hxxps://cutt[.]ly/twwrKeWH

Analysis

max time kernel
942s
max time network
960s
platform
windows10-2004_x64
resource
win10v2004-20230703-de
resource tags

arch:x64arch:x86image:win10v2004-20230703-delocale:de-deos:windows10-2004-x64systemwindows
submitted
19/07/2023, 13:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cutt.ly/twwrKeWH

Score

7^/10

discovery persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000\Control Panel\International\Geo\Nation	WebCompanionInstaller.exe

Executes dropped EXE 3 IoCs

pid	Process
2432	WebCompanionInstaller.exe
4772	WebCompanion.exe
1232	WebCompanion.exe

Loads dropped DLL 64 IoCs

pid	Process
2432	WebCompanionInstaller.exe
2432	WebCompanionInstaller.exe
2432	WebCompanionInstaller.exe
2432	WebCompanionInstaller.exe
2432	WebCompanionInstaller.exe
2432	WebCompanionInstaller.exe
2432	WebCompanionInstaller.exe
2432	WebCompanionInstaller.exe
2432	WebCompanionInstaller.exe
2432	WebCompanionInstaller.exe
2432	WebCompanionInstaller.exe
2432	WebCompanionInstaller.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

UPX packed file 26 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3996-2467-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3996-2471-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3996-2472-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3996-2474-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3996-2485-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3996-2546-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3996-2577-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3996-2590-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3996-2601-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3996-2603-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3996-2614-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3996-2616-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3996-2627-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3996-2792-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3996-2803-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3996-2833-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3996-2871-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3996-2923-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3996-2942-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3996-2953-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3996-2964-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3996-2987-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3996-2989-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3996-3011-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3996-3023-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3996-3106-0x0000000000400000-0x00000000004B7000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Web Companion = "C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Web Companion\\Application\\WebCompanion.exe --minimize "	WebCompanion.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Web Companion = "C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Web Companion\\Application\\WebCompanion.exe --minimize "	WebCompanion.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	WebCompanion.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	WebCompanion.exe

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	ClnShimg.com
File opened (read-only)	\??\A:	ClnShimg.com

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\vir147.log	ClnShimg.com
File created	C:\Windows\SysWOW64\sig177.dat	ClnShimg.com

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch.new	WebCompanion.exe
File opened for modification	C:\Windows\assembly	WebCompanion.exe
File created	C:\Windows\assembly\Desktop.ini	WebCompanion.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	WebCompanion.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.new	WebCompanion.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings	OpenWith.exe

Modifies system certificate store 2 TTPs 10 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 5c000000010000000400000000080000190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd940400000001000000100000004be2c99196650cf40e5a9392a00afeb22000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	WebCompanionInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d42000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd942000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0400000001000000100000004be2c99196650cf40e5a9392a00afeb20f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d4190000000100000010000000fa46ce7cbb85cfb4310075313a09ee052000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	WebCompanionInstaller.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2484	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
2844	msedge.exe
2844	msedge.exe
4120	msedge.exe
4120	msedge.exe
5052	identity_helper.exe
5052	identity_helper.exe
5548	chrome.exe
5548	chrome.exe
2432	WebCompanionInstaller.exe
2432	WebCompanionInstaller.exe
2432	WebCompanionInstaller.exe
2432	WebCompanionInstaller.exe
2432	WebCompanionInstaller.exe
2432	WebCompanionInstaller.exe
2432	WebCompanionInstaller.exe
2432	WebCompanionInstaller.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
4772	WebCompanion.exe
1232	WebCompanion.exe
1232	WebCompanion.exe
3996	ClnShimg.com
3996	ClnShimg.com
3996	ClnShimg.com
3996	ClnShimg.com

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2844	msedge.exe
2844	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	2432	WebCompanionInstaller.exe
Token: 33	6088	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	6088	AUDIODG.EXE
Token: SeDebugPrivilege	4772	WebCompanion.exe
Token: SeDebugPrivilege	1232	WebCompanion.exe
Token: SeDebugPrivilege	3996	ClnShimg.com

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
1232	WebCompanion.exe

Suspicious use of SendNotifyMessage 25 IoCs

pid	Process
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
1232	WebCompanion.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4044	OpenWith.exe
4044	OpenWith.exe
4044	OpenWith.exe
4908	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 1376	2844	msedge.exe	28
PID 2844 wrote to memory of 1376	2844	msedge.exe	28
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 2620	2844	msedge.exe	89
PID 2844 wrote to memory of 4120	2844	msedge.exe	90
PID 2844 wrote to memory of 4120	2844	msedge.exe	90
PID 2844 wrote to memory of 1476	2844	msedge.exe	91
PID 2844 wrote to memory of 1476	2844	msedge.exe	91
PID 2844 wrote to memory of 1476	2844	msedge.exe	91
PID 2844 wrote to memory of 1476	2844	msedge.exe	91
PID 2844 wrote to memory of 1476	2844	msedge.exe	91
PID 2844 wrote to memory of 1476	2844	msedge.exe	91
PID 2844 wrote to memory of 1476	2844	msedge.exe	91
PID 2844 wrote to memory of 1476	2844	msedge.exe	91
PID 2844 wrote to memory of 1476	2844	msedge.exe	91
PID 2844 wrote to memory of 1476	2844	msedge.exe	91
PID 2844 wrote to memory of 1476	2844	msedge.exe	91
PID 2844 wrote to memory of 1476	2844	msedge.exe	91
PID 2844 wrote to memory of 1476	2844	msedge.exe	91
PID 2844 wrote to memory of 1476	2844	msedge.exe	91
PID 2844 wrote to memory of 1476	2844	msedge.exe	91
PID 2844 wrote to memory of 1476	2844	msedge.exe	91
PID 2844 wrote to memory of 1476	2844	msedge.exe	91
PID 2844 wrote to memory of 1476	2844	msedge.exe	91
PID 2844 wrote to memory of 1476	2844	msedge.exe	91
PID 2844 wrote to memory of 1476	2844	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cutt.ly/twwrKeWH
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff88a3a46f8,0x7ff88a3a4708,0x7ff88a3a4718
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,7253203217114811379,7485465793745868077,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,7253203217114811379,7485465793745868077,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,7253203217114811379,7485465793745868077,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7253203217114811379,7485465793745868077,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7253203217114811379,7485465793745868077,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,7253203217114811379,7485465793745868077,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,7253203217114811379,7485465793745868077,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:2
1⤵
PID:3364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:8
1⤵
PID:3876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2268 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:8
1⤵
PID:4452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=3128 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:2548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=3168 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:4784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2440

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --mojo-platform-channel-handle=3996 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:3776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4708 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:8
1⤵
PID:1656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4984 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:8
1⤵
PID:4864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:8
1⤵
PID:5780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:8
1⤵
PID:5840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=5300 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:5128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=2468 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:5420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:8
1⤵
PID:5508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=5824 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:1708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=3200 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:3980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3200 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:1928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5968 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:5788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=4640 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:5252

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5628 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:5568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5636 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:2
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:5548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5800 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:3400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=5272 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:4984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=3996 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:5824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=5776 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:5992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1020 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:8
1⤵
PID:740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=5536 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:5292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3296 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:8
1⤵
PID:6124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5448 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:8
1⤵
PID:224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --mojo-platform-channel-handle=3120 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:1068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --mojo-platform-channel-handle=3248 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:1800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --mojo-platform-channel-handle=5680 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:4208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --mojo-platform-channel-handle=1020 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:3060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1620 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:8
1⤵
PID:1344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6336 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:8
1⤵
PID:2832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:8
1⤵
PID:5708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --mojo-platform-channel-handle=6344 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:1252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --mojo-platform-channel-handle=6484 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:5832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --pdf-renderer --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --mojo-platform-channel-handle=6644 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:4556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6348 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:8
1⤵
PID:4100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7104 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:8
1⤵
PID:2444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --mojo-platform-channel-handle=6956 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:4344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --mojo-platform-channel-handle=4760 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:5532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --mojo-platform-channel-handle=6892 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:4080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --mojo-platform-channel-handle=5612 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:1216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --mojo-platform-channel-handle=2636 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:1308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --mojo-platform-channel-handle=4028 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:3932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --mojo-platform-channel-handle=6708 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:6092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --mojo-platform-channel-handle=1120 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:3084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --mojo-platform-channel-handle=6172 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --mojo-platform-channel-handle=7236 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:4200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7384 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:8
1⤵
PID:4336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7204 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:8
1⤵
PID:4280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3476 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:8
1⤵
PID:1892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7812 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:8
1⤵
PID:4384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7540 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:8
1⤵
PID:4120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7180 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:8
1⤵
PID:4752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7660 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:8
1⤵
PID:6124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7600 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:8
1⤵
PID:4460

C:\Users\Admin\Downloads\Setup_WebCompanion.exe
"C:\Users\Admin\Downloads\Setup_WebCompanion.exe"
1⤵
PID:1132
- C:\Users\Admin\AppData\Local\Temp\7zSC64A2D6C\WebCompanionInstaller.exe
  .\WebCompanionInstaller.exe --savename=Setup_WebCompanion.exe --partner=IN220101 --nonadmin --direct --tych --campaign=18022583703 --version=10.901.2.519
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2432
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /C netsh http add urlacl url=http://+:9007/ user=Everyone
    3⤵
    PID:5288
  - - C:\Windows\SysWOW64\netsh.exe
      netsh http add urlacl url=http://+:9007/ user=Everyone
      4⤵
      PID:3704
- - C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
    "C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --install --geo=
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Drops desktop.ini file(s)
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4772
  - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
      "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\imaw9jkb.cmdline"
      4⤵
      PID:2044
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7425.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC7424.tmp"
        5⤵
        
        PID:332
- - C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
    "C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --afterinstall
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:1232
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" https://webcompanion.com/en/install.php?partner=IN220101&campaign=18022583703
    3⤵
    PID:2452
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff88a5e9758,0x7ff88a5e9768,0x7ff88a5e9778
      4⤵
      PID:4948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --mojo-platform-channel-handle=7812 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:1688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --mojo-platform-channel-handle=7540 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:5856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --mojo-platform-channel-handle=6180 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:5700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --mojo-platform-channel-handle=7832 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:1068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --mojo-platform-channel-handle=7812 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:4968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --mojo-platform-channel-handle=8144 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:5204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3496 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:8
1⤵
PID:5812

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x408 0x410
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7668 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:8
1⤵
PID:3488

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
1⤵
PID:3904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --mojo-platform-channel-handle=4656 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:5132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --mojo-platform-channel-handle=5704 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7672 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:8
1⤵
PID:2204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8316 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:8
1⤵
PID:4864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=72 --mojo-platform-channel-handle=8248 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:5476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=73 --mojo-platform-channel-handle=8636 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9016 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:8
1⤵
PID:5900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=75 --mojo-platform-channel-handle=9212 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:1324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=76 --mojo-platform-channel-handle=8984 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=77 --mojo-platform-channel-handle=8984 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:5736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=78 --mojo-platform-channel-handle=8492 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:1136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=79 --mojo-platform-channel-handle=9112 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:3076

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
1⤵
PID:3784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=80 --mojo-platform-channel-handle=9176 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:5400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=81 --mojo-platform-channel-handle=5500 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:5480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=82 --mojo-platform-channel-handle=8840 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:2616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=83 --mojo-platform-channel-handle=6132 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:5532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=84 --mojo-platform-channel-handle=9116 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:4944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=85 --mojo-platform-channel-handle=8468 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:4800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=86 --mojo-platform-channel-handle=8164 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:3988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=87 --mojo-platform-channel-handle=8344 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7316 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:8
1⤵
PID:5588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8776 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:8
1⤵
PID:2656

C:\Users\Admin\AppData\Local\Temp\Temp1_clnshimg.zip\ClnShimg.com
"C:\Users\Admin\AppData\Local\Temp\Temp1_clnshimg.zip\ClnShimg.com"
1⤵
- Enumerates connected drives
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3996
- C:\Windows\SysWOW64\explorer.exe
  "explorer.exe"
  2⤵
  - Modifies registry class
  PID:5460

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_clnshimg.zip\ReadMe.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:2484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=90 --mojo-platform-channel-handle=7696 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:2936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=91 --mojo-platform-channel-handle=8652 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:1068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8116 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:8
1⤵
PID:5564

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_MyDoom-master.zip\MyDoom-master\_readme.txt
1⤵
PID:4856

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=93 --mojo-platform-channel-handle=7064 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:5228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=94 --mojo-platform-channel-handle=8812 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:4708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=95 --mojo-platform-channel-handle=8656 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:5480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=96 --mojo-platform-channel-handle=7488 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:5364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=97 --mojo-platform-channel-handle=7240 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:5588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=98 --mojo-platform-channel-handle=7488 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:4592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=99 --mojo-platform-channel-handle=8544 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:3836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --pdf-renderer --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=100 --mojo-platform-channel-handle=7236 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:1440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=101 --mojo-platform-channel-handle=7676 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6260 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:8
1⤵
PID:1772

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=103 --mojo-platform-channel-handle=5780 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:5168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=104 --mojo-platform-channel-handle=8468 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:3736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=105 --mojo-platform-channel-handle=7176 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:5028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=106 --mojo-platform-channel-handle=8144 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:1792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=107 --mojo-platform-channel-handle=8356 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:4568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=108 --mojo-platform-channel-handle=8188 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:1740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=109 --mojo-platform-channel-handle=8820 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:3408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=110 --mojo-platform-channel-handle=8304 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:4292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=111 --mojo-platform-channel-handle=9296 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:4800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=112 --mojo-platform-channel-handle=9144 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:2336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=113 --mojo-platform-channel-handle=9440 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:2144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=114 --mojo-platform-channel-handle=8676 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=115 --mojo-platform-channel-handle=7584 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:1336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=116 --mojo-platform-channel-handle=5028 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:2744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=117 --mojo-platform-channel-handle=7400 --field-trial-handle=1900,i,12707685552310061796,13079769434163334662,131072 /prefetch:1
1⤵
PID:1740

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Web Service

T1102

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF

Filesize
812B

MD5
25c5faca96f6451a176f9e3776b22324

SHA1
66339a1e2c9fa166c00bc135a42c9a35b1fed9f2

SHA256
5ca35412eb9395b3a5ff2002aeaff77cf582f76f33647116ed6004f6e79eaddd

SHA512
f868a52d12fe853c28ad4b8c8a0208793341a84aa3bdfa7a1bb8c2088801883f6f08c5212c973c0ecf00261fd47cab72e2d82e25f7b69301510258628a68fc93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43D

Filesize
1KB

MD5
099f485ac27a1441393e1984f40e0de4

SHA1
b01d568d44a416af64865593d819e9dc3160c941

SHA256
6892b7957b7a1be8931dc16402eac54b49821217f5c688cec89146dba0acdb3f

SHA512
f6a7695d766d92458662ad12fcf98a0622dd2cbb8da049a792f6524e531559dac558e180a8cd8410aa47503883783381e8cbd6fc8d563e51d4d6b4b7b4a9c599

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AF360AACB1570042DEFBC833317997D0_93C5E7D2F5BD89D6A7C66D051902DA8D

Filesize
806B

MD5
75c0b48fe644fc629da0ca459c4b836d

SHA1
f8acce7918bbd9545abf5960ef5d2e68ae102441

SHA256
fd9416cca52d9bed7ceacd2829e01efa0613975539bdedfc8660d02cdffca71e

SHA512
2b4056945b64552c47ad90ec138a530762b662c443e3d58fe26a5de0694039740e08f003a522960b0dc386cba342af06fef04250ce480ad53fef4c06d04fb342

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF

Filesize
540B

MD5
9991807f35d9015b974a5c4f46f7aef6

SHA1
06c10f62593724fe639f143a73d1228218e21006

SHA256
0ac3ec413908d59b950d3b6f075b3349a16856952c3aaa2013ac9f3aebe897ee

SHA512
2daa5e9a8ac144bc77aeb32cce1d059d9567a3e7b9953f4f7c279cee645c09127f1f16c982d48b37dd1de14ea3ab907e8f14e0fcea0b206d8ef9b4d1636b7697

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43D

Filesize
528B

MD5
75e1170a8893d1bc763ceb881f352e0d

SHA1
56608195b61d34b11202f6086bfea7910fc5c8c0

SHA256
9ba71ecbccf34295a7166e33907af11a8dddcae1dc4495336a0c537dce4016d2

SHA512
34b0f4f7b2020da53a72adb2457de24833780e22e1df62d462c0631052067c34cc5acb8fc8341ae0389bcb38beed74f5fb812eca508743212df6962a784b735b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF360AACB1570042DEFBC833317997D0_93C5E7D2F5BD89D6A7C66D051902DA8D

Filesize
540B

MD5
148e71e6c84e6ea1c6774fed8f3a14bf

SHA1
dcce52c721e28b878ed5df63fc079d1b66480ae0

SHA256
3f44b56bf129fea52ce49097534c5e385bb1e51609f2d8646feb16288292bdb3

SHA512
84fa77278e97f430d236d9107f905c75cf9890bdcb58d575b07986d0c3144b61155aed6749afb562df9cf3654af082ea516c138f69825d79d8417216700daaff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
55KB

MD5
853f43c24983c06a439d38e6f83b35a8

SHA1
c87815c5e051c1998830f798a14b3b5c706e11a3

SHA256
be23f27f9c8c3e0f89f8e4e2c6b6598835e44300e51138680e34ab1dffd2025a

SHA512
11ecdacf08da0c8b0b4a4592b62cc3f6612014186805ac511ea019b950a6bebbce1dfe49b1f8b03b5868958c7c09801aba63299eefd9b1ecaf2e4f5a1c65ac11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
317KB

MD5
24136d5d814ef9bfeac6cb0aa4e7b86d

SHA1
30d434d19eca35c6b51ed7c14228ba04ad1e0fe2

SHA256
1713edc9d261e0bc8997c7b4e6f8fbf3265acab7b7ec0133c3bef2fa537b9ba4

SHA512
5fea1cc24a732486e3713173df4af458dd65d4dc02eeabadd0c69ab380be72f85e2cca16338e3290e5477f476b842e87f5dc9a5f74a68f4ae348ae4eb6cb310f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
82KB

MD5
fe44297d85250142347e7e6021a0702b

SHA1
5a8c54a626e24615fb184a9eb5a9d245352fba3a

SHA256
5a49e5b12c2509ae3aabb29cf4012773492e747f91930a573a2bf342a758187c

SHA512
e5d45e7b20a68fc5d8a26b69b2bf74749b84ccfb13b7506b59deac3e291dd29435c8040dd4cdeafed7730eeccd9d6a5ada2a89ab46c87dbeb5b5c0bd1ba5bf4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
71KB

MD5
7736dc75f654906278f60fabc5dca253

SHA1
6ae41935dc90ba77c1dd2c4229f8c36f74a41fe1

SHA256
83cc73bad8f2ce35aed0431a8584cfed77733ea834df36cf2bd5489c93ba4a5f

SHA512
8a99439ec75ef2a99def7dc9e1193bea0e622651b6d219d6cba3df9a906c1c6da08f8c0e824734f4a9ea68983c6f7b6d27a8cf5df80f484063cd3094822ba625

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
39KB

MD5
8877fbc3201048f22d98ad32e400ca4a

SHA1
993343bbecb3479a01a76d4bd3594d5b73a129bd

SHA256
22f8221159c3f919338da3a842d9a50171ddc5ac805be6239bd63e0db78046af

SHA512
3dfb36cd2d15347eaa3c7ae29bfa6aa61638e9739174f0559a3a0c676108ccc1a6028f58dad093d6b90cac72b4468eb1d88b6414339555c9f872a5638271d9c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
203KB

MD5
422c02b2cee4885a8b6fa4568e7c55ef

SHA1
3064c7279422efdc2d4369a5459095de8d45e0b3

SHA256
9f8e86a6994191ad7596c99e5abd482cbd010f9ea9a83397ae72c5f6bf35af6e

SHA512
4b40f2bfc17843a3b96d29090b8301fead51c0b7ebc2d43ed34b1c0a074f17dee45f753298a12fbcec062a824f8741426b6689fb6dc046de2399b1cfb50288f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
508KB

MD5
32eecfcb7633b33f662cbb005fa0ddae

SHA1
23c3e592756c7dd154edecc71f0ea06bde3ad0cd

SHA256
dd194193068ff0d392c945925fa2a667f7e95c36168e3adc9949471535cba5d9

SHA512
6df97d80e587a1701999be3ecf7b436a98b8da3f77019d37408edf0bb63b47f8c9af16c3956fd97893f94c87c12700de1a3f134e3e7ba2492e6b58c7ee991c1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
164KB

MD5
28035ac6e0f50b88f13a8bd1a0a095e3

SHA1
60b246bb9074a3c0db587b6f8b6b92a896bc7333

SHA256
336745f85dfee99090e4c615de12a9fef214102a86aec409e00ae9b272d4a9a5

SHA512
f30ef88648b2f34de8be569f899b3fd604dd03b0f27ac13bb774789cb5f0bd4601fe1a564290b488c8a1a228e60a539ef86a171e5399b8a08ddad5a1d42fd3ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
30KB

MD5
094208baa6c0d1555939b752b2629976

SHA1
fbc8b254cd7b99e6c88da862ff07aedb0a6a4d56

SHA256
a349239619230bbba437f59c804c2a8a6be33f4ef165a1c988347fa95854ccf3

SHA512
6b3aa65be3254ab7fd5831bfa7d4bfab3075eb95a1a333534a2e36508b1a78b0453d703aede2d9b739ee8c469e5ba15b00131b8f5bce47781323e4c263d7b597

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
29KB

MD5
fd9304d0e9810d891a571ed8331e753f

SHA1
6cf991210d5faceb6104cd6c4998265ceb88f5b3

SHA256
8e563e988b50857a4d4d8939655d281ff1ae1b589dfbf2168027abb7955ac783

SHA512
3bcd8ebca486c433dc33a51e25a51f418728f04f08fc72c0eb2266ff7c0677ad9b8b3090189eaace098a251c5a8a6bbbe043ce852bbcc13483fe084d59428906

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
19KB

MD5
d69a13ba3c1bc59bb638d9902784ccbb

SHA1
14fd3e6a18f33a35d957086c91b0f62a591e2a35

SHA256
14f536ab742ce5950e82246e1b31feba2e8ed76fd9080880706be8476df9a62f

SHA512
64d76001b7b73a2dacea6e0ee55bda8ab20c61f1d28e960da42dd71023a33bb809ee93cccba01728d166b8856afbf28cfebd53167673e806e3665fd619f8bfa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
41KB

MD5
12f7d1e6e2d8572d41e09f597d5f2026

SHA1
59b53ca4f663178aa9319c41efb04288e9307d10

SHA256
f1072726d61244d65722a3b241efe799b3ab3134d1b3824629c3752c4d8217d5

SHA512
52c400858768e31b502eaa719fdefe6a103c25e6a69aa7ab3440e692a2c7f5cadc3370045f4244bd886be547ee963c11c0e1f6e0e971dbc9561fae678ba86f0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
55KB

MD5
63e34fae0904ca4d895d7baf223993c5

SHA1
d5cf6468c7405f7d5f405ee4010083edb65783d4

SHA256
ec241b39a82891ea12a51cfefd4f1ffc8e2068ecee97679098dc73cfc299ae93

SHA512
783eef66ba0da009e61fcf4a23fc14f5e1d065cf8ad19962544dfd41f222359ab226e86d5157196ed99defbfc57ee1e82a26e642fc45f28b8760d85e2c6053e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
49KB

MD5
e9e7e066bffa373f6b8d0b193591e092

SHA1
b402dadbf4e3f48357009cc9239844320352c1ba

SHA256
c02d35296dc5b98502969eb82325c47bb89d8dae113f2ddec017e73c4d5ebb8e

SHA512
3a6d43881c0732eadee1a213efcd0b1c279d3e71c93bbbae3301ebf0456d0c57755aa65b930921a81147ab5349efbf62b7a7326065e09684b9a34b2d0c630cc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
30KB

MD5
50c773d89c84efbf2df5d22842a496c8

SHA1
f5128fdd5ccfae051dd2005c2bd026e163bbc5ff

SHA256
d7f2b849e164d6585a2ccec0686b1f8ca8b4de16f46590cca2c0a1f9343b23b4

SHA512
8480e7f8d7f8f4a9a3fc3f9f638c9472b3183a47a10aac79b763ebdac94ff9dd6e8027e48b8435d5175dbd160d1f63478c6f639a42356e5c33bc1ffc87ded5eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
85KB

MD5
5d9eeacffaf2f586417b3af9c79af8d2

SHA1
6838f6697cf3707eb034d8cda77837cc95ce7c4f

SHA256
e7cc1182fd0de8a16204e5b240d0af4e4c76b007d5e5a310e5843e54af4fc5b1

SHA512
9943fcc7ef0950b77129c2fb4b98369858b7aa43af6eff4da9656af1c8932f7110b6e786224a133757bb99a915a752a9018b4b3fffe3953d5bf048b54b4e9728

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
123KB

MD5
5a7294d8d54ed4231408418aba75915c

SHA1
d94f28da0b23aef06236770e5d235a6a34f8f89f

SHA256
45cb115b6795786871ca1594ae1f05693e1c030f6b3d3ac62f5bdaf80eb64be9

SHA512
72790c1b277b9d38dbf3419894b9308311f77f2a40cc63ccd34e68815268295edf98f8ce5b2bac54577fe622e8ce23dc404ddb14866cfd46cc2e1b2fae2ecedf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
19KB

MD5
08475cfd380edb2d2e9290e97b3da01b

SHA1
bf77aa35534cbe99d892a7e24391bed6447d01f0

SHA256
90143522192bd04a6c55e30fcad375a9e1c104a28d36246bf7562538dca40145

SHA512
988ecfba1140ce754cb1d47be2249000196dfc30dc405fc733c4aeef71ca1ad88d13f324ee91689bd20c70ddd702104abfd85b831d4ed3177a40fc77e1727bb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
37KB

MD5
ebacb62cc3b3a6efab4fc7c0c06723f2

SHA1
d4f17353d1a7d707991b648ec79ab25015eace31

SHA256
ad641c197e7a545374c0a9052619ca3fd81a19ad162182410a8f43169db3b763

SHA512
abbf0633a49b4fb703329f3615b6754e7e994d3b4d6290ef45b4a58d56211e1bf80dc20d1469d620234cb91eab29d525852e2b411ca86d9e23c3d6168334a05d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
23KB

MD5
d5d429506880007f1eb2f5aeffc80b3b

SHA1
171f1e84f9b05829a1c90c16ea87d5ae094b8ddf

SHA256
e11f7f5f0f50fa2ad708de416671cd4694cb9e187c7e4b1dc08d8154442a92ff

SHA512
fefcd4977b467f103fd04a4c7ccb7ae63d3b11cdc4bf9f54a0b46613406e6a72801c6b73cb78a622b7e10a6d52081b51d8eafb240a1043ba0945620dc063b4cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000078

Filesize
69KB

MD5
fca6ddd6c6c7549fe3a3bb3cb9321265

SHA1
6c05ee5d38a4fcc094e940469233eec35c04c1c0

SHA256
07d8747314d34b6bd4b74f16e81a9b6ffb192a55c0a32ea72516ddbd975489af

SHA512
3c782974456277437feb59656629f629183fb0828ec589c180ec433893782fcb2dfca9bc8904b05b6b64f0540897c6a8f62f90a447adf404b12d8ffc2bcec370

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000084

Filesize
80KB

MD5
d07039f938e78cae02cdc21b633a6d9d

SHA1
edda884e2a648a16a001818e8f8b3ffc1b8a9506

SHA256
76301e2f5ba16d05f7fc749ae5c6f16803b11b5778c988daebf8922ef6192b41

SHA512
d5da7eff44bfccf7d8c68dbd9876cd84f81f1efbdcb6a53a9c2db5c456ce3c3633c7df45a140a23cbb5e9a8ab3f3d6c512562bbf304bda4bccad9094ba93d7b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000087

Filesize
94KB

MD5
4cf6ad1ca32d8b82fc4d5acad0f5a4c6

SHA1
66040cff75e7a566199973734b576eedda20348f

SHA256
a57005c8986d670ba810902b0ba801853cabb29f743fbf87a01dfa4e65c7c770

SHA512
7e6f6789866d59a486e168ffbaf0b93ba23baa281bd23633a0c5984948c54fec448f726c8bfcff6c12e3a814ac5ee51d85107d758d0c16c09b7328809eaba47f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a5

Filesize
49KB

MD5
ea2d41d5ff1d2e84b843d6ae087de305

SHA1
e1080453a6e7b6edeec05b63eb01bc1b82eb44d9

SHA256
152de71a20d4f23922e64d8b4c50e1a37961a781a89469b6ed8cc191b357733c

SHA512
b4f42a17a895d70eb110b9c9ec07167ecf3fc7f180adef83a282338cfc1d89f12fbcc34c414d57727b17ca11404dafcfa94d7de3c8e4a0fbbb510decb1b117f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a6

Filesize
128KB

MD5
c94e900d4c44ef740bed38d99868e7eb

SHA1
970417958d727eae8e45544248ce7dffd70ff018

SHA256
c1f300319e9f3a680e01fab2c0e8bd45378ce8b6580baf849a09af0ff7252671

SHA512
9373a8b36040dd1e420c437f6d2a3b308d6792d4746f851789e5a359859bba8622be6d490fb93e013f6bedc0978bc0cd08c04c69ce00fdf92d65b0d2979f4246

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a7

Filesize
227KB

MD5
b145be141c7509833c60599703206431

SHA1
f1f0707dad3de4960c820a9e94d0e77bc62a34e5

SHA256
ae5128e3f2ebc10c1b431db6bb116affb69c93a38272d7829f673428d2a20a2b

SHA512
979e4300ea85eaf35a6749248b4f880c25b0a8456b017f0ca48cbea3fa7a560af2c8a02d9a4b21318930e9010b1a0db0ba47916f137ff44cea58970d76ac2112

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a8

Filesize
19KB

MD5
191e947f82ed46a693c9b62d625a705a

SHA1
792d9dcf106776414f64e066fcda39c30abdfbf2

SHA256
f118492e74c990476d8336bf145d7dda7fa359aa0ae75bc29426f6546432308b

SHA512
2d8dd4278c4f94f59bc2a523de91634b9fef651089ed71a45a17e42e74973378e0a7d131c6d3fce5a4b8e96ec2428cacd489e36d13693775a1b5e5af132fcf40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b6

Filesize
97KB

MD5
fb735c0e0ec8454aa7e680a23da37a1e

SHA1
83dba676644bcfb1d62dce507ebe8e9725a9bd5b

SHA256
ebb6ec41a4c071ad523f282b7709c8282a4e98712438e5708ad161ff7546b487

SHA512
dd687053c5b3dc8f0fbbbd95d33338d86b17997606fb6ef852374aa25de5c8044097862fd4aadf5ab650fc2a01bbc0dcf12590aedabc0501da88f38866baed35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b7

Filesize
18KB

MD5
57e978819731e0898d59a6554f2057c2

SHA1
7290aaefc4d9f2f9b1258b459f87def31563f3d8

SHA256
a6696efcad181bc999f5444a24f742d5864a97fa2baeaed316c62a8d2cb0bb02

SHA512
910c1869d8fffc3dd30d425cf837c44c1138329109a721afc2ce46ee50f591f1266293e6cee0683d65041ff0134f1529f25c19d8b37869d5a0940d2ed3a9ba4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000bc

Filesize
94KB

MD5
f44abbc20b756e9ed3950cd582679047

SHA1
607c2abb72dfae962f3fb16ecbe701ee37985d02

SHA256
3d9fe2a2a054c0fe4c9fdc74da05fda35cb9153dab0a2eafdc5333cb16fd53f1

SHA512
bc8cddecfe5882f5cb3702c09f31e25bf5cf67a1d38cda05a6bcefc13142d1716b6a0e1fd6f2f078e2321eecfd5033ee123133e824aa11b6b546ed7d834dda5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000bf

Filesize
45KB

MD5
efbe73a5cac22f8224a6be10e971b923

SHA1
678a0aada30fbd02c8f828682be8a93ae2ece97e

SHA256
d22a9a6c85132a3ccd7b71b35a3376b17f755baefb8d8f172c0ea8877d262920

SHA512
81a189758b1c40ecda7343f3aca4a6b0ec82a534d9417726a70f3050a2d482c7e9f339a82f4756d92be7688b627a768970b5c0feb1d068b431a5b276974a77b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c0

Filesize
52KB

MD5
55388e5964d2adc7d94c0a488dee03b4

SHA1
17bbefc784f9bf89f5e11de283e6f5b39f553002

SHA256
556ab41c3a56fa018fb2e48ea2bec9fd3eebd2f9c82750e3a49cb66abaa69b1f

SHA512
9aaf39fa5afc91adfd2c7a4f9d4cde1995a7134a9bb49a661818c175ee5f782a72389dfe615bfb9285c47f739273d2928b2a86be2678497b11c7e1ac2f4b49a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c2

Filesize
69KB

MD5
136f61a07a30861d849bac79903c0f27

SHA1
49322c1c857d9a3f8e0f4908a3f33851a9a54aa2

SHA256
86bc9276a766fa039a9729d35641da3fba6ba4140500a1922e6cb1f8395f3995

SHA512
80d970d8ea6c9be5a89ab8bc066a87417a3568b9c66e7a7d06f7be3e681e1c5354636761c7630a67a74a1b21d88886dce5713900fa80429315dcb3447edbc884

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c3

Filesize
81KB

MD5
6df18592f0b2de282b66f90384cfe114

SHA1
4dd555078ee57e0d9ffaaf731e15e027002ef21a

SHA256
d6c0d7a99bc02b0008632c2bae7a325e8ad1717c5334c790ae7ff11e6980b19c

SHA512
5f032fe9df835be4e9d0edd8777b54a291d4e9bafbfcc9c90823e5cdeb33ea8cec7d0fb8d6199f616150a907383486a3171d58a6a4bf22cc91f490949fd51560

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c4

Filesize
83KB

MD5
848dee4a281be852453d8b265df3dd34

SHA1
205f401821162150e6a06ad6340795dffa8a4655

SHA256
120553f46d64ea909d55831fdb84a20099f40bbda94c5d8707a60f939e9061c7

SHA512
2b5739a5aee4d3d5e94dd8ec4e35e40ce151ad01fd227e6388d698da03cd86c65e38e875a21302c6c41f6aeac5956fa2b15c91c74886f9af6531b98514a1a2de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c5

Filesize
85KB

MD5
8500588d05bf549190ce6a13ae0a2aef

SHA1
ac09170afe7c1be3f5c08f2e7197fa1cdd816469

SHA256
9771de99a108fe5ca21a89664886bbc43f33a4f1063150af664e11acfee6385e

SHA512
4dd93158392f824acbf0ea088e439ea64469f81e3b08696b805833b20bd915a774b571b3712f6c8f70a8883e1e8951ad582c1706f860e06bc54020589abd6f75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ce

Filesize
39KB

MD5
6916ef6b7d2ee4d57e76efca17903d1e

SHA1
20369fae26cdb4980fb85ddd83cb572c8d081d3c

SHA256
edb4648bc19c376613ee29824b6f5353caf4f245db69bf7cb2ebb7c0b35a9d8c

SHA512
5ab97218e88866dcabe0020d5a5045a3a2c58519f085f21ad2d66200676511f184752faff56bcec122825a881b342ea4abe081eff92ddab68a0b715ef7e70249

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000108

Filesize
47KB

MD5
18e99ddda6035852f653d3270b58df31

SHA1
49a66c2203417f21261d540725c4e0e89d1340e4

SHA256
05198f43ccf0a35af23c21e9498c8268e06c127d215dbd482a8e3c04df88fe27

SHA512
fbb98f5124b4856d4e06dd054c2cd93b8a769595c9808d878973943aab3eec9f3f2b74d5ab51aae75f99f20a73eb60f1e9e6066b6199276fc4fc8275b99de134

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00013c

Filesize
123KB

MD5
7f772565415ead569a43e06ac2196742

SHA1
2071b88584ab077bad30aa1c33610947ae1327b3

SHA256
a32184d87162833fcb479fe255f8b307d0885a5a8b6e6684e2f3af513c0540c5

SHA512
5d8952af02dade70e253c4b1216f0f4cc0f80d603e72496f44d255482d28416db2bdd94161ac0825d64262b013c368ce2136a21f7d9af2dd304b075fbf9876c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000146

Filesize
52KB

MD5
2c42a59a4bbbb42c783434edeefac672

SHA1
b76e433a2046c0355f4f4f2d640e4906ae2bccd3

SHA256
66425993e5f4e7a83b0ddca825edea90a686b254d1bd8958574073d061dfce39

SHA512
180f103a77543cbc39e3dbb9dcae1b29bdc13c4b036fec0ec3739f82644fe61917cb5d8582ffcbed6fbf539a9dcf454efc3ca39300f01cb42841ca5a4bc26c5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000151

Filesize
51KB

MD5
873c4c008cc9484cde6fab8eda580f86

SHA1
218dce126410d922d912a9bf2dc6e6678d60232d

SHA256
6cb01c9b62bdcb8f4d33e9a57145aa66cc32cccf106dec48791f5a8657fd26ca

SHA512
299867acbff501e81d28a359d05dd53a77a15956b7a82fa989e51f033bef4aac7ddfb56b86e57f266cc3f575a97c07a08a0b2d77b493e83f6713980535fa3688

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000158

Filesize
18KB

MD5
08d1181e899f32204b23a33d20820893

SHA1
1c015ac4f5ccfc885538f323bd3a1c06a58cabb3

SHA256
52a3a3da0b9315d0761e96afd11f6ace725b86dcce0cd40b35eecfe36d936527

SHA512
a8272860cd30012834f227d0a5145515270bb915d58c60e37ae7eb28362079ca545e5e6657ee44e8445f692e23d6c2fea35d1d0601cd45cc14578c3ae44160d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00016c

Filesize
27KB

MD5
46ecb4f2009f071181d782b78f972746

SHA1
1b0008e49a1bb43cf1e71f881c50afcf01bc1e27

SHA256
f5263acb164a9bbf914cc56ec1658c41639753b2b1c8c2b67ec40f6b7c8fbfd2

SHA512
9463c9b7414c8a7657d2371ba6df972ff691dd697bb26d9f403270781b4516238859206827f85c5f6c68b73fe4b35a9a0ef5ddbce2273c5f6519b442ffd41f2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000173

Filesize
81KB

MD5
2b7447c66de6e716e29c4395d80fdfa4

SHA1
5ba8b1faee1b6af1d0b6608626813a70ff1d77c1

SHA256
18a2be2a72864b364d4ca666a184c8503ab35d2f1a3c8fee1dfccc5d526b052c

SHA512
9b1bc877569d4d5b37e74bdb26fd22f27b890490677f8dd920e66e1d3ddf1040b231075f4eef973c56b73436707d720d79376f639e8007d276b687ed8224f50d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00018b

Filesize
92KB

MD5
4263994275acf2dd377039fef7276609

SHA1
e91efe15181e1c1498968673fa7d6a52f162ae0a

SHA256
661ded168f6bdf220f704f17c2fe3c645ee60bb8b1c5fad4c0556c50229f35bf

SHA512
e2eeaca8ec6ee13a44688fef524e3abf67d4ef9c1ebe7abe6e427f5609fb7196d611b33c1009c5f8b78c91ed3ad7bf6923958838cc95232725657e6a470295f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000195

Filesize
119KB

MD5
d839c33a68d720512c578a0bee90230c

SHA1
08aed25d76710555bf641ef53a66b8ab9def40cd

SHA256
a573685e163dcefee75420c04b1a93c44782f71d18fa1d6c9407871fba2bc4ba

SHA512
c60f2b3ac02c6ccd588cc2e491cabe7d6ecf7edad1f2eb4f1ad829f0c33f156edb51603f29856e3742884f226a615533d8717de137b90327e7c1336734886d44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000197

Filesize
111KB

MD5
0445b35ae1b43dbe9c3109b08ae9752b

SHA1
98c6c47c948ceed1497bbcc41fcda5cf3d9dbf10

SHA256
a94b30ca84bc2620d8e9372b8cfc0bb399434c562a39aca022cad7ab3d15744b

SHA512
9730d62498c8941e31b9b2e7eb88f0e6c995085a27cda971391bd00fb08e832ebed56f26d4671c2e0c348d3476343588a32b8c89f6019de37dd9c6a8d277e5d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0001b2

Filesize
89KB

MD5
bad2b59b9b7077faf17cb26b8d31bed7

SHA1
83cf49692c54cda5e3a41c8fee48e81dfb858b7d

SHA256
d8c639d4310ddf17934051cb983b2a903902d83e9b0cb9a334eb36ce0dc92ca6

SHA512
6966b6ef676229483654929da4b6db42561079276c530cec91b0f2dc5465eef8eaebe8187436df4ed55c412ed72f2f8ef1db07983a87db9e637f4f29431242b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0001bd

Filesize
171KB

MD5
92f0bb21de86c6c660bb835f40365184

SHA1
ee7dfcc9328ad0560e1d9fd6a035b8efdae3d7be

SHA256
3eaea657e2d8557cc8e98102697e4fb358abfe10b4d95f8dd5cafd1585a2df82

SHA512
f52731ff5972853ab4cf84edb84e18373656f77a3ca1054de48ffffbf452f77e930e5d15e1c6ed0268ffc6bc5651a5c754d237c86f73e40e4848b0f57c91d1c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00020b

Filesize
118KB

MD5
d1ee1db727aa95972531606461b4c123

SHA1
9e400a36abd520f1731aa1238747580ec6990cec

SHA256
04bafee2e382dd6f9fad9e1b79a9e425a9d92151d831097297b32b3bd922eb1a

SHA512
1e5c87d19ffaf9eff25d57f9737387289f73baa002d9f9ae33fbe3e85db871291697ca7447e0d891269b152bb2ec18a1d21043cdfcbdb4faebd17682a1bb0ba3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00020d

Filesize
149KB

MD5
7768beed90959c13aa2a4c6523de6822

SHA1
9eb3f8ab43f750418276ad199412b3a60ed2afa9

SHA256
ad61e5dbb2b299a5919f95f661df98d3c410e3aacf364cd467f828d4f51514fa

SHA512
a2b8af42751093ce1c7010d298108aa9744f7de767911eb4731c1bc93a8c623fd65cd1a1e091bc60ef1f570dbbbd38ab467a178a7960156e05fce2a5205aff29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00020f

Filesize
218KB

MD5
4d82dba4897b1c0c564b99efa741cf44

SHA1
a7998b6450a18e6e825e29afc389ee69b9b1df58

SHA256
6aba91e94d77b19a979c8ea2dc054fd33a0a343503e2b3c276d20a2a23da4032

SHA512
a1dcc58d732ed1f392014955eb8e2f50304c5bb453cb514b5913467bbb81ab25d73015c8bf86a557b7d461d1294da99dc9c7f17b7318d5d2ee2476c8c03a7d5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000226

Filesize
74KB

MD5
9ff8c597652046397f8344df8a46ae24

SHA1
c751a722a67c0735fcfa0e2f454217bc8f4b6f55

SHA256
6292ed5217ab0bbd791d961d5b7185e424bbd2e5159664e23d088b83bc4db574

SHA512
7db946c0f9dd4275206800e19276ef085230ec9017690cd0773d80cf7bac8ba73d7c8b832bc51ac75837e62d8415aa6b29966357b44b20363210e7006d367c83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000230

Filesize
31KB

MD5
22ada11f495b066aeccd4a1e5282e56e

SHA1
61d24ae5a0f2f25b7acfea82ec7aa93046d58b4f

SHA256
d4550888ad9304626c8e4d07f022834175600920393d8061237a3cad620900e3

SHA512
b2e671fab32be1d4eccfc5557d83ace1e41ed3bcc4ab85f63b792c011449966bbd09f755022dea402733cbadf504d70298d6ddd4e1ab78c8ed745b58e8f8a173

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\4ea70dfc-5f84-45bb-8b51-8ec7843c76b6.tmp

Filesize
14KB

MD5
89e9ec0a7c09835c518a6453b6e8b22e

SHA1
188f05ef7a03ed6f5d550f69cd2f7e620e01e54d

SHA256
017ed1c51380f3e1d10313eedf597137f382b5fd0327cd6f807f535f638f0d7d

SHA512
41c9c623ec2dfd57fb388ee4668a8d47daa565731c0e52ad49069fb5ba2a9de27fdd4368f08d4e1e57a66734f99bf1cf1fd1510171b29d548f67fac19e30dd90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\5d8a2453-7792-459b-be1b-dcb772683134.tmp

Filesize
3KB

MD5
3b45bedf59f625bf248ba98ca2a667af

SHA1
f191646bc9f8dd0594f336c229774288a3ebd158

SHA256
a071c8a0e3f008d287647aaed22a4f33907fa7419bf452cfb0b006ecf19bc7d9

SHA512
03a8fc896cf6edb8f77bbbc4c785174ee275bd54626afa43a2382afb84c49803bd10330c179db14228b6e881b0d0a5d60ae6050a4442e2d1be14f24c0a751e4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
a60943fa12120ac7c101745a07f89005

SHA1
36837230ececbcd0aab1998bd9f7c6ca9add2031

SHA256
f66672cd362e80dcf18030a8923ff5da22bc8ae7db9761b58f6b376b9302bd9e

SHA512
2eee0e2b3314c9c7f75c47637e3e1620603526633f5a4c23aba42066ba6177c3a7e7f8f0866668bd5b39f3725bed7ead42fb74d589270891fd94f8d099db1267

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
8acfb0ee4f648cf50d2652e0076b3a82

SHA1
de7e3f9495ed9bc2f9b3f336c9281e2b61d611a0

SHA256
871f8f16722b0a646030c32c0e453d1d4d270c0950e4e952fb118cd1937d35c2

SHA512
937997f101057677d3946d46e497280e5e8c95cc7e843453a413ebd2451d3aa17623a4ca0d5e05c2896b8623786a5df78892257e83d292d7634dfe244c740c9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
20KB

MD5
477e60200745acfabfce4b33c0bb198d

SHA1
d1c51dc1d54f31def657d6e13e2be73ac1835708

SHA256
cf70b4891e7710ac1cb7f40d88bbb109bd52f1672cc2763a23b67a7e43c651cc

SHA512
5aa961a475c31dac098230cb6612b7ac791722c99b25bf2728f128f958f1b9e83190f3ad3f64c99c8c88cc998a7e68637d7ad717795390fe732521f49f3b1ac3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
23KB

MD5
163a782899df7261ed3ef43373ec1aac

SHA1
bd79ba3c1ba1a9d0048c04fadc8484a51472fd58

SHA256
8dd83cfc35126f72d79f87e01339a23beff1f6af7257740ec87af84bcead9c89

SHA512
f0fa98d4ff822de435d478b85504ba122e6ffe33af22718cd5952ad05cbd167556b859e22bfa91b27acba890c023055b06107d77fd285529f498072fc7a96915

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
25KB

MD5
45a8c98f39173e8a85a5f59d3f53898d

SHA1
5937c9a1c41e932c0ce794c1bb0e713a1cd24e60

SHA256
b73b9b755efda7c5c5158dde437d123816f59fc39cdd1a9a44db222d7684f70e

SHA512
2cc6513fb5da66f259b2fcda3e76f43afa559ef56d98f52143f23799c8721ff6c4bd058bcf675e985fbfc349ec488442672ebb5ab25de55e7609167c17eae9cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
d51f58a83b9951be222b4e0feac03c06

SHA1
eebd5ce60b0fb36a6e5c7aa9bca6ac1022b8ef99

SHA256
9a9e1ca8198c2f4da797608a0fd2ceaa10c8fe2a177aebfcb88631fd167944b7

SHA512
7afde6dcfaaee3a5347fd0e242c29243913afb6af855e1cf0564102432a54dde69950ae6a085e84ee08e6069d99c7aede44973d323d0e50eb7db258b6a389ccb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
18KB

MD5
42b32acf40dc1263c2c986113ea8d49d

SHA1
b14954b4bb5e02ccbe6414ec3a9326f4a5fc0ffe

SHA256
a8ad2170431e65bbb415929d57d5df9233a82c2e8f6bf84eda1d15485abf2e39

SHA512
94244ab096308fc5a25ca06558cb8612332ad46d86c5fef8f1c0e85f7977166fb0e5550ef8483ffc59b2977c6b7651526622c5853e22e5130bd91d02314ec09c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
279b93ab7c19cc8e8be0b0ff5bf30b3d

SHA1
e11c550c7ca4f842be5bd8642c5f0f7d461f3ee5

SHA256
f095c6cef653588187c8719804d36e270f7f0da27e71c7d44511cabf729cfcc7

SHA512
788021e6ef298d696146dae7c1a024866fc62ce9e65a2738fe6dc221ff560e9d502b6e8272973320aba3ac654bea7181b6b9202da43721f0be8d8f3d2ec64076

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
00e3d047658187188b5052068f8a38a1

SHA1
f3379d513346331b57faeb2b15bb509ff83c5ae0

SHA256
2d388026a2b1d363f129b295b7ada3cb3f6293c80d69a544520e5b90ff218a88

SHA512
51b25c5ed26d4005ebe026802d6dbf197cd3816179eb4c50754f7ba5aed8f29afebb50304b94cb1b7f325a00be2db954141a86c1d4f6dc88e8b26967a9e59898

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dc6851897df062fc43599fcbce7efad3

SHA1
b9344deca1bce64cc9ac09ef0b7a2e36e589514e

SHA256
d9d1b848ed3e8456eb55cbf93b97aab198aebea3977fb3bc10d1b241fccf3f53

SHA512
ab74b9d5cfaa56ae8f3c57272e7aa82edfc05d79a4506c5ec859e055e53a5400a87ee05fc9e6dd9810a9d029b1ce5d1ee1c43bfbe717b870455c2786bd5db152

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
957bcd12820ebc18a0f0ef3692f461eb

SHA1
164b7ea98c06d4710630f8f2704d8187164167b7

SHA256
3c1da612ed9fdcdf100259a11e0e689ccb7746cb4bc89905b43cb1ce322bb143

SHA512
bbddfa14ecbe1069a2c092a2a825623862239050644e63f8df28902b74c8eb19da92db7919571219212cbd3ac8064650c97bc7990f7e280cc1da5189f9477fcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
4112687ebb2f594a858774161fcb9a51

SHA1
445e7234a1b7c01e7536011171d36964c12f7c79

SHA256
529653287e0f1f85c01275952560815ad3074bc27294eb735682248807b7a955

SHA512
3eb694d7bc62f390c64be8bb3b9d32fbeba210d417923c72fa5b26801e1250b14cd635ad1437b495d9179d8ae2a741e070f5b58064e2607e8eb649180bf36516

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
5c03c878060a403c57e20ca2502ded28

SHA1
a04a0615b43400de9b7fa1792fcb902f2874a169

SHA256
2994dd9f653a406108378a53d9909cca891757b5efd84fa5bb4f59805f2d6ed0

SHA512
c489dc073e25093733b637da77a2b151142ead37ed8e95a45c6ac0c25f26818d34e4ebb76a9ad0cbb524babd6317f0a8d374ae794c8e651bce68a08d8beaf58d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
89bf726e64c3e09976b9c6cadfcd58c1

SHA1
cb720339801e7201619877efeba3a9d50e6a02ec

SHA256
eaa827244f2bd1f3a39301aacd166ee60ef86c8c03e42029c88007aaeaa55c29

SHA512
05aa0b5a8987c329fd030e52a36d35b4840a7c50d320e480c67dd546fef7eff2bf2a33b7aef709b6db68f4622544909a0699581de3f34f58a1546241401c51da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
dc451a840710f0fbede983f2d93ad161

SHA1
a88c4c9b15010b1f0b5ec9ff68d46bd39242a01d

SHA256
9d807221b70d9fd28b37d6b15ab2b2c4765886720a87c78e3e00396586bda3ca

SHA512
64808c96ef4cc9d694cc948c8957e968e1aba92543994726eed4a31838c1d165ccb95a7df44ac3f76def9613ef5391eae0a68bec23a559337fc5e3bf1dcb10f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
56f179944d340ab585e44653a0f6dcbc

SHA1
ebbfad0058c9d116b5ee656328ae4e6b3cc9dc99

SHA256
3ce57f1ec73755f722f34c11ee48bc6c97c32b985bc53a35279182979ca0b609

SHA512
8309b124c0d7d157a38e1139468649cb6ef73c4e512688893ee2348bd68818a436ebc7c2faa82929d1ee97345ffb73103bfa15593d7dcb7f712c4556bd0193c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
6a229ce5ebaea7d29832f17487362555

SHA1
268e6a3d101e72e342116640e2c4f557329c3363

SHA256
3359cd74663569afd40d2222d584474f56f5e20a931b2114fb66c87f6247a795

SHA512
ce055db40990e6d9839c945be0ad05fe4041a53e8e8c595b4d195100df89ae5a109d8d70f242b1ef8a405ebf27cdab12c23f57971154d251cbd2a5ef7f425e6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
fcd63259c35358b9428a8f2da62aa085

SHA1
0fe2ca68dc9e33eec63166b70edd1cb386397e7a

SHA256
c9d120df6cabbf770e4009d8a8cb71fa584f9884ee7c145a2e6122fe6f58dee4

SHA512
21f1ef7cc7ebc93bbe1506b3791569c60d7ab72af952cc5c6c75749c6b08b86de6dbb6585cfdc3acacc0d2cc9f433f0c01d80492d721f0023faf6d72efc483d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
447c8905da01d6a2f535af30ca3b2247

SHA1
65e422c4516652edca6a9623c9a5841726740753

SHA256
039e84d46a9e52b45de83902511f724f29a5a58a2ed277480773b54a3cc7d410

SHA512
eee9ff856be0e35f38322163af42c5e84ce2e95537ca390295d98c7b3d15c56cf5b74f1e1d012d5d062c4868368cb93adb3bdbd672b1408d1a6ad2f66dc53ba9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
3de9630fccc4fcb231b5681b3f9792c5

SHA1
45277f608df9c25cd28f88c371fd68c1b7b205b2

SHA256
495e95d7e7426b10407553f1e3a63e4ead743391a7908eca1b13513be7e1150f

SHA512
7db62028613fe661670ec413713877204807417f3ceb15131bd48795f1f71d8548862354c6e69f2c04d43c445d46b79b31d09a42b58439fb474ea12e6538d123

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
f7af2fca5de063aad68a888652db5022

SHA1
e71031a125aa6ce03602cc69f147e9fb36bfbe89

SHA256
09fee08112395aa03d35a753ae8cef8a46e53c3928f0cfaee06618df92431262

SHA512
42ef7da956180604594f79b5d1c0788b94871f098c87537131a94c73fd5b8ecd96b4de017f07f836b1a83fd92f6de42a3d7d4240627f75227ea242f3bab5956c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
11KB

MD5
2c3870c6b5599df99ac817b5df379955

SHA1
d2bdd346f49228adba63d26f97035856edc78c7c

SHA256
d108492e002f08084a438d698170838dbc3775b125697851d278be4c52f292e2

SHA512
b7d7fac345b51a43a5f3d1e2093183dd42044063e629f1d8085593b035e7a9149162df6d96d8aeadd4651a9466e80cf18f043932e493d21a48061efef9da6d13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
11KB

MD5
37778cd569424c577b3fa029e4d64ef0

SHA1
0e796d56bdbd167eaf166e564ffb030527850251

SHA256
54df7cac0823286d921c1f647eb9159c817759a0a74cacc8eed902498b87813c

SHA512
2ed462ad130d9ef2e195f4afb8873b8353f9e7c3f820fce41a3030bad109d04f5092ff4f40f12018c1bfd3342002035ce578f09dd622a0584c3d4678bf8c1d37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
11KB

MD5
ac687f8e2c1fb5084084d4ae9f5601aa

SHA1
d1dfb3697f4a5eeec573ea27b9aeb142f297263a

SHA256
c72137f80fe74e805696069f81a970bb35ee1e2a3d56d81da138b0983cb89e03

SHA512
8023924feefe512dc560f948163e9dc7acb7ec37cc1b7c3b153b5e1a6a4820c1af25be8bc91a9dd2aa548c7ae47f38e1c0b1f52f47b10987e7b83f4a7cc3c344

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
12KB

MD5
579f4addb03052641a058ce50c7bc495

SHA1
0733f14517fe730b1888cfd709c0650947b78b5e

SHA256
ac5d444dfeb62c669af42c29948f5d85d7b9ad0da0743baf20553a98588e9cad

SHA512
b5b0c68ca086bfeb6505bc02471a24f10fee861c3461b3b2fd4cbf3a836911d786868d83daf0feb8c4495d4b0ebeabc83c3c79b0d0a1fbb31cf266eef073483a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
12KB

MD5
cb5d4ff99faa36a921386de9f85ecb98

SHA1
d7531700834f9486bc429c568aab1060b56cd786

SHA256
4bcf0ab474ca3a0546a4e30ae89d4e556c33ef4947f1a6cf19bb616c801c0ea8

SHA512
ec0550e9b2657935bc670628376bfaf6ead9106255cb4264be60fcacb12248b28395d9d11ad06e59242a4aa2d220006106837ab7b184ab519a7496720b4cf61a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
12KB

MD5
08af413c6a35a40bfca0e186e9f61b0f

SHA1
16f76c7730afa5b6765c2cd2e049fea6fb35da4d

SHA256
4f3d34a420ed70115a997a51f874903163773870fb0a1cf49cddfa58d8778781

SHA512
ca35d0f171ef3481e81cdfb85cc2d3edcfefac3ae72044dad9d3afd0b32d126562754326ae86170ac125978fd40382e87602f3a960da6f75bce36eaa6278a843

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
12KB

MD5
1043ae8346e38acfe887f1125a234f1c

SHA1
e39b050d80710ab023428860af56527e5d445d35

SHA256
dd7ac006182cec40f8ad3636adf9999c7fb50152627fa3316fe1a4c59d98fbe8

SHA512
aba2aa62dc2b9494d228686b4bf88c0b5c406d13968ec800347ca30aa529dd0f3ea839a643bc9ffb42079b8d1ea8d7d8655b0b07a3a5c976ac38a10c15aa672b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
14KB

MD5
2191bf67f58d1a4b6307ed43f9bdd830

SHA1
8e705305b32bec9a934623c897fb8f1f31601628

SHA256
0d653f362b888d7387082405e1dd1c57e29b7975200973e67b14e1a5d75f016c

SHA512
134984a04d0d42283fbe793606ea39a6bc9736ae617cc0adcb7a0bd8749e20749fce26822f346e74f50b08565f02a9bdef4d0620a659cab740df3daf7ab557a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
14KB

MD5
3b31a948a1e1023088707c84f79bca6f

SHA1
e014eaaff187ee319222e29fe2e74bf582b6dba6

SHA256
b4b9f55293c65b14b51281997aecb66148fdc9edb12dccd7da04708260a53897

SHA512
71b86a4910a2c843204352b4348572a387bf6be2716d282d9bc5b9834812fc3c81ba7f60a9142b9a64fd0070a756414dc137a33b969314059897864c1a5b069c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
14KB

MD5
860a7f08f0bcc054d323ba8b6334b93b

SHA1
0fbe2efbd0f14107a06559a3410401d116712347

SHA256
bb27a2d294d389058f72db09576bd1c149ec8e8422ea6c5b5061ccd4f98d294d

SHA512
c8bad3193d1d3b4e7cdd4718c8cbe87a8e17aabe2b1fd157b0c8fe923600ef5b30f6c1dc28180c24cd650816b151ff66b677544be5d2e91dc6ffedd35008b7dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fc3cc9a725b5fe3faabdef7e744c648a

SHA1
936896f3b298a079d7509e5bb07f8d3c5d28d1fa

SHA256
bfd4533c81ad3f54debde2ac8d98efea27c58b9f90e1dc90caf16a81ffee72d7

SHA512
2c4dd6a2d4868b41f66efbf054401900650a9f9d6d2744510a1f1c2c2da83a5046fef897331204e3bb7469e9ee7d3fe1d8355c7ba31736cb312b198a16e136fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
27cd0f3b16aba60f4d243ec08928e8a3

SHA1
5b0aa7b4e521c87b385ed60db7f68b226c470936

SHA256
4c030f255bc03b3cfaf4fb219d9bfcfe35aa8b07c453a43c237e00fea1141226

SHA512
4ba313751c546c21ed9989c85c61b09f192bfd5282056f6c49f7d1474a203c1dc1c866096bd9d06089240865103b16ad652e9f56fb9f06d67b1e0bc54a904a19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
1a8f1856f544995021a5859b650ef619

SHA1
dad5e58c897269b60a9fb77337288af11b21c99b

SHA256
271b0faf5eef5c00a12266bdd3d24fd0fe12893f72fc8a6cde49f3c63228c03e

SHA512
9e89a3f638541fe392536037f9772bf790c1a76e55b881b01ef11b136b50e893544e1c5928061659dc10cd7e5feaa87a1089b1f9fa33db956b38387b88c45057

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
880e3203289bf33856097d25b73c970c

SHA1
b5b9b8ec5a62f7b7c20df5182f22810d32200a54

SHA256
58211a505dd842f300a731560184c9325cd55d52a88910c850442407e5e7a48c

SHA512
663680de95a20552d901b239d46789d6edc18e780874dcaa624f6e1f99a39aa297c122966be7bbf579efc7f3b55f4e8ab0cb0e5415436d810550e3bb041b43fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
56fd9e5dcbe0e25671903ec9b8f14635

SHA1
f9522f37cda58cb6ca78322a636b68274499c030

SHA256
3bdde91b163473138377d91934f5ba92e9d79373802032dc1e674d2f37a896be

SHA512
d59ff8d18bcb8f3b2f5af7eff898e474b30c687579b73b0843e5c33fa83087330959344a51f6f38fb38de0ca3cdf5e5626cf971cdc7c8173540c3d6b24281384

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
f3afb7b7548b3c43cdd2839ac4fa26ac

SHA1
807e84608340aa4f5e74419fafffcbc19d3d83dd

SHA256
cd5b2307b7ef86b099d71195b8d773839711a445e57adf9108cb0db7567f2f95

SHA512
29491445bb91f02c127c4301971fbd0f156a6e186e64ca513858ed0c612a24423c3d3605832e0e095e2ff9610b3da6d784a1cc49ace793976c4f2795273e39ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
14KB

MD5
fc9752bd04a68ebfee62f445c7e429f8

SHA1
878675d74bcc369ddb6d497064a9851de7ca78f2

SHA256
5f6e9fe7808a8cf1f59ac0f4e1a3c87f1e99a7437f85fbf99cfdcbc9469096f6

SHA512
7341e7b8d2acfdfff6435a77bbfdd2e429fd62d7f8ae7d2922f8373ba89ee2542d5373aea6373000e1b46035923d19abe5494ea59eacdc2e547be15de8a685e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
12KB

MD5
f079db1c98ead174aa83409f7e55dcf0

SHA1
18eee659b2fc808dd2b3bdacebb8c9619775ef45

SHA256
b5d5945bff41f89faa18c86d257a94f873308e2f03dd80335eac920fe11f4e06

SHA512
26c08cc100ab730694cfad25a9d3877d346e6278cd61a8b98918c26aacf54522354e53400e026d991d9ab96430228e34cf6200c2a3f1fab123ede3d7bf38c812

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
4b020c82b6b2ae8ed56cd9deb374b32c

SHA1
3a9b9458065f888c9526b452944d5e93764b8c3f

SHA256
41980ccae5f640b7d316f996c8f7625e5e8e9dd19ea5d53f76a714249d3ee1ec

SHA512
1204ea0f725d1c0d01834483327281905e22b8ddfec0a487de9f1e1098a090e6a346f62e7d8e41fcfe7fda13f8b40ad29598300c00cc85fb624aed1f5aef446f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
11KB

MD5
9f9def674bf31e5db22a6ef79e19aacb

SHA1
8ebc6ef7623bb87d6a63794e85cdc3c9588d3a06

SHA256
faa7ee29b2026ab56fcbb9d6bcd7646e7afd380f41744390c933c169f2e1ac29

SHA512
39796f711bc2e8e786746c4b477982f7f56b7a0d76a8873592f244cdc3f9ec02ebaff3988eac453323887461d5158d6cf499a95f4e9d379a6446a4a3e5e32442

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
14KB

MD5
61f713589b3e089f7d4ecdd61a103421

SHA1
3891fe06a986c6d6917c5af89651ee62d06ad45c

SHA256
9132d8059881b4f4d4d3fbfef54afcbbb1378818f0b793751db721e13966ff18

SHA512
8330454bf19a187702ed517d1828d83684dfae9c8986cf64489e1e242e5c656d06fe7694fa0323336326b9367daf1b03907aa0db7245f1d9916d77b1e3db562d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
88023c0473057c786f65ea781f6a2010

SHA1
33e532a3bcec871c48f2d91411d16430bbe42000

SHA256
3b3e61dc42550da406d7e2abfa027f44d11028931daa1a1be5f81d8c63002933

SHA512
da2d93462bea17bcf29384775b461efd1a43234a1490ab8175f40fb2657ce840382d33da9ab165805642f2f67fc042b1084f020108b8e5282bbb0b948bb826ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
c12b3585218a2e789502858db6785bca

SHA1
e6d08db812e6216ce7e0a48094579bb389f28a1c

SHA256
1728589173e66fe9d90ffda6fda7055863c2b14045e5d5f8ae48f49178627587

SHA512
26779de94052b4712aaaea67207f4195f47b2fc790a95dcb3df868917b571ebbe993b67c24ebf0dfab89f81d774ad998bbdf2727e2c91ae299cb5f73d7e25aeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
ba661df9500694d38e379be2a4727e29

SHA1
d3bd92ce6a3b9eec6f07326637bc49259e23fbb3

SHA256
1d10b53088139b2a4490e79b0cfc87432c80b9b9a3e7fd8e01a803f855e63984

SHA512
3c223bd94b1efe3e9e2e259c01f05639cdc00bd00bc0603e63628a5bc878a072bf32388fc4f9eb88dfe4e5c6bab773f390a2d554edcffc302537eb64d79b1eb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
4d9634b3a34341921378a0d5639d981e

SHA1
a5bbe4e27751d94eaaad4f16cdb4f02883855e80

SHA256
53862e0db4c3fe3e0f18ae834fc200a9b1eae44d67fe6efdbee22a9690f560a9

SHA512
11458f00a7046628a7989833ae3f02dece07c9df95901e03674cdf95fae9c151c373182db737cc815867bdb609200f96601b389dda978fdf0d356295b7750928

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4d63005eb2c9278d5a456f8b9c1bc60f

SHA1
1642e63346319ee9f5c73515b8fcd024a7963148

SHA256
71999bc08e9be605fc49301f6e7973b3157dd8e9360c62df073fe00ca4d00e3d

SHA512
2e946acf884ec9ce3c9988f058b6ac626597d1eace224fdf7bc39e37b78148c60bf2a89817c07ab3ada77634ce19f3e1d7fbf7594b0a2200b7c9ce1efb3caa4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
10KB

MD5
294348ae52d9359c5f507d6775042af9

SHA1
99bd40ef2054f14f878b49a9d6d25123e48456be

SHA256
3fbcb72fdf130eeaae62fa96075260c6a083da8a7587d9bed0c8ee499afe5042

SHA512
ff860d5f3754cf607dbd49dd5a06f3561b7109845b60313b0e34bd72066c052044e722cea0244d91cb03b616bfaae2c6a8b75dee788374e9338a6b0c2508dac9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5b15b8ad38204f0abe256e51432e11a2

SHA1
8cd2567fff749183e268976fe4f8a9a6891c54d1

SHA256
06a001f01a52bfc29a9459105c68d53f2b3046a4852aec040fea88dc0af311b6

SHA512
378c48f2990b45cc8082142f41fe28005391b10ea2163ee360340b419d82f6382c4bb365238c6271b04bbad1c7b6363c40cbe30cc915bed0226532ee3d3affcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
14KB

MD5
4b3c63c898f5270a0b07a796eebd66b9

SHA1
4c45780f281136bae5eeaaf8c907d3eb1e8d9838

SHA256
26f18fce054e14345f342785f61eadaed4ef6844eabc49f2a1331c76ca3399a6

SHA512
0c9255d0accaf8116639a6f3313a6b39b4815fde6415147d517e666cb15f657e7fd951176c578c9e7bb23b30f15e2c641d16d3cc9f2a19fc021c1fb00a7ea8fc

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log

Filesize
4KB

MD5
45e9d55413c0f533a3628894fd143742

SHA1
8962e42029a91ae7464e655393abcea0bc6facbc

SHA256
677d00275e810131436fb4bdff067296037793a8f040c2aeffdc1c239265837d

SHA512
cc4e2834b6ef12b598903393f511b739d4e7a427979b4f7756bbdad658c1a1710176b77fb9f684dfb14cf7859c40b10bc9910742b240fe2019515c97bc58bf5d

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\3pz7vx0r.newcfg

Filesize
2KB

MD5
f201e9bf75e08878065362c45bf7acc9

SHA1
e82839d11a7fe0853aac81cba7e74771fe11b613

SHA256
f9dc32bca0a5229dd95c83f168e28125ab7984f6bbf469f6fd6bfcb313857774

SHA512
d2beca02f82a85ff1d0c9afc1a46d6dbfcf25934d179e2b7694d3a0ee91e3eb1586844a112489ecec0edfebc34d4bca9cb5cc37a2e51006af3ad76b32ec4887f

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\d5peadql.newcfg

Filesize
3KB

MD5
f38e541bc4c26d50ff6ea74596f30871

SHA1
338129891fc5b7504789b116ff88f25865b54a71

SHA256
e5b6c977573fc51b9d2b6576f7ec30fcbe19c47ed14b9541b1e76fc87610d170

SHA512
77277bbb12e0aceaf815ff551609b55d481a5b70472b79c9abed978a663ff9029227280146dc8c4abf9ca6b76826c62b0542ba433d65b661525beac1bf9212b1

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\g5bybvtd.newcfg

Filesize
2KB

MD5
0749f5871f27ab90e3df329fc16b6d22

SHA1
edc2eec21cf9e2067476a013b806dfe8e7597fe5

SHA256
f49957226ccffce99ac178b843c1655b5518b3b1936508e32d075682fa8477a1

SHA512
d7c77a32ce2f93fb09d18c7399667d434b9e5f33bfcf0bd4e68e61557aaea11ff6909dfaf9f66463063ebd4cc1a4b0976db161c21acfbfaaba176892098515b5

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\jjqtblet.newcfg

Filesize
2KB

MD5
43a87e1b7372620c28bf64036e68fb49

SHA1
6f2d03cc89b06d4e5d9bc8bfd2664a8c552c1a1c

SHA256
19b0f3b3262a767d15ba171f21474a6ae5bf3f1f04d98a10ce1830a553aa3f5c

SHA512
b2f4b807ab6eeb453a582f0cf26ee79cd193ae077ac660283aa24146e370db1309a4477e33da5189afb5a9baa07e5e898ea99130c1f70a7b8269fe5778e5d0bb

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\jk4y6zix.newcfg

Filesize
2KB

MD5
efbf09de0ca277aa357c007dca29b09e

SHA1
49f1bb34fcadcefd40ed3f676846747fdd668b1c

SHA256
2a81c805d9e997dd73d71feb0e22025160bb83bfd889d946d14fda7b416ba122

SHA512
db3b07c69e010b9d23df47ed739e66d78dc64f148342710aab221b36ab4c5d3b3bb4b3e9f25764ea890d81d7236490dd632d31ba1993ce00c8de9ed1009b2755

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\jmj5h5hh.newcfg

Filesize
3KB

MD5
575fe498c13cc64ad53981ebe16f7653

SHA1
ce731762738f442512a7e330ce3f66e08598c44c

SHA256
283e9d4165f8a87c293b3496316ecfd0d97f3b69dc5f3f7682cf0e5dc5d919ef

SHA512
7a2bfec386f33bd428b389fc39e0f073639c330ae2211940cf62d812202a8297e0abcd54ae60360847a688409418812981c8187e6ff2835e285f2d39ddf2cbdb

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\kdwkem6j.newcfg

Filesize
4KB

MD5
bd2586d06122461a4bb00893990c3ec3

SHA1
480d259c710547e357586b45fa61f1dd74e83f5b

SHA256
80cb5e7b11eb6a5d8618314d3586c7d2426730ad6d8e786a1b97b9bf9025180f

SHA512
680e640af581e52af15e0ea6faca86db88c4a229b23d7d6fdc226bca785b2b6b958e5a7415c9d88087443502d7eaa8fa3d3f0a6b15c6b444c92e64f983244a48

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\kh24co6m.newcfg

Filesize
4KB

MD5
2f7278b2634f311ed25b9739d5ba8d81

SHA1
f975d0b2211ad4dd010ac3cb5413cea952f82300

SHA256
b716c1cf51e32987a4680ee287e900cfc2b5546c85e152fcaca23a3637dda468

SHA512
8459c2379875fff9f6d48e681657c2931237c82b0a82b65ac9d843645bca9bfe6d3d6527c5193f8ec02d309e57f81f05e0d284e05f4568d94c425a5b3ec39147

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\n_0vbny_.newcfg

Filesize
4KB

MD5
817133a65b4e0a5df297b588d8d4f68c

SHA1
6c86854744e5899bf5564fa319b5981a26e43b29

SHA256
8f73cef6866d9beb7830ae648250cf537c9b5c366f07247c63adf9501050c939

SHA512
bcfabf89b0c7b005985c9ba1651f8fe1b1af2403b2121754be2eb40a5446cc7538d13a40f35ef52a1fa0514841c14ff33e2c80893235be37c9da2fa327ae8b5a

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\rcgjvwjj.newcfg

Filesize
4KB

MD5
c077e9f808b0d2887e38e7f1adc64ec8

SHA1
3efb93aa8178ea9db5795d80563fb90425ef7ced

SHA256
3a755865cfca0460ec8b04a405ffc50ce613f41f36243bf8da433c84811806a7

SHA512
e4025f7a39bd5ace50a44b974b2f3c7b5780cb9d72e2d5ce86732f1c9687d3acce4a0ebf7be7be7a6aa9f5d554ac2310671e318233b5c16f6bf1353daee5a1f0

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\susx2dbz.newcfg

Filesize
2KB

MD5
16c90305bdc8cd111d6f498e86ec404d

SHA1
a69ada4e30e34412148543d9b7b12f32e6cb5f45

SHA256
e7a7a1e8c0285ee78f5b1485dd1022a8d87cae0d40fef64ab2e520869daf1aa5

SHA512
904a8c4abdefde1b903af60ea6356ca0f9fbbcab58293aecfe4f690db4c73593f958c81105bf00725931a0545fc377bba2ca37312456a12425ceed1b52676ac3

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\user.config

Filesize
341B

MD5
173c8e5d53012fcd93034042f8464a19

SHA1
226fafb255a07ee20e0522a8902638844afb88f1

SHA256
5ba3803c178a75c84f9868bae53edb497f63869de941dc21578546185c269d77

SHA512
d1ca7efbb86066cc8e1d0dc91b122d3b7f98c56f49f449da405d36304e73905986eb697604360ec4bf6b2fa6603ad3020624428d2a67db050cd141e23780eeb5

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\user.config

Filesize
470B

MD5
64c71bbabbada7b8824b3c637b404ae6

SHA1
58908d0f0a3dca96ffed1ff36da5bdf761f56338

SHA256
58b78f4ef263136491df59bcf5c510b03116bd7c18ae319c868367296c7041a7

SHA512
e8fdd3ff659bd7c1b581b6245dd059247bd382c0971411347bbbc8adc75c1108671a3b019021d615739ad8aabef92acf342b72316647ea324eef78f2b3161337

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\user.config

Filesize
1KB

MD5
7c1e2fa646b4cd024f84780eab71fa96

SHA1
8eaa1cfbce0b2741db17bcd7e82d1a2e683e7b95

SHA256
344e20ec032dd49019f57186186c0144eaffd6db89e0f082c7b29fee6123b8cf

SHA512
a6071c3b62f479fe4b3fc04ccfafd776c27774722a1537b343a6fb9eb6748cfbcc51a2aff378498959a14908ae6053cec29c9d71044e47edaa1929f098d7783f

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\user.config

Filesize
4KB

MD5
5017b3a9007b10d157e30a413a503a6a

SHA1
881aba2821763bf5f5f203501310e0ba72929a4a

SHA256
43b534112cc29e037ce0d33992d1c9dc939879fc75bb175aaaac40badb900ff3

SHA512
c433f7180b432642691235524fa023445f17ece5f003432b4c11e89fd1ab0b8d138b9aa3d189a139ed01c2a7b2c82d9499e6dd392611be61ecbb00f9c9b6d9a3

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\zib_he3p.newcfg

Filesize
4KB

MD5
38b16f200f93642dcbb58d1f6ac7c1b0

SHA1
557304f76572b9d8067a926c1bd9de1b9020510b

SHA256
7a64b6894d0acff252a49e9c31733ddce4f9a546fd24889a190bc9709bf838ca

SHA512
50a76bc74439ee3882f5d2731211dac3ae440390133521b57de428defdc721b64db967758109a35f5ce4dc03d8324bfcd7563bb65ce857431b0facb34f57f454

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8411007bafe7b1182af1ad3a1809b4f8

SHA1
4a78ee0762aadd53accae8bb211b8b18dc602070

SHA256
1f274d0d144942d00e43fb94f9c27fc91c68dce50cd374ac6be4472b08215ca3

SHA512
909e2e33b7614cb8bbd14e0dfff1b7f98f4abbf735f88292546ce3bfa665e4cb5ee4418561004e56afc5dd30d21483b05f6358dad5624c0dc3ab1ba9a3be18eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3705116a-5a7d-4407-8a5e-bfe2feb44906.tmp

Filesize
24KB

MD5
8caf4d73cc5a7d5e3fb3f9f1a9d4a0cc

SHA1
83f8586805286b716c70ddd14a2b7ec6a4d9d0fe

SHA256
0e0c905b688340512e84db6cf8af6dbdfe29195fefde15bd02e4917a2c5fda8c

SHA512
084ef25ea21ee1083735c61b758281ba84b607e42d0186c35c3700b24a176ada47bf2e76ed7dadd3846f2b458c977e83835ced01cda47cdd7ab2d00e5a1a294e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
175B

MD5
bf80911fa2a99a0faf78586758161fda

SHA1
bf95e2cc40772b70d7e15bf34c674eb2f83164ba

SHA256
06b905a34b3611b27e5f4c03ef11ada9f8bf9df840e6a26e65f2ad6ba1d744e8

SHA512
560a4b28a1d02a7bee186245d12e6659bbfcbb5d25e28db214f680345a528676368efffbd8f751e7916cc7d7425f6fc8c8f166f2a3d2ca6d9b17f3fcad1290c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d8c20cbebcab36c4cd65d2a9dd7c4fa8

SHA1
8fab00f213c12a11dbc555110d982eacb65bbcdb

SHA256
484de8ae825be853036f014a73001dec48f8cc646d702fcd97f42c878f9c2ecb

SHA512
2549ef2ea364ac6a2d1b00c2f0c1a1f83f2ce7f3d35713f55e7072bb3b212a7998f9b4ee94f3f3de6271c8fecc3010e3ee1df109e0c998c868069d924809a406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b18fd8644fb63fb67a46d907320070cb

SHA1
2c1c46789b9daed61938982d963c7e11a9efcc11

SHA256
b2639b7654a7e42478b53344012d167488484f588ab5f4afeb505c2127d4a5df

SHA512
b4971d9fa88f2bb60a796aa6c289ab2931bc0560d57e116b54a152e203e7a9c1662c11fde0dfd656ad120312cab9ee3cb67092b1462ab08bf638522e93734fe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2474a254c5d65ff9721e8f64440a4be4

SHA1
b34bb83b50822dca11ac5403a4f745fcfca35582

SHA256
0c4b3d37a297dab57f3574243c0268389e67192f940fd8146ddd96a23014acbd

SHA512
7ec326c7d39afd55d7f673ef1ac0e3d7e56c02f85bbf111a03351e7f0ab8bc5a05c32140f40901ab43a1dd33868de0255fa577d716e7aeda71e43217be47d191

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4e465037cc1474cae5f53c74967c7996

SHA1
f26c32186abde21ab14bd88bd0ac0729021085f6

SHA256
2409194352fca1fa61e912921b1a0e321bc71513ba6622445bc92d9466b23958

SHA512
76aef9576681f72090e34f5fc7e71297297d13a38664be0b30e518a85a5a39c2ae4fab8ad2b3b099698647230c52fae3f7182a0d1ea06996adb57948bc9e1bac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
50c6f88b6a19c578c7a80309f68e920c

SHA1
e4c7b0c6b930b2dffd5835a1b394870804974c80

SHA256
e59a0d5a64e3aa0169458ba8a084827ba2aa920f511de1519bffcbce239f9cae

SHA512
1aaca4efcd0f188a4e2798c851e88e40c051e0463c963916d9e4d6d80d599d261c66d5f49d550b92cd4eb159ca5940da65663efd9c9017a26387cff8f7502aef

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC64A2D6C\ICSharpCode.SharpZipLib.dll

Filesize
207KB

MD5
1e16bad4f6a563c46161bb4fb0cfec4f

SHA1
e86ee8b835814ff6e6d6709a00694d0308cc83f3

SHA256
c7b5080ea8b2753751cb6252a3e9edd2a292d8a141de9e65cd3d0005ebe041e9

SHA512
a0a52c24bde70dfd22d0c7b57a2ae53927a5efd2a6dd18a325f7d03a6fd94eeb6c5885b63c7e135bac786bc4bde82640584e76ab04d9a9e6bf24923b9f05e7e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC64A2D6C\ICSharpCode.SharpZipLib.dll

Filesize
207KB

MD5
1e16bad4f6a563c46161bb4fb0cfec4f

SHA1
e86ee8b835814ff6e6d6709a00694d0308cc83f3

SHA256
c7b5080ea8b2753751cb6252a3e9edd2a292d8a141de9e65cd3d0005ebe041e9

SHA512
a0a52c24bde70dfd22d0c7b57a2ae53927a5efd2a6dd18a325f7d03a6fd94eeb6c5885b63c7e135bac786bc4bde82640584e76ab04d9a9e6bf24923b9f05e7e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC64A2D6C\ICSharpCode.SharpZipLib.dll

Filesize
207KB

MD5
1e16bad4f6a563c46161bb4fb0cfec4f

SHA1
e86ee8b835814ff6e6d6709a00694d0308cc83f3

SHA256
c7b5080ea8b2753751cb6252a3e9edd2a292d8a141de9e65cd3d0005ebe041e9

SHA512
a0a52c24bde70dfd22d0c7b57a2ae53927a5efd2a6dd18a325f7d03a6fd94eeb6c5885b63c7e135bac786bc4bde82640584e76ab04d9a9e6bf24923b9f05e7e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC64A2D6C\ICSharpCode.SharpZipLib.dll

Filesize
207KB

MD5
1e16bad4f6a563c46161bb4fb0cfec4f

SHA1
e86ee8b835814ff6e6d6709a00694d0308cc83f3

SHA256
c7b5080ea8b2753751cb6252a3e9edd2a292d8a141de9e65cd3d0005ebe041e9

SHA512
a0a52c24bde70dfd22d0c7b57a2ae53927a5efd2a6dd18a325f7d03a6fd94eeb6c5885b63c7e135bac786bc4bde82640584e76ab04d9a9e6bf24923b9f05e7e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC64A2D6C\ICSharpCode.SharpZipLib.dll

Filesize
207KB

MD5
1e16bad4f6a563c46161bb4fb0cfec4f

SHA1
e86ee8b835814ff6e6d6709a00694d0308cc83f3

SHA256
c7b5080ea8b2753751cb6252a3e9edd2a292d8a141de9e65cd3d0005ebe041e9

SHA512
a0a52c24bde70dfd22d0c7b57a2ae53927a5efd2a6dd18a325f7d03a6fd94eeb6c5885b63c7e135bac786bc4bde82640584e76ab04d9a9e6bf24923b9f05e7e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC64A2D6C\Newtonsoft.Json.dll

Filesize
426KB

MD5
6fe086f542ae0dde2ab0162a87b63192

SHA1
a940664ce30f1938fed543d23e3715732315ab2f

SHA256
484a60598618c20e518c0acb0a2d5296fb64d15dea2edda698a178caba16ce27

SHA512
ca4c8682b169385a2b2795a3c128b985123d40670a55b8d5d5545e3377568be396d370808d14d099c583991e3ca438e1d48963c4e1620131e1ba4691f8f40ca2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC64A2D6C\Newtonsoft.Json.dll

Filesize
426KB

MD5
6fe086f542ae0dde2ab0162a87b63192

SHA1
a940664ce30f1938fed543d23e3715732315ab2f

SHA256
484a60598618c20e518c0acb0a2d5296fb64d15dea2edda698a178caba16ce27

SHA512
ca4c8682b169385a2b2795a3c128b985123d40670a55b8d5d5545e3377568be396d370808d14d099c583991e3ca438e1d48963c4e1620131e1ba4691f8f40ca2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC64A2D6C\Newtonsoft.Json.dll

Filesize
426KB

MD5
6fe086f542ae0dde2ab0162a87b63192

SHA1
a940664ce30f1938fed543d23e3715732315ab2f

SHA256
484a60598618c20e518c0acb0a2d5296fb64d15dea2edda698a178caba16ce27

SHA512
ca4c8682b169385a2b2795a3c128b985123d40670a55b8d5d5545e3377568be396d370808d14d099c583991e3ca438e1d48963c4e1620131e1ba4691f8f40ca2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC64A2D6C\Newtonsoft.Json.dll

Filesize
426KB

MD5
6fe086f542ae0dde2ab0162a87b63192

SHA1
a940664ce30f1938fed543d23e3715732315ab2f

SHA256
484a60598618c20e518c0acb0a2d5296fb64d15dea2edda698a178caba16ce27

SHA512
ca4c8682b169385a2b2795a3c128b985123d40670a55b8d5d5545e3377568be396d370808d14d099c583991e3ca438e1d48963c4e1620131e1ba4691f8f40ca2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC64A2D6C\Newtonsoft.Json.dll

Filesize
426KB

MD5
6fe086f542ae0dde2ab0162a87b63192

SHA1
a940664ce30f1938fed543d23e3715732315ab2f

SHA256
484a60598618c20e518c0acb0a2d5296fb64d15dea2edda698a178caba16ce27

SHA512
ca4c8682b169385a2b2795a3c128b985123d40670a55b8d5d5545e3377568be396d370808d14d099c583991e3ca438e1d48963c4e1620131e1ba4691f8f40ca2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC64A2D6C\WebCompanionInstaller.exe

Filesize
461KB

MD5
4a5b051edbc60c58d0fa08810ab2fa0a

SHA1
0430c9096463c70cfabd1e831df7121fc39ba811

SHA256
4f388b54e9ba62572013722783938e1603fe3e76b5b02031ed33df09c1c73eaa

SHA512
9a9e0e5f85ff379d5927fe0525592b8378b40b6237e8f0b9c34fa667246140ebe26883575d3d8e0c437e3a2571cd0bc39337f3fac88694537c4fefe227ad63cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC64A2D6C\WebCompanionInstaller.exe

Filesize
461KB

MD5
4a5b051edbc60c58d0fa08810ab2fa0a

SHA1
0430c9096463c70cfabd1e831df7121fc39ba811

SHA256
4f388b54e9ba62572013722783938e1603fe3e76b5b02031ed33df09c1c73eaa

SHA512
9a9e0e5f85ff379d5927fe0525592b8378b40b6237e8f0b9c34fa667246140ebe26883575d3d8e0c437e3a2571cd0bc39337f3fac88694537c4fefe227ad63cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC64A2D6C\WebCompanionInstaller.exe.config

Filesize
2KB

MD5
ebacec1e9929bd429c709a9fd0c210ac

SHA1
a6a847fd94fa1d243108ecac6eb75e14033a93c0

SHA256
ae0e80f5549f5ad5ef0996882a2e0f997ff3724e63a35c9bca9001b10f58dee6

SHA512
8a7f4dccf0fd9888d19f01358c751a917d707c5b2ce01852224a4d3f70440d0e026dd824ac51f07942ad7722d07e949798cc044dccd32559f35651f01efcd196

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC64A2D6C\de-DE\WebCompanionInstaller.resources.dll

Filesize
10KB

MD5
383ba01583dd7feee5b749ae4c0a058b

SHA1
a9c70ecdc4f1b4c73ff0b1b12d8254ea951f9af8

SHA256
ecbe3d8661d6495a47182ddb0c2099edd1e1b3be1f14449a10f3f47ddd62539d

SHA512
3ce5f2b4be2ef51fd2f14b6723d0ef91c8c5aae73a1aa7e6ba1780409129e179b9a96a9c9cf39d3e4edde6d0b3057b7ad03b2c90a2501e76375c2403fc3a06ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC64A2D6C\de-DE\WebCompanionInstaller.resources.dll

Filesize
10KB

MD5
383ba01583dd7feee5b749ae4c0a058b

SHA1
a9c70ecdc4f1b4c73ff0b1b12d8254ea951f9af8

SHA256
ecbe3d8661d6495a47182ddb0c2099edd1e1b3be1f14449a10f3f47ddd62539d

SHA512
3ce5f2b4be2ef51fd2f14b6723d0ef91c8c5aae73a1aa7e6ba1780409129e179b9a96a9c9cf39d3e4edde6d0b3057b7ad03b2c90a2501e76375c2403fc3a06ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC64A2D6C\de-DE\WebCompanionInstaller.resources.dll

Filesize
10KB

MD5
383ba01583dd7feee5b749ae4c0a058b

SHA1
a9c70ecdc4f1b4c73ff0b1b12d8254ea951f9af8

SHA256
ecbe3d8661d6495a47182ddb0c2099edd1e1b3be1f14449a10f3f47ddd62539d

SHA512
3ce5f2b4be2ef51fd2f14b6723d0ef91c8c5aae73a1aa7e6ba1780409129e179b9a96a9c9cf39d3e4edde6d0b3057b7ad03b2c90a2501e76375c2403fc3a06ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC64A2D6C\de-DE\WebCompanionInstaller.resources.dll

Filesize
10KB

MD5
383ba01583dd7feee5b749ae4c0a058b

SHA1
a9c70ecdc4f1b4c73ff0b1b12d8254ea951f9af8

SHA256
ecbe3d8661d6495a47182ddb0c2099edd1e1b3be1f14449a10f3f47ddd62539d

SHA512
3ce5f2b4be2ef51fd2f14b6723d0ef91c8c5aae73a1aa7e6ba1780409129e179b9a96a9c9cf39d3e4edde6d0b3057b7ad03b2c90a2501e76375c2403fc3a06ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC64A2D6C\de-DE\WebCompanionInstaller.resources.dll

Filesize
10KB

MD5
383ba01583dd7feee5b749ae4c0a058b

SHA1
a9c70ecdc4f1b4c73ff0b1b12d8254ea951f9af8

SHA256
ecbe3d8661d6495a47182ddb0c2099edd1e1b3be1f14449a10f3f47ddd62539d

SHA512
3ce5f2b4be2ef51fd2f14b6723d0ef91c8c5aae73a1aa7e6ba1780409129e179b9a96a9c9cf39d3e4edde6d0b3057b7ad03b2c90a2501e76375c2403fc3a06ea

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.LavasoftTcpServiceLib.dll

Filesize
55KB

MD5
d050df18bd18bf81abc997ff64e04fa0

SHA1
90c106a3e2a58c2e6e4ab3e0b14e32520a0e34d8

SHA256
7b5f7bbf5c1585f596b2a9bb5b67e70696a66f07ac645acbd9b9451f33c4beda

SHA512
e79a7dbb4474768741dabb5c41885d2f684e6c9c3244657f017c534754ecac9a5001e251282d087d503cb598aea836330e8b12612cd6317f8c20dc9318e70a5f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.LavasoftTcpServiceLib.dll

Filesize
55KB

MD5
d050df18bd18bf81abc997ff64e04fa0

SHA1
90c106a3e2a58c2e6e4ab3e0b14e32520a0e34d8

SHA256
7b5f7bbf5c1585f596b2a9bb5b67e70696a66f07ac645acbd9b9451f33c4beda

SHA512
e79a7dbb4474768741dabb5c41885d2f684e6c9c3244657f017c534754ecac9a5001e251282d087d503cb598aea836330e8b12612cd6317f8c20dc9318e70a5f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.LavasoftTcpServiceLib.dll

Filesize
55KB

MD5
d050df18bd18bf81abc997ff64e04fa0

SHA1
90c106a3e2a58c2e6e4ab3e0b14e32520a0e34d8

SHA256
7b5f7bbf5c1585f596b2a9bb5b67e70696a66f07ac645acbd9b9451f33c4beda

SHA512
e79a7dbb4474768741dabb5c41885d2f684e6c9c3244657f017c534754ecac9a5001e251282d087d503cb598aea836330e8b12612cd6317f8c20dc9318e70a5f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.LavasoftTcpServiceLib.dll

Filesize
55KB

MD5
d050df18bd18bf81abc997ff64e04fa0

SHA1
90c106a3e2a58c2e6e4ab3e0b14e32520a0e34d8

SHA256
7b5f7bbf5c1585f596b2a9bb5b67e70696a66f07ac645acbd9b9451f33c4beda

SHA512
e79a7dbb4474768741dabb5c41885d2f684e6c9c3244657f017c534754ecac9a5001e251282d087d503cb598aea836330e8b12612cd6317f8c20dc9318e70a5f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.LavasoftTcpServiceLib.dll

Filesize
55KB

MD5
d050df18bd18bf81abc997ff64e04fa0

SHA1
90c106a3e2a58c2e6e4ab3e0b14e32520a0e34d8

SHA256
7b5f7bbf5c1585f596b2a9bb5b67e70696a66f07ac645acbd9b9451f33c4beda

SHA512
e79a7dbb4474768741dabb5c41885d2f684e6c9c3244657f017c534754ecac9a5001e251282d087d503cb598aea836330e8b12612cd6317f8c20dc9318e70a5f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll

Filesize
199KB

MD5
719abfcdfe4a420ed8db4b1f407b27c0

SHA1
d8b5b8b670e10a00c3b2b21d147568b6c4a68edd

SHA256
4fd95a547d9604810e3ec80d63a564492a1a2d050f985bc228a191e3fdf5631c

SHA512
b970be97e23a5f97d70d9ae87512a596e0bec22ec6e76e8198318ec0c8a2b36cfa9064ed6e7bf514ab44d6dfde07a0c37c67167c54bfebded1ecb3b94d9ce7e6

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll

Filesize
199KB

MD5
719abfcdfe4a420ed8db4b1f407b27c0

SHA1
d8b5b8b670e10a00c3b2b21d147568b6c4a68edd

SHA256
4fd95a547d9604810e3ec80d63a564492a1a2d050f985bc228a191e3fdf5631c

SHA512
b970be97e23a5f97d70d9ae87512a596e0bec22ec6e76e8198318ec0c8a2b36cfa9064ed6e7bf514ab44d6dfde07a0c37c67167c54bfebded1ecb3b94d9ce7e6

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll

Filesize
199KB

MD5
719abfcdfe4a420ed8db4b1f407b27c0

SHA1
d8b5b8b670e10a00c3b2b21d147568b6c4a68edd

SHA256
4fd95a547d9604810e3ec80d63a564492a1a2d050f985bc228a191e3fdf5631c

SHA512
b970be97e23a5f97d70d9ae87512a596e0bec22ec6e76e8198318ec0c8a2b36cfa9064ed6e7bf514ab44d6dfde07a0c37c67167c54bfebded1ecb3b94d9ce7e6

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll

Filesize
199KB

MD5
719abfcdfe4a420ed8db4b1f407b27c0

SHA1
d8b5b8b670e10a00c3b2b21d147568b6c4a68edd

SHA256
4fd95a547d9604810e3ec80d63a564492a1a2d050f985bc228a191e3fdf5631c

SHA512
b970be97e23a5f97d70d9ae87512a596e0bec22ec6e76e8198318ec0c8a2b36cfa9064ed6e7bf514ab44d6dfde07a0c37c67167c54bfebded1ecb3b94d9ce7e6

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll

Filesize
199KB

MD5
719abfcdfe4a420ed8db4b1f407b27c0

SHA1
d8b5b8b670e10a00c3b2b21d147568b6c4a68edd

SHA256
4fd95a547d9604810e3ec80d63a564492a1a2d050f985bc228a191e3fdf5631c

SHA512
b970be97e23a5f97d70d9ae87512a596e0bec22ec6e76e8198318ec0c8a2b36cfa9064ed6e7bf514ab44d6dfde07a0c37c67167c54bfebded1ecb3b94d9ce7e6

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Events.dll

Filesize
131KB

MD5
c86dfe367017deba7a77a6724d0cf387

SHA1
c97b810c9755275e45128299a422040544f73422

SHA256
bc57b7acaed475fa37a63d0d9167ddf55331a228905e18027c0cbee30eae4417

SHA512
438fe3cd085b0b05e809b85a43e0a721a9ba7790d7fc464b9aa0184d19eb1224277f3dfb95f1aaf104d28e79d07faf12155d4fb80c02476c0cdcfe9015dcb205

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Events.dll

Filesize
131KB

MD5
c86dfe367017deba7a77a6724d0cf387

SHA1
c97b810c9755275e45128299a422040544f73422

SHA256
bc57b7acaed475fa37a63d0d9167ddf55331a228905e18027c0cbee30eae4417

SHA512
438fe3cd085b0b05e809b85a43e0a721a9ba7790d7fc464b9aa0184d19eb1224277f3dfb95f1aaf104d28e79d07faf12155d4fb80c02476c0cdcfe9015dcb205

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Events.dll

Filesize
131KB

MD5
c86dfe367017deba7a77a6724d0cf387

SHA1
c97b810c9755275e45128299a422040544f73422

SHA256
bc57b7acaed475fa37a63d0d9167ddf55331a228905e18027c0cbee30eae4417

SHA512
438fe3cd085b0b05e809b85a43e0a721a9ba7790d7fc464b9aa0184d19eb1224277f3dfb95f1aaf104d28e79d07faf12155d4fb80c02476c0cdcfe9015dcb205

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Events.dll

Filesize
131KB

MD5
c86dfe367017deba7a77a6724d0cf387

SHA1
c97b810c9755275e45128299a422040544f73422

SHA256
bc57b7acaed475fa37a63d0d9167ddf55331a228905e18027c0cbee30eae4417

SHA512
438fe3cd085b0b05e809b85a43e0a721a9ba7790d7fc464b9aa0184d19eb1224277f3dfb95f1aaf104d28e79d07faf12155d4fb80c02476c0cdcfe9015dcb205

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Events.dll

Filesize
131KB

MD5
c86dfe367017deba7a77a6724d0cf387

SHA1
c97b810c9755275e45128299a422040544f73422

SHA256
bc57b7acaed475fa37a63d0d9167ddf55331a228905e18027c0cbee30eae4417

SHA512
438fe3cd085b0b05e809b85a43e0a721a9ba7790d7fc464b9aa0184d19eb1224277f3dfb95f1aaf104d28e79d07faf12155d4fb80c02476c0cdcfe9015dcb205

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll

Filesize
104KB

MD5
ec4b2852e620fb8977b4ca209d7787d1

SHA1
b59eda2724522814e2f5d1dba675c3c1efaa9579

SHA256
82ef634b9216b2a72248f3dfe22c7f26ee119021d06ce71cdee4193e940a2956

SHA512
f2a233407bb1752fb9d6f0ff99f6b21fe514c29128302b34db5dfa28b00b429d23e0f5dba6226298b655ef2194861baa05f349f00e4636934ef2d07fd57ffa73

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll

Filesize
104KB

MD5
ec4b2852e620fb8977b4ca209d7787d1

SHA1
b59eda2724522814e2f5d1dba675c3c1efaa9579

SHA256
82ef634b9216b2a72248f3dfe22c7f26ee119021d06ce71cdee4193e940a2956

SHA512
f2a233407bb1752fb9d6f0ff99f6b21fe514c29128302b34db5dfa28b00b429d23e0f5dba6226298b655ef2194861baa05f349f00e4636934ef2d07fd57ffa73

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll

Filesize
104KB

MD5
ec4b2852e620fb8977b4ca209d7787d1

SHA1
b59eda2724522814e2f5d1dba675c3c1efaa9579

SHA256
82ef634b9216b2a72248f3dfe22c7f26ee119021d06ce71cdee4193e940a2956

SHA512
f2a233407bb1752fb9d6f0ff99f6b21fe514c29128302b34db5dfa28b00b429d23e0f5dba6226298b655ef2194861baa05f349f00e4636934ef2d07fd57ffa73

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll

Filesize
104KB

MD5
ec4b2852e620fb8977b4ca209d7787d1

SHA1
b59eda2724522814e2f5d1dba675c3c1efaa9579

SHA256
82ef634b9216b2a72248f3dfe22c7f26ee119021d06ce71cdee4193e940a2956

SHA512
f2a233407bb1752fb9d6f0ff99f6b21fe514c29128302b34db5dfa28b00b429d23e0f5dba6226298b655ef2194861baa05f349f00e4636934ef2d07fd57ffa73

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll

Filesize
104KB

MD5
ec4b2852e620fb8977b4ca209d7787d1

SHA1
b59eda2724522814e2f5d1dba675c3c1efaa9579

SHA256
82ef634b9216b2a72248f3dfe22c7f26ee119021d06ce71cdee4193e940a2956

SHA512
f2a233407bb1752fb9d6f0ff99f6b21fe514c29128302b34db5dfa28b00b429d23e0f5dba6226298b655ef2194861baa05f349f00e4636934ef2d07fd57ffa73

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Newtonsoft.Json.dll

Filesize
426KB

MD5
8646baeed20310f7b687789e58e183e2

SHA1
3fd09e9f654331f031e88fbe61d99a42dd10c1d7

SHA256
193c95270430347cd2c0677cbff40e5c812e0b49f7fe539b8b37b9427079986c

SHA512
537bb871c727d7345a47016b0628b4628b3f0414a1c4002d9f7ab3165751c2185143c565358a659ccf522b7917929fbbbfab03d488833b70d1bc14ef1b3c6f2b

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Newtonsoft.Json.dll

Filesize
426KB

MD5
8646baeed20310f7b687789e58e183e2

SHA1
3fd09e9f654331f031e88fbe61d99a42dd10c1d7

SHA256
193c95270430347cd2c0677cbff40e5c812e0b49f7fe539b8b37b9427079986c

SHA512
537bb871c727d7345a47016b0628b4628b3f0414a1c4002d9f7ab3165751c2185143c565358a659ccf522b7917929fbbbfab03d488833b70d1bc14ef1b3c6f2b

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Newtonsoft.Json.dll

Filesize
426KB

MD5
8646baeed20310f7b687789e58e183e2

SHA1
3fd09e9f654331f031e88fbe61d99a42dd10c1d7

SHA256
193c95270430347cd2c0677cbff40e5c812e0b49f7fe539b8b37b9427079986c

SHA512
537bb871c727d7345a47016b0628b4628b3f0414a1c4002d9f7ab3165751c2185143c565358a659ccf522b7917929fbbbfab03d488833b70d1bc14ef1b3c6f2b

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Newtonsoft.Json.dll

Filesize
426KB

MD5
8646baeed20310f7b687789e58e183e2

SHA1
3fd09e9f654331f031e88fbe61d99a42dd10c1d7

SHA256
193c95270430347cd2c0677cbff40e5c812e0b49f7fe539b8b37b9427079986c

SHA512
537bb871c727d7345a47016b0628b4628b3f0414a1c4002d9f7ab3165751c2185143c565358a659ccf522b7917929fbbbfab03d488833b70d1bc14ef1b3c6f2b

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Newtonsoft.Json.dll

Filesize
426KB

MD5
8646baeed20310f7b687789e58e183e2

SHA1
3fd09e9f654331f031e88fbe61d99a42dd10c1d7

SHA256
193c95270430347cd2c0677cbff40e5c812e0b49f7fe539b8b37b9427079986c

SHA512
537bb871c727d7345a47016b0628b4628b3f0414a1c4002d9f7ab3165751c2185143c565358a659ccf522b7917929fbbbfab03d488833b70d1bc14ef1b3c6f2b

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe

Filesize
9.2MB

MD5
7bb65bb24e9a4a04e8d3423d12cf4665

SHA1
29a28ec509fd7e46eead9730d910bc9261babd1e

SHA256
263d145e44bbef5f1a7b33d5d22ea33a941ef339a567d853e257e5b07540049e

SHA512
893a9538efc74bf9c2f55c537abc6a227e02a992d42321d29e81b45bd7394cb1b4729371dbc1536fa8e75442b4f48cfdce1b09af829c8a381e848527f52aa01e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe

Filesize
9.2MB

MD5
7bb65bb24e9a4a04e8d3423d12cf4665

SHA1
29a28ec509fd7e46eead9730d910bc9261babd1e

SHA256
263d145e44bbef5f1a7b33d5d22ea33a941ef339a567d853e257e5b07540049e

SHA512
893a9538efc74bf9c2f55c537abc6a227e02a992d42321d29e81b45bd7394cb1b4729371dbc1536fa8e75442b4f48cfdce1b09af829c8a381e848527f52aa01e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe.config

Filesize
19KB

MD5
1f6d2003038e80d41622133f99babbfb

SHA1
15d65abfa15dcca59ea4b31dac689377497e4596

SHA256
00686f103e7774f6ec676fd9fecfe5424bdfb31cd1dd82625fd8c7d3e2f427f7

SHA512
87b61780297fe072e2054269d7effd69ea85bf414279d12c0232cecebefb07435a727bc69a234681e7a2be862699a73ca79a83b1354406936cf9286d96cc8fd0

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\log4net.dll

Filesize
315KB

MD5
1d468bb4ca5c3664f208dea11633d570

SHA1
2ea73e477abd6ae06fde8aebd1bd72ebd569fb2b

SHA256
73c4b4c46095f46aa422f0caf810bb053704c3ca6cc938a8c74b8db2ab1e5318

SHA512
7a7b8f34a4797c02bed552cce89db5a02a4952355dd45be4ac4bab6a8f283a1c7036f343516a1778243a978745537d23e3e382c9dc9e496b79cf909aefd5ba7e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\log4net.dll

Filesize
315KB

MD5
1d468bb4ca5c3664f208dea11633d570

SHA1
2ea73e477abd6ae06fde8aebd1bd72ebd569fb2b

SHA256
73c4b4c46095f46aa422f0caf810bb053704c3ca6cc938a8c74b8db2ab1e5318

SHA512
7a7b8f34a4797c02bed552cce89db5a02a4952355dd45be4ac4bab6a8f283a1c7036f343516a1778243a978745537d23e3e382c9dc9e496b79cf909aefd5ba7e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\log4net.dll

Filesize
315KB

MD5
1d468bb4ca5c3664f208dea11633d570

SHA1
2ea73e477abd6ae06fde8aebd1bd72ebd569fb2b

SHA256
73c4b4c46095f46aa422f0caf810bb053704c3ca6cc938a8c74b8db2ab1e5318

SHA512
7a7b8f34a4797c02bed552cce89db5a02a4952355dd45be4ac4bab6a8f283a1c7036f343516a1778243a978745537d23e3e382c9dc9e496b79cf909aefd5ba7e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\log4net.dll

Filesize
315KB

MD5
1d468bb4ca5c3664f208dea11633d570

SHA1
2ea73e477abd6ae06fde8aebd1bd72ebd569fb2b

SHA256
73c4b4c46095f46aa422f0caf810bb053704c3ca6cc938a8c74b8db2ab1e5318

SHA512
7a7b8f34a4797c02bed552cce89db5a02a4952355dd45be4ac4bab6a8f283a1c7036f343516a1778243a978745537d23e3e382c9dc9e496b79cf909aefd5ba7e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\log4net.dll

Filesize
315KB

MD5
1d468bb4ca5c3664f208dea11633d570

SHA1
2ea73e477abd6ae06fde8aebd1bd72ebd569fb2b

SHA256
73c4b4c46095f46aa422f0caf810bb053704c3ca6cc938a8c74b8db2ab1e5318

SHA512
7a7b8f34a4797c02bed552cce89db5a02a4952355dd45be4ac4bab6a8f283a1c7036f343516a1778243a978745537d23e3e382c9dc9e496b79cf909aefd5ba7e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\ActiveFeatures.zip

Filesize
403B

MD5
34a6e2e3b779143d213df42de6dfd933

SHA1
cae5ced1084fecd07761a6a285a922724ccd73e0

SHA256
eb552f1c804f13f894e340f423d2b73ebcbc5a7c5eaabd3dc8bf6d1d81bbc2d4

SHA512
f2cc173c23979e115c4ee578091c30f4d3b6b85221922e4eb59408e2c83a567b4cd9c544f72dfefaa88c5331856695f095cdd347e1662df98753b3434994e752

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\ActiveFeatures.zip

Filesize
403B

MD5
aaeddb3319b2f47e032a47e4734d6db8

SHA1
83833b9890e62ae935b74b355eccbce616cb9e11

SHA256
6957df1249a1cac81837e7bd16d4556991b4d8429397f5b056b13d6397771306

SHA512
b6e1f8a02ea093b3f5194bffae295ba5aea29bdf2ed6f4ec93accfc514bd072eabb6adb787a73f90a459f5cdfa7b47ae71cc54487936128692aedcfe9f8bd0c1

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\AppSettings.txt

Filesize
310B

MD5
d1c66668d86b8017500d2a93977e2dc5

SHA1
6e86edc442ff9e0fc8c1664a4ee3bb02b66c6f68

SHA256
8b48ce0254b019bde1cd7e308828b71a8e70e22296cde4edd73292644ffdecff

SHA512
5f9db5e9a50744c6d9ac5111f939907592cff292c46684415578cbe2a0ad91673e90db8a9290572766ec5c86e7d8b357546186e7be6fd1a000a1678e08d28be8

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\FeatureActions.zip

Filesize
630B

MD5
17a730c259e380a505f22c466f38e44e

SHA1
843753343a9d54f82c4fe8175ba0bd59c6bb9ebe

SHA256
20e7a39253f07421074af3080257103580eb89bf5afe6dc46ed328644345cf09

SHA512
7da4e26b71cb846a51b858912b98f26f53edce67de00cd60640d3d3414d9a40ad9024625500aed0b8a2c5da1061c21a751898d29916070a2f2adb1a63aed0268

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\LatestReleaseNotes.txt

Filesize
6B

MD5
f5bd57c383ba95f77ad910dd0200e081

SHA1
0595d53ee4839cc59f5883fb1bc42098024f9b7b

SHA256
abdfbffecbe18ed94df9829819e596ee285b52a94aa108514452a9121721c789

SHA512
f9f0a2040f85cc0338b9fb6770180d3d7cdf0f12d8e3bdf01b9a27c1c03f6653a768ba73fa427813561ea8b221b349e11f64221366841b602c3618f7197f283b

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\Partner.txt

Filesize
59B

MD5
2f0076a79f9f48537830834367665a7c

SHA1
432b83e7cd20c88d9eeb7ad2fc162f60489c2ee7

SHA256
d9cc7408e77abdd8655e0702e8b8f9c99223b1e93b5fc50854844f15508fc7ff

SHA512
0053049d3c4cfaf5091e0864d993e9dbc65913ba150bb5c786b2ef6b1068b03290419ac9e02fd970436f66f88205a4524aa7402596958ce014fb4fc50ffc4d19

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\ServicePartnerInfo.txt

Filesize
185B

MD5
bc6c764a1d18ccb04867633526cb3944

SHA1
5cc9983a0a76594f73fa3793391fd005b5e0a0a9

SHA256
57cb5fb1780ea8e97af2b42706bea1a57ff2044045ea8451a5e5c86fb0f511af

SHA512
9d84f39e6fe07ffc3bd5acc6a730df1e51b005ff6559b503b07f00f109f83ffd8e806d40e9fc7346c051a3ba27b1e1b0327ec98b70d1e5e93b5e361f81cadaef

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\WebProtectionConfig.txt

Filesize
308B

MD5
0cb1cc6ebd3113ffa4d08cb8e611b0c1

SHA1
c084178a890875d41c400e8950537e1f8a58a50f

SHA256
b578ec7cfe4cdf6690c83daa66b068fc585a8b35fc3a8722e29f2dc0fabb26e2

SHA512
c86f4c9a16249313e1a4e0561dc6241e931c5d382a830b64e3aa9d1447734716417bc2f08e4860edc0d2945cc5091170b90039194c90985395d33a36662fffec

Download Submit
memory/1232-1771-0x0000000001F80000-0x0000000001F90000-memory.dmp

Filesize
64KB

Download
memory/1232-2003-0x0000000001F80000-0x0000000001F90000-memory.dmp

Filesize
64KB

Download
memory/1232-2121-0x00000000661C0000-0x00000000661E2000-memory.dmp

Filesize
136KB

Download
memory/1232-2122-0x0000000001F80000-0x0000000001F90000-memory.dmp

Filesize
64KB

Download
memory/1232-2123-0x0000000001F80000-0x0000000001F90000-memory.dmp

Filesize
64KB

Download
memory/1232-1770-0x0000000074FE0000-0x0000000075591000-memory.dmp

Filesize
5.7MB

Download
memory/1232-1612-0x0000000074FE0000-0x0000000075591000-memory.dmp

Filesize
5.7MB

Download
memory/1232-1934-0x0000000001F80000-0x0000000001F90000-memory.dmp

Filesize
64KB

Download
memory/1232-1613-0x0000000001F80000-0x0000000001F90000-memory.dmp

Filesize
64KB

Download
memory/1232-1616-0x0000000074FE0000-0x0000000075591000-memory.dmp

Filesize
5.7MB

Download
memory/1232-2004-0x00000000700E0000-0x00000000700F2000-memory.dmp

Filesize
72KB

Download
memory/2044-1389-0x00000000009D0000-0x00000000009E0000-memory.dmp

Filesize
64KB

Download
memory/2432-883-0x00000000011C0000-0x00000000011D0000-memory.dmp

Filesize
64KB

Download
memory/2432-952-0x00000000011C0000-0x00000000011D0000-memory.dmp

Filesize
64KB

Download
memory/2432-881-0x0000000074FE0000-0x0000000075591000-memory.dmp

Filesize
5.7MB

Download
memory/2432-1131-0x00000000011C0000-0x00000000011D0000-memory.dmp

Filesize
64KB

Download
memory/2432-919-0x0000000074FE0000-0x0000000075591000-memory.dmp

Filesize
5.7MB

Download
memory/2432-998-0x00000000011C0000-0x00000000011D0000-memory.dmp

Filesize
64KB

Download
memory/2432-1033-0x00000000011C0000-0x00000000011D0000-memory.dmp

Filesize
64KB

Download
memory/2432-1124-0x00000000011C0000-0x00000000011D0000-memory.dmp

Filesize
64KB

Download
memory/2432-1034-0x00000000011C0000-0x00000000011D0000-memory.dmp

Filesize
64KB

Download
memory/2432-882-0x0000000074FE0000-0x0000000075591000-memory.dmp

Filesize
5.7MB

Download
memory/2432-928-0x00000000011C0000-0x00000000011D0000-memory.dmp

Filesize
64KB

Download
memory/2432-908-0x0000000074FE0000-0x0000000075591000-memory.dmp

Filesize
5.7MB

Download
memory/3784-1894-0x0000000000940000-0x000000000094C000-memory.dmp

Filesize
48KB

Download
memory/3784-1964-0x0000000000E80000-0x0000000000E90000-memory.dmp

Filesize
64KB

Download
memory/3784-1895-0x00007FF87A7E0000-0x00007FF87B181000-memory.dmp

Filesize
9.6MB

Download
memory/3784-1896-0x0000000001040000-0x0000000001060000-memory.dmp

Filesize
128KB

Download
memory/3784-1897-0x00007FF87A7E0000-0x00007FF87B181000-memory.dmp

Filesize
9.6MB

Download
memory/3784-1898-0x0000000000E80000-0x0000000000E90000-memory.dmp

Filesize
64KB

Download
memory/3784-1899-0x000000001B2A0000-0x000000001B674000-memory.dmp

Filesize
3.8MB

Download
memory/3784-1904-0x000000001B970000-0x000000001BAA6000-memory.dmp

Filesize
1.2MB

Download
memory/3784-1909-0x0000000000E80000-0x0000000000E90000-memory.dmp

Filesize
64KB

Download
memory/3784-1956-0x00007FF87A7E0000-0x00007FF87B181000-memory.dmp

Filesize
9.6MB

Download
memory/3784-1961-0x0000000000E80000-0x0000000000E90000-memory.dmp

Filesize
64KB

Download
memory/3996-2923-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3996-2577-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3996-2467-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3996-2471-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3996-2472-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3996-2792-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3996-2627-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3996-2803-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3996-2616-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3996-2833-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3996-3106-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3996-2871-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3996-2614-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3996-2603-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3996-2546-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3996-2942-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3996-2601-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3996-2953-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3996-2474-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3996-2964-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3996-2590-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3996-2987-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3996-2989-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3996-2485-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3996-3011-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3996-3023-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/4772-1316-0x00000000701E0000-0x00000000701F2000-memory.dmp

Filesize
72KB

Download
memory/4772-1582-0x0000000074FE0000-0x0000000075591000-memory.dmp

Filesize
5.7MB

Download
memory/4772-1285-0x0000000074FE0000-0x0000000075591000-memory.dmp

Filesize
5.7MB

Download
memory/4772-1314-0x0000000001D40000-0x0000000001D50000-memory.dmp

Filesize
64KB

Download
memory/4772-1154-0x0000000074FE0000-0x0000000075591000-memory.dmp

Filesize
5.7MB

Download
memory/4772-1315-0x000000006F390000-0x000000006FB40000-memory.dmp

Filesize
7.7MB

Download
memory/4772-1474-0x000000006F390000-0x000000006FB40000-memory.dmp

Filesize
7.7MB

Download
memory/4772-1581-0x00000000661C0000-0x00000000661E2000-memory.dmp

Filesize
136KB

Download
memory/4772-1289-0x0000000074FE0000-0x0000000075591000-memory.dmp

Filesize
5.7MB

Download
memory/4772-1162-0x0000000001D40000-0x0000000001D50000-memory.dmp

Filesize
64KB

Download
memory/4772-1546-0x0000000001D40000-0x0000000001D50000-memory.dmp

Filesize
64KB

Download
memory/4772-1599-0x000000006F390000-0x000000006FB40000-memory.dmp

Filesize
7.7MB

Download
memory/4772-1336-0x00000000661C0000-0x00000000661E2000-memory.dmp

Filesize
136KB

Download
memory/4772-1155-0x0000000074FE0000-0x0000000075591000-memory.dmp

Filesize
5.7MB

Download