purelogs | 5f46f75e0a33092d50ba6a006e156b043c6fb9c5c41d31ed10e249eea92dbc34

Analysis

max time kernel
104s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2023 11:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vaultFile15424294622004715451.exe
Size

553KB
MD5

fd69739463b4e2a22b5b6144bda57c4c
SHA1

c169e5643baae3aa615523c7d4b05b9fa2b0736b
SHA256

5f46f75e0a33092d50ba6a006e156b043c6fb9c5c41d31ed10e249eea92dbc34
SHA512

e206520741a1f01e3db35e5d057cea363ca7e2e8978a0e495b7f12dae9f3e9085a66149a10231725372756eb1ac88e047e22f550073d727dd5c9d1253f2e807c
SSDEEP

12288:wG5knZfFKeXZbTUoaws89d99m7pSRGzDP5SAkvv:wG50ZfFKglL9m7e2jUf

Score

10^/10

purelogs discovery persistence spyware stealer

Malware Config

Signatures

Detect PureLogs payload 5 IoCs

resource	yara_rule
behavioral2/files/0x00070000000230fc-169.dat	family_purelogs
behavioral2/files/0x00070000000230fc-172.dat	family_purelogs
behavioral2/files/0x00070000000230fc-171.dat	family_purelogs
behavioral2/files/0x00070000000230fc-173.dat	family_purelogs
behavioral2/files/0x00070000000230fc-170.dat	family_purelogs

PureLogs
PureLogs is an infostealer written in C#.
stealer purelogs
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Web Companion = "C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Web Companion\\Application\\WebCompanion.exe --minimize "	WebCompanion.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Web Companion = "C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Web Companion\\Application\\WebCompanion.exe --minimize "	WebCompanion.exe

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	WebCompanion.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	WebCompanion.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000\Control Panel\International\Geo\Nation	WebCompanionInstaller.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch.new	WebCompanion.exe
File opened for modification	C:\Windows\assembly	WebCompanion.exe
File created	C:\Windows\assembly\Desktop.ini	WebCompanion.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	WebCompanion.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.new	WebCompanion.exe

Executes dropped EXE 3 IoCs

pid	Process
2300	WebCompanionInstaller.exe
4396	WebCompanion.exe
4068	WebCompanion.exe

Loads dropped DLL 64 IoCs

pid	Process
2300	WebCompanionInstaller.exe
2300	WebCompanionInstaller.exe
2300	WebCompanionInstaller.exe
2300	WebCompanionInstaller.exe
2300	WebCompanionInstaller.exe
2300	WebCompanionInstaller.exe
2300	WebCompanionInstaller.exe
2300	WebCompanionInstaller.exe
2300	WebCompanionInstaller.exe
2300	WebCompanionInstaller.exe
2300	WebCompanionInstaller.exe
2300	WebCompanionInstaller.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133459041412993982"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	WebCompanionInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0400000001000000100000004be2c99196650cf40e5a9392a00afeb20f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d4190000000100000010000000fa46ce7cbb85cfb4310075313a09ee052000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	WebCompanionInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 5c000000010000000400000000080000190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd940400000001000000100000004be2c99196650cf40e5a9392a00afeb22000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	WebCompanionInstaller.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
2300	WebCompanionInstaller.exe
2300	WebCompanionInstaller.exe
2300	WebCompanionInstaller.exe
2300	WebCompanionInstaller.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
4396	WebCompanion.exe
1600	chrome.exe
1600	chrome.exe
4068	WebCompanion.exe
4068	WebCompanion.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1600	chrome.exe
1600	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2300	WebCompanionInstaller.exe
Token: SeDebugPrivilege	4396	WebCompanion.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeDebugPrivilege	4068	WebCompanion.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
4068	WebCompanion.exe

Suspicious use of SendNotifyMessage 25 IoCs

pid	Process
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
4068	WebCompanion.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4832 wrote to memory of 2300	4832	vaultFile15424294622004715451.exe	86
PID 4832 wrote to memory of 2300	4832	vaultFile15424294622004715451.exe	86
PID 4832 wrote to memory of 2300	4832	vaultFile15424294622004715451.exe	86
PID 2300 wrote to memory of 4156	2300	WebCompanionInstaller.exe	94
PID 2300 wrote to memory of 4156	2300	WebCompanionInstaller.exe	94
PID 2300 wrote to memory of 4156	2300	WebCompanionInstaller.exe	94
PID 4156 wrote to memory of 4120	4156	cmd.exe	96
PID 4156 wrote to memory of 4120	4156	cmd.exe	96
PID 4156 wrote to memory of 4120	4156	cmd.exe	96
PID 2300 wrote to memory of 4396	2300	WebCompanionInstaller.exe	97
PID 2300 wrote to memory of 4396	2300	WebCompanionInstaller.exe	97
PID 2300 wrote to memory of 4396	2300	WebCompanionInstaller.exe	97
PID 4396 wrote to memory of 4372	4396	WebCompanion.exe	100
PID 4396 wrote to memory of 4372	4396	WebCompanion.exe	100
PID 4396 wrote to memory of 4372	4396	WebCompanion.exe	100
PID 4372 wrote to memory of 1984	4372	csc.exe	102
PID 4372 wrote to memory of 1984	4372	csc.exe	102
PID 4372 wrote to memory of 1984	4372	csc.exe	102
PID 2300 wrote to memory of 4068	2300	WebCompanionInstaller.exe	103
PID 2300 wrote to memory of 4068	2300	WebCompanionInstaller.exe	103
PID 2300 wrote to memory of 4068	2300	WebCompanionInstaller.exe	103
PID 2300 wrote to memory of 1600	2300	WebCompanionInstaller.exe	104
PID 2300 wrote to memory of 1600	2300	WebCompanionInstaller.exe	104
PID 1600 wrote to memory of 4572	1600	chrome.exe	105
PID 1600 wrote to memory of 4572	1600	chrome.exe	105
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 3776	1600	chrome.exe	107
PID 1600 wrote to memory of 4804	1600	chrome.exe	106

C:\Users\Admin\AppData\Local\Temp\vaultFile15424294622004715451.exe
"C:\Users\Admin\AppData\Local\Temp\vaultFile15424294622004715451.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4832
- C:\Users\Admin\AppData\Local\Temp\7zS0E2ED808\WebCompanionInstaller.exe
  .\WebCompanionInstaller.exe --savename=Setup_WebCompanion.exe --partner=IN230401 --nonadmin --direct --tych --campaign=19746138190 --version=10.901.2.519
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2300
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /C netsh http add urlacl url=http://+:9007/ user=Everyone
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4156
  - - C:\Windows\SysWOW64\netsh.exe
      netsh http add urlacl url=http://+:9007/ user=Everyone
      4⤵
      PID:4120
- - C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
    "C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --install --geo=
    3⤵
    - Adds Run key to start application
    - Drops desktop.ini file(s)
    - Drops file in Windows directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4396
  - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
      "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\bbcaombz.cmdline"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4372
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD657.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCD656.tmp"
        5⤵
        
        PID:1984
- - C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
    "C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --afterinstall
    3⤵
    - Adds Run key to start application
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:4068
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" https://webcompanion.com/en/install.php?partner=IN230401&campaign=19746138190
    3⤵
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1600
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe05849758,0x7ffe05849768,0x7ffe05849778
      4⤵
      PID:4572
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1852,i,3746905038114226068,7449222185461108059,131072 /prefetch:8
      4⤵
      PID:4804
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1852,i,3746905038114226068,7449222185461108059,131072 /prefetch:2
      4⤵
      PID:3776
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1852,i,3746905038114226068,7449222185461108059,131072 /prefetch:8
      4⤵
      PID:4524
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=1852,i,3746905038114226068,7449222185461108059,131072 /prefetch:1
      4⤵
      PID:3372
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1852,i,3746905038114226068,7449222185461108059,131072 /prefetch:1
      4⤵
      PID:4532
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1852,i,3746905038114226068,7449222185461108059,131072 /prefetch:8
      4⤵
      PID:4908
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1852,i,3746905038114226068,7449222185461108059,131072 /prefetch:8
      4⤵
      PID:2492

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
1⤵
PID:896

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF

Filesize
812B

MD5
c9c0a4e381734562372bc8504fb6daa3

SHA1
b98c64b49008cd892a99a2bf3af7f2044fe6cfb7

SHA256
d0174a592c7763b3c716d07884d6be0e2299273869bc3d4845a51244eab5e2f4

SHA512
f3bc79bd586cdfa69a90f37d19ed5c09083d8f41eef23e600352011e195806aac0e0abe0be0770046d9cadd335dd19dd0d42f6aec2ed6c246166fd060bb8def2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43D

Filesize
1KB

MD5
79de67c5f4397ef291082b021570fb3f

SHA1
843e2af6901083e47d2e61728094862a1c9a08a7

SHA256
f4549b1800dc23214a91e1fff2d54542e55b8d1fc222695e5212f350a0c181f1

SHA512
55fda77a436c654d369bd5f87609904cd36c455d6f9784802ee7f57a053b7e3f0979cf90e473a845ed10002b1c8091a70944cdcd01bdb4169400960161ed5e7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AF360AACB1570042DEFBC833317997D0_93C5E7D2F5BD89D6A7C66D051902DA8D

Filesize
806B

MD5
b7b1dce98ab2bb4a1b00382b1a2c8d3d

SHA1
0b390e3ef1af4e97ae70f754cb84b2ad93fc5083

SHA256
f287564a7c2558166112cbb3d5505e53f5da248d626069b8d0f1a5346cc06de5

SHA512
e795e6246ec38c1ba095a68199d9ee1f69a76974ba618c182ece35e2c487909a543f7565ef7540a784331b5d7e565cc3a599b0e013f40452027ea6ffa7e14bfb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF

Filesize
540B

MD5
40542b2e476a5b5f4d4852f86b0dd1f0

SHA1
23a454d37a4af3405d6e3bb63c9ae4bbf78f4213

SHA256
c4e148d50dc08ef47807ead6a490614615de3742de46cede57334eddadd23111

SHA512
623e8be24ebc36fbee1d8427d11a1671d0585c6d4f35ef85ff57bf88292eaebf4414976f86ce48ae4afb43961b44a0ae28eef39a662df5716c5fd813508e1983

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43D

Filesize
528B

MD5
e0f24afb841ecb64f027c3491b9558e7

SHA1
497f4ed21c357d393c9a4fffaae5821a22099f9f

SHA256
bcad52cddf799cce958f85fe07f5743cc2d5973568def4f0fd58abfaa3e7cb84

SHA512
5cb193fda9160aed28e14bf5472a0dbb2507f4a4593f856aebe6d8686641c1f679405471ec32d24fce06e58aec5f3b5806c08a028fecc5c6a103dca4c6c4d61a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF360AACB1570042DEFBC833317997D0_93C5E7D2F5BD89D6A7C66D051902DA8D

Filesize
540B

MD5
f5e0cce18a87ef320e07d939c373a3af

SHA1
5dc1f7a144561a781985a7a428e63d044940e065

SHA256
dd116ef2615c856c62a9b87f1bf6caf8e1b54dfeef3509cc5d2ff06bbd83476b

SHA512
8d39f9c4d6c97762ece0d49d75034a5f877873de545fb75510af9a93603bc0dec089e53587a57dc46f05692be94a6848947b6b9cb6fbbabf4d9483b4f07484c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
e0073f0a9a2a98538de496a8c8e71777

SHA1
74fa57da749fadafcb132b6e8b09c86cee210fa2

SHA256
8a257d3675f0cd63a79f3c988c10c4a10a905d60e509141a394af427d9c687fd

SHA512
1c354622ddc43114809ab7648d9eb032e9ccdf53c6d3f7a89142fccb571e4a73a711093284ecbcf2e6822628d199f7b2e24142a243e0b40cd458ee52605e34f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\3abcd364-2e83-489c-a669-1fd226f672f1.tmp

Filesize
1KB

MD5
273faab9f05f78721c5e8ed624e1a3ab

SHA1
42b6087cf3af68b19f995691583c14812bc33e56

SHA256
cbba163da6e953fdd54387aa0b1fb3aa3cc673f30f69ded828330acb9ec1957f

SHA512
3ae7156296d160d1c6ab2f9a74d251df583dc0b0f62d74a8a6d82c18ccc779654785c06165c7195cf4841d76f9febf91ad145616e3112959b671f3b5da92ecbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5713d95a261179949a10f1cb9ea908a6

SHA1
7a9c3a9cb9de3d5b1b727ac0d8c60f73ed3d80ae

SHA256
ddac52ad8b7a569e4b2844ae587d9d53252fd5a3d135dac7295c0c1c49b8ceb3

SHA512
d62e30315e497882437cfe74b7e9bbe25d5b16b5e6a52c24ec5cadfd25c2d8bf324c9e6408ca3463828cbd541543d5a8a6b4a3bbc1295d5dfee22cdaa22687b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
450ffc3a4cfa72b737b3b9ae357eca59

SHA1
5d8db99f241b5b1d36ef0d9dc694dca4388a0a05

SHA256
f708e12b16dec441e2d42af6f2c403424778bb043466d1d533be584448028148

SHA512
ea6346401e224741ffddbd0c089ec3db79c43ff71ac5d804a39fe8154720fa5dd10ef9f9ed105ca7e6a34bb64ed9b6546c68833886cb31e9fec2e080d1a486dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
227KB

MD5
c5fe50f66bbc7703b72ed5b865a39b13

SHA1
88ddc081fffdd00cc6f6ab38ed97016dda8327c4

SHA256
8567fcfc0cdfaf6c6042e06d93eed1f6fc4c7589c0d15675a13d667d914a2f69

SHA512
b758cfd11fdaf28ea4d05434521f7140e999f8262c1ed500ca4b51db172693a378b3e709dd9988340ddd9c674885051e4b61b2d4a5f9f66de8716004429d5579

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log

Filesize
4KB

MD5
0b1f9a0b30881dcf7f10eb2334dc6e1a

SHA1
2afa5f3b2ba4e9c63a98366fabb147e7e38896ec

SHA256
b554e9bc56c3d03efadbff17681936fb87ccbcfeeb67db2e835cd345ef90f46d

SHA512
0d2805cff3ba6daf09d1581bad542e4a8c30e24c1632a9d92141783d40cb868ad65baa878a382e48e0e98af37c38c9300910404d1830735b19bf432a1fd57960

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\1jpqianq.newcfg

Filesize
2KB

MD5
6113d94a12e7028c8dfcedbb73d29b06

SHA1
996b37bc5df719a9c66510ca7792251a73ad04d0

SHA256
f955026b6e1eb5cae8f85de8bb7308aac069cf8cd31a493b118772c22edfa0ea

SHA512
cc94f66dfb35aad6a48d6eb5eeebe02fb205aa85a1bb3a7053114f864df6989ed430f4d782ca414c002d2115acaffc28865d923b4679c5a9f02a3d1bb72ec1dd

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\97s8y5l_.newcfg

Filesize
4KB

MD5
f2d0cc7ea9dcd05363e37a24ec79ec50

SHA1
2112eb56e70cd31bec2eb6ec7709bcbb7fca459a

SHA256
e94e82c56f2ffffd8b0ca5e5a7cb4dacc9f4528c1ffce83d44da4b9ffe1a60a5

SHA512
8a23caf689f22ab69e5eb67e832d430b8b197b288fa1426ac461499f62c0c8aa5ca87316814ab7b93d0e0997bd3af42b60875c8e3ad437d26cb653f49f86a156

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\a3l_r3d4.newcfg

Filesize
2KB

MD5
f201e9bf75e08878065362c45bf7acc9

SHA1
e82839d11a7fe0853aac81cba7e74771fe11b613

SHA256
f9dc32bca0a5229dd95c83f168e28125ab7984f6bbf469f6fd6bfcb313857774

SHA512
d2beca02f82a85ff1d0c9afc1a46d6dbfcf25934d179e2b7694d3a0ee91e3eb1586844a112489ecec0edfebc34d4bca9cb5cc37a2e51006af3ad76b32ec4887f

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\hmzexttt.newcfg

Filesize
2KB

MD5
efbf09de0ca277aa357c007dca29b09e

SHA1
49f1bb34fcadcefd40ed3f676846747fdd668b1c

SHA256
2a81c805d9e997dd73d71feb0e22025160bb83bfd889d946d14fda7b416ba122

SHA512
db3b07c69e010b9d23df47ed739e66d78dc64f148342710aab221b36ab4c5d3b3bb4b3e9f25764ea890d81d7236490dd632d31ba1993ce00c8de9ed1009b2755

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\iwhbk0d6.newcfg

Filesize
1KB

MD5
7c1e2fa646b4cd024f84780eab71fa96

SHA1
8eaa1cfbce0b2741db17bcd7e82d1a2e683e7b95

SHA256
344e20ec032dd49019f57186186c0144eaffd6db89e0f082c7b29fee6123b8cf

SHA512
a6071c3b62f479fe4b3fc04ccfafd776c27774722a1537b343a6fb9eb6748cfbcc51a2aff378498959a14908ae6053cec29c9d71044e47edaa1929f098d7783f

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\j90rtyk7.newcfg

Filesize
2KB

MD5
16c90305bdc8cd111d6f498e86ec404d

SHA1
a69ada4e30e34412148543d9b7b12f32e6cb5f45

SHA256
e7a7a1e8c0285ee78f5b1485dd1022a8d87cae0d40fef64ab2e520869daf1aa5

SHA512
904a8c4abdefde1b903af60ea6356ca0f9fbbcab58293aecfe4f690db4c73593f958c81105bf00725931a0545fc377bba2ca37312456a12425ceed1b52676ac3

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\k1j9i44_.newcfg

Filesize
4KB

MD5
fdcbcb042cea7486973626424bf2022f

SHA1
997383e892db259203012b4b91885bcade7e8d8b

SHA256
625a7051b0f4344ba6dd7e92d422b7fdfc674c8b515261be5e443b41102e956b

SHA512
4c50af2cb2092e888d53136c2211ce4a236c7bff4406d2dcce4764625ea7bd9be06e052f1fb206daaced654fc5c584c85a98124918c25de3b1e7c9d45022598a

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\k9biztzv.newcfg

Filesize
4KB

MD5
319d39813d6fe0c3f685f5745113c09b

SHA1
2a81e12677e2984563a74221674641bdef1d64ed

SHA256
af90cda22d7134e51405824ac11c2b75607e832eb7355a18e6577775b4782ac7

SHA512
64e0eafaabe1e786b4f54000d06cc1e1092531b3b9d919ec9ce1bcb017a49104af8ecc1db136f989bb1cc41c038a846b3ee9186ac785192d1f3bc965ed2fc1f1

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\o3vbzqug.newcfg

Filesize
3KB

MD5
68c78c6477d0c5ec95d4ef31d4221310

SHA1
e904e7c361b2725ffd4d521bf4d67dbaa90d7b5d

SHA256
150993cdf0983d13e239bf1cbad97157a4678c10e8f55c0cfb0b01f0672d2702

SHA512
3b463bb4a04a37f5dddb86784949d7829b60e2c0d49e9f14e51dd814dbb9e0da1ff6672ad92332c67bfd5ac8fb9cc3d8c9faaefd955675e88f6a61948d3cd04d

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\q8zpkve-.newcfg

Filesize
4KB

MD5
3cb71ca005dd52992a191e5412d2dae7

SHA1
5ddee704701b6e80b448012e2be5aa2ff5877038

SHA256
88512681b99507e4d815ab2f400a87bccfc819afdf8f7bb7f59337c12eab572e

SHA512
da37d24430eb342c52fbb4557557957104ff7fce52ab26bcdfb34927807d5e2a4848e891f9e29558cc5e873271eb0f9c035f86b9f468bebe683732fdd8a72b45

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\user.config

Filesize
341B

MD5
173c8e5d53012fcd93034042f8464a19

SHA1
226fafb255a07ee20e0522a8902638844afb88f1

SHA256
5ba3803c178a75c84f9868bae53edb497f63869de941dc21578546185c269d77

SHA512
d1ca7efbb86066cc8e1d0dc91b122d3b7f98c56f49f449da405d36304e73905986eb697604360ec4bf6b2fa6603ad3020624428d2a67db050cd141e23780eeb5

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\user.config

Filesize
470B

MD5
64c71bbabbada7b8824b3c637b404ae6

SHA1
58908d0f0a3dca96ffed1ff36da5bdf761f56338

SHA256
58b78f4ef263136491df59bcf5c510b03116bd7c18ae319c868367296c7041a7

SHA512
e8fdd3ff659bd7c1b581b6245dd059247bd382c0971411347bbbc8adc75c1108671a3b019021d615739ad8aabef92acf342b72316647ea324eef78f2b3161337

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\user.config

Filesize
4KB

MD5
642de8af6c7f90256fa9b16badad6005

SHA1
88ffca434aeaecdc0044d7a13cf9e93ee5d287d9

SHA256
3a83da0753b55874cd763936bc64c438ddecfe76676a08e261c8e500fa4622d5

SHA512
1c941eb02c9921e0ef9ccb0e25aa788a07478c677660e4e021eabf9ac8244e897ed8fbce0b61a039fcfc6c2e7d4b435dc7db0c88d2e4787a53e14cff6f182d98

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\user.config

Filesize
2KB

MD5
a90b6014140870f203da3162c5b22eb0

SHA1
d36bb3e044f2dc6d556fcf8c1f908bab917d4f32

SHA256
979bc73e7eae4e92d29f72d90b923f530e2811963c582ab38d10426b9e7d6acb

SHA512
651c98a68d7142adee325a9d5d39efb29ce6a785d48ad7617bcb016cf2aef2aa5fe56adc72f23727b6d718d6de2ece2edf4df605ca9ac53b237343ce2b9bafa6

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\xricy8ul.newcfg

Filesize
3KB

MD5
1fae75a716d5c4be943619fb21b1bb4a

SHA1
4a33230cd2115fdd5ee1bb7cfd7b066eca1c9a89

SHA256
4257e55b9d95d91c9822142faa58f4047207937067d314560662e434f5cac6ca

SHA512
332fda4e43b76ad0b0f798f92b6a4062e698ffd06ffbf8835ea31af9a8dc0a2d9b5510fc5649fafde0af0192fbb9aeb216d17c76cfa166fab41198e20f36a595

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0E2ED808\ICSharpCode.SharpZipLib.dll

Filesize
207KB

MD5
1e16bad4f6a563c46161bb4fb0cfec4f

SHA1
e86ee8b835814ff6e6d6709a00694d0308cc83f3

SHA256
c7b5080ea8b2753751cb6252a3e9edd2a292d8a141de9e65cd3d0005ebe041e9

SHA512
a0a52c24bde70dfd22d0c7b57a2ae53927a5efd2a6dd18a325f7d03a6fd94eeb6c5885b63c7e135bac786bc4bde82640584e76ab04d9a9e6bf24923b9f05e7e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0E2ED808\ICSharpCode.SharpZipLib.dll

Filesize
207KB

MD5
1e16bad4f6a563c46161bb4fb0cfec4f

SHA1
e86ee8b835814ff6e6d6709a00694d0308cc83f3

SHA256
c7b5080ea8b2753751cb6252a3e9edd2a292d8a141de9e65cd3d0005ebe041e9

SHA512
a0a52c24bde70dfd22d0c7b57a2ae53927a5efd2a6dd18a325f7d03a6fd94eeb6c5885b63c7e135bac786bc4bde82640584e76ab04d9a9e6bf24923b9f05e7e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0E2ED808\ICSharpCode.SharpZipLib.dll

Filesize
207KB

MD5
1e16bad4f6a563c46161bb4fb0cfec4f

SHA1
e86ee8b835814ff6e6d6709a00694d0308cc83f3

SHA256
c7b5080ea8b2753751cb6252a3e9edd2a292d8a141de9e65cd3d0005ebe041e9

SHA512
a0a52c24bde70dfd22d0c7b57a2ae53927a5efd2a6dd18a325f7d03a6fd94eeb6c5885b63c7e135bac786bc4bde82640584e76ab04d9a9e6bf24923b9f05e7e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0E2ED808\ICSharpCode.SharpZipLib.dll

Filesize
207KB

MD5
1e16bad4f6a563c46161bb4fb0cfec4f

SHA1
e86ee8b835814ff6e6d6709a00694d0308cc83f3

SHA256
c7b5080ea8b2753751cb6252a3e9edd2a292d8a141de9e65cd3d0005ebe041e9

SHA512
a0a52c24bde70dfd22d0c7b57a2ae53927a5efd2a6dd18a325f7d03a6fd94eeb6c5885b63c7e135bac786bc4bde82640584e76ab04d9a9e6bf24923b9f05e7e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0E2ED808\ICSharpCode.SharpZipLib.dll

Filesize
207KB

MD5
1e16bad4f6a563c46161bb4fb0cfec4f

SHA1
e86ee8b835814ff6e6d6709a00694d0308cc83f3

SHA256
c7b5080ea8b2753751cb6252a3e9edd2a292d8a141de9e65cd3d0005ebe041e9

SHA512
a0a52c24bde70dfd22d0c7b57a2ae53927a5efd2a6dd18a325f7d03a6fd94eeb6c5885b63c7e135bac786bc4bde82640584e76ab04d9a9e6bf24923b9f05e7e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0E2ED808\Newtonsoft.Json.dll

Filesize
426KB

MD5
6fe086f542ae0dde2ab0162a87b63192

SHA1
a940664ce30f1938fed543d23e3715732315ab2f

SHA256
484a60598618c20e518c0acb0a2d5296fb64d15dea2edda698a178caba16ce27

SHA512
ca4c8682b169385a2b2795a3c128b985123d40670a55b8d5d5545e3377568be396d370808d14d099c583991e3ca438e1d48963c4e1620131e1ba4691f8f40ca2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0E2ED808\Newtonsoft.Json.dll

Filesize
426KB

MD5
6fe086f542ae0dde2ab0162a87b63192

SHA1
a940664ce30f1938fed543d23e3715732315ab2f

SHA256
484a60598618c20e518c0acb0a2d5296fb64d15dea2edda698a178caba16ce27

SHA512
ca4c8682b169385a2b2795a3c128b985123d40670a55b8d5d5545e3377568be396d370808d14d099c583991e3ca438e1d48963c4e1620131e1ba4691f8f40ca2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0E2ED808\Newtonsoft.Json.dll

Filesize
426KB

MD5
6fe086f542ae0dde2ab0162a87b63192

SHA1
a940664ce30f1938fed543d23e3715732315ab2f

SHA256
484a60598618c20e518c0acb0a2d5296fb64d15dea2edda698a178caba16ce27

SHA512
ca4c8682b169385a2b2795a3c128b985123d40670a55b8d5d5545e3377568be396d370808d14d099c583991e3ca438e1d48963c4e1620131e1ba4691f8f40ca2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0E2ED808\Newtonsoft.Json.dll

Filesize
426KB

MD5
6fe086f542ae0dde2ab0162a87b63192

SHA1
a940664ce30f1938fed543d23e3715732315ab2f

SHA256
484a60598618c20e518c0acb0a2d5296fb64d15dea2edda698a178caba16ce27

SHA512
ca4c8682b169385a2b2795a3c128b985123d40670a55b8d5d5545e3377568be396d370808d14d099c583991e3ca438e1d48963c4e1620131e1ba4691f8f40ca2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0E2ED808\Newtonsoft.Json.dll

Filesize
426KB

MD5
6fe086f542ae0dde2ab0162a87b63192

SHA1
a940664ce30f1938fed543d23e3715732315ab2f

SHA256
484a60598618c20e518c0acb0a2d5296fb64d15dea2edda698a178caba16ce27

SHA512
ca4c8682b169385a2b2795a3c128b985123d40670a55b8d5d5545e3377568be396d370808d14d099c583991e3ca438e1d48963c4e1620131e1ba4691f8f40ca2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0E2ED808\WebCompanionInstaller.exe

Filesize
461KB

MD5
4a5b051edbc60c58d0fa08810ab2fa0a

SHA1
0430c9096463c70cfabd1e831df7121fc39ba811

SHA256
4f388b54e9ba62572013722783938e1603fe3e76b5b02031ed33df09c1c73eaa

SHA512
9a9e0e5f85ff379d5927fe0525592b8378b40b6237e8f0b9c34fa667246140ebe26883575d3d8e0c437e3a2571cd0bc39337f3fac88694537c4fefe227ad63cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0E2ED808\WebCompanionInstaller.exe

Filesize
461KB

MD5
4a5b051edbc60c58d0fa08810ab2fa0a

SHA1
0430c9096463c70cfabd1e831df7121fc39ba811

SHA256
4f388b54e9ba62572013722783938e1603fe3e76b5b02031ed33df09c1c73eaa

SHA512
9a9e0e5f85ff379d5927fe0525592b8378b40b6237e8f0b9c34fa667246140ebe26883575d3d8e0c437e3a2571cd0bc39337f3fac88694537c4fefe227ad63cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0E2ED808\WebCompanionInstaller.exe.config

Filesize
2KB

MD5
ebacec1e9929bd429c709a9fd0c210ac

SHA1
a6a847fd94fa1d243108ecac6eb75e14033a93c0

SHA256
ae0e80f5549f5ad5ef0996882a2e0f997ff3724e63a35c9bca9001b10f58dee6

SHA512
8a7f4dccf0fd9888d19f01358c751a917d707c5b2ce01852224a4d3f70440d0e026dd824ac51f07942ad7722d07e949798cc044dccd32559f35651f01efcd196

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0E2ED808\en-US\WebCompanionInstaller.resources.dll

Filesize
9KB

MD5
d3105e9db5aac25193d6c6d2d99349f6

SHA1
551362c83428f52837a97a9c988d993e4b9dc573

SHA256
86b3513221f9d1edac50afb7a43cdeee1599cdc69f37d6c52be7f2a0bf014e66

SHA512
79a10cb9383f07cb17b16af8cea52b28a0e5c7d01aed21ed0cff05ae669abb4d9ad3585cd117407e272d98c52524f115a4b93bac8fb42d6574533b243f5935cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0E2ED808\en-US\WebCompanionInstaller.resources.dll

Filesize
9KB

MD5
d3105e9db5aac25193d6c6d2d99349f6

SHA1
551362c83428f52837a97a9c988d993e4b9dc573

SHA256
86b3513221f9d1edac50afb7a43cdeee1599cdc69f37d6c52be7f2a0bf014e66

SHA512
79a10cb9383f07cb17b16af8cea52b28a0e5c7d01aed21ed0cff05ae669abb4d9ad3585cd117407e272d98c52524f115a4b93bac8fb42d6574533b243f5935cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0E2ED808\en-US\WebCompanionInstaller.resources.dll

Filesize
9KB

MD5
d3105e9db5aac25193d6c6d2d99349f6

SHA1
551362c83428f52837a97a9c988d993e4b9dc573

SHA256
86b3513221f9d1edac50afb7a43cdeee1599cdc69f37d6c52be7f2a0bf014e66

SHA512
79a10cb9383f07cb17b16af8cea52b28a0e5c7d01aed21ed0cff05ae669abb4d9ad3585cd117407e272d98c52524f115a4b93bac8fb42d6574533b243f5935cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0E2ED808\en-US\WebCompanionInstaller.resources.dll

Filesize
9KB

MD5
d3105e9db5aac25193d6c6d2d99349f6

SHA1
551362c83428f52837a97a9c988d993e4b9dc573

SHA256
86b3513221f9d1edac50afb7a43cdeee1599cdc69f37d6c52be7f2a0bf014e66

SHA512
79a10cb9383f07cb17b16af8cea52b28a0e5c7d01aed21ed0cff05ae669abb4d9ad3585cd117407e272d98c52524f115a4b93bac8fb42d6574533b243f5935cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0E2ED808\en-US\WebCompanionInstaller.resources.dll

Filesize
9KB

MD5
d3105e9db5aac25193d6c6d2d99349f6

SHA1
551362c83428f52837a97a9c988d993e4b9dc573

SHA256
86b3513221f9d1edac50afb7a43cdeee1599cdc69f37d6c52be7f2a0bf014e66

SHA512
79a10cb9383f07cb17b16af8cea52b28a0e5c7d01aed21ed0cff05ae669abb4d9ad3585cd117407e272d98c52524f115a4b93bac8fb42d6574533b243f5935cb

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.LavasoftTcpServiceLib.dll

Filesize
55KB

MD5
d050df18bd18bf81abc997ff64e04fa0

SHA1
90c106a3e2a58c2e6e4ab3e0b14e32520a0e34d8

SHA256
7b5f7bbf5c1585f596b2a9bb5b67e70696a66f07ac645acbd9b9451f33c4beda

SHA512
e79a7dbb4474768741dabb5c41885d2f684e6c9c3244657f017c534754ecac9a5001e251282d087d503cb598aea836330e8b12612cd6317f8c20dc9318e70a5f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.LavasoftTcpServiceLib.dll

Filesize
55KB

MD5
d050df18bd18bf81abc997ff64e04fa0

SHA1
90c106a3e2a58c2e6e4ab3e0b14e32520a0e34d8

SHA256
7b5f7bbf5c1585f596b2a9bb5b67e70696a66f07ac645acbd9b9451f33c4beda

SHA512
e79a7dbb4474768741dabb5c41885d2f684e6c9c3244657f017c534754ecac9a5001e251282d087d503cb598aea836330e8b12612cd6317f8c20dc9318e70a5f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.LavasoftTcpServiceLib.dll

Filesize
55KB

MD5
d050df18bd18bf81abc997ff64e04fa0

SHA1
90c106a3e2a58c2e6e4ab3e0b14e32520a0e34d8

SHA256
7b5f7bbf5c1585f596b2a9bb5b67e70696a66f07ac645acbd9b9451f33c4beda

SHA512
e79a7dbb4474768741dabb5c41885d2f684e6c9c3244657f017c534754ecac9a5001e251282d087d503cb598aea836330e8b12612cd6317f8c20dc9318e70a5f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.LavasoftTcpServiceLib.dll

Filesize
55KB

MD5
d050df18bd18bf81abc997ff64e04fa0

SHA1
90c106a3e2a58c2e6e4ab3e0b14e32520a0e34d8

SHA256
7b5f7bbf5c1585f596b2a9bb5b67e70696a66f07ac645acbd9b9451f33c4beda

SHA512
e79a7dbb4474768741dabb5c41885d2f684e6c9c3244657f017c534754ecac9a5001e251282d087d503cb598aea836330e8b12612cd6317f8c20dc9318e70a5f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.LavasoftTcpServiceLib.dll

Filesize
55KB

MD5
d050df18bd18bf81abc997ff64e04fa0

SHA1
90c106a3e2a58c2e6e4ab3e0b14e32520a0e34d8

SHA256
7b5f7bbf5c1585f596b2a9bb5b67e70696a66f07ac645acbd9b9451f33c4beda

SHA512
e79a7dbb4474768741dabb5c41885d2f684e6c9c3244657f017c534754ecac9a5001e251282d087d503cb598aea836330e8b12612cd6317f8c20dc9318e70a5f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Ionic.Zip.dll

Filesize
462KB

MD5
3d8bf84f10ef47ee50c437c255bc3958

SHA1
5aa8f0319dcc0d1ce6fb4577fedca2d8a66610f2

SHA256
8006bfce39927b96a0642d51bba0cf7a449bb2b09c62f5f5cb1618e748468356

SHA512
db73c6fe81c57b71c2587baaaed00a092f4476f2ee8268a83da95f4e3ac5755e801d18b137ebadf118e1b6b89b660dadcbd793647c24e432c0c9a1df40fbd677

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll

Filesize
199KB

MD5
719abfcdfe4a420ed8db4b1f407b27c0

SHA1
d8b5b8b670e10a00c3b2b21d147568b6c4a68edd

SHA256
4fd95a547d9604810e3ec80d63a564492a1a2d050f985bc228a191e3fdf5631c

SHA512
b970be97e23a5f97d70d9ae87512a596e0bec22ec6e76e8198318ec0c8a2b36cfa9064ed6e7bf514ab44d6dfde07a0c37c67167c54bfebded1ecb3b94d9ce7e6

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll

Filesize
199KB

MD5
719abfcdfe4a420ed8db4b1f407b27c0

SHA1
d8b5b8b670e10a00c3b2b21d147568b6c4a68edd

SHA256
4fd95a547d9604810e3ec80d63a564492a1a2d050f985bc228a191e3fdf5631c

SHA512
b970be97e23a5f97d70d9ae87512a596e0bec22ec6e76e8198318ec0c8a2b36cfa9064ed6e7bf514ab44d6dfde07a0c37c67167c54bfebded1ecb3b94d9ce7e6

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll

Filesize
199KB

MD5
719abfcdfe4a420ed8db4b1f407b27c0

SHA1
d8b5b8b670e10a00c3b2b21d147568b6c4a68edd

SHA256
4fd95a547d9604810e3ec80d63a564492a1a2d050f985bc228a191e3fdf5631c

SHA512
b970be97e23a5f97d70d9ae87512a596e0bec22ec6e76e8198318ec0c8a2b36cfa9064ed6e7bf514ab44d6dfde07a0c37c67167c54bfebded1ecb3b94d9ce7e6

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll

Filesize
199KB

MD5
719abfcdfe4a420ed8db4b1f407b27c0

SHA1
d8b5b8b670e10a00c3b2b21d147568b6c4a68edd

SHA256
4fd95a547d9604810e3ec80d63a564492a1a2d050f985bc228a191e3fdf5631c

SHA512
b970be97e23a5f97d70d9ae87512a596e0bec22ec6e76e8198318ec0c8a2b36cfa9064ed6e7bf514ab44d6dfde07a0c37c67167c54bfebded1ecb3b94d9ce7e6

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll

Filesize
199KB

MD5
719abfcdfe4a420ed8db4b1f407b27c0

SHA1
d8b5b8b670e10a00c3b2b21d147568b6c4a68edd

SHA256
4fd95a547d9604810e3ec80d63a564492a1a2d050f985bc228a191e3fdf5631c

SHA512
b970be97e23a5f97d70d9ae87512a596e0bec22ec6e76e8198318ec0c8a2b36cfa9064ed6e7bf514ab44d6dfde07a0c37c67167c54bfebded1ecb3b94d9ce7e6

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Events.dll

Filesize
131KB

MD5
c86dfe367017deba7a77a6724d0cf387

SHA1
c97b810c9755275e45128299a422040544f73422

SHA256
bc57b7acaed475fa37a63d0d9167ddf55331a228905e18027c0cbee30eae4417

SHA512
438fe3cd085b0b05e809b85a43e0a721a9ba7790d7fc464b9aa0184d19eb1224277f3dfb95f1aaf104d28e79d07faf12155d4fb80c02476c0cdcfe9015dcb205

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Events.dll

Filesize
131KB

MD5
c86dfe367017deba7a77a6724d0cf387

SHA1
c97b810c9755275e45128299a422040544f73422

SHA256
bc57b7acaed475fa37a63d0d9167ddf55331a228905e18027c0cbee30eae4417

SHA512
438fe3cd085b0b05e809b85a43e0a721a9ba7790d7fc464b9aa0184d19eb1224277f3dfb95f1aaf104d28e79d07faf12155d4fb80c02476c0cdcfe9015dcb205

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Events.dll

Filesize
131KB

MD5
c86dfe367017deba7a77a6724d0cf387

SHA1
c97b810c9755275e45128299a422040544f73422

SHA256
bc57b7acaed475fa37a63d0d9167ddf55331a228905e18027c0cbee30eae4417

SHA512
438fe3cd085b0b05e809b85a43e0a721a9ba7790d7fc464b9aa0184d19eb1224277f3dfb95f1aaf104d28e79d07faf12155d4fb80c02476c0cdcfe9015dcb205

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Events.dll

Filesize
131KB

MD5
c86dfe367017deba7a77a6724d0cf387

SHA1
c97b810c9755275e45128299a422040544f73422

SHA256
bc57b7acaed475fa37a63d0d9167ddf55331a228905e18027c0cbee30eae4417

SHA512
438fe3cd085b0b05e809b85a43e0a721a9ba7790d7fc464b9aa0184d19eb1224277f3dfb95f1aaf104d28e79d07faf12155d4fb80c02476c0cdcfe9015dcb205

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Events.dll

Filesize
131KB

MD5
c86dfe367017deba7a77a6724d0cf387

SHA1
c97b810c9755275e45128299a422040544f73422

SHA256
bc57b7acaed475fa37a63d0d9167ddf55331a228905e18027c0cbee30eae4417

SHA512
438fe3cd085b0b05e809b85a43e0a721a9ba7790d7fc464b9aa0184d19eb1224277f3dfb95f1aaf104d28e79d07faf12155d4fb80c02476c0cdcfe9015dcb205

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll

Filesize
528KB

MD5
06057dd6faec821061f244d51c3269c0

SHA1
676aebe7f974d88dc034bf8741688a6ef4653687

SHA256
7d73db43d134121301d16fccd6c0d9d3a56782b275ac38d3cf039340f1f7d209

SHA512
ff931525b9264aaee4b67122c1f11b891e8b5a92c8e53a5df1cb63b889df581c465a747521723e1c18aca5109f101799edc1247277c1b06086739c8bfeb7244d

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll

Filesize
528KB

MD5
06057dd6faec821061f244d51c3269c0

SHA1
676aebe7f974d88dc034bf8741688a6ef4653687

SHA256
7d73db43d134121301d16fccd6c0d9d3a56782b275ac38d3cf039340f1f7d209

SHA512
ff931525b9264aaee4b67122c1f11b891e8b5a92c8e53a5df1cb63b889df581c465a747521723e1c18aca5109f101799edc1247277c1b06086739c8bfeb7244d

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll

Filesize
528KB

MD5
06057dd6faec821061f244d51c3269c0

SHA1
676aebe7f974d88dc034bf8741688a6ef4653687

SHA256
7d73db43d134121301d16fccd6c0d9d3a56782b275ac38d3cf039340f1f7d209

SHA512
ff931525b9264aaee4b67122c1f11b891e8b5a92c8e53a5df1cb63b889df581c465a747521723e1c18aca5109f101799edc1247277c1b06086739c8bfeb7244d

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll

Filesize
528KB

MD5
06057dd6faec821061f244d51c3269c0

SHA1
676aebe7f974d88dc034bf8741688a6ef4653687

SHA256
7d73db43d134121301d16fccd6c0d9d3a56782b275ac38d3cf039340f1f7d209

SHA512
ff931525b9264aaee4b67122c1f11b891e8b5a92c8e53a5df1cb63b889df581c465a747521723e1c18aca5109f101799edc1247277c1b06086739c8bfeb7244d

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll

Filesize
528KB

MD5
06057dd6faec821061f244d51c3269c0

SHA1
676aebe7f974d88dc034bf8741688a6ef4653687

SHA256
7d73db43d134121301d16fccd6c0d9d3a56782b275ac38d3cf039340f1f7d209

SHA512
ff931525b9264aaee4b67122c1f11b891e8b5a92c8e53a5df1cb63b889df581c465a747521723e1c18aca5109f101799edc1247277c1b06086739c8bfeb7244d

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll

Filesize
104KB

MD5
ec4b2852e620fb8977b4ca209d7787d1

SHA1
b59eda2724522814e2f5d1dba675c3c1efaa9579

SHA256
82ef634b9216b2a72248f3dfe22c7f26ee119021d06ce71cdee4193e940a2956

SHA512
f2a233407bb1752fb9d6f0ff99f6b21fe514c29128302b34db5dfa28b00b429d23e0f5dba6226298b655ef2194861baa05f349f00e4636934ef2d07fd57ffa73

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll

Filesize
104KB

MD5
ec4b2852e620fb8977b4ca209d7787d1

SHA1
b59eda2724522814e2f5d1dba675c3c1efaa9579

SHA256
82ef634b9216b2a72248f3dfe22c7f26ee119021d06ce71cdee4193e940a2956

SHA512
f2a233407bb1752fb9d6f0ff99f6b21fe514c29128302b34db5dfa28b00b429d23e0f5dba6226298b655ef2194861baa05f349f00e4636934ef2d07fd57ffa73

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll

Filesize
104KB

MD5
ec4b2852e620fb8977b4ca209d7787d1

SHA1
b59eda2724522814e2f5d1dba675c3c1efaa9579

SHA256
82ef634b9216b2a72248f3dfe22c7f26ee119021d06ce71cdee4193e940a2956

SHA512
f2a233407bb1752fb9d6f0ff99f6b21fe514c29128302b34db5dfa28b00b429d23e0f5dba6226298b655ef2194861baa05f349f00e4636934ef2d07fd57ffa73

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll

Filesize
104KB

MD5
ec4b2852e620fb8977b4ca209d7787d1

SHA1
b59eda2724522814e2f5d1dba675c3c1efaa9579

SHA256
82ef634b9216b2a72248f3dfe22c7f26ee119021d06ce71cdee4193e940a2956

SHA512
f2a233407bb1752fb9d6f0ff99f6b21fe514c29128302b34db5dfa28b00b429d23e0f5dba6226298b655ef2194861baa05f349f00e4636934ef2d07fd57ffa73

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll

Filesize
104KB

MD5
ec4b2852e620fb8977b4ca209d7787d1

SHA1
b59eda2724522814e2f5d1dba675c3c1efaa9579

SHA256
82ef634b9216b2a72248f3dfe22c7f26ee119021d06ce71cdee4193e940a2956

SHA512
f2a233407bb1752fb9d6f0ff99f6b21fe514c29128302b34db5dfa28b00b429d23e0f5dba6226298b655ef2194861baa05f349f00e4636934ef2d07fd57ffa73

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Newtonsoft.Json.dll

Filesize
426KB

MD5
8646baeed20310f7b687789e58e183e2

SHA1
3fd09e9f654331f031e88fbe61d99a42dd10c1d7

SHA256
193c95270430347cd2c0677cbff40e5c812e0b49f7fe539b8b37b9427079986c

SHA512
537bb871c727d7345a47016b0628b4628b3f0414a1c4002d9f7ab3165751c2185143c565358a659ccf522b7917929fbbbfab03d488833b70d1bc14ef1b3c6f2b

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Newtonsoft.Json.dll

Filesize
426KB

MD5
8646baeed20310f7b687789e58e183e2

SHA1
3fd09e9f654331f031e88fbe61d99a42dd10c1d7

SHA256
193c95270430347cd2c0677cbff40e5c812e0b49f7fe539b8b37b9427079986c

SHA512
537bb871c727d7345a47016b0628b4628b3f0414a1c4002d9f7ab3165751c2185143c565358a659ccf522b7917929fbbbfab03d488833b70d1bc14ef1b3c6f2b

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Newtonsoft.Json.dll

Filesize
426KB

MD5
8646baeed20310f7b687789e58e183e2

SHA1
3fd09e9f654331f031e88fbe61d99a42dd10c1d7

SHA256
193c95270430347cd2c0677cbff40e5c812e0b49f7fe539b8b37b9427079986c

SHA512
537bb871c727d7345a47016b0628b4628b3f0414a1c4002d9f7ab3165751c2185143c565358a659ccf522b7917929fbbbfab03d488833b70d1bc14ef1b3c6f2b

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Newtonsoft.Json.dll

Filesize
426KB

MD5
8646baeed20310f7b687789e58e183e2

SHA1
3fd09e9f654331f031e88fbe61d99a42dd10c1d7

SHA256
193c95270430347cd2c0677cbff40e5c812e0b49f7fe539b8b37b9427079986c

SHA512
537bb871c727d7345a47016b0628b4628b3f0414a1c4002d9f7ab3165751c2185143c565358a659ccf522b7917929fbbbfab03d488833b70d1bc14ef1b3c6f2b

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Newtonsoft.Json.dll

Filesize
426KB

MD5
8646baeed20310f7b687789e58e183e2

SHA1
3fd09e9f654331f031e88fbe61d99a42dd10c1d7

SHA256
193c95270430347cd2c0677cbff40e5c812e0b49f7fe539b8b37b9427079986c

SHA512
537bb871c727d7345a47016b0628b4628b3f0414a1c4002d9f7ab3165751c2185143c565358a659ccf522b7917929fbbbfab03d488833b70d1bc14ef1b3c6f2b

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe

Filesize
9.2MB

MD5
7bb65bb24e9a4a04e8d3423d12cf4665

SHA1
29a28ec509fd7e46eead9730d910bc9261babd1e

SHA256
263d145e44bbef5f1a7b33d5d22ea33a941ef339a567d853e257e5b07540049e

SHA512
893a9538efc74bf9c2f55c537abc6a227e02a992d42321d29e81b45bd7394cb1b4729371dbc1536fa8e75442b4f48cfdce1b09af829c8a381e848527f52aa01e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe

Filesize
9.2MB

MD5
7bb65bb24e9a4a04e8d3423d12cf4665

SHA1
29a28ec509fd7e46eead9730d910bc9261babd1e

SHA256
263d145e44bbef5f1a7b33d5d22ea33a941ef339a567d853e257e5b07540049e

SHA512
893a9538efc74bf9c2f55c537abc6a227e02a992d42321d29e81b45bd7394cb1b4729371dbc1536fa8e75442b4f48cfdce1b09af829c8a381e848527f52aa01e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe.config

Filesize
19KB

MD5
1f6d2003038e80d41622133f99babbfb

SHA1
15d65abfa15dcca59ea4b31dac689377497e4596

SHA256
00686f103e7774f6ec676fd9fecfe5424bdfb31cd1dd82625fd8c7d3e2f427f7

SHA512
87b61780297fe072e2054269d7effd69ea85bf414279d12c0232cecebefb07435a727bc69a234681e7a2be862699a73ca79a83b1354406936cf9286d96cc8fd0

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\log4net.dll

Filesize
315KB

MD5
1d468bb4ca5c3664f208dea11633d570

SHA1
2ea73e477abd6ae06fde8aebd1bd72ebd569fb2b

SHA256
73c4b4c46095f46aa422f0caf810bb053704c3ca6cc938a8c74b8db2ab1e5318

SHA512
7a7b8f34a4797c02bed552cce89db5a02a4952355dd45be4ac4bab6a8f283a1c7036f343516a1778243a978745537d23e3e382c9dc9e496b79cf909aefd5ba7e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\log4net.dll

Filesize
315KB

MD5
1d468bb4ca5c3664f208dea11633d570

SHA1
2ea73e477abd6ae06fde8aebd1bd72ebd569fb2b

SHA256
73c4b4c46095f46aa422f0caf810bb053704c3ca6cc938a8c74b8db2ab1e5318

SHA512
7a7b8f34a4797c02bed552cce89db5a02a4952355dd45be4ac4bab6a8f283a1c7036f343516a1778243a978745537d23e3e382c9dc9e496b79cf909aefd5ba7e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\log4net.dll

Filesize
315KB

MD5
1d468bb4ca5c3664f208dea11633d570

SHA1
2ea73e477abd6ae06fde8aebd1bd72ebd569fb2b

SHA256
73c4b4c46095f46aa422f0caf810bb053704c3ca6cc938a8c74b8db2ab1e5318

SHA512
7a7b8f34a4797c02bed552cce89db5a02a4952355dd45be4ac4bab6a8f283a1c7036f343516a1778243a978745537d23e3e382c9dc9e496b79cf909aefd5ba7e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\log4net.dll

Filesize
315KB

MD5
1d468bb4ca5c3664f208dea11633d570

SHA1
2ea73e477abd6ae06fde8aebd1bd72ebd569fb2b

SHA256
73c4b4c46095f46aa422f0caf810bb053704c3ca6cc938a8c74b8db2ab1e5318

SHA512
7a7b8f34a4797c02bed552cce89db5a02a4952355dd45be4ac4bab6a8f283a1c7036f343516a1778243a978745537d23e3e382c9dc9e496b79cf909aefd5ba7e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\log4net.dll

Filesize
315KB

MD5
1d468bb4ca5c3664f208dea11633d570

SHA1
2ea73e477abd6ae06fde8aebd1bd72ebd569fb2b

SHA256
73c4b4c46095f46aa422f0caf810bb053704c3ca6cc938a8c74b8db2ab1e5318

SHA512
7a7b8f34a4797c02bed552cce89db5a02a4952355dd45be4ac4bab6a8f283a1c7036f343516a1778243a978745537d23e3e382c9dc9e496b79cf909aefd5ba7e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\ActiveFeatures.zip

Filesize
404B

MD5
49a0213a1d34ec168bd4ad1f49f0f6cd

SHA1
bb203b18369bbd19d6cb96e64632ce52e362e43c

SHA256
ab40d08e57921bb529d51466621e5d276f2e2509947e4f4a3f6df89504c61b08

SHA512
5fed2ef5d455582b2d9e39a681cb0890645858e5d3a20f2d907f6e59a456ea8b218a75c8d07f07f3b4543bf43ae0af410b26067b6842559bd7a520c93180c19e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\ActiveFeatures.zip

Filesize
404B

MD5
8346e1fd09009efdf08a77d33e22ac80

SHA1
60c69d1dfe22b8fbd2c8a3a867a5f25f2e6ee50a

SHA256
dde16a5b33857bc5f4e5e88b9895892889defb749844016635407f63c0e81447

SHA512
d7708526ed121bf7d911c75d955283d260f72e3a9ee6f91b2050ddc1fc1ca031b29261587c32907bb082cc10963ac7671d08a7ac0a2819b8b55f8b72e8fcd0e6

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\AppSettings.txt

Filesize
310B

MD5
d1c66668d86b8017500d2a93977e2dc5

SHA1
6e86edc442ff9e0fc8c1664a4ee3bb02b66c6f68

SHA256
8b48ce0254b019bde1cd7e308828b71a8e70e22296cde4edd73292644ffdecff

SHA512
5f9db5e9a50744c6d9ac5111f939907592cff292c46684415578cbe2a0ad91673e90db8a9290572766ec5c86e7d8b357546186e7be6fd1a000a1678e08d28be8

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\FeatureActions.zip

Filesize
630B

MD5
b34f52cd3fc6edab994e0d448c3e78be

SHA1
18a19779dff78cfa2c354d962db8734104b7b9cc

SHA256
cf6d88f5b4820282d4eedc0b249db17dc82ebbcfb113e7a0a1fe59a0c3887d98

SHA512
da52532760dd11d43c03eb3cdc38c267e89caaccf4871deaad4f754c5eb22d950973a01cc36cfcb9be5e35047323435e8b394dee42f963467e0f1ac16527a6c8

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\LatestReleaseNotes.txt

Filesize
6B

MD5
f5bd57c383ba95f77ad910dd0200e081

SHA1
0595d53ee4839cc59f5883fb1bc42098024f9b7b

SHA256
abdfbffecbe18ed94df9829819e596ee285b52a94aa108514452a9121721c789

SHA512
f9f0a2040f85cc0338b9fb6770180d3d7cdf0f12d8e3bdf01b9a27c1c03f6653a768ba73fa427813561ea8b221b349e11f64221366841b602c3618f7197f283b

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\Partner.txt

Filesize
59B

MD5
5a7d607c80dd72e6a06b152a84bf41f2

SHA1
0ad33af6e6e1220a142dc953166bb951bb2b266a

SHA256
de463d9e85b2bd9e25dce0757527fb4433f5182e190d015773b046fb7d4754ab

SHA512
0aa3a81637cc9558ff81bc37ff7c1ad346036e9f51670303ac2df9dcbe6bb0f568b9efab8415725079ca859da22b240b784df7573572c33cdbadea0be1eea3bd

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\ServicePartnerInfo.txt

Filesize
187B

MD5
aa4f1d9b849271fd062be55bf6f06e13

SHA1
6cbf3bbfcc3a0e4038256c900f65d26e3984b400

SHA256
83e9a74a66714a339c75c42dca843d3ac1f5b0eb7c2eea265531ae6b6fd99976

SHA512
09f46f9d45271e11928eda66fb922f4dbced1698fa9248acbb5ceae35fecb9be3849bc9842469fc24def83f600883acb33e03fee44fbe3c304da1b81df12bda6

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\WebProtectionConfig.txt

Filesize
308B

MD5
0cb1cc6ebd3113ffa4d08cb8e611b0c1

SHA1
c084178a890875d41c400e8950537e1f8a58a50f

SHA256
b578ec7cfe4cdf6690c83daa66b068fc585a8b35fc3a8722e29f2dc0fabb26e2

SHA512
c86f4c9a16249313e1a4e0561dc6241e931c5d382a830b64e3aa9d1447734716417bc2f08e4860edc0d2945cc5091170b90039194c90985395d33a36662fffec

Download Submit
memory/896-63-0x0000000001840000-0x0000000001850000-memory.dmp

Filesize
64KB

Download
memory/896-59-0x00007FFE07900000-0x00007FFE082A1000-memory.dmp

Filesize
9.6MB

Download
memory/896-168-0x0000000001840000-0x0000000001850000-memory.dmp

Filesize
64KB

Download
memory/896-261-0x0000000001840000-0x0000000001850000-memory.dmp

Filesize
64KB

Download
memory/896-158-0x00007FFE07900000-0x00007FFE082A1000-memory.dmp

Filesize
9.6MB

Download
memory/896-56-0x00007FFE07900000-0x00007FFE082A1000-memory.dmp

Filesize
9.6MB

Download
memory/896-61-0x000000001B530000-0x000000001B666000-memory.dmp

Filesize
1.2MB

Download
memory/896-60-0x000000001AE20000-0x000000001B1F4000-memory.dmp

Filesize
3.8MB

Download
memory/896-58-0x000000001A9F0000-0x000000001AA10000-memory.dmp

Filesize
128KB

Download
memory/896-57-0x0000000001840000-0x0000000001850000-memory.dmp

Filesize
64KB

Download
memory/2300-64-0x0000000074C50000-0x0000000075201000-memory.dmp

Filesize
5.7MB

Download
memory/2300-62-0x0000000074C50000-0x0000000075201000-memory.dmp

Filesize
5.7MB

Download
memory/2300-65-0x00000000019D0000-0x00000000019E0000-memory.dmp

Filesize
64KB

Download
memory/2300-50-0x00000000019D0000-0x00000000019E0000-memory.dmp

Filesize
64KB

Download
memory/2300-32-0x0000000074C50000-0x0000000075201000-memory.dmp

Filesize
5.7MB

Download
memory/2300-66-0x00000000019D0000-0x00000000019E0000-memory.dmp

Filesize
64KB

Download
memory/2300-156-0x00000000019D0000-0x00000000019E0000-memory.dmp

Filesize
64KB

Download
memory/2300-291-0x00000000019D0000-0x00000000019E0000-memory.dmp

Filesize
64KB

Download
memory/2300-31-0x0000000074C50000-0x0000000075201000-memory.dmp

Filesize
5.7MB

Download
memory/2300-33-0x00000000019D0000-0x00000000019E0000-memory.dmp

Filesize
64KB

Download
memory/4068-750-0x0000000011A30000-0x0000000011A42000-memory.dmp

Filesize
72KB

Download
memory/4068-751-0x000000006FD50000-0x000000006FD62000-memory.dmp

Filesize
72KB

Download
memory/4068-504-0x0000000074C50000-0x0000000075201000-memory.dmp

Filesize
5.7MB

Download
memory/4068-908-0x000000006F3E0000-0x000000006FB90000-memory.dmp

Filesize
7.7MB

Download
memory/4068-671-0x0000000001F40000-0x0000000001F50000-memory.dmp

Filesize
64KB

Download
memory/4068-907-0x0000000001F40000-0x0000000001F50000-memory.dmp

Filesize
64KB

Download
memory/4068-906-0x0000000001F40000-0x0000000001F50000-memory.dmp

Filesize
64KB

Download
memory/4068-701-0x0000000001F40000-0x0000000001F50000-memory.dmp

Filesize
64KB

Download
memory/4068-905-0x0000000001F40000-0x0000000001F50000-memory.dmp

Filesize
64KB

Download
memory/4068-714-0x0000000001F40000-0x0000000001F50000-memory.dmp

Filesize
64KB

Download
memory/4068-904-0x0000000001F40000-0x0000000001F50000-memory.dmp

Filesize
64KB

Download
memory/4068-895-0x0000000001F40000-0x0000000001F50000-memory.dmp

Filesize
64KB

Download
memory/4068-894-0x0000000074C50000-0x0000000075201000-memory.dmp

Filesize
5.7MB

Download
memory/4068-505-0x0000000001F40000-0x0000000001F50000-memory.dmp

Filesize
64KB

Download
memory/4068-755-0x000000006F3E0000-0x000000006FB90000-memory.dmp

Filesize
7.7MB

Download
memory/4068-893-0x00000000661C0000-0x00000000661E2000-memory.dmp

Filesize
136KB

Download
memory/4372-342-0x0000000000950000-0x0000000000960000-memory.dmp

Filesize
64KB

Download
memory/4396-159-0x0000000074C50000-0x0000000075201000-memory.dmp

Filesize
5.7MB

Download
memory/4396-310-0x000000006F450000-0x000000006FC00000-memory.dmp

Filesize
7.7MB

Download
memory/4396-311-0x000000000B110000-0x000000000B122000-memory.dmp

Filesize
72KB

Download
memory/4396-312-0x000000006FDC0000-0x000000006FDD2000-memory.dmp

Filesize
72KB

Download
memory/4396-166-0x0000000001470000-0x0000000001480000-memory.dmp

Filesize
64KB

Download
memory/4396-476-0x0000000001470000-0x0000000001480000-memory.dmp

Filesize
64KB

Download
memory/4396-501-0x00000000661C0000-0x00000000661E2000-memory.dmp

Filesize
136KB

Download
memory/4396-502-0x0000000074C50000-0x0000000075201000-memory.dmp

Filesize
5.7MB

Download
memory/4396-503-0x000000006F450000-0x000000006FC00000-memory.dmp

Filesize
7.7MB

Download
memory/4396-167-0x0000000074C50000-0x0000000075201000-memory.dmp

Filesize
5.7MB

Download