387eb0376b271b04c42dc30d55cd8a6372a7e23262cd7e644d52022728268266

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
01/09/2023, 07:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f_001bb5.exe
Size

553KB
MD5

dba5bb17815b7180a38c938c72aeaf6c
SHA1

78deaa833e0d9fe00448f810a1928e34d4e09316
SHA256

77aecf89fec1ca8aedac356cfed0887e365e2caf8555bd964c061720137cf2cb
SHA512

82862737d69bf0cbdf9efdab319eddbc09ba6d22ac46b1afd1395603e58f5f8f2b6c33ab9912241ccb4d39c866a59426f13a7714af7dbc33018f0c3258ba4de1
SSDEEP

12288:rG5knZfFKeXjbTUoaws89d99m7pSRGzDP5SAkmD:rG50ZfFKgLL9m7e2jU2D

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2474409663-2236862430-1045297337-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Web Companion = "C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Web Companion\\Application\\WebCompanion.exe --minimize "	WebCompanion.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2474409663-2236862430-1045297337-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Web Companion = "C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Web Companion\\Application\\WebCompanion.exe --minimize "	WebCompanion.exe

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	WebCompanion.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	WebCompanion.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2474409663-2236862430-1045297337-1000\Control Panel\International\Geo\Nation	WebCompanionInstaller.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch.new	WebCompanion.exe
File opened for modification	C:\Windows\assembly	WebCompanion.exe
File created	C:\Windows\assembly\Desktop.ini	WebCompanion.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	WebCompanion.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.new	WebCompanion.exe

Executes dropped EXE 3 IoCs

pid	Process
5044	WebCompanionInstaller.exe
2452	WebCompanion.exe
1008	WebCompanion.exe

Loads dropped DLL 64 IoCs

pid	Process
5044	WebCompanionInstaller.exe
5044	WebCompanionInstaller.exe
5044	WebCompanionInstaller.exe
5044	WebCompanionInstaller.exe
5044	WebCompanionInstaller.exe
5044	WebCompanionInstaller.exe
5044	WebCompanionInstaller.exe
5044	WebCompanionInstaller.exe
5044	WebCompanionInstaller.exe
5044	WebCompanionInstaller.exe
5044	WebCompanionInstaller.exe
5044	WebCompanionInstaller.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies system certificate store 2 TTPs 9 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 5c000000010000000400000000080000190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd940400000001000000100000004be2c99196650cf40e5a9392a00afeb22000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	WebCompanionInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	WebCompanion.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	WebCompanion.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	WebCompanion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0400000001000000100000004be2c99196650cf40e5a9392a00afeb20f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d4190000000100000010000000fa46ce7cbb85cfb4310075313a09ee052000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	WebCompanionInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	WebCompanionInstaller.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
5044	WebCompanionInstaller.exe
5044	WebCompanionInstaller.exe
5044	WebCompanionInstaller.exe
5044	WebCompanionInstaller.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
2452	WebCompanion.exe
3384	chrome.exe
3384	chrome.exe
1008	WebCompanion.exe
1008	WebCompanion.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3384	chrome.exe
3384	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5044	WebCompanionInstaller.exe
Token: SeDebugPrivilege	2452	WebCompanion.exe
Token: SeDebugPrivilege	1008	WebCompanion.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
1008	WebCompanion.exe

Suspicious use of SendNotifyMessage 25 IoCs

pid	Process
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
1008	WebCompanion.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 5044	1912	f_001bb5.exe	84
PID 1912 wrote to memory of 5044	1912	f_001bb5.exe	84
PID 1912 wrote to memory of 5044	1912	f_001bb5.exe	84
PID 5044 wrote to memory of 4208	5044	WebCompanionInstaller.exe	89
PID 5044 wrote to memory of 4208	5044	WebCompanionInstaller.exe	89
PID 5044 wrote to memory of 4208	5044	WebCompanionInstaller.exe	89
PID 4208 wrote to memory of 4108	4208	cmd.exe	91
PID 4208 wrote to memory of 4108	4208	cmd.exe	91
PID 4208 wrote to memory of 4108	4208	cmd.exe	91
PID 5044 wrote to memory of 2452	5044	WebCompanionInstaller.exe	92
PID 5044 wrote to memory of 2452	5044	WebCompanionInstaller.exe	92
PID 5044 wrote to memory of 2452	5044	WebCompanionInstaller.exe	92
PID 2452 wrote to memory of 4044	2452	WebCompanion.exe	94
PID 2452 wrote to memory of 4044	2452	WebCompanion.exe	94
PID 2452 wrote to memory of 4044	2452	WebCompanion.exe	94
PID 4044 wrote to memory of 1836	4044	csc.exe	96
PID 4044 wrote to memory of 1836	4044	csc.exe	96
PID 4044 wrote to memory of 1836	4044	csc.exe	96
PID 5044 wrote to memory of 1008	5044	WebCompanionInstaller.exe	97
PID 5044 wrote to memory of 1008	5044	WebCompanionInstaller.exe	97
PID 5044 wrote to memory of 1008	5044	WebCompanionInstaller.exe	97
PID 5044 wrote to memory of 3384	5044	WebCompanionInstaller.exe	98
PID 5044 wrote to memory of 3384	5044	WebCompanionInstaller.exe	98
PID 3384 wrote to memory of 3816	3384	chrome.exe	99
PID 3384 wrote to memory of 3816	3384	chrome.exe	99
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 704	3384	chrome.exe	101
PID 3384 wrote to memory of 4716	3384	chrome.exe	103

C:\Users\Admin\AppData\Local\Temp\f_001bb5.exe
"C:\Users\Admin\AppData\Local\Temp\f_001bb5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Users\Admin\AppData\Local\Temp\7zS8774FD47\WebCompanionInstaller.exe
  .\WebCompanionInstaller.exe --savename=Setup_WebCompanion.exe --partner=IN220101 --nonadmin --direct --tych --campaign=20481597032 --version=10.901.2.519
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:5044
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /C netsh http add urlacl url=http://+:9007/ user=Everyone
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4208
  - - C:\Windows\SysWOW64\netsh.exe
      netsh http add urlacl url=http://+:9007/ user=Everyone
      4⤵
      PID:4108
- - C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
    "C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --install --geo=
    3⤵
    - Adds Run key to start application
    - Drops desktop.ini file(s)
    - Drops file in Windows directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2452
  - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
      "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ctqv5hsi.cmdline"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4044
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF118.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCF117.tmp"
        5⤵
        
        PID:1836
- - C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
    "C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --afterinstall
    3⤵
    - Adds Run key to start application
    - Executes dropped EXE
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:1008
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" https://webcompanion.com/en/install.php?partner=IN220101&campaign=20481597032
    3⤵
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3384
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff99399758,0x7fff99399768,0x7fff99399778
      4⤵
      PID:3816
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1868,i,12132899604701086420,1066039664310715402,131072 /prefetch:2
      4⤵
      PID:704
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 --field-trial-handle=1868,i,12132899604701086420,1066039664310715402,131072 /prefetch:8
      4⤵
      PID:1244
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1868,i,12132899604701086420,1066039664310715402,131072 /prefetch:8
      4⤵
      PID:4716
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2876 --field-trial-handle=1868,i,12132899604701086420,1066039664310715402,131072 /prefetch:1
      4⤵
      PID:1836
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2868 --field-trial-handle=1868,i,12132899604701086420,1066039664310715402,131072 /prefetch:1
      4⤵
      PID:420
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4856 --field-trial-handle=1868,i,12132899604701086420,1066039664310715402,131072 /prefetch:8
      4⤵
      PID:3796
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 --field-trial-handle=1868,i,12132899604701086420,1066039664310715402,131072 /prefetch:8
      4⤵
      PID:4984
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 --field-trial-handle=1868,i,12132899604701086420,1066039664310715402,131072 /prefetch:8
      4⤵
      PID:4628

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
1⤵
PID:4204

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF

Filesize
812B

MD5
25c5faca96f6451a176f9e3776b22324

SHA1
66339a1e2c9fa166c00bc135a42c9a35b1fed9f2

SHA256
5ca35412eb9395b3a5ff2002aeaff77cf582f76f33647116ed6004f6e79eaddd

SHA512
f868a52d12fe853c28ad4b8c8a0208793341a84aa3bdfa7a1bb8c2088801883f6f08c5212c973c0ecf00261fd47cab72e2d82e25f7b69301510258628a68fc93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43D

Filesize
1KB

MD5
cdf5bfb0f63b57aec300695db84c60a8

SHA1
4fc21663ed3b46bb1b368a130c26d00c9ce7dbcf

SHA256
909c360bcba8a37b545c3e13249f3a356bade3155fddd959867ef9854d3d7109

SHA512
71370a06066735642a8aac52fde4a81f661d16a0fd4232977be8a3ea9a07c91d6e1ab57ad3f5f72d74a3584362cee760af396d7c1d6929452f1e7e7528e19bd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AF360AACB1570042DEFBC833317997D0_93C5E7D2F5BD89D6A7C66D051902DA8D

Filesize
806B

MD5
0290a5eefa4bfc0d0750d052938da57c

SHA1
891e129bb0fe44a184759ef72c01990b8bdd0fb3

SHA256
46d8b387d8b63d1c339eb2fa15ec84e14d90da7774ade48355a29e23b1e09271

SHA512
7edbe4eaf7b857f3b2a3b3f3f77efc5c891f29544d8a74b6e7d3c2c3c9bcf9ba7f7231ab1e4e5d46c7b3b2d20fe85d02a5d1957a940a6e5b9a3c87a3e8ee9d3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF

Filesize
540B

MD5
44199de002ce6c895ab12788951953ae

SHA1
46bb6ad70d551e7173745b39b9808cbf42342694

SHA256
230edc92c46b6d527a9589bba9d806279b92d83f4ee03ad8fa62eaf8bc42b4e1

SHA512
7d65f73473a0370921841aafc59a8d91e87e993f1ff206a881854339f1f724f15c149330b4c487f9591244fad4fc291d7ccc1eac4591c05025c30acfb5cf5a26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43D

Filesize
528B

MD5
3bd3e3f2d4474c5ff11e47e6af88f2a2

SHA1
ab6a92c2fa3ddc654105729f600ebf52c8807ee9

SHA256
30b1a5103fd568e414cbab7d0869156a980e18ad94b1f6c57ccfc3523d793423

SHA512
5fd0ae44d61a881cdf82f51bf85287343b34c1b5f2a66a203ef9597b953560b4b80d81f61d58003531a16c49f28beea1dd60cea588728710ab950ae33690f492

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF360AACB1570042DEFBC833317997D0_93C5E7D2F5BD89D6A7C66D051902DA8D

Filesize
540B

MD5
364889ad32f31301c881a1514ed90ca0

SHA1
9e890381a2cd89ca59c1893a1130afab21e91d6a

SHA256
8100076ed5eb13e985a049d24bc1f80d04453f712e90eb138e49d693618e0ab5

SHA512
e07923514962f84cf6ccd508c78c752b4c45f772b6ae41f214e9bf26df2781444ff87f47ab48c55ba945393fd79cc7b6ffa233f872062f34a7c7ccf5d61c02de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
59f2d4aea02b7d240fcaa12611e21072

SHA1
01e8038e51d38e5e4d4398490a17af845161e880

SHA256
12077633d5f7af85b5ef97a832e988413a7aa92c5ecfb2ed437964be6b0ba034

SHA512
b8e41a7a9d57fe80d076f1c530545858df997618a72c38b155218d432b365ad23cf8f970a7cbe45e625000d00759053a55581fb9e942d6bab124136ea415eed4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
1766cccb61d940efd847e415f00dd349

SHA1
0165f1436ec0f6fa30a172db2434edd2202b3569

SHA256
1e9666316bca19ef03b13d34ab7fe12bb390a42af1b52863e2512d0b05960bb5

SHA512
3da0ec2f0d2e1680ab5349982e850843db15d667d7311bc05c7d39cb1525688f9344391f7563dd2276cea0fa0449106ef68fcdd2781e994af51a534e6bb08271

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a0a90d8a7dbe4b505a965b9336a2bf12

SHA1
79b77347eb483109c419fd24938a3adb1fd8c64c

SHA256
7beee3f7bfd14e84fc3f513f15a866e0b3d8db0f2ee5b924affc2f6db274026b

SHA512
a0c68b3e09aecc3a9962103f611a895e2120027cb5bc81f43e1e45e606d18d1c5e443ab869b4fc26da8a4abdd4fd9577894faa363ed142128e7ee01ac8f7e15a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
58b37e8a9a588484db40a8c3204c8520

SHA1
e074f173e950c9ef5c317ed3f1aff0ef4b039619

SHA256
88cd964ab0bfb736dec8a454cbd822cc83443252868f1f38b460af04773595dc

SHA512
1eb0c91b60f2596f59ebbc0ba714262242394bcec9775787ec6c8bacba8ee93ef562a507c31da77659f7315c9589c9abcb9924ecf0b60be5f595bd75f0051b4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a811166768fefb6ac3ac67cc6ec220ab

SHA1
542340dc07a7576f326028c6ae2433f223ee6bd3

SHA256
78014c4f4a44c60c13e44de912fa9e3d2e8b6b8cd665e2be712fdb02054c742b

SHA512
b1f0d2b3915ed8c7b9160606bda40a9424f499bb89b7621e9a8048cea4850e553f218f4d523253e242a8c6e2d444f40e793707ddee92d98868d401073337096a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
190KB

MD5
a0ef10cde15433162a38b4293940d5d4

SHA1
bd9cefea08d34e90f93b260ceb8ca6ee6fef6039

SHA256
55d2f3473b608aed2111b16fdd4044659455f88e7ad250baccb5c2641e78fda5

SHA512
9aeea6433c8a459b6005a338927db42bf2a6c4799c847e4c5b295e3955486721048fc82066651b0cdb43abce9affeb7680a5550d28bb105e977bf1ef09f40e96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log

Filesize
4KB

MD5
374be7812d447811ce2fb180b451aeb3

SHA1
e01861a3744680cf584efecb31fcad1623165d24

SHA256
83f8e0891e5966994b4bd517b998945da6931cf293885307d053ce0961b5e168

SHA512
3b13ae8a4c0cc55593f5285c1191ccb54c03a5eb9cf593546f8d9cce323c2cd467939f2380c39403cf82e4abeb06d5f3b46625d60937fd912d72a40b69531321

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\2x1a2qnh.newcfg

Filesize
4KB

MD5
1a373179d9f50be7a576ad2e5314ce4a

SHA1
d5200c01060dd6c38e311f3ab8d12cf20065db4a

SHA256
32bedc3c6e4c71f2ed8e3ccb14f0fb055f38825fab14593fd313f757ff8502d1

SHA512
de0ccb3c571bcbff9934ea562923386fac7d5930276e3f8d3b0441602b85e5c2516b06096a2efef2e2680090e4f73fdabf1e3ae990c1086bdbf0e9dc3c3b5022

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\6eoat8go.newcfg

Filesize
1KB

MD5
7c1e2fa646b4cd024f84780eab71fa96

SHA1
8eaa1cfbce0b2741db17bcd7e82d1a2e683e7b95

SHA256
344e20ec032dd49019f57186186c0144eaffd6db89e0f082c7b29fee6123b8cf

SHA512
a6071c3b62f479fe4b3fc04ccfafd776c27774722a1537b343a6fb9eb6748cfbcc51a2aff378498959a14908ae6053cec29c9d71044e47edaa1929f098d7783f

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\_cb0nr2s.newcfg

Filesize
2KB

MD5
efbf09de0ca277aa357c007dca29b09e

SHA1
49f1bb34fcadcefd40ed3f676846747fdd668b1c

SHA256
2a81c805d9e997dd73d71feb0e22025160bb83bfd889d946d14fda7b416ba122

SHA512
db3b07c69e010b9d23df47ed739e66d78dc64f148342710aab221b36ab4c5d3b3bb4b3e9f25764ea890d81d7236490dd632d31ba1993ce00c8de9ed1009b2755

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\ap8c1hjg.newcfg

Filesize
2KB

MD5
f201e9bf75e08878065362c45bf7acc9

SHA1
e82839d11a7fe0853aac81cba7e74771fe11b613

SHA256
f9dc32bca0a5229dd95c83f168e28125ab7984f6bbf469f6fd6bfcb313857774

SHA512
d2beca02f82a85ff1d0c9afc1a46d6dbfcf25934d179e2b7694d3a0ee91e3eb1586844a112489ecec0edfebc34d4bca9cb5cc37a2e51006af3ad76b32ec4887f

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\ec8eegpi.newcfg

Filesize
470B

MD5
64c71bbabbada7b8824b3c637b404ae6

SHA1
58908d0f0a3dca96ffed1ff36da5bdf761f56338

SHA256
58b78f4ef263136491df59bcf5c510b03116bd7c18ae319c868367296c7041a7

SHA512
e8fdd3ff659bd7c1b581b6245dd059247bd382c0971411347bbbc8adc75c1108671a3b019021d615739ad8aabef92acf342b72316647ea324eef78f2b3161337

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\hu735p0m.newcfg

Filesize
3KB

MD5
3ae850c2d2cfb86f30e0b35ca56e8c12

SHA1
de4411b22ddfa27da2bb1808264da30c66c521c8

SHA256
f8604776390b4c46fa23bb7b0ade92e14058a58ff7e2c279a24b6e2b3b6b076a

SHA512
687c73d671ebf6c6ab19ec0b78ed4409a41440b0372754e14b57f61a7087b28b91cf4d1fd7425fc1044e0e6f3fe608dc2d23b43df1ac8b37d3d6ac29390460ab

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\kh0yjxeu.newcfg

Filesize
3KB

MD5
b9f59e9a59dd3b05c4f0c77742ff0863

SHA1
524b6d768ad00e5aaf64543bf5a51d6205b48afd

SHA256
30390b25b00744dce9b03152cc37e93f761020386e4be643e25b59f61e32b55b

SHA512
fc5ad645d59150e7b022289c677938c7a70ec1bf0a47d88400745b0d05f93489614eee0a9809d15e03452a2f8d7e625feda883fedc705f00378084e4e46f9c1b

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\nxsvsibk.newcfg

Filesize
2KB

MD5
e4ea6436d99ad1d377aff60e98b8568c

SHA1
5dce30077a7a8ff684e28bcbad075d962cca64a5

SHA256
d97f6285329cd2c68c12d99e2adf32ee9ecf759109f9b674d68066533c539940

SHA512
66d8976491e43869ec89b356f215c3d4baa687eeb2e87e1ce6f2195230a84e1fdb4bdcc4dd8bd963fd2bc282094dded2d3479680b2b194560a6d5b226300471b

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\q_7ujp9a.newcfg

Filesize
4KB

MD5
91f7608a779c7799bc85b258ad26aacc

SHA1
5b77f90cf731a5ac20c361acfb97857e95b650bd

SHA256
ff9cf36e9aaf16e469fbf39b2fbeb7ae9896a9c7fc976a2172e4f23dd9f9f46d

SHA512
06cdb6b2dffa68f6488a8f207e3b313f5a428568516c75dae5f9299725352b0b539283aae27587e7b4799cc15046f51e8a6339933d856ee1fa05382d726961db

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\user.config

Filesize
341B

MD5
173c8e5d53012fcd93034042f8464a19

SHA1
226fafb255a07ee20e0522a8902638844afb88f1

SHA256
5ba3803c178a75c84f9868bae53edb497f63869de941dc21578546185c269d77

SHA512
d1ca7efbb86066cc8e1d0dc91b122d3b7f98c56f49f449da405d36304e73905986eb697604360ec4bf6b2fa6603ad3020624428d2a67db050cd141e23780eeb5

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\user.config

Filesize
4KB

MD5
e93bc1f92aa38129019cfc2e73809dd2

SHA1
e3085145d3f7a5385d0979271f7c6dfcd9ae5eb3

SHA256
75d76a3ce10af528171528b2b2a781d2902b54d8469a45e099c9b798150b1674

SHA512
9975ed975a98c777f7c6adf22afa85c7e533a99d18ea9fbfd87500a2ebddb8eb4cdedaf3d74de04b3b4ede465107ff2ddce5f2b7717ac3af21fe4e676b86605b

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\vin3x7x7.newcfg

Filesize
4KB

MD5
b8d9b0e578f50e9d11103bd06f5fb8a3

SHA1
e6e31e5050c2b75093fe09877e19514aacf90815

SHA256
4020856405650b6d627fac83fe20c112678bf7d3970d6cf3ae88e940c41072f5

SHA512
53cd865a3357cf4a3cc23af92fa7e11560277ef4a8bb3b09ae9f88cd344a962144a3e0054afecd88c13de8f31605862d552af2887585050111a13208b2e0a93d

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\x6t_krdm.newcfg

Filesize
4KB

MD5
633de29c2b5ba2d33b0fe6d3a372e23f

SHA1
2aa1532f111e535c7b635bc4bfe00852cc048731

SHA256
b9c48ee8da74cdee3781b1479b94882352cc9dadb21db1692f6e83ec1edc09f2

SHA512
74541a6f4a036fd73fdd9f3448918ee169a6454e286aa037814d5d9b2a05ddaeb0c4aeea1a78e6453c2049d7e520c9062252e4c0be19ba37c5c76524404e642e

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\xedk8ut0.newcfg

Filesize
2KB

MD5
16c90305bdc8cd111d6f498e86ec404d

SHA1
a69ada4e30e34412148543d9b7b12f32e6cb5f45

SHA256
e7a7a1e8c0285ee78f5b1485dd1022a8d87cae0d40fef64ab2e520869daf1aa5

SHA512
904a8c4abdefde1b903af60ea6356ca0f9fbbcab58293aecfe4f690db4c73593f958c81105bf00725931a0545fc377bba2ca37312456a12425ceed1b52676ac3

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\xr2ki3fl.newcfg

Filesize
2KB

MD5
b0e52f1294d0ac3e979391bfc71c9f7f

SHA1
deb3d54450bdc0183ac23542ded993c7cc4d818d

SHA256
1a4c9446c9ddb89d696fc879c080cacd145976a201c50ba47eaf8032fd54394a

SHA512
5d09bb33685b28357ada97ec6db8b5a6d49ced53e66374ec8efffe35a39b9a9dd1624557f8420c6b5c0a1d9b8b595c545e667aa9d8741ace482927f38370556a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8774FD47\ICSharpCode.SharpZipLib.dll

Filesize
207KB

MD5
1e16bad4f6a563c46161bb4fb0cfec4f

SHA1
e86ee8b835814ff6e6d6709a00694d0308cc83f3

SHA256
c7b5080ea8b2753751cb6252a3e9edd2a292d8a141de9e65cd3d0005ebe041e9

SHA512
a0a52c24bde70dfd22d0c7b57a2ae53927a5efd2a6dd18a325f7d03a6fd94eeb6c5885b63c7e135bac786bc4bde82640584e76ab04d9a9e6bf24923b9f05e7e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8774FD47\ICSharpCode.SharpZipLib.dll

Filesize
207KB

MD5
1e16bad4f6a563c46161bb4fb0cfec4f

SHA1
e86ee8b835814ff6e6d6709a00694d0308cc83f3

SHA256
c7b5080ea8b2753751cb6252a3e9edd2a292d8a141de9e65cd3d0005ebe041e9

SHA512
a0a52c24bde70dfd22d0c7b57a2ae53927a5efd2a6dd18a325f7d03a6fd94eeb6c5885b63c7e135bac786bc4bde82640584e76ab04d9a9e6bf24923b9f05e7e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8774FD47\ICSharpCode.SharpZipLib.dll

Filesize
207KB

MD5
1e16bad4f6a563c46161bb4fb0cfec4f

SHA1
e86ee8b835814ff6e6d6709a00694d0308cc83f3

SHA256
c7b5080ea8b2753751cb6252a3e9edd2a292d8a141de9e65cd3d0005ebe041e9

SHA512
a0a52c24bde70dfd22d0c7b57a2ae53927a5efd2a6dd18a325f7d03a6fd94eeb6c5885b63c7e135bac786bc4bde82640584e76ab04d9a9e6bf24923b9f05e7e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8774FD47\ICSharpCode.SharpZipLib.dll

Filesize
207KB

MD5
1e16bad4f6a563c46161bb4fb0cfec4f

SHA1
e86ee8b835814ff6e6d6709a00694d0308cc83f3

SHA256
c7b5080ea8b2753751cb6252a3e9edd2a292d8a141de9e65cd3d0005ebe041e9

SHA512
a0a52c24bde70dfd22d0c7b57a2ae53927a5efd2a6dd18a325f7d03a6fd94eeb6c5885b63c7e135bac786bc4bde82640584e76ab04d9a9e6bf24923b9f05e7e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8774FD47\ICSharpCode.SharpZipLib.dll

Filesize
207KB

MD5
1e16bad4f6a563c46161bb4fb0cfec4f

SHA1
e86ee8b835814ff6e6d6709a00694d0308cc83f3

SHA256
c7b5080ea8b2753751cb6252a3e9edd2a292d8a141de9e65cd3d0005ebe041e9

SHA512
a0a52c24bde70dfd22d0c7b57a2ae53927a5efd2a6dd18a325f7d03a6fd94eeb6c5885b63c7e135bac786bc4bde82640584e76ab04d9a9e6bf24923b9f05e7e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8774FD47\Newtonsoft.Json.dll

Filesize
426KB

MD5
6fe086f542ae0dde2ab0162a87b63192

SHA1
a940664ce30f1938fed543d23e3715732315ab2f

SHA256
484a60598618c20e518c0acb0a2d5296fb64d15dea2edda698a178caba16ce27

SHA512
ca4c8682b169385a2b2795a3c128b985123d40670a55b8d5d5545e3377568be396d370808d14d099c583991e3ca438e1d48963c4e1620131e1ba4691f8f40ca2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8774FD47\Newtonsoft.Json.dll

Filesize
426KB

MD5
6fe086f542ae0dde2ab0162a87b63192

SHA1
a940664ce30f1938fed543d23e3715732315ab2f

SHA256
484a60598618c20e518c0acb0a2d5296fb64d15dea2edda698a178caba16ce27

SHA512
ca4c8682b169385a2b2795a3c128b985123d40670a55b8d5d5545e3377568be396d370808d14d099c583991e3ca438e1d48963c4e1620131e1ba4691f8f40ca2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8774FD47\Newtonsoft.Json.dll

Filesize
426KB

MD5
6fe086f542ae0dde2ab0162a87b63192

SHA1
a940664ce30f1938fed543d23e3715732315ab2f

SHA256
484a60598618c20e518c0acb0a2d5296fb64d15dea2edda698a178caba16ce27

SHA512
ca4c8682b169385a2b2795a3c128b985123d40670a55b8d5d5545e3377568be396d370808d14d099c583991e3ca438e1d48963c4e1620131e1ba4691f8f40ca2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8774FD47\Newtonsoft.Json.dll

Filesize
426KB

MD5
6fe086f542ae0dde2ab0162a87b63192

SHA1
a940664ce30f1938fed543d23e3715732315ab2f

SHA256
484a60598618c20e518c0acb0a2d5296fb64d15dea2edda698a178caba16ce27

SHA512
ca4c8682b169385a2b2795a3c128b985123d40670a55b8d5d5545e3377568be396d370808d14d099c583991e3ca438e1d48963c4e1620131e1ba4691f8f40ca2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8774FD47\Newtonsoft.Json.dll

Filesize
426KB

MD5
6fe086f542ae0dde2ab0162a87b63192

SHA1
a940664ce30f1938fed543d23e3715732315ab2f

SHA256
484a60598618c20e518c0acb0a2d5296fb64d15dea2edda698a178caba16ce27

SHA512
ca4c8682b169385a2b2795a3c128b985123d40670a55b8d5d5545e3377568be396d370808d14d099c583991e3ca438e1d48963c4e1620131e1ba4691f8f40ca2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8774FD47\WebCompanionInstaller.exe

Filesize
461KB

MD5
4a5b051edbc60c58d0fa08810ab2fa0a

SHA1
0430c9096463c70cfabd1e831df7121fc39ba811

SHA256
4f388b54e9ba62572013722783938e1603fe3e76b5b02031ed33df09c1c73eaa

SHA512
9a9e0e5f85ff379d5927fe0525592b8378b40b6237e8f0b9c34fa667246140ebe26883575d3d8e0c437e3a2571cd0bc39337f3fac88694537c4fefe227ad63cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8774FD47\WebCompanionInstaller.exe

Filesize
461KB

MD5
4a5b051edbc60c58d0fa08810ab2fa0a

SHA1
0430c9096463c70cfabd1e831df7121fc39ba811

SHA256
4f388b54e9ba62572013722783938e1603fe3e76b5b02031ed33df09c1c73eaa

SHA512
9a9e0e5f85ff379d5927fe0525592b8378b40b6237e8f0b9c34fa667246140ebe26883575d3d8e0c437e3a2571cd0bc39337f3fac88694537c4fefe227ad63cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8774FD47\WebCompanionInstaller.exe.config

Filesize
2KB

MD5
ebacec1e9929bd429c709a9fd0c210ac

SHA1
a6a847fd94fa1d243108ecac6eb75e14033a93c0

SHA256
ae0e80f5549f5ad5ef0996882a2e0f997ff3724e63a35c9bca9001b10f58dee6

SHA512
8a7f4dccf0fd9888d19f01358c751a917d707c5b2ce01852224a4d3f70440d0e026dd824ac51f07942ad7722d07e949798cc044dccd32559f35651f01efcd196

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8774FD47\en-US\WebCompanionInstaller.resources.dll

Filesize
9KB

MD5
d3105e9db5aac25193d6c6d2d99349f6

SHA1
551362c83428f52837a97a9c988d993e4b9dc573

SHA256
86b3513221f9d1edac50afb7a43cdeee1599cdc69f37d6c52be7f2a0bf014e66

SHA512
79a10cb9383f07cb17b16af8cea52b28a0e5c7d01aed21ed0cff05ae669abb4d9ad3585cd117407e272d98c52524f115a4b93bac8fb42d6574533b243f5935cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8774FD47\en-US\WebCompanionInstaller.resources.dll

Filesize
9KB

MD5
d3105e9db5aac25193d6c6d2d99349f6

SHA1
551362c83428f52837a97a9c988d993e4b9dc573

SHA256
86b3513221f9d1edac50afb7a43cdeee1599cdc69f37d6c52be7f2a0bf014e66

SHA512
79a10cb9383f07cb17b16af8cea52b28a0e5c7d01aed21ed0cff05ae669abb4d9ad3585cd117407e272d98c52524f115a4b93bac8fb42d6574533b243f5935cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8774FD47\en-US\WebCompanionInstaller.resources.dll

Filesize
9KB

MD5
d3105e9db5aac25193d6c6d2d99349f6

SHA1
551362c83428f52837a97a9c988d993e4b9dc573

SHA256
86b3513221f9d1edac50afb7a43cdeee1599cdc69f37d6c52be7f2a0bf014e66

SHA512
79a10cb9383f07cb17b16af8cea52b28a0e5c7d01aed21ed0cff05ae669abb4d9ad3585cd117407e272d98c52524f115a4b93bac8fb42d6574533b243f5935cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8774FD47\en-US\WebCompanionInstaller.resources.dll

Filesize
9KB

MD5
d3105e9db5aac25193d6c6d2d99349f6

SHA1
551362c83428f52837a97a9c988d993e4b9dc573

SHA256
86b3513221f9d1edac50afb7a43cdeee1599cdc69f37d6c52be7f2a0bf014e66

SHA512
79a10cb9383f07cb17b16af8cea52b28a0e5c7d01aed21ed0cff05ae669abb4d9ad3585cd117407e272d98c52524f115a4b93bac8fb42d6574533b243f5935cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8774FD47\en-US\WebCompanionInstaller.resources.dll

Filesize
9KB

MD5
d3105e9db5aac25193d6c6d2d99349f6

SHA1
551362c83428f52837a97a9c988d993e4b9dc573

SHA256
86b3513221f9d1edac50afb7a43cdeee1599cdc69f37d6c52be7f2a0bf014e66

SHA512
79a10cb9383f07cb17b16af8cea52b28a0e5c7d01aed21ed0cff05ae669abb4d9ad3585cd117407e272d98c52524f115a4b93bac8fb42d6574533b243f5935cb

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.LavasoftTcpServiceLib.dll

Filesize
55KB

MD5
d050df18bd18bf81abc997ff64e04fa0

SHA1
90c106a3e2a58c2e6e4ab3e0b14e32520a0e34d8

SHA256
7b5f7bbf5c1585f596b2a9bb5b67e70696a66f07ac645acbd9b9451f33c4beda

SHA512
e79a7dbb4474768741dabb5c41885d2f684e6c9c3244657f017c534754ecac9a5001e251282d087d503cb598aea836330e8b12612cd6317f8c20dc9318e70a5f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.LavasoftTcpServiceLib.dll

Filesize
55KB

MD5
d050df18bd18bf81abc997ff64e04fa0

SHA1
90c106a3e2a58c2e6e4ab3e0b14e32520a0e34d8

SHA256
7b5f7bbf5c1585f596b2a9bb5b67e70696a66f07ac645acbd9b9451f33c4beda

SHA512
e79a7dbb4474768741dabb5c41885d2f684e6c9c3244657f017c534754ecac9a5001e251282d087d503cb598aea836330e8b12612cd6317f8c20dc9318e70a5f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.LavasoftTcpServiceLib.dll

Filesize
55KB

MD5
d050df18bd18bf81abc997ff64e04fa0

SHA1
90c106a3e2a58c2e6e4ab3e0b14e32520a0e34d8

SHA256
7b5f7bbf5c1585f596b2a9bb5b67e70696a66f07ac645acbd9b9451f33c4beda

SHA512
e79a7dbb4474768741dabb5c41885d2f684e6c9c3244657f017c534754ecac9a5001e251282d087d503cb598aea836330e8b12612cd6317f8c20dc9318e70a5f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.LavasoftTcpServiceLib.dll

Filesize
55KB

MD5
d050df18bd18bf81abc997ff64e04fa0

SHA1
90c106a3e2a58c2e6e4ab3e0b14e32520a0e34d8

SHA256
7b5f7bbf5c1585f596b2a9bb5b67e70696a66f07ac645acbd9b9451f33c4beda

SHA512
e79a7dbb4474768741dabb5c41885d2f684e6c9c3244657f017c534754ecac9a5001e251282d087d503cb598aea836330e8b12612cd6317f8c20dc9318e70a5f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.LavasoftTcpServiceLib.dll

Filesize
55KB

MD5
d050df18bd18bf81abc997ff64e04fa0

SHA1
90c106a3e2a58c2e6e4ab3e0b14e32520a0e34d8

SHA256
7b5f7bbf5c1585f596b2a9bb5b67e70696a66f07ac645acbd9b9451f33c4beda

SHA512
e79a7dbb4474768741dabb5c41885d2f684e6c9c3244657f017c534754ecac9a5001e251282d087d503cb598aea836330e8b12612cd6317f8c20dc9318e70a5f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Ionic.Zip.dll

Filesize
462KB

MD5
3d8bf84f10ef47ee50c437c255bc3958

SHA1
5aa8f0319dcc0d1ce6fb4577fedca2d8a66610f2

SHA256
8006bfce39927b96a0642d51bba0cf7a449bb2b09c62f5f5cb1618e748468356

SHA512
db73c6fe81c57b71c2587baaaed00a092f4476f2ee8268a83da95f4e3ac5755e801d18b137ebadf118e1b6b89b660dadcbd793647c24e432c0c9a1df40fbd677

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll

Filesize
199KB

MD5
719abfcdfe4a420ed8db4b1f407b27c0

SHA1
d8b5b8b670e10a00c3b2b21d147568b6c4a68edd

SHA256
4fd95a547d9604810e3ec80d63a564492a1a2d050f985bc228a191e3fdf5631c

SHA512
b970be97e23a5f97d70d9ae87512a596e0bec22ec6e76e8198318ec0c8a2b36cfa9064ed6e7bf514ab44d6dfde07a0c37c67167c54bfebded1ecb3b94d9ce7e6

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll

Filesize
199KB

MD5
719abfcdfe4a420ed8db4b1f407b27c0

SHA1
d8b5b8b670e10a00c3b2b21d147568b6c4a68edd

SHA256
4fd95a547d9604810e3ec80d63a564492a1a2d050f985bc228a191e3fdf5631c

SHA512
b970be97e23a5f97d70d9ae87512a596e0bec22ec6e76e8198318ec0c8a2b36cfa9064ed6e7bf514ab44d6dfde07a0c37c67167c54bfebded1ecb3b94d9ce7e6

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll

Filesize
199KB

MD5
719abfcdfe4a420ed8db4b1f407b27c0

SHA1
d8b5b8b670e10a00c3b2b21d147568b6c4a68edd

SHA256
4fd95a547d9604810e3ec80d63a564492a1a2d050f985bc228a191e3fdf5631c

SHA512
b970be97e23a5f97d70d9ae87512a596e0bec22ec6e76e8198318ec0c8a2b36cfa9064ed6e7bf514ab44d6dfde07a0c37c67167c54bfebded1ecb3b94d9ce7e6

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll

Filesize
199KB

MD5
719abfcdfe4a420ed8db4b1f407b27c0

SHA1
d8b5b8b670e10a00c3b2b21d147568b6c4a68edd

SHA256
4fd95a547d9604810e3ec80d63a564492a1a2d050f985bc228a191e3fdf5631c

SHA512
b970be97e23a5f97d70d9ae87512a596e0bec22ec6e76e8198318ec0c8a2b36cfa9064ed6e7bf514ab44d6dfde07a0c37c67167c54bfebded1ecb3b94d9ce7e6

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll

Filesize
199KB

MD5
719abfcdfe4a420ed8db4b1f407b27c0

SHA1
d8b5b8b670e10a00c3b2b21d147568b6c4a68edd

SHA256
4fd95a547d9604810e3ec80d63a564492a1a2d050f985bc228a191e3fdf5631c

SHA512
b970be97e23a5f97d70d9ae87512a596e0bec22ec6e76e8198318ec0c8a2b36cfa9064ed6e7bf514ab44d6dfde07a0c37c67167c54bfebded1ecb3b94d9ce7e6

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Events.dll

Filesize
131KB

MD5
c86dfe367017deba7a77a6724d0cf387

SHA1
c97b810c9755275e45128299a422040544f73422

SHA256
bc57b7acaed475fa37a63d0d9167ddf55331a228905e18027c0cbee30eae4417

SHA512
438fe3cd085b0b05e809b85a43e0a721a9ba7790d7fc464b9aa0184d19eb1224277f3dfb95f1aaf104d28e79d07faf12155d4fb80c02476c0cdcfe9015dcb205

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Events.dll

Filesize
131KB

MD5
c86dfe367017deba7a77a6724d0cf387

SHA1
c97b810c9755275e45128299a422040544f73422

SHA256
bc57b7acaed475fa37a63d0d9167ddf55331a228905e18027c0cbee30eae4417

SHA512
438fe3cd085b0b05e809b85a43e0a721a9ba7790d7fc464b9aa0184d19eb1224277f3dfb95f1aaf104d28e79d07faf12155d4fb80c02476c0cdcfe9015dcb205

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Events.dll

Filesize
131KB

MD5
c86dfe367017deba7a77a6724d0cf387

SHA1
c97b810c9755275e45128299a422040544f73422

SHA256
bc57b7acaed475fa37a63d0d9167ddf55331a228905e18027c0cbee30eae4417

SHA512
438fe3cd085b0b05e809b85a43e0a721a9ba7790d7fc464b9aa0184d19eb1224277f3dfb95f1aaf104d28e79d07faf12155d4fb80c02476c0cdcfe9015dcb205

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Events.dll

Filesize
131KB

MD5
c86dfe367017deba7a77a6724d0cf387

SHA1
c97b810c9755275e45128299a422040544f73422

SHA256
bc57b7acaed475fa37a63d0d9167ddf55331a228905e18027c0cbee30eae4417

SHA512
438fe3cd085b0b05e809b85a43e0a721a9ba7790d7fc464b9aa0184d19eb1224277f3dfb95f1aaf104d28e79d07faf12155d4fb80c02476c0cdcfe9015dcb205

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Events.dll

Filesize
131KB

MD5
c86dfe367017deba7a77a6724d0cf387

SHA1
c97b810c9755275e45128299a422040544f73422

SHA256
bc57b7acaed475fa37a63d0d9167ddf55331a228905e18027c0cbee30eae4417

SHA512
438fe3cd085b0b05e809b85a43e0a721a9ba7790d7fc464b9aa0184d19eb1224277f3dfb95f1aaf104d28e79d07faf12155d4fb80c02476c0cdcfe9015dcb205

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll

Filesize
528KB

MD5
06057dd6faec821061f244d51c3269c0

SHA1
676aebe7f974d88dc034bf8741688a6ef4653687

SHA256
7d73db43d134121301d16fccd6c0d9d3a56782b275ac38d3cf039340f1f7d209

SHA512
ff931525b9264aaee4b67122c1f11b891e8b5a92c8e53a5df1cb63b889df581c465a747521723e1c18aca5109f101799edc1247277c1b06086739c8bfeb7244d

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll

Filesize
528KB

MD5
06057dd6faec821061f244d51c3269c0

SHA1
676aebe7f974d88dc034bf8741688a6ef4653687

SHA256
7d73db43d134121301d16fccd6c0d9d3a56782b275ac38d3cf039340f1f7d209

SHA512
ff931525b9264aaee4b67122c1f11b891e8b5a92c8e53a5df1cb63b889df581c465a747521723e1c18aca5109f101799edc1247277c1b06086739c8bfeb7244d

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll

Filesize
528KB

MD5
06057dd6faec821061f244d51c3269c0

SHA1
676aebe7f974d88dc034bf8741688a6ef4653687

SHA256
7d73db43d134121301d16fccd6c0d9d3a56782b275ac38d3cf039340f1f7d209

SHA512
ff931525b9264aaee4b67122c1f11b891e8b5a92c8e53a5df1cb63b889df581c465a747521723e1c18aca5109f101799edc1247277c1b06086739c8bfeb7244d

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll

Filesize
528KB

MD5
06057dd6faec821061f244d51c3269c0

SHA1
676aebe7f974d88dc034bf8741688a6ef4653687

SHA256
7d73db43d134121301d16fccd6c0d9d3a56782b275ac38d3cf039340f1f7d209

SHA512
ff931525b9264aaee4b67122c1f11b891e8b5a92c8e53a5df1cb63b889df581c465a747521723e1c18aca5109f101799edc1247277c1b06086739c8bfeb7244d

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll

Filesize
528KB

MD5
06057dd6faec821061f244d51c3269c0

SHA1
676aebe7f974d88dc034bf8741688a6ef4653687

SHA256
7d73db43d134121301d16fccd6c0d9d3a56782b275ac38d3cf039340f1f7d209

SHA512
ff931525b9264aaee4b67122c1f11b891e8b5a92c8e53a5df1cb63b889df581c465a747521723e1c18aca5109f101799edc1247277c1b06086739c8bfeb7244d

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll

Filesize
104KB

MD5
ec4b2852e620fb8977b4ca209d7787d1

SHA1
b59eda2724522814e2f5d1dba675c3c1efaa9579

SHA256
82ef634b9216b2a72248f3dfe22c7f26ee119021d06ce71cdee4193e940a2956

SHA512
f2a233407bb1752fb9d6f0ff99f6b21fe514c29128302b34db5dfa28b00b429d23e0f5dba6226298b655ef2194861baa05f349f00e4636934ef2d07fd57ffa73

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll

Filesize
104KB

MD5
ec4b2852e620fb8977b4ca209d7787d1

SHA1
b59eda2724522814e2f5d1dba675c3c1efaa9579

SHA256
82ef634b9216b2a72248f3dfe22c7f26ee119021d06ce71cdee4193e940a2956

SHA512
f2a233407bb1752fb9d6f0ff99f6b21fe514c29128302b34db5dfa28b00b429d23e0f5dba6226298b655ef2194861baa05f349f00e4636934ef2d07fd57ffa73

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll

Filesize
104KB

MD5
ec4b2852e620fb8977b4ca209d7787d1

SHA1
b59eda2724522814e2f5d1dba675c3c1efaa9579

SHA256
82ef634b9216b2a72248f3dfe22c7f26ee119021d06ce71cdee4193e940a2956

SHA512
f2a233407bb1752fb9d6f0ff99f6b21fe514c29128302b34db5dfa28b00b429d23e0f5dba6226298b655ef2194861baa05f349f00e4636934ef2d07fd57ffa73

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll

Filesize
104KB

MD5
ec4b2852e620fb8977b4ca209d7787d1

SHA1
b59eda2724522814e2f5d1dba675c3c1efaa9579

SHA256
82ef634b9216b2a72248f3dfe22c7f26ee119021d06ce71cdee4193e940a2956

SHA512
f2a233407bb1752fb9d6f0ff99f6b21fe514c29128302b34db5dfa28b00b429d23e0f5dba6226298b655ef2194861baa05f349f00e4636934ef2d07fd57ffa73

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll

Filesize
104KB

MD5
ec4b2852e620fb8977b4ca209d7787d1

SHA1
b59eda2724522814e2f5d1dba675c3c1efaa9579

SHA256
82ef634b9216b2a72248f3dfe22c7f26ee119021d06ce71cdee4193e940a2956

SHA512
f2a233407bb1752fb9d6f0ff99f6b21fe514c29128302b34db5dfa28b00b429d23e0f5dba6226298b655ef2194861baa05f349f00e4636934ef2d07fd57ffa73

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Newtonsoft.Json.dll

Filesize
426KB

MD5
8646baeed20310f7b687789e58e183e2

SHA1
3fd09e9f654331f031e88fbe61d99a42dd10c1d7

SHA256
193c95270430347cd2c0677cbff40e5c812e0b49f7fe539b8b37b9427079986c

SHA512
537bb871c727d7345a47016b0628b4628b3f0414a1c4002d9f7ab3165751c2185143c565358a659ccf522b7917929fbbbfab03d488833b70d1bc14ef1b3c6f2b

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Newtonsoft.Json.dll

Filesize
426KB

MD5
8646baeed20310f7b687789e58e183e2

SHA1
3fd09e9f654331f031e88fbe61d99a42dd10c1d7

SHA256
193c95270430347cd2c0677cbff40e5c812e0b49f7fe539b8b37b9427079986c

SHA512
537bb871c727d7345a47016b0628b4628b3f0414a1c4002d9f7ab3165751c2185143c565358a659ccf522b7917929fbbbfab03d488833b70d1bc14ef1b3c6f2b

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Newtonsoft.Json.dll

Filesize
426KB

MD5
8646baeed20310f7b687789e58e183e2

SHA1
3fd09e9f654331f031e88fbe61d99a42dd10c1d7

SHA256
193c95270430347cd2c0677cbff40e5c812e0b49f7fe539b8b37b9427079986c

SHA512
537bb871c727d7345a47016b0628b4628b3f0414a1c4002d9f7ab3165751c2185143c565358a659ccf522b7917929fbbbfab03d488833b70d1bc14ef1b3c6f2b

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Newtonsoft.Json.dll

Filesize
426KB

MD5
8646baeed20310f7b687789e58e183e2

SHA1
3fd09e9f654331f031e88fbe61d99a42dd10c1d7

SHA256
193c95270430347cd2c0677cbff40e5c812e0b49f7fe539b8b37b9427079986c

SHA512
537bb871c727d7345a47016b0628b4628b3f0414a1c4002d9f7ab3165751c2185143c565358a659ccf522b7917929fbbbfab03d488833b70d1bc14ef1b3c6f2b

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Newtonsoft.Json.dll

Filesize
426KB

MD5
8646baeed20310f7b687789e58e183e2

SHA1
3fd09e9f654331f031e88fbe61d99a42dd10c1d7

SHA256
193c95270430347cd2c0677cbff40e5c812e0b49f7fe539b8b37b9427079986c

SHA512
537bb871c727d7345a47016b0628b4628b3f0414a1c4002d9f7ab3165751c2185143c565358a659ccf522b7917929fbbbfab03d488833b70d1bc14ef1b3c6f2b

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe

Filesize
9.2MB

MD5
7bb65bb24e9a4a04e8d3423d12cf4665

SHA1
29a28ec509fd7e46eead9730d910bc9261babd1e

SHA256
263d145e44bbef5f1a7b33d5d22ea33a941ef339a567d853e257e5b07540049e

SHA512
893a9538efc74bf9c2f55c537abc6a227e02a992d42321d29e81b45bd7394cb1b4729371dbc1536fa8e75442b4f48cfdce1b09af829c8a381e848527f52aa01e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe

Filesize
9.2MB

MD5
7bb65bb24e9a4a04e8d3423d12cf4665

SHA1
29a28ec509fd7e46eead9730d910bc9261babd1e

SHA256
263d145e44bbef5f1a7b33d5d22ea33a941ef339a567d853e257e5b07540049e

SHA512
893a9538efc74bf9c2f55c537abc6a227e02a992d42321d29e81b45bd7394cb1b4729371dbc1536fa8e75442b4f48cfdce1b09af829c8a381e848527f52aa01e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe.config

Filesize
19KB

MD5
1f6d2003038e80d41622133f99babbfb

SHA1
15d65abfa15dcca59ea4b31dac689377497e4596

SHA256
00686f103e7774f6ec676fd9fecfe5424bdfb31cd1dd82625fd8c7d3e2f427f7

SHA512
87b61780297fe072e2054269d7effd69ea85bf414279d12c0232cecebefb07435a727bc69a234681e7a2be862699a73ca79a83b1354406936cf9286d96cc8fd0

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\log4net.dll

Filesize
315KB

MD5
1d468bb4ca5c3664f208dea11633d570

SHA1
2ea73e477abd6ae06fde8aebd1bd72ebd569fb2b

SHA256
73c4b4c46095f46aa422f0caf810bb053704c3ca6cc938a8c74b8db2ab1e5318

SHA512
7a7b8f34a4797c02bed552cce89db5a02a4952355dd45be4ac4bab6a8f283a1c7036f343516a1778243a978745537d23e3e382c9dc9e496b79cf909aefd5ba7e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\log4net.dll

Filesize
315KB

MD5
1d468bb4ca5c3664f208dea11633d570

SHA1
2ea73e477abd6ae06fde8aebd1bd72ebd569fb2b

SHA256
73c4b4c46095f46aa422f0caf810bb053704c3ca6cc938a8c74b8db2ab1e5318

SHA512
7a7b8f34a4797c02bed552cce89db5a02a4952355dd45be4ac4bab6a8f283a1c7036f343516a1778243a978745537d23e3e382c9dc9e496b79cf909aefd5ba7e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\log4net.dll

Filesize
315KB

MD5
1d468bb4ca5c3664f208dea11633d570

SHA1
2ea73e477abd6ae06fde8aebd1bd72ebd569fb2b

SHA256
73c4b4c46095f46aa422f0caf810bb053704c3ca6cc938a8c74b8db2ab1e5318

SHA512
7a7b8f34a4797c02bed552cce89db5a02a4952355dd45be4ac4bab6a8f283a1c7036f343516a1778243a978745537d23e3e382c9dc9e496b79cf909aefd5ba7e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\log4net.dll

Filesize
315KB

MD5
1d468bb4ca5c3664f208dea11633d570

SHA1
2ea73e477abd6ae06fde8aebd1bd72ebd569fb2b

SHA256
73c4b4c46095f46aa422f0caf810bb053704c3ca6cc938a8c74b8db2ab1e5318

SHA512
7a7b8f34a4797c02bed552cce89db5a02a4952355dd45be4ac4bab6a8f283a1c7036f343516a1778243a978745537d23e3e382c9dc9e496b79cf909aefd5ba7e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\log4net.dll

Filesize
315KB

MD5
1d468bb4ca5c3664f208dea11633d570

SHA1
2ea73e477abd6ae06fde8aebd1bd72ebd569fb2b

SHA256
73c4b4c46095f46aa422f0caf810bb053704c3ca6cc938a8c74b8db2ab1e5318

SHA512
7a7b8f34a4797c02bed552cce89db5a02a4952355dd45be4ac4bab6a8f283a1c7036f343516a1778243a978745537d23e3e382c9dc9e496b79cf909aefd5ba7e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\ActiveFeatures.zip

Filesize
404B

MD5
58419d182b557eb32dd1961d03686b89

SHA1
627978c29cc5638dcd2e2cfa34acde397d869e5a

SHA256
140e2d98635ab169ea117f04d134cb3a6975f4c5af9f280b08689da4628302de

SHA512
744d4620a991e4ac2cdfb6b6190b4a654001412e462e561240fba9ff76e3933a9723228a5ecfa0f2d5612828067b0bf6c0eaba96b39eccf17e556f7e8f7497f2

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\ActiveFeatures.zip

Filesize
404B

MD5
366e48d686d5ce9de1a93ca1ea754c67

SHA1
8c0be0ee62f23b29666fa0b8dbd0af213cc04d93

SHA256
d5d5fc70695f899a562ebc8885979780256340ecfc976e415cb7174cf9f7976e

SHA512
4f56d7df9ff30896d5695373e32713558d67fd10ca62ab4f3c132aaefe2219d64be75510cfedf585c156036127ae680e6c36209f3570a5d4fadcd408401f0db7

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\AppSettings.txt

Filesize
310B

MD5
d1c66668d86b8017500d2a93977e2dc5

SHA1
6e86edc442ff9e0fc8c1664a4ee3bb02b66c6f68

SHA256
8b48ce0254b019bde1cd7e308828b71a8e70e22296cde4edd73292644ffdecff

SHA512
5f9db5e9a50744c6d9ac5111f939907592cff292c46684415578cbe2a0ad91673e90db8a9290572766ec5c86e7d8b357546186e7be6fd1a000a1678e08d28be8

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\FeatureActions.zip

Filesize
630B

MD5
bffd02a6e7d7fe21ead0a4dacae0718a

SHA1
225e5e698a42ca92b33dedec0b22c94791f68f0c

SHA256
ae937bf6ebedd2b68a3f6e5c683f86aabcb5cc56347e8c254ca4c04bc297dabc

SHA512
54f2edd6172376ddc9f11d72913f51946d13548b941d24cee74cdb51f75e827f43dd2e134b86272567fbc9187a6692a0f196e22f70857a2dd269c8d84fbace4e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\LatestReleaseNotes.txt

Filesize
6B

MD5
f5bd57c383ba95f77ad910dd0200e081

SHA1
0595d53ee4839cc59f5883fb1bc42098024f9b7b

SHA256
abdfbffecbe18ed94df9829819e596ee285b52a94aa108514452a9121721c789

SHA512
f9f0a2040f85cc0338b9fb6770180d3d7cdf0f12d8e3bdf01b9a27c1c03f6653a768ba73fa427813561ea8b221b349e11f64221366841b602c3618f7197f283b

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\Partner.txt

Filesize
59B

MD5
2a6ef23fcebc016b0f3e95697513cbd3

SHA1
bd12cab7d1bb14780d6250b534c4a8de03070421

SHA256
1bf9ab9d35112c674dd1af50470ddca5ebdaa8039f40a9400c02328e928c452b

SHA512
ddb4f70347b254fedf3f50a34816599681e1093f8576ab67bf6812faa42c4e7f7a0bee04b396043d2f656233beb48319cb5cdb286ae6639d84c06c24bd369738

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\ServicePartnerInfo.txt

Filesize
185B

MD5
0be72b284f00d9fbe06e30524fdf979d

SHA1
bb552885a2e57ef79e4007b20e51aa48711e24a7

SHA256
acd219a47f7054106a92ff7308cc15b2e93b3bd8c3a2b7c94f542da1d7cbd44a

SHA512
898bc90f04dc86ce8e6f0a10d1bf6baf7d6b1f40ab3e9234594e1b901b1a52965e3ef64fc60515a76272de84dee1a5b934862569545421ff9b99ebf6efc1fef5

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\WebProtectionConfig.txt

Filesize
308B

MD5
0cb1cc6ebd3113ffa4d08cb8e611b0c1

SHA1
c084178a890875d41c400e8950537e1f8a58a50f

SHA256
b578ec7cfe4cdf6690c83daa66b068fc585a8b35fc3a8722e29f2dc0fabb26e2

SHA512
c86f4c9a16249313e1a4e0561dc6241e931c5d382a830b64e3aa9d1447734716417bc2f08e4860edc0d2945cc5091170b90039194c90985395d33a36662fffec

Download Submit
memory/1008-718-0x0000000001330000-0x0000000001340000-memory.dmp

Filesize
64KB

Download
memory/1008-921-0x0000000001330000-0x0000000001340000-memory.dmp

Filesize
64KB

Download
memory/1008-922-0x000000006F210000-0x000000006F9C0000-memory.dmp

Filesize
7.7MB

Download
memory/1008-716-0x0000000001330000-0x0000000001340000-memory.dmp

Filesize
64KB

Download
memory/1008-688-0x0000000001330000-0x0000000001340000-memory.dmp

Filesize
64KB

Download
memory/1008-717-0x0000000074A80000-0x0000000075031000-memory.dmp

Filesize
5.7MB

Download
memory/1008-750-0x000000006FB80000-0x000000006FB92000-memory.dmp

Filesize
72KB

Download
memory/1008-510-0x0000000074A80000-0x0000000075031000-memory.dmp

Filesize
5.7MB

Download
memory/1008-920-0x00000000661C0000-0x00000000661E2000-memory.dmp

Filesize
136KB

Download
memory/1008-910-0x0000000001330000-0x0000000001340000-memory.dmp

Filesize
64KB

Download
memory/1008-770-0x000000006F210000-0x000000006F9C0000-memory.dmp

Filesize
7.7MB

Download
memory/1008-751-0x0000000001330000-0x0000000001340000-memory.dmp

Filesize
64KB

Download
memory/1008-512-0x0000000074A80000-0x0000000075031000-memory.dmp

Filesize
5.7MB

Download
memory/1008-715-0x0000000074A80000-0x0000000075031000-memory.dmp

Filesize
5.7MB

Download
memory/1008-511-0x0000000001330000-0x0000000001340000-memory.dmp

Filesize
64KB

Download
memory/2452-507-0x00000000661C0000-0x00000000661E2000-memory.dmp

Filesize
136KB

Download
memory/2452-509-0x000000006F280000-0x000000006FA30000-memory.dmp

Filesize
7.7MB

Download
memory/2452-508-0x0000000074A80000-0x0000000075031000-memory.dmp

Filesize
5.7MB

Download
memory/2452-313-0x000000006F280000-0x000000006FA30000-memory.dmp

Filesize
7.7MB

Download
memory/2452-312-0x000000006FBF0000-0x000000006FC02000-memory.dmp

Filesize
72KB

Download
memory/2452-481-0x0000000002000000-0x0000000002010000-memory.dmp

Filesize
64KB

Download
memory/2452-161-0x0000000074A80000-0x0000000075031000-memory.dmp

Filesize
5.7MB

Download
memory/2452-169-0x0000000074A80000-0x0000000075031000-memory.dmp

Filesize
5.7MB

Download
memory/2452-347-0x0000000002000000-0x0000000002010000-memory.dmp

Filesize
64KB

Download
memory/2452-162-0x0000000002000000-0x0000000002010000-memory.dmp

Filesize
64KB

Download
memory/2452-346-0x0000000074A80000-0x0000000075031000-memory.dmp

Filesize
5.7MB

Download
memory/2452-343-0x00000000661C0000-0x00000000661E2000-memory.dmp

Filesize
136KB

Download
memory/4044-348-0x0000000002240000-0x0000000002250000-memory.dmp

Filesize
64KB

Download
memory/4204-64-0x0000000000E80000-0x0000000000E90000-memory.dmp

Filesize
64KB

Download
memory/4204-56-0x0000000000700000-0x000000000070C000-memory.dmp

Filesize
48KB

Download
memory/4204-62-0x000000001ACF0000-0x000000001AE26000-memory.dmp

Filesize
1.2MB

Download
memory/4204-60-0x00007FFF97CD0000-0x00007FFF98671000-memory.dmp

Filesize
9.6MB

Download
memory/4204-154-0x0000000000E80000-0x0000000000E90000-memory.dmp

Filesize
64KB

Download
memory/4204-75-0x0000000000E80000-0x0000000000E90000-memory.dmp

Filesize
64KB

Download
memory/4204-67-0x00007FFF97CD0000-0x00007FFF98671000-memory.dmp

Filesize
9.6MB

Download
memory/4204-59-0x0000000000E80000-0x0000000000E90000-memory.dmp

Filesize
64KB

Download
memory/4204-57-0x0000000000EF0000-0x0000000000F10000-memory.dmp

Filesize
128KB

Download
memory/4204-61-0x000000001A6A0000-0x000000001AA74000-memory.dmp

Filesize
3.8MB

Download
memory/4204-58-0x00007FFF97CD0000-0x00007FFF98671000-memory.dmp

Filesize
9.6MB

Download
memory/5044-65-0x0000000001920000-0x0000000001930000-memory.dmp

Filesize
64KB

Download
memory/5044-50-0x0000000001920000-0x0000000001930000-memory.dmp

Filesize
64KB

Download
memory/5044-66-0x0000000001920000-0x0000000001930000-memory.dmp

Filesize
64KB

Download
memory/5044-34-0x0000000001920000-0x0000000001930000-memory.dmp

Filesize
64KB

Download
memory/5044-156-0x0000000001920000-0x0000000001930000-memory.dmp

Filesize
64KB

Download
memory/5044-63-0x0000000074A80000-0x0000000075031000-memory.dmp

Filesize
5.7MB

Download
memory/5044-170-0x0000000001920000-0x0000000001930000-memory.dmp

Filesize
64KB

Download
memory/5044-33-0x0000000074A80000-0x0000000075031000-memory.dmp

Filesize
5.7MB

Download
memory/5044-31-0x0000000074A80000-0x0000000075031000-memory.dmp

Filesize
5.7MB

Download