a

SHA1
c2690f268f82c228ac699d72726a1af484918603

SHA256
f17533345efe0b88151b44376e873c6bd980e03afc10045132023bb4c834a53f

SHA512
5957ef801ac7b457f5dc0ed250faeece9e70d81e43ddf3ceeb6bf8c2c1886014a78eefe495817bdb4977dbfc1601d410fc28010f123dd2de0c021ea3ac87c67c

Download Submit
\Users\Admin\AppData\Local\Temp\is-VOS2D.tmp\setup.exe

Filesize
1.7MB

MD5
06b9def138d9a62dcb0032978264e89a

SHA1
c2690f268f82c228ac699d72726a1af484918603

SHA256
f17533345efe0b88151b44376e873c6bd980e03afc10045132023bb4c834a53f

SHA512
5957ef801ac7b457f5dc0ed250faeece9e70d81e43ddf3ceeb6bf8c2c1886014a78eefe495817bdb4977dbfc1601d410fc28010f123dd2de0c021ea3ac87c67c

Download Submit
\Users\Admin\AppData\Local\Temp\is-VOS2D.tmp\setup.exe

Filesize
1.7MB

MD5
06b9def138d9a62dcb0032978264e89a

SHA1
c2690f268f82c228ac699d72726a1af484918603

SHA256
f17533345efe0b88151b44376e873c6bd980e03afc10045132023bb4c834a53f

SHA512
5957ef801ac7b457f5dc0ed250faeece9e70d81e43ddf3ceeb6bf8c2c1886014a78eefe495817bdb4977dbfc1601d410fc28010f123dd2de0c021ea3ac87c67c

Download Submit
\Users\Admin\AppData\Local\Temp\is-VOS2D.tmp\setup.exe

Filesize
1.7MB

MD5
06b9def138d9a62dcb0032978264e89a

SHA1
c2690f268f82c228ac699d72726a1af484918603

SHA256
f17533345efe0b88151b44376e873c6bd980e03afc10045132023bb4c834a53f

SHA512
5957ef801ac7b457f5dc0ed250faeece9e70d81e43ddf3ceeb6bf8c2c1886014a78eefe495817bdb4977dbfc1601d410fc28010f123dd2de0c021ea3ac87c67c

Download Submit
\Users\Admin\AppData\Local\Temp\is-VOS2D.tmp\setup.exe

Filesize
1.7MB

MD5
06b9def138d9a62dcb0032978264e89a

SHA1
c2690f268f82c228ac699d72726a1af484918603

SHA256
f17533345efe0b88151b44376e873c6bd980e03afc10045132023bb4c834a53f

SHA512
5957ef801ac7b457f5dc0ed250faeece9e70d81e43ddf3ceeb6bf8c2c1886014a78eefe495817bdb4977dbfc1601d410fc28010f123dd2de0c021ea3ac87c67c

Download Submit
memory/1400-54-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1400-87-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1484-1630-0x0000000000530000-0x0000000000570000-memory.dmp

Filesize
256KB

Download
memory/1484-828-0x0000000000530000-0x0000000000570000-memory.dmp

Filesize
256KB

Download
memory/1620-102-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1620-110-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/1620-120-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1620-125-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/1620-348-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/1696-127-0x0000000000400000-0x000000000068C000-memory.dmp

Filesize
2.5MB

Download
memory/1696-121-0x0000000001DE0000-0x0000000001E22000-memory.dmp

Filesize
264KB

Download
memory/1744-93-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1744-108-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1924-704-0x0000000000960000-0x00000000009A0000-memory.dmp

Filesize
256KB

Download
memory/1924-207-0x0000000000960000-0x00000000009A0000-memory.dmp

Filesize
256KB

Download
memory/1996-88-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/1996-106-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1996-61-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download