3e852da637bffdb51542ea3a2208ff73eb737554e43f7feead2b243c7f0f1083

Analysis

max time kernel
91s
max time network
147s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
25-02-2024 07:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

532KB
MD5

9e752b4955759a42d94b655b55d06784
SHA1

59d2eb1e6c35f1650dbfe0884a03a07c071e09f8
SHA256

3e852da637bffdb51542ea3a2208ff73eb737554e43f7feead2b243c7f0f1083
SHA512

cf8b87fe90613c2cb820c0d5f57d686843f57115f02b20a50f5c0bd8cddc92d466c3fa8d45b8b084abea203f03d6ac1328411cc3550c7a63bcf096f779180907
SSDEEP

12288:7G5knZfFKer58CGWoOKDtjMF3+nG4nsCGKZ+d+hSOjn4ZSVbsFGxz6:7G50ZfFKUboOMsGsClZ+dnOMZabsiz6

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\Web Companion = "C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Web Companion\\Application\\WebCompanion.exe --minimize "	WebCompanion.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\Web Companion = "C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Web Companion\\Application\\WebCompanion.exe --minimize "	WebCompanion.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 3 IoCs

pid	Process
2644	WebCompanion-Installer.exe
1020	WebCompanion.exe
1772	WebCompanion.exe

Loads dropped DLL 64 IoCs

pid	Process
2356	Setup.exe
2644	WebCompanion-Installer.exe
2644	WebCompanion-Installer.exe
2644	WebCompanion-Installer.exe
2644	WebCompanion-Installer.exe
2644	WebCompanion-Installer.exe
2644	WebCompanion-Installer.exe
2644	WebCompanion-Installer.exe
2644	WebCompanion-Installer.exe
2644	WebCompanion-Installer.exe
2644	WebCompanion-Installer.exe
2644	WebCompanion-Installer.exe
2644	WebCompanion-Installer.exe
2644	WebCompanion-Installer.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1772	WebCompanion.exe
1772	WebCompanion.exe
1772	WebCompanion.exe
1772	WebCompanion.exe
1772	WebCompanion.exe
1772	WebCompanion.exe
1772	WebCompanion.exe
1772	WebCompanion.exe
1772	WebCompanion.exe
1772	WebCompanion.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	WebCompanion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	WebCompanion-Installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	WebCompanion-Installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f00740000000f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	WebCompanion-Installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e40f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47419000000010000001000000068cb42b035ea773e52ef50ecf50ec52920000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	WebCompanion-Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	WebCompanion.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	WebCompanion.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	WebCompanion.exe

Suspicious behavior: EnumeratesProcesses 23 IoCs

pid	Process
2644	WebCompanion-Installer.exe
2644	WebCompanion-Installer.exe
2644	WebCompanion-Installer.exe
2644	WebCompanion-Installer.exe
2644	WebCompanion-Installer.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1020	WebCompanion.exe
1772	WebCompanion.exe
1772	WebCompanion.exe
1772	WebCompanion.exe
1772	WebCompanion.exe
1772	WebCompanion.exe
1772	WebCompanion.exe
1772	WebCompanion.exe
1772	WebCompanion.exe
1772	WebCompanion.exe
1772	WebCompanion.exe
1772	WebCompanion.exe
1772	WebCompanion.exe
1772	WebCompanion.exe
1620	chrome.exe
1620	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2644	WebCompanion-Installer.exe
Token: SeDebugPrivilege	1020	WebCompanion.exe
Token: SeDebugPrivilege	1772	WebCompanion.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
1772	WebCompanion.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe

Suspicious use of SendNotifyMessage 33 IoCs

pid	Process
1772	WebCompanion.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2644	2356	Setup.exe	28
PID 2356 wrote to memory of 2644	2356	Setup.exe	28
PID 2356 wrote to memory of 2644	2356	Setup.exe	28
PID 2356 wrote to memory of 2644	2356	Setup.exe	28
PID 2356 wrote to memory of 2644	2356	Setup.exe	28
PID 2356 wrote to memory of 2644	2356	Setup.exe	28
PID 2356 wrote to memory of 2644	2356	Setup.exe	28
PID 2644 wrote to memory of 1428	2644	WebCompanion-Installer.exe	30
PID 2644 wrote to memory of 1428	2644	WebCompanion-Installer.exe	30
PID 2644 wrote to memory of 1428	2644	WebCompanion-Installer.exe	30
PID 2644 wrote to memory of 1428	2644	WebCompanion-Installer.exe	30
PID 1428 wrote to memory of 1924	1428	cmd.exe	32
PID 1428 wrote to memory of 1924	1428	cmd.exe	32
PID 1428 wrote to memory of 1924	1428	cmd.exe	32
PID 1428 wrote to memory of 1924	1428	cmd.exe	32
PID 2644 wrote to memory of 1020	2644	WebCompanion-Installer.exe	33
PID 2644 wrote to memory of 1020	2644	WebCompanion-Installer.exe	33
PID 2644 wrote to memory of 1020	2644	WebCompanion-Installer.exe	33
PID 2644 wrote to memory of 1020	2644	WebCompanion-Installer.exe	33
PID 2644 wrote to memory of 1772	2644	WebCompanion-Installer.exe	34
PID 2644 wrote to memory of 1772	2644	WebCompanion-Installer.exe	34
PID 2644 wrote to memory of 1772	2644	WebCompanion-Installer.exe	34
PID 2644 wrote to memory of 1772	2644	WebCompanion-Installer.exe	34
PID 1620 wrote to memory of 2844	1620	chrome.exe	38
PID 1620 wrote to memory of 2844	1620	chrome.exe	38
PID 1620 wrote to memory of 2844	1620	chrome.exe	38
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39
PID 1620 wrote to memory of 2436	1620	chrome.exe	39

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Users\Admin\AppData\Local\Temp\7zS439DC106\WebCompanion-Installer.exe
  .\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN230901 --nonadmin --direct --campaign --version=12.901.4.1003
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2644
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /C netsh http add urlacl url=http://+:9007/ user=Everyone
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1428
  - - C:\Windows\SysWOW64\netsh.exe
      netsh http add urlacl url=http://+:9007/ user=Everyone
      4⤵
      PID:1924
- - C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
    "C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --install --geo=
    3⤵
    - Adds Run key to start application
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1020
- - C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
    "C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --afterinstall
    3⤵
    - Adds Run key to start application
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:1772

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:1888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7759758,0x7fef7759768,0x7fef7759778
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 --field-trial-handle=1380,i,14528916668573380061,5785811907798838925,131072 /prefetch:2
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1380,i,14528916668573380061,5785811907798838925,131072 /prefetch:8
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1380,i,14528916668573380061,5785811907798838925,131072 /prefetch:8
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2304 --field-trial-handle=1380,i,14528916668573380061,5785811907798838925,131072 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2316 --field-trial-handle=1380,i,14528916668573380061,5785811907798838925,131072 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1408 --field-trial-handle=1380,i,14528916668573380061,5785811907798838925,131072 /prefetch:2
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1340 --field-trial-handle=1380,i,14528916668573380061,5785811907798838925,131072 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3660 --field-trial-handle=1380,i,14528916668573380061,5785811907798838925,131072 /prefetch:8
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3748 --field-trial-handle=1380,i,14528916668573380061,5785811907798838925,131072 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1844 --field-trial-handle=1380,i,14528916668573380061,5785811907798838925,131072 /prefetch:1
  2⤵
  PID:356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3180 --field-trial-handle=1380,i,14528916668573380061,5785811907798838925,131072 /prefetch:1
  2⤵
  PID:536

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
8fb26eb41ced5f72da28618d66575d97

SHA1
c0655d81abd6eed08289fab7ce1121e2dd43ef20

SHA256
4e67dbf3d29b3ca3d2a8780bc1fa01179191658799800bdaab4357de653b7c22

SHA512
5463805e440b200a95fb02d0698e5573bcc024b25bedba158f6a53ec814bbc05a416306d7c993489d80355079cc500358df3c914e6ccd6b694780e294185b083

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
71720bb1f1b9edb0ec379a2fe51f6519

SHA1
4c1f10ddd56cf41bff4edb18c8da15b9b6139bd3

SHA256
ec9697a7a96435e797c8296e36841a858e2a7a75b0741da73338504044ad7145

SHA512
3fd624d49ed57f54ce5fb6ed3a2d2d5142bfc57cb6bc4cb5daa5e9eca42eacf4741bb976c400d5174dcce72a8396976e430964f5db4940d2b3eefcb9d3610adc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
aee46a6eec646be0c556646f79b6a9cb

SHA1
abbd3bbc81986031a8b2ac2df21052fb94400149

SHA256
b9553778638cccab982292386ddccb7156a4aa3ff0e3ad465cfeb67c2fde39d0

SHA512
05c3d6a72c1735e0ad18184c23ab8d09a207d4f99aae9a6470bd1196052ccde4f58f6e15d5ce24e6de91749e8d85ea21f93a393596c28a93453e65300e183a49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f5551e2e13e3456b8b3221e02fed4410

SHA1
15811ebc14962bc18e696b5fd35bbdd449b7b8ba

SHA256
699f50512a1e69be78fada1ff8d67914586400444dbbb30452f578568d798be1

SHA512
0f4924988579bd57f40404de6e02992e7340b819abbe6488fab978108443e8961f74172fcec8770196a8fbc0da66fe3f8e12194d4482212174a1db2e3892d253

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2bcc516865bc10d341746cec471817c1

SHA1
c4875bb87d2e9348631cecb231e426e66f408272

SHA256
44c6a4ece48881b91912d8c378c164e77bc926bb64f30a0007a6dba975bab178

SHA512
a79bae8c4226f90aa687ca1d81af56a2a4da34646dfb2635d1fca294432394d76ad0f931f957c6861cad6d85d139e7be74f0a844d56b530a5949b3ce47616905

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
9a894cc340288ea19c3fefbb57a8708a

SHA1
b625eeaaec8198bdf0244637675fe6772390150a

SHA256
a01d9353c9a26dc81a20ff7c2a35742dba647c8250922a1685fa898b3a1fe5ca

SHA512
0271b49e468dd00fe935b33285a7ac15502098626b2f70002d219aac0456972bbae61b322fba6c375f3349f7e31a43b14e9068d5bd7add839832aa775222bdf2

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log

Filesize
4KB

MD5
26f8724d94955e81e8a9b035efd34fb1

SHA1
f8bf89fed208cbef47ee7e4310312779ec704fd3

SHA256
ce4ef795984d5ba5dc9e1b42d7d045a4ae5d31074fab70dfd932e5cd74f4967c

SHA512
fb82c7fdca641521c1fbe9412959729c919a74fb2fe869b71409e9ce5daf3c518581ced68f95ccc8790a2d72c632e63f69db1f6642186c49fdbae39c12d0b40a

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\azf0wghn.newcfg

Filesize
1KB

MD5
bf496c716d871872a508caa668735bbe

SHA1
dbfed3b851130385f49b7237185a29556b22402a

SHA256
eba403031570705ebfb31d6f0f3ff81581567def3f2cd38bcf4e7ef2dffc5b6a

SHA512
6e0922cda8df3bc1451b1d86c8fd5707c11a8060ec67b74e856c847e824a934c40e3caf57529098e47ea47b039856be06583aa0d5166ae14af50422f2749a311

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\gmvqmpnq.newcfg

Filesize
723B

MD5
c471093b49ca1d7770d7e39a57743626

SHA1
905d25e85acb63fc6088390ff0e30a993bfcf777

SHA256
398633b8f978f449fdb4107aa450cae694a02e334d61e90bd0116610539f3435

SHA512
ee41bb38cb0a38801a622d263ccbcdefc48392c8fd290231b858ae348cc776105eed58ca8df2f45aa3a7d26e335321f658ab0f1e2247f01d14ac0cb6025ff7b2

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\go4rzrmk.newcfg

Filesize
2KB

MD5
8d4b95f1d278eaa94d4f05946b2994a2

SHA1
ec60efea67279a2a8c2d4bae8aea6aa3a2bddf91

SHA256
5fd4b6a9696455a31930c3096b9777ecabac9ecdd2bd3a7b3a5bf80e29815034

SHA512
d0b0af16c70337b79e85e45fd193f3e974843b733ac8d8c2db90068e74b86487efe191b24b41b4b195839139364281e659d86e576a3d28f04cd6d84e12ed1d76

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\gtu5xani.newcfg

Filesize
861B

MD5
b4ecccf8f6cb66ed6c222e0d32f34065

SHA1
5166bb516a533296b2f6914290c01359912ceb86

SHA256
1631ff1bc4b474303be696ef05dc79aa8a58014383019c4d84366c6c25e349fd

SHA512
fee6e5b6d9a90cfde669843ef7bc408e054b955691535df9735bae5a225c36bec342d4dead83d6a82ea724f6c47b0cccc5d62d007870b48c0577fd768f067e3a

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\kauu3451.newcfg

Filesize
2KB

MD5
e34e102cd52e21ef7d5be6e9c21fdbcc

SHA1
e456b4c204b4041f08dd4b9955ccb541d9f8ee10

SHA256
1f22e6aae4418ec666e581e9d2b1a4992b79be5d563a6c238f7cefbd8375250b

SHA512
3273992858c4b343a46ce03e7f90903102d16674baade3420091d7ff494701889ce8213f2d006cb59efbad47e5422d50e05880da9ac2800e5bef804fe25d9b8c

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\qsxushnf.newcfg

Filesize
2KB

MD5
bddfe32d581f199b81182abf55074aed

SHA1
2b25623f62b4aef8c1fbaa6458619c66c32ac43f

SHA256
4b728d2610538444d7fe8552efc196f89b257fa7ef85cd5d2a670e75a916a0db

SHA512
31b92fd186ed70d83f120da8d9cf3e9962c4343960f0a9d5d124bc7bf1d51be7c3c787d0793b14f2aeb45eda9944e5302344e45529919d246f6bf44342f500ef

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\user.config

Filesize
330B

MD5
88bac5db79ab9307b4aeca937b6e4936

SHA1
efe6b00df096ee515f1df0689198dfda8a7a7635

SHA256
ed4bb00ba1024503cba62bc4bfedf3df1ceba8c29104c6bb91772e7871771908

SHA512
811ef8a62c9ba3be0e84cd9d66aba8651f709605571e7efd092d5f4fbbe77cd1540813b1f81d28bb85291c30f0e1ef81a16bc171cfd4368ea70249fd11d13a8a

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\user.config

Filesize
462B

MD5
ea94cb9595adb65764e4d641c444ff97

SHA1
e603f3af615bb74fdfb59f63abf4023fb9eeecb8

SHA256
9b03a1514068d541d07a107abb7c0d7ce347a32e9ced04eadce146a2db540907

SHA512
3a82173e5a53baea82ca77f35194462bf1ae6afbb3f7dac0b686c378468576c762aa0131f44e1278a55fa18a852d6e552c308632aa4ee960a7b5f8c62fa7417b

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\user.config

Filesize
594B

MD5
911eecff48f496119302a40bbd4a24b7

SHA1
1d0c0c1fab96676e6f6d642350a7f8229cccfd21

SHA256
e1860fb491a053511dcb794e6dbacdbbe4fafaf5b72fac016fe7ff8a3cda0fab

SHA512
84315c669ed55915c58b5c9e88a5f8ab880101d899326bb5dc7f569b67f605e2822c93d650d0b5a3eda95902c1335b912b53829fd0b5d93f8753dd53e4583b0d

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\user.config

Filesize
1KB

MD5
5e9e5caea0e9c4e8b9451fa2e417ef31

SHA1
cff95e107d3f17213a9131db68a342ba5f85833f

SHA256
a4e3a68ec05d7bdc8b3af1e9cf8bdd719c228e079c8489ca2a188a4541ca8093

SHA512
225dd12ddfc61cdbfa3e7f8bebcca47d4273998806b18f29fda2af7f2f2993f692c169c3811d1eb0a16ba83910f035abfa1ce41119dccdf2836fedf4e6a85e2c

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\user.config

Filesize
2KB

MD5
eaf737a81de3684aefb5380084beeb51

SHA1
302c61185381f5a457a82993c019e2a2b8193a2d

SHA256
1cec50d34a60470e06381833a6b38fa71efefaac8596b544646eb108d6391b21

SHA512
887df915ae0b0138b80f50d36e905006173e52d1b551effd657c05a61912a7385b4b32bd30baf1114f80cd5b4c899fe1ecdd2fcf81e9e3b184e0f9eb51780421

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\user.config

Filesize
2KB

MD5
c36613b84ffb328278e2b6823dcb9129

SHA1
1d1119d4e19c5adfa0f6b14b2d14234d49595f33

SHA256
976cfbf3b61097b79703350c7cdb600acb7487ed6c6e67baa99bbc049c97838f

SHA512
99624a3d3b229831d870eb4d6b517826dcc44e0f71577a941997ce29c222fd2eeefe1a96ba074893b77ab6f030525a7e49a576889a183a6287faa86d55638ba9

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\user.config

Filesize
2KB

MD5
42d4b620bdab491e517a769486f9cafa

SHA1
115bba19acba8296e54727d0c24c1518326a9c63

SHA256
37ee13ad9576ef53df46c08e561922bdadb5f659dd553cdd5445646c398332cb

SHA512
ba1c2c71a412b81e1693b607afad6bc56138017121d2a7606ab9729de54ba9d4b004ce1a9a1714df14cb7f456fa77a494a16dc82f9b1698c53c2ee9fb65481a8

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\user.config

Filesize
1KB

MD5
452af3b584a6cdfe7dcfe3dae3d2f7aa

SHA1
28633255b8f617f0244cb644464f3b9f4274f384

SHA256
b037d0da61d586dd6e90a20ae5fbcfe7fc26456997df7c9fcf8fbba6cc915050

SHA512
f6c07a1e577ec8b74463ece2d3055f7afe55409ef3a4b6aa55d0580b5d5952719584373d1c69a989c396d10852d862c45b52040de5fe24c53b4e200ef3deefa1

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\user.config

Filesize
1KB

MD5
63cefa65597f9214fafa78f0ea20f97f

SHA1
593b14469093ff856776cca69ecde6488a673105

SHA256
a1e489e128884c5a63fd30dc7a9af05b2e22aabb7504635af63a288295517fe4

SHA512
4f8cf1b19aad285bef4545d3a2b902e40da74e8c3f774d0519d9841e068b5d1df21af8c0ccfcf3e5cdf13c6839648bda06bdd7001fae7350a8f2ba551822e4c9

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\user.config

Filesize
2KB

MD5
561b5e950415132058e38b2103fb0dfd

SHA1
2503c41d54313db38f232560a2b520bb3a59d4a2

SHA256
a57f79614bc37a7e708a6b69d7ea47a733606ebc6e71698e52e4b9fcc1b3dba1

SHA512
071be4367a1f785e4c9c6988ae0faf7d538aa0b3665c9fc29e4ad2b273638a04f74f8788963c3d5dfc162548847051aea5f18890886d886ed87571088da77c52

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\user.config

Filesize
2KB

MD5
d2fa5481ee63ba37fcb22a9df3cf6809

SHA1
bc68d5711d97144cb3895a33f52a426eab269b22

SHA256
661898ec4a3bd03aca74eca98ee27376837c61d30a14b4b94f61a287b1e4182f

SHA512
f2d442638b5937646e581749aefe9231982225962f0c8edaa9feb43ee54ec9f6a30a6604b8dd67ae2df11bdb86b5b8908e40db5ec10602510b7fda855ded2001

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS439DC106\ICSharpCode.SharpZipLib.dll

Filesize
208KB

MD5
b0040d764201abd71c26560e798bfa7f

SHA1
a3f32be47621d353d67c6a72b7059b553801a9b8

SHA256
13c3e0fec7ff29eb8ab28b321102c2d27afcbb410884cd693cfd3d211bbef1d5

SHA512
104f157b822901375cacbb22121c1c866254eca5979422741768aed5536b0d51f5efce24b6106927cb16843276fc8e4b8f70ba20f5ac3c48a75460b2ab14e478

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS439DC106\Newtonsoft.Json.dll

Filesize
428KB

MD5
746c1f0ea5a5c0a67fe96dba4e32ac76

SHA1
cb31834984b5c7509499f0a9a5febe2e3575de78

SHA256
9ee20b0b7e54e633eff1a25b6e379201d499552689ad29eebd5ad90f221b1386

SHA512
b07f6032d609291f3f3d6e75abc055cbc0751c2cde4cfb4eb5ab93611ad8391e877dad92009dec70c0c2a7fb96b20cb4392a1a51634006466bca06fec36ce358

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS439DC106\WebCompanion-Installer.exe.config

Filesize
2KB

MD5
be34b448b611dc35dd383ed545e8fa96

SHA1
6c9dcd8d936f0e39648f8fa80e7f07d9ce6f550e

SHA256
deeba89fab938088e2e65942e93210e6e368eef6bc1ca8e8724ed43154701851

SHA512
796bc2ee8672b64d9f5859f0b091e76de9523beb91a7c8a1aaf59be30902bb73f5d197f271d9d50ba6139b109b00f121efa11929f322af71fe9d32c683ad8c44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1D04.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1D17.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\FeatureComponent.dll

Filesize
144KB

MD5
296ec9745c31ba135e6b6b25eb0f103a

SHA1
9b4445ff18ea2a01c739be0fa1198243b9de49c0

SHA256
61a70774acbb150536270936b7109fef7556d73a5ba581798f5296b2bc5cc4f3

SHA512
1cb4e99ca9b9c2d6ff8eae2a3adf21273b366243d7dfcb6ccc8b9d46875e31f7df192256a1bacd47073d50aa2af08124f31ea41549454eb988d43f4d899993e2

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll

Filesize
108KB

MD5
522a44cd2e255dff02c5e5c67a61b85a

SHA1
c8a9ec53407f729c81126dbb9db81af235b43b58

SHA256
4649fb49605bac2da3925ba3255bbd4017f5a9115206d67de6d51d5a1035b2c3

SHA512
3ea6b1bbd0cb4b78674b58d3ad77cb5d93a6f27be5dd5a4a83feddeacd55d1b8f17a12ee7664d866e32a929debef7183e3991c53a9ad8e056721e7b70d92d252

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\MozCompressor.dll

Filesize
65KB

MD5
d7ddf9e550e3aea75828fdb478b828d3

SHA1
013eadba5dc5907b9e606eefae3378cb8bb3d342

SHA256
43a8aee7ffcc38dc74bb5a60a20c706bcddc6cb76cb8f707cf44cc906e021d5c

SHA512
98efa04647e3c05ef315430eed5c615eaea3c54aaa9a845a42bb8eb3b1fd5ec1a6c22f4775a407638c6fd03d24a7fa437c2781035ab90c95803aade70fcd19f1

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Newtonsoft.Json.dll

Filesize
428KB

MD5
90adbed40eccb88261b426a3edbe7d64

SHA1
b9a2a4545a494a4bf282bce760c20952c907a225

SHA256
50905ff3732052549c0b3c0519998d84f6d4b6b92c5ed99639d3f9955edcdab3

SHA512
0254cc18fdb0803d27da99d35b99fb0df7adece7acd35d5a8ee2fd889b3e57d2edee2588352784a0c9e941a0b75e7e89710c2fd6bbf1573e4abe0d68b3df4d02

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\System.Data.SQLite.dll

Filesize
284KB

MD5
b6740a4ae51a502d1cc6f4c4aeaa599c

SHA1
1a550de829e3e9a2ae2d6fa2bacfc2a2b0390417

SHA256
01e87e1587a26f245438cf9a1f6f7c6bbe8eeac588c3f6680240dc238f36e3cf

SHA512
8c3156d165c7b10aac9d457af6bb843d553203c444afd22f05fdcdc68409966e779badded16551946223bd3d02ba78d62855ba9437d3c4dc7548354c1755bed5

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\VCRUNTIME140D.dll

Filesize
106KB

MD5
2d4432c819cb81f66577be18d3af05bd

SHA1
8225b327176a8fa9bc6f80608fac635cda56b918

SHA256
18b5786e3770ab51795207589cd7fc13453ff26a9537bc83ee287e0c7c28b76f

SHA512
05faf84248a76e71604512f94d7cf3d9eebcfd2898e4c89365821f474f60d879393f16e3275c20d6e6a7d7d8f9e6474d9a632a02613882a422a15f8402440029

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe.config

Filesize
11KB

MD5
cd4e494e258c7eb0585fe76ebe9e6233

SHA1
e93eb57e6c38e496fda92dbcb31021b34ae47cfe

SHA256
bf61730717f05b95c4f43d425b6d7d15deac39d53e28eb302e5723c7a9b7b0b2

SHA512
413b3727a71126e3f35551232607d95f8bd79342526c0144cbca929e6dd3e65aab56b2d1f37baafad53ea23dca4c55bdd363cd45d0c54792c3118726ea45c07c

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\liblz4.dll

Filesize
133KB

MD5
148d06eedb7e5d678737b0db1de41854

SHA1
8a1f616124c2b1a4207fb25a278ce8ff2b45c605

SHA256
4f300a4f2b2c54d270c817198e83396cae24badcd186778f5e1aed72f3da222a

SHA512
9ad9ad9d78a16bef0dc518abb9f6ae0803e60d50c6a35081c1ea046453c7e64dd9b5cf15e39de0ae5690f48a6cfd0067c24a1338ee50318c961cf5c6b6ab7a06

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\log4net.dll

Filesize
316KB

MD5
2354866890cf03971a066b1b0a6e2376

SHA1
a446317cfed4875d5f6b82b507bb9097029277a6

SHA256
83f5dfb7e27c8316ae780d39eaefe6583dfd119a4e9e556a6552df799f300e0d

SHA512
c681e0a545812198f7a89eba33bde9fb0637a3b94b50a63980767f40279618433ed71082c7575c84d5ab1ca2f664bba573c8f3d7fe0a39e8d3229fb85158372a

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\ucrtbased.dll

Filesize
1.6MB

MD5
38a817eccad491efc1837c6898c47405

SHA1
b64a392cef5f002561e7012e2064c044aaefca54

SHA256
eeca89b65f569ab698dd17370985955856bf7660395804af5fea08db926bd494

SHA512
f199c154939e7fbd94b9e12a9794c0c5258b3c0aa387e4a4f056665377998736add55b41f5ce62fae6f1639088add32570a4c9bd0017c04eee95f46f2d95da9b

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\x86\SQLite.Interop.dll

Filesize
824KB

MD5
27894a5da2338538e7403ac060d5d7f9

SHA1
76fa92b25490eaefc8b9ee878a63242e6a646f86

SHA256
1442d69bc8445d1f0ebb232081d23ac641bbcc375234cc35cd28ef521f395e1d

SHA512
8f630763b225d2f950c475d9a5fe15927d7449caccbf7b347c06c9ef6675cfef1c568120d9cb79df0358f91054baf3be394376a5db3afa296f35c6e1e5313ae9

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\ActiveFeatures.zip

Filesize
394B

MD5
d2f7e655769764f6fc5dbdbb1020ef83

SHA1
07ce549ea34d3219e8329d35eeca0e3625bd788d

SHA256
e336f448a0e8e4878f48a1509d389287f81c3272f18b78751cebea8d2fae61cd

SHA512
5f72711afd6da8daffd0912b97ef2959459f38b6d347bb62d151d67f4c6a4b2ac4c23813627d756c81231d3b8c8833721c145cbcdf30a66617a13e3a794d2b4e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\ActiveFeatures.zip

Filesize
394B

MD5
79fb6235c5fbfd5ab253a443825825d6

SHA1
10f53beb91c8fa91d094adcbc06545f101745e27

SHA256
90fa8b8e5c9e2e967cd300481331460fcd12992feef6994026e4bca870ee1784

SHA512
808bd8416ae7ced33ce7ed72cb1dfe8c97beca1d0a8a88d280f2f8a02b973e880131cac8d3d3c5c5589d13148b3076a05a315c57e0e538311702b243db3f7a67

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\AppSettings.txt

Filesize
332B

MD5
590fd86ad024f2b655deec8333e240a9

SHA1
f1946050248dd1aea834f139063ac8eb3e41677e

SHA256
7afe6a8c5bf14cace6e9bb2d40df2adb5f31325fc024f448138106cf7b63f7c1

SHA512
c19bf730552e548b6caaa27f5ff2c5b34d34ac9408b3b6e388361635ddfd4f619b9205fad76b9141f2804b8dd364cd843dcbabd4d9d7b7b712f320f6729d87ec

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\CData.txt

Filesize
209B

MD5
2e917257b70148cf98f30f74a2f7e622

SHA1
53fe51ff770f1a4a3c3708237b87c34fecb6715d

SHA256
5c77154636717a8ca291979199664120522688d6b33e8411f450d921428d092d

SHA512
f11455f95087282755c55be9e22e1fcf2870462eb6d03b4973153c71c9c92be094d020778761da8cbeb89b947e43854cbb069d423758cff50b85907b30fd4e59

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\FData.txt

Filesize
208B

MD5
139a463ccb961c2db87cec01e70bf1f8

SHA1
8b369c6c3141fbfd980b3ec9cd5b93fd6533b79c

SHA256
279b1389ab21b21344b131d6ced6bcb8796ba6370ce43a7423ec5f7e67407a92

SHA512
9a31f5f349139af40edfeaaeb1e8e3cf4d2bcd0f0802006ca54a4539fc2c471c6b3ef321b0f55c515c0f70417d1ce9767b538e95f0fb0b623a87c4305a632f4f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\FeatureActions.zip

Filesize
656B

MD5
caa7f059fcb65767bbe43884163729c7

SHA1
34c69d722ed9fca2e1b0562175ef798309938b08

SHA256
e3efcd14b82d3afa4d987e64dc3245be561f3f247422bcce20afee32cd0a4178

SHA512
7fe4ecd137bcacd212fca1f87691f295ff0f1523c9daa67717067d5a9d7926d122a24261499c7edc3f94ba5a56ec35979197760c670fa400e07b611ec3668fbc

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\FeatureActions.zip

Filesize
225B

MD5
15d0af7454748e8056c97061b0c083f1

SHA1
697893516be9081158a4d1bc8dd6d292ae17e3f5

SHA256
045e63e47c5634c12bb567831c5bc4c9d71f68c129605d5885095194804eb652

SHA512
edaa55266d33417846f049efa03b136751eb26abfa90e1df6c7ae869bfc71470802bbeb4b1dfa2be8561281f0e772d468a16a125edb46bfd8f0618cc6be84be8

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\ServicePartnerInfo.txt

Filesize
183B

MD5
25a26f893b767be0709d34ea14214e3a

SHA1
98c57d54ff1194c099774fe551f7acca2fa90eaf

SHA256
fca4a830e4133400f1d0ada007e4582e10da5b881d64a52e6a3d03c293a32809

SHA512
1b908da3ca3e4fc5c5f928061a3bc6028e66b64f77a264ea4e17107f87c4ceb96bc1d4ed5366d91865256ce511eec870e98d03be8f59ddcd4d8115c6d6d650ae

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\WebProtectionConfig.txt

Filesize
308B

MD5
0cb1cc6ebd3113ffa4d08cb8e611b0c1

SHA1
c084178a890875d41c400e8950537e1f8a58a50f

SHA256
b578ec7cfe4cdf6690c83daa66b068fc585a8b35fc3a8722e29f2dc0fabb26e2

SHA512
c86f4c9a16249313e1a4e0561dc6241e931c5d382a830b64e3aa9d1447734716417bc2f08e4860edc0d2945cc5091170b90039194c90985395d33a36662fffec

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\statistic.db

Filesize
2KB

MD5
42091ca4033a1d0a3b429f7a0a9a54ee

SHA1
6441731f2892654bc5a4f052e8bedd37a1f0b84d

SHA256
b75148b8df09eb0b0ea310fcc7b2d261d3635ee3f5d2ef1e7294ae0ce2a56cb8

SHA512
ad475f33cff169ef5c395c59807b3d65c0e8de86f8359a3153988025c210bb7e26abce0131fa7b791c5995d68f575f25c5fa93c3b48f0397c99208788dc9419e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\statistic.db

Filesize
2KB

MD5
d436354827baf912dd5e4164adab4b44

SHA1
0c38f351dc16ebf2894f23219b505482d38b06f4

SHA256
0e4150a56678336468408c4e86843c6f193c7e7ad02beeb6bf7d5bbacf6a5022

SHA512
ad2a97444c17d0d3aef32f842f01f74b9c62a531728f2f270c262f39826263fa143f02ffbc2a449ec3a70f4ba191ccb6f9ef866f438dba0a722451df8e49418b

Download Submit
\Users\Admin\AppData\Local\Temp\7zS439DC106\WebCompanion-Installer.exe

Filesize
428KB

MD5
f6271b5d4729c2fd7dd9950f41d57c8b

SHA1
b201f20d58d3d0de4edbc513b25c4af8d3790d13

SHA256
04e8c3de51503351b4d52fa9b010aebb41d3cca46387046e8e689fbaa7063c16

SHA512
8e4ff8ec79b154211d2b6ded28025b92c4f09e36ee160be689af986ae2aeb0f444d834b04f2c6887e757f618f1d7dfe049f8d8e6a6c460c99f79a80a1580db9b

Download Submit
\Users\Admin\AppData\Local\Temp\7zS439DC106\en-US\WebCompanion-Installer.resources.dll

Filesize
6KB

MD5
e4266f63970e9bb702fded23abb07ad7

SHA1
fb53dbbc93788d7ac3672520706195ab3eb75fd0

SHA256
83cf07757ca5e7c3dd2a8cabc44ba246b6b6f24c3d7042ceb3fc91ddfa8c4160

SHA512
4632e8af8c60b242d7213ec4eebfff358c59e0408e2f6d1821bd87553877e0ff4c9e874992242b303d26a2c53ac53e628674ce2ddb0dc0102e581c05f25c5f54

Download Submit
\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll

Filesize
118KB

MD5
e9e26816ee6dfa0d4c30357008311c01

SHA1
d4d2f690a08f1ab85b9b02d267b8e138278f2329

SHA256
91ca690f23473476ac201cada9527f71dae1b15f6c272398253f3f0425b34825

SHA512
efe8d18d57b1e95c117789181f51d652eda53849872cbb5331cf5fd73955b04a08e360707d105b7901d72aeb86496baf2644111da289306c2022a7c9f5ee7440

Download Submit
\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Events.dll

Filesize
136KB

MD5
b4e90ff038a9640cde9c1eb897cd2878

SHA1
fb26404d6d6630f983d8d95eecb00cd28f1809dc

SHA256
1884da1809e9d5b24f777524e8a9df261d3e39cdbb25846d5b594feb123abbec

SHA512
8fb8b6f4af754c5d2333cb622a953fcc3ed2fc13b604f5f17a94271b82151466f3aac50bc52116e5cdf7269854e4e3ce323cdeeb504551439cadb5b41f4c403c

Download Submit
\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll

Filesize
22KB

MD5
90b40e1e48bb9d32bf7071580f99eee0

SHA1
2b144eef4a4a9cd2364d7d430b0c146440e922bf

SHA256
8d99ef65121e6d824c9ce8902fe7ccf63ab48385b0c3b379080711603c263353

SHA512
10ad49b97c8d8b3b6689f4242ca0bcf4c772d20949e687db8031c6f22236bab0c1fcaf57366b33ddcd095ccc5f507db47f9942e120ebddfccaccc865d90aeec9

Download Submit
\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe

Filesize
3.3MB

MD5
a89871f4fb8517d47eaf356fcba5f9c2

SHA1
4a19ea78e1ea859447c584a4eee2fd62a1c3903f

SHA256
afc118ca9b161f9b2439a63c84a1a172d6e854540aa8a24538ac73e83a09273b

SHA512
3574660b1156f1501d42a1406093c416237457f8331fac32419e26a8cdb6a8e582a17c0be1c960bc86206b7a12d0324b588e51ebc9a87933233507ecaec8991f

Download Submit
memory/1020-179-0x0000000001180000-0x00000000014C8000-memory.dmp

Filesize
3.3MB

Download
memory/1020-517-0x0000000005D30000-0x0000000005D3C000-memory.dmp

Filesize
48KB

Download
memory/1020-210-0x0000000001130000-0x0000000001178000-memory.dmp

Filesize
288KB

Download
memory/1020-226-0x0000000004A70000-0x0000000004A98000-memory.dmp

Filesize
160KB

Download
memory/1020-206-0x0000000000B10000-0x0000000000B18000-memory.dmp

Filesize
32KB

Download
memory/1020-656-0x00000000661C0000-0x00000000661E2000-memory.dmp

Filesize
136KB

Download
memory/1020-657-0x00000000745D0000-0x0000000074CBE000-memory.dmp

Filesize
6.9MB

Download
memory/1020-479-0x0000000005CF0000-0x0000000005D24000-memory.dmp

Filesize
208KB

Download
memory/1020-180-0x00000000745D0000-0x0000000074CBE000-memory.dmp

Filesize
6.9MB

Download
memory/1020-429-0x0000000006AF0000-0x0000000006B68000-memory.dmp

Filesize
480KB

Download
memory/1020-184-0x00000000005F0000-0x0000000000640000-memory.dmp

Filesize
320KB

Download
memory/1020-190-0x0000000000640000-0x0000000000660000-memory.dmp

Filesize
128KB

Download
memory/1020-242-0x0000000004D20000-0x0000000004D32000-memory.dmp

Filesize
72KB

Download
memory/1020-215-0x0000000004A00000-0x0000000004A20000-memory.dmp

Filesize
128KB

Download
memory/1020-196-0x00000000006E0000-0x00000000006FE000-memory.dmp

Filesize
120KB

Download
memory/1020-243-0x000000006AD90000-0x000000006ADA2000-memory.dmp

Filesize
72KB

Download
memory/1020-200-0x0000000001100000-0x0000000001126000-memory.dmp

Filesize
152KB

Download
memory/1020-230-0x00000000064A0000-0x000000000650E000-memory.dmp

Filesize
440KB

Download
memory/1020-193-0x0000000005360000-0x00000000053A0000-memory.dmp

Filesize
256KB

Download
memory/1772-899-0x0000000006480000-0x000000000648C000-memory.dmp

Filesize
48KB

Download
memory/1772-1190-0x0000000004E60000-0x0000000004EA0000-memory.dmp

Filesize
256KB

Download
memory/1772-674-0x000000006AD50000-0x000000006AD62000-memory.dmp

Filesize
72KB

Download
memory/1772-680-0x0000000004E60000-0x0000000004EA0000-memory.dmp

Filesize
256KB

Download
memory/1772-803-0x0000000006610000-0x0000000006688000-memory.dmp

Filesize
480KB

Download
memory/1772-672-0x0000000004DF0000-0x0000000004E5E000-memory.dmp

Filesize
440KB

Download
memory/1772-671-0x0000000004C50000-0x0000000004C78000-memory.dmp

Filesize
160KB

Download
memory/1772-670-0x0000000001140000-0x0000000001160000-memory.dmp

Filesize
128KB

Download
memory/1772-849-0x0000000006440000-0x0000000006474000-memory.dmp

Filesize
208KB

Download
memory/1772-669-0x0000000000F80000-0x0000000000FC8000-memory.dmp

Filesize
288KB

Download
memory/1772-668-0x0000000000E50000-0x0000000000E58000-memory.dmp

Filesize
32KB

Download
memory/1772-663-0x0000000004E60000-0x0000000004EA0000-memory.dmp

Filesize
256KB

Download
memory/1772-664-0x0000000000C70000-0x0000000000C8E000-memory.dmp

Filesize
120KB

Download
memory/1772-1211-0x0000000006840000-0x000000000684A000-memory.dmp

Filesize
40KB

Download
memory/1772-938-0x00000000067F0000-0x00000000067FC000-memory.dmp

Filesize
48KB

Download
memory/1772-939-0x0000000004E60000-0x0000000004EA0000-memory.dmp

Filesize
256KB

Download
memory/1772-961-0x0000000006840000-0x000000000684A000-memory.dmp

Filesize
40KB

Download
memory/1772-962-0x0000000006840000-0x000000000684A000-memory.dmp

Filesize
40KB

Download
memory/1772-665-0x0000000000E10000-0x0000000000E36000-memory.dmp

Filesize
152KB

Download
memory/1772-661-0x00000000008F0000-0x0000000000910000-memory.dmp

Filesize
128KB

Download
memory/1772-1210-0x0000000006840000-0x000000000684A000-memory.dmp

Filesize
40KB

Download
memory/1772-1201-0x0000000004E60000-0x0000000004EA0000-memory.dmp

Filesize
256KB

Download
memory/1772-662-0x00000000745D0000-0x0000000074CBE000-memory.dmp

Filesize
6.9MB

Download
memory/1772-673-0x0000000004ED0000-0x0000000004EE2000-memory.dmp

Filesize
72KB

Download
memory/1772-659-0x0000000000540000-0x0000000000590000-memory.dmp

Filesize
320KB

Download
memory/1772-1189-0x0000000004E60000-0x0000000004EA0000-memory.dmp

Filesize
256KB

Download
memory/1772-1140-0x00000000661C0000-0x00000000661E2000-memory.dmp

Filesize
136KB

Download
memory/1772-1188-0x00000000745D0000-0x0000000074CBE000-memory.dmp

Filesize
6.9MB

Download
memory/2644-1055-0x00000000745D0000-0x0000000074CBE000-memory.dmp

Filesize
6.9MB

Download
memory/2644-82-0x0000000000EF0000-0x0000000000F30000-memory.dmp

Filesize
256KB

Download
memory/2644-658-0x0000000000E50000-0x0000000000E5A000-memory.dmp

Filesize
40KB

Download
memory/2644-660-0x0000000000E50000-0x0000000000E5A000-memory.dmp

Filesize
40KB

Download
memory/2644-83-0x0000000000E50000-0x0000000000E5A000-memory.dmp

Filesize
40KB

Download
memory/2644-1056-0x0000000000EF0000-0x0000000000F30000-memory.dmp

Filesize
256KB

Download
memory/2644-89-0x0000000004410000-0x0000000004444000-memory.dmp

Filesize
208KB

Download
memory/2644-191-0x00000000745D0000-0x0000000074CBE000-memory.dmp

Filesize
6.9MB

Download
memory/2644-84-0x0000000000E50000-0x0000000000E5A000-memory.dmp

Filesize
40KB

Download
memory/2644-295-0x0000000000EF0000-0x0000000000F30000-memory.dmp

Filesize
256KB

Download
memory/2644-81-0x0000000000E40000-0x0000000000E48000-memory.dmp

Filesize
32KB

Download
memory/2644-41-0x00000000045A0000-0x000000000460E000-memory.dmp

Filesize
440KB

Download
memory/2644-36-0x0000000000EF0000-0x0000000000F30000-memory.dmp

Filesize
256KB

Download
memory/2644-35-0x00000000745D0000-0x0000000074CBE000-memory.dmp

Filesize
6.9MB

Download
memory/2644-34-0x0000000000F50000-0x0000000000FBE000-memory.dmp

Filesize
440KB

Download