7371161e77ad81c3d992de0af07d962875c4bae71acb87c7ef7915d396de0f46

Resubmissions

23-05-2024 18:09

240523-wrnd5abd65 4

Analysis

max time kernel
269s
max time network
272s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
24-05-2024 11:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

download (6).jpg
Size

4KB
MD5

9bafd12b9c7f5fd9f9cfa75be0286939
SHA1

83c01072f5b4d82a74c990c9774001f127159988
SHA256

7371161e77ad81c3d992de0af07d962875c4bae71acb87c7ef7915d396de0f46
SHA512

337910441ae1e801523a9eac0791501520336a1c041a4ab1eff15310c03ea683403e4fad7542124ed1c5efb10a21d2e33a2b3c91385589af6382f8692819b1f5
SSDEEP

96:9yMEKoIwXmIlUtteC/x6lTrdnqW121zgb:NsIHI2t84olUW1Q4

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Executes dropped EXE 4 IoCs

Processes:

Setup.exeWebCompanion-Installer.exeWebCompanion.exeWebCompanion.exe

pid process

1284 Setup.exe
1420 WebCompanion-Installer.exe
1616 WebCompanion.exe
776 WebCompanion.exe

pid	process
1284	Setup.exe
1420	WebCompanion-Installer.exe
1616	WebCompanion.exe
776	WebCompanion.exe

Loads dropped DLL 64 IoCs

Processes:

WebCompanion-Installer.exeWebCompanion.exeWebCompanion.exe

pid	process
1420	WebCompanion-Installer.exe
1420	WebCompanion-Installer.exe
1420	WebCompanion-Installer.exe
1420	WebCompanion-Installer.exe
1420	WebCompanion-Installer.exe
1420	WebCompanion-Installer.exe
1616	WebCompanion.exe
1616	WebCompanion.exe
1616	WebCompanion.exe
1616	WebCompanion.exe
1616	WebCompanion.exe
1616	WebCompanion.exe
1616	WebCompanion.exe
1616	WebCompanion.exe
1616	WebCompanion.exe
1616	WebCompanion.exe
1616	WebCompanion.exe
1616	WebCompanion.exe
1616	WebCompanion.exe
1616	WebCompanion.exe
1616	WebCompanion.exe
1616	WebCompanion.exe
1616	WebCompanion.exe
1616	WebCompanion.exe
1616	WebCompanion.exe
1616	WebCompanion.exe
1616	WebCompanion.exe
1616	WebCompanion.exe
1616	WebCompanion.exe
1616	WebCompanion.exe
1616	WebCompanion.exe
1616	WebCompanion.exe
1616	WebCompanion.exe
1616	WebCompanion.exe
1616	WebCompanion.exe
1616	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

WebCompanion.exeWebCompanion.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Windows\CurrentVersion\Run\Web Companion = "C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Web Companion\\Application\\WebCompanion.exe --minimize "	WebCompanion.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Windows\CurrentVersion\Run\Web Companion = "C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Web Companion\\Application\\WebCompanion.exe --minimize "	WebCompanion.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133610248148328007"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings	chrome.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

WebCompanion.exeWebCompanion.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4	WebCompanion.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d42000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	WebCompanion.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd942000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	WebCompanion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4	WebCompanion.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0400000001000000100000004be2c99196650cf40e5a9392a00afeb20f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d4190000000100000010000000fa46ce7cbb85cfb4310075313a09ee052000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	WebCompanion.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 5c000000010000000400000000080000190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd940400000001000000100000004be2c99196650cf40e5a9392a00afeb22000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	WebCompanion.exe

Suspicious behavior: EnumeratesProcesses 44 IoCs

Processes:

chrome.exeWebCompanion-Installer.exeWebCompanion.exeWebCompanion.exe

pid	process
3652	chrome.exe
3652	chrome.exe
1420	WebCompanion-Installer.exe
1420	WebCompanion-Installer.exe
1420	WebCompanion-Installer.exe
1420	WebCompanion-Installer.exe
1420	WebCompanion-Installer.exe
1420	WebCompanion-Installer.exe
1616	WebCompanion.exe
1616	WebCompanion.exe
1616	WebCompanion.exe
1616	WebCompanion.exe
1616	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe
776	WebCompanion.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs

Processes:

chrome.exe

pid	process
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

Processes:

chrome.exeWebCompanion.exe

pid	process
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
776	WebCompanion.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe

Suspicious use of SendNotifyMessage 43 IoCs

Processes:

chrome.exeWebCompanion.exe

pid	process
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
776	WebCompanion.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3652 wrote to memory of 2772	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 2772	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 216	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 4472	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 4472	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 4168	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 4168	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 4168	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 4168	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 4168	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 4168	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 4168	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 4168	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 4168	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 4168	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 4168	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 4168	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 4168	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 4168	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 4168	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 4168	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 4168	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 4168	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 4168	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 4168	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 4168	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 4168	3652	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\download (6).jpg"
1⤵
PID:3368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff965119758,0x7ff965119768,0x7ff965119778
2⤵
PID:2772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:2
2⤵
PID:216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:8
2⤵
PID:4472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:8
2⤵
PID:4168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2900 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:4576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:2684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4448 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:4384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4636 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:8
2⤵
PID:4572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4444 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:8
2⤵
PID:1596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:8
2⤵
PID:4468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:8
2⤵
PID:5048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5044 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:8
2⤵
PID:3380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5224 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5612 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:1604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:8
2⤵
PID:1196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3196 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:3384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5776 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:1336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5724 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:3324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5784 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4900 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5328 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:4996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3404 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:1424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5460 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:4952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6944 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:4632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6968 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:1980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:8
2⤵
PID:2232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5260 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:4652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7052 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:2584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:8
2⤵
PID:4336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5196 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:8
2⤵
PID:4556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5164 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:8
2⤵
PID:4912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5276 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:2436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5972 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:4744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:8
2⤵
PID:2232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4588 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:8
2⤵
PID:1392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5048 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:8
2⤵
PID:3936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7096 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:8
2⤵
PID:3140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=1600 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:4556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=4496 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4560 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:2
2⤵
PID:4992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=6156 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:1760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=3276 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:5020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=6872 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:1064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=6636 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:4176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=1716 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:4916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=1548 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:1612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=6984 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:2284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=3412 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:2436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6332 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:8
2⤵
PID:4312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7100 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:8
2⤵
PID:4452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=3496 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:2260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=6380 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:5004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:8
2⤵
PID:2032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=6100 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:1596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=4872 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:1000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=5468 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:5304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=3672 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:5436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2476 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:8
2⤵
PID:5944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=5072 --field-trial-handle=1844,i,12312118348294505077,7814960406090433936,131072 /prefetch:1
2⤵
PID:6044

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1692

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2652

C:\Users\Admin\Downloads\Setup.exe
"C:\Users\Admin\Downloads\Setup.exe"
1⤵
- Executes dropped EXE
PID:1284

C:\Users\Admin\AppData\Local\Temp\7zS405F5D39\WebCompanion-Installer.exe
.\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN230901 --nonadmin --direct --tych --campaign=20731534003 --version=12.901.4.1003
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1420

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C netsh http add urlacl url=http://+:9007/ user=Everyone
3⤵
PID:4896

C:\Windows\SysWOW64\netsh.exe
netsh http add urlacl url=http://+:9007/ user=Everyone
4⤵
PID:3948

C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
"C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --install --geo=
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
PID:1616

C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
"C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --afterinstall
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://webcompanion.com/en/install.php?partner=IN230901&campaign=20731534003&
3⤵
PID:4944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff965119758,0x7ff965119768,0x7ff965119778
4⤵
PID:2084

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:2592

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1a034015-ae1a-4224-b0ce-1f0da3e4f5d9.tmp
Filesize
10KB

MD5
9071d5e3a871b497f356d7c7049b2bb5

SHA1
acfea8dc92b5f578941eb67f180820b358a61aa8

SHA256
6046e2d5a80e4839d47d3dd33bf70b20bcadcaf2f894b5475a700dab4fca9cb7

SHA512
20200266da63c40ab663b1c0745a7f7068a5f2a3838dc724c729e4f311d3295d3ad3d0b5b8e86b5c5d243e961fce50863bf38e25f4d0fa55bcb5cc2661b52bf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019
Filesize
64KB

MD5
d84862513956cbe61aeb4ebbfdd3355a

SHA1
14ab269df17cb0333b1556ce120d587324479f6b

SHA256
a18b26912ab9e034923cc64fbfdb59d682500f2c556456930e480b6bd69e33b5

SHA512
d04ca96d72595f1e291a6ce96f092c1707064800103cde733512a186c1b22e089b63690a0c53965c97248dd782731b22fa2d27b8ee3ae112647382f1c06d1a9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023
Filesize
19KB

MD5
2b845c3bbfbcb4e28ffbd1838368decd

SHA1
4414c101a651bbc06ab2d1eced6932338278e7fb

SHA256
addd85cdf92ff6c8fe37ab271bbaf49b204ebb8f0e0782ff412959c1e9ac57e4

SHA512
c6a374402b6b038387d385b81040d0d6ae83b2a503be91335b4b641e9eaecace2696871b7ac79af7e78e526212de77f128738cd47142c8ff1494a11bc3a4548d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032
Filesize
77KB

MD5
17e4b1bace4e7721efd5dc913e395cb0

SHA1
f25b1d764c73b492b73d2ee1a49d4935c222d878

SHA256
b77eeca5556e43e993fa1180a253466260fe4613ac753a2673cd4a66a9c503dc

SHA512
2f68721e8b5cd5b0a2ec17ecb045751ae0f8bafe09cbf021209da10e84cb03f3b5b517420d7a7281f62431407deb68a7d22882235dc7e1f1a3e8fb4c7d9f59f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033
Filesize
83KB

MD5
b2640a1595371211b393b1bd76b7975e

SHA1
297ca062b23be2e57a76370b42a2fa943d51ee07

SHA256
4fbe2189feaa9695b1ee0788dc07c0a369942600497e4cf7726cea8fa583e21e

SHA512
00c236f6780f4b14e33795c15b632576cf5b431d35208741c70498964ad5fc4834ff69f3b3b69675f27a3fe86d10c3e8b791dee35dc84aac27403c6682f13cec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038
Filesize
92KB

MD5
1e79d7ada7cd90b4b254af5e130038af

SHA1
0f05621cdc9d4fa491ae540d991e5fd906f603a5

SHA256
a375d37ae187cdb5f2a06e587e3f043ee5ae9bee2bedfddd389881f437203838

SHA512
cba04eed7ce91963af0fd4f1c8d141c5c5ba4dfdcbe8cdc3bd635a4874d6d7e4a681680e4d5a782debcdafca99a1438550cf9eb473647c50a4afc895ca4ebe1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039
Filesize
101KB

MD5
0494c635213493124918c1074af92d80

SHA1
ddb64969cef8588773f57bb72e0b4984dcc47560

SHA256
9899eff51d7b8f3e9d2b4cea70bed6c858af8b3d9c835698cd8426227f718612

SHA512
db88c130e54861f58205114b2a93d730aceaf0f6c0ff198d786105312168c562193bdd625ceb50ea85d81eae96e1a51be5e04ef8c7df367a95ca1fb7807dd355

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a
Filesize
107KB

MD5
b3baa6daf6e650d825afa26de64f4a1c

SHA1
32fd720530ed7f3ee44abf37adc43c13e7a98521

SHA256
52a3e4e414c9669beeb24f18a109bc892147a81a328f791a93817221f60cd481

SHA512
b4b5f4bee5e5411647c6ea0c01d09fa096139e8bb8701bb4422f5c63665da1d4cae6fd0153e3178dfae67d58a6674916e298315c7246b027368a33a124756d38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
Filesize
3KB

MD5
4598fa92a55ef3f0d716dc09183f7158

SHA1
203722c88cca5ea5dda4ed4f8d20fcae5eb63c53

SHA256
c9901af4176eb181bc2d4875ae72c56fca84cb094367459e21280cb14fdaae28

SHA512
0e6455e18b4206157031b14abfa8ef989e330fbc246390102754ea4375b4c5a88cd33caf4b3f2484bb9451c6a2f121eada30865e9ac363bfe25a1dc32f0cd142

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
553e170b8c82b6211fee6b40e415aff1

SHA1
ed5527f625e8077ab5f229219d2f507b19bd5a4b

SHA256
b637e9cb060e076b6f1ac58fac37a2d3566487735e83c1bd95dfcb0eef12c58c

SHA512
32666f4daa7944438153d99f4d98cc64372f2658d0c5b43beb0c097b875acb46c8ee7853e777f73e2ab620026857ab289027de6c05decc961f7e212655a6e978

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
30e028a9afd37976e0613c7de9e1e919

SHA1
aea97e2ba2696c37f2ae5a0d16b6d1c82d231291

SHA256
28d5bc05a1bfc518596a2e14c8a29c01d6ed93e1b5b7da70b5a57d55eb78ff2d

SHA512
3e7b9808b6f4cd9cee9e0a1860742c5411dd00fbabce202b8bb5827cfdac3e58427928a26149df9a3ad9ad8effc4177e77cc57796679630e11e837d2bf59f721

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\6454e6ab-67ac-423b-94f4-352640ccdf89.tmp
Filesize
13KB

MD5
6b8909f489a77a89a44f12560002144c

SHA1
0f7cec70c3700459c0e7649482051b5e340019b4

SHA256
3f484020016ce82469ebff5bb8f6a7c57dbc2052b2f2d62d092adbb3c634b740

SHA512
1cbd8d5ed66f7e4eb92531f8b9d4788c61aa09b883d4061ba9b89995ef277cf13951900ca1e2f53d0743cb92acd8e4f26b077cc412f8718a9d429161836ec100

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\79d4ac26-b067-4fb7-83fc-d4f551a1162c.tmp
Filesize
5KB

MD5
19e8328a44a83a5f74b4b39d0302dfbe

SHA1
e2776610004f91bed617c74bb42b221088e88f99

SHA256
fee8f52fd0ce55e1f979f2ee4515c9a6a8b4a42c626bcd5486260279302e8f80

SHA512
3ad1925b9db8075ce469db028c99a8a2ef8360b0cdf3ae5f63b45e79da34f2c9dbfe712fe03bf547c58d44fb28ff2c9cefb292a007281106b32b1362dbc4fe49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
9KB

MD5
9987bef154800e4bd402283df1c525a1

SHA1
1b77aac7ff9042047f6c9b98661b75666ee7760b

SHA256
cbc678e7b0ca31c04230e44ef5240053d3b85b8bf85f009d507ae3768e12c324

SHA512
de4d8b4c24091a9b586599388994c3a2048e1468d9778ea93a92bf2c2568c70bb73e8f1a2d35a83fb9eb2a7df5af8a1a3df04480be65a425b1d13560bccfd811

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
8KB

MD5
909cee013b544b16a700e9bd9faacb48

SHA1
70a57552584bbd24469e19896cad545b50a8eda3

SHA256
66fc492f133401219685381c9364322b3dd54521d7abdb08a21c336d73f6ee21

SHA512
5d9fec2866fd7cf1aa7ead94458fda1bcb74946771b0db73247f0866f2a23f5e5f4e12f32ac5aec90529630718a6aeb2e1858121d6a381eddd1e4493002307d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
5f513c6e8ce0cdc5f511c7db902e16fd

SHA1
680362cfb97c41fcb7fadc7615d8926fbf229bce

SHA256
54ec436ff3287f9f2649717ac1374e7027f9010b8fef92f9b9a75a84d3b2a0d0

SHA512
c33739d2c47dba1e418e8037f07eb242c2ad00e28232419aef77459579a682e792dfe9dd7410d21db369800f67bc1218b028fa7bfa62f75ee68cac9674fc21ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
c08b2c9a4b7fb982495fe2a782d35b18

SHA1
97e0639777dc9f83a875d9cf0ff1fe1a0d3a8466

SHA256
1640d1d8db0fa2653d413a227b995b3ad14f0d05a319bce025b8ea6334aff3e3

SHA512
840d97027b914c8b4d944f029fd90cf102f97c62bc71c4daa61404de74a1ef781d31e688094934f8e2c1010713b3765602053aa32f242e6011a7dc7d47ea42b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
f4b30366bfac819bca56e7c138f0d022

SHA1
db256db9922c57cc4cabd7719f24a6307011840d

SHA256
1a2b0b2c87616adfb8af868f08a541e3fd59545ba68ebaa907df3fa86ce2360e

SHA512
83cdcbd4a8962d2e0458bd37bc6d70948e7ceb63924b7835575c4acf421df48d684f58387fbc736e1afbd5c7523ada5fc7ee23bda4421e829f7d8a974ba457c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
f79cc003955cf3ebc82188ae2d15d86e

SHA1
2d392e9e1837a8fd3dae26774b7475d74602fdb8

SHA256
f12f1eb05943f6123852e75ddee0e58aef8e040e807db72986f4be1716b23955

SHA512
bdc2517493c0d3c9e26711f106363be557fa86ec2c099607c781bd59eb03efe48a64d9cf4654cd4fd34dd0988adfd338841718fd75de7ff07dd9eb0ba3aa74f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
1d6bbbf86b3b3bf4bbb7a668565a6657

SHA1
a52c1382487d6900857b5038f750f6f6388fa918

SHA256
7a4e9906efcb6290912e85ba7fad6f4088e642ab43db3658d2d4238368e7066e

SHA512
e424e171fc48a2f3afa95085f58e04d91cd0e528557dd5b8471cfeccdf4bb34b18508fa5d81c3217a432f594c68d2b2f91c921418814dfd39bcc49a4694ac5d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
4b9c4c09183c93417a5a909e37561204

SHA1
b30d4ce0bae37b646bc3c1c73a5cb7672de7626a

SHA256
a626b1254adbb5a23702f22dd72b5d30b97602b86736300bf942fc3e14568755

SHA512
d0f15d711fa2b3918a155dc1ed13aa97863a11326bba326761e61cb60603f3e9821304d25ef0feb6d9fa82aae19bdd76997435bfdeb93c92120b4b69e5c42f1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
369B

MD5
07e2a8cc4d048a76f548379aaf56ab72

SHA1
f2a924c7b51b75389ad5769f6cfbcc598002d264

SHA256
5613c4448a7d1c591f820a97a8bf59a8b1f63c9800108a85d5c9577612207882

SHA512
5aa305c7d6c29cc3b35112ae11bd4044cc512032ed5b75e4bae692f2c6c1ab98a558b14c16fc66ca778d013bd38e0ab7342cf164d3efa4e9fc0d6a84af0fbc75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
9693c6f15ef7dba97820f76c1c989e22

SHA1
41002f1a508964df62c62cfe115207f82bcdd01e

SHA256
b76ab009086d21ce54b49d44567a10c9630b304d611cd539ac9cb3fe44b30db7

SHA512
08256c15cf34dbf32db1f000f3d524f98b77b31907bbc51a28080a81f63e203da205c73c71c75397cf9bc9e1aeb4f39bb3cd0fd0c67099e89d6d5009065b7773

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
17937eda1688838e2b07e991f865026a

SHA1
86621e45046d94fe35e911c068256b17fac0df10

SHA256
8869fbf47c7c9f14bfc2adb6c98d4cde81c07973718c2804ffe4ceb98f8a3992

SHA512
79f21b1a7553e2af80fc2be6ca6bd1cc526b82b381b7624faf2c2b6d55d02c10886e359da26b1698f38a065f8a4c719f7cea895e0a26846d78727e78fa41d98b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
88ef256edac4cb0d7df2a21cc15f97b0

SHA1
003656333e2c8d8f1ab3085c62f29510f9070927

SHA256
9e8acc30bf26c6858df66352f9d5e3b8deb204ae73552c283caf152e0e9809b4

SHA512
232a0e21dc005fe7fdcf14c775eeb0182748654daa46dae9f10f5e6790610e328d8a3031637147aeecc3a4dd99398d8b8e7b9cf5ff916bf02b0906a589a45398

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
48104fac00cb3dfb74645472bc02d474

SHA1
ea501ebbef30c3455bbb4ecfd6d190f421f2b4fd

SHA256
e6333183722f225a6bc4dff5d741dac1d051eda3e50587deb4f539b0579ed2c7

SHA512
94c228807000fe562b6f3fe20a991dd31b0357338819cab458b6f21a1fabd976a43b3d1a56ab06ce5ab858810f28bd615d673c50af7d49ceebe716b0bb7c0c90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
8accc07291eae94cbc0682ec6f3141ec

SHA1
a9f1b90de3480e4e3cbba8c28b9ed2f12ff0356e

SHA256
3a24a73841ebe6ac382320b2834543e077a03603c763be8b6663fd626493b0cb

SHA512
8c15e75c2a11bfdf1946ee222239bb0250d7e1058c36e43ea3340231f1265c418354bc43f35787feab2c089795490c8484ead4421fecf0e3ee4fa76216a8bb96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
a3ff1b9d9e3b2b023ac80266ac17ba9d

SHA1
5802ffd16c43362f8cfe6e2e7b5c3c9be5633994

SHA256
0b6dad23c7b2a8695c6e98a81a99e22b2ba362d0e97e54b70016ea0c0cfabdc4

SHA512
d3f2fc1a32a90d1babe5b6371f81a02515c93a719e83741b96e15749e4ead30a3b16cd7212e5d8782e7fb65553807c64c84a2838aca7620dde50cec1d532e61c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
7d855d5b318e491f8d77fcf54c85e882

SHA1
8e1423743ce7996d0d5d2447d018e173ca1114b2

SHA256
a641010f4c9204540c3bc558c64b6279f2acf2dab28ad07067c910153a246e3f

SHA512
1c03e12aa4dbd6ca92a2bbbd28ca71e576ef2062275bae8e16451bd6c6ae37773da474ba8b061401231bbc9978e6cc85d1538f69b814f435b0ddabf731e5c3bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
6c9666bd3ce1c384ae946f9322eeed78

SHA1
d2738b78a1f916d75132bc90c95ec19dc49122d8

SHA256
8d4274797a5cd8241ee64fab05a22b6a20f1998a130fa4b5af8563a5dcb8e36c

SHA512
3e502ff11c9948f3baed05cef10f4f7fcedc0cfb98e291e1edb6e1766d41b67ba5621916acef5ce77856ff9dca4dc742eb1f778e37b6481ec1cde880a32c6995

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
522b5c290613b6f6c3dd902978b258d8

SHA1
660cec95dff5de809f5947d1818bc4669a73cd33

SHA256
521d460061df7cac4219f61f9bf9cb58d686e2194d5021c185554c6936458fbf

SHA512
dc6ce9645f1ad026f26d13311be6a16b92e79059216b0314d9c7ccae9d339e12622a4fea5b0a4be26c3bdc516d53b09f28322f08d2dc5cbef5616b1e3b2b261f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
48b81ea9a1311cdd246cd624adb5b00c

SHA1
379f5af0febd0df8c36daad55979f62d12322a3f

SHA256
da54ce2abe2147fe4197fa498279b48c5f4dd9e44a3c764f5ee30fdd206eea4e

SHA512
87f254cf9380adedffe2ff83f0ddeb606ff85e74c530bfadef7a8f93cf447f7d53920226e6274a6da229499bc6622aa84ec6554715c3cf2031b6b02fd5617067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
5b02081af15ce90e8747c6dcc98d9563

SHA1
184db49a647fcc4e1646a56f21d3c0798a910e5e

SHA256
1a0f71e361c2dd951476a7ee59fc4dc6a53bda87ae55beeb78d5d63595715636

SHA512
0f2e14f8e14664e6f5844dd3d798b8c47d0eaf192799e9684cfb033594f05243b7f33df98e066050b8cfd7f4b9476dbf4576019cc3b01b53cbc8d5b40c0d3282

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
12KB

MD5
943154e9827ec18dfcc859dc4c5bd349

SHA1
24ee290ce856765c4bcf312969902ad9573ca4b3

SHA256
d80f7f3719d4a5069920d950824167210c3909184bb7beba9bcbd23595aa8b52

SHA512
5abd839404b755a47e5e9886dd64f328df685c7e9a73cbe85e8e3e2352799f5a6de5d96cb382946d47e5f9ddb9d1d204a3e24867c7f2ef0feb13a2cebf24c0d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe59e9e9.TMP
Filesize
120B

MD5
ff6ef82ab461b2188c7c0af3e132fb75

SHA1
606a22cc8e083c35a75b2dfacaf810f6eecc156f

SHA256
8acdd1ac4093e24eaf0ca615b21a86e3bce174f60f56c8fc0492c879f7e9de52

SHA512
aa9239bb92ee4025dfa1a4158014bc3f77bfd5de01e5dcc16b9836d8926557b456047eff9a5572a74b32d408f653601161c3b858ff52a9d4ab65e8e5d9dc89ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
Filesize
37KB

MD5
95dd4b23e44bf6070b0717e2ffc8bbce

SHA1
03540959cc47f42f4aa1f71d0bb911dee2735ca9

SHA256
bc6dc8a87c8d4613072631e9d02f5a1da31ae40623b9a9b768904974c82bc457

SHA512
fb65cbef1356e4e028aeb8edb005ece8acabf561591d79e1152f77c62052228fe0aa4e00b8d9c9f6997266f2c432c8073b27a935499ecef337999f28c9257113

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
264B

MD5
62deb83179273d582bb1a69d0de5b580

SHA1
9e54fa992dfdcbb56bb63066ea842bd849c7a54e

SHA256
5a0e5454bdc6c68e3223c48c7fd856d81d15e688f3e841f97334c54f8cde77fb

SHA512
f255b41ec66753db0d0fd702a104375070e72f8d6476834de32121e4837d3d523c0cb2bd0cd2d5c0647b2cae51c51061fb795d9e23f1846dda6732cbc9ee0465

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
6438b111646b6134a45007a41ab14ab5

SHA1
76f77061e50af1d744a8d46ddcf95d347136516c

SHA256
69d25c1402929423b40598df161bd4f10621660a086564e4a031502213e46860

SHA512
2582e5372848bb0f4a93245393b197e058a8f6ffeadf9f0d8e631585226c61210709e288557d866e69bbc7654a34ae34e0731fcf136a051938f6af4a31dc8665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585a9e.TMP
Filesize
48B

MD5
de210cfd0c2c19caee0026390c856755

SHA1
73a76829b28521d46424ba2d7d890a6d4dd639f5

SHA256
beb2aee74a3fa04d3543e34a981f6b35e711d92523bd2ddbf861b05643b4f17d

SHA512
688cad4e9da4cd0095fc92250576b97bc6a7856d1541ca17e429aef9d366fe447242262d13059bcd3adbc591f61b9aae744fe07fdd6a772e94fe7f1175b52c23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
277KB

MD5
c8d562118bfb251ec586adb9557b57ad

SHA1
d69207adc58ad72f119a97f3e9e8c4479a33b728

SHA256
53e0ee889da9394201d4384625b7b681f13735865545b4b0ca2b5758d4b1226a

SHA512
480af31702c42bdcc999f3371420dacb4e2f0282588cb8d1e3f8072782191fc059afa283f0a415ad2a39186ae3d221b2c8a01ea9cb19d1fd5a0e2514ad9af5a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
277KB

MD5
979cdebdfc8a729aa2278215882d3287

SHA1
9fe21d5fcef1c00f37ab168ecda6110ce4845d25

SHA256
8d97ee66968f0262658d9eed0da9cfbe57fab5eac81473ffe408d97f6e35a3a7

SHA512
6b9bfb99c170b7a0f6b9390f97964a948d189be88262c0033520028ce0660de1ca77361b26352e9bce2aade6841a1fdf7a7d609e45f4300c88d220a761364013

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
277KB

MD5
90845efe1e2624be28bdd45b805d3de6

SHA1
0eb58bd1dd401556b757e5dbaa744b320becd9f1

SHA256
017cb6b5791bf429562494f1cdd737e23e84673955fb7a5c01dd8a6db18fd862

SHA512
bda1e4e8275e76434b017c52e3eb53df700a974a4e0a64462291905418fd8e56290d66603a687b5d48e5cfa77e0b1cc466cf8ab6c2cf50b9416140c369c9cbc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
277KB

MD5
e3c3abae42b14fe914915876ca73cf54

SHA1
4bf857c3e402b1a738f8214e4597249b9a1917db

SHA256
46a0ad6be31f6726fbdc75807f5b2e5c0f942feda601353e2316c164b9cd182f

SHA512
6e923b85863dca3a61bffa67c85e39ecd41cededf7f7202b5e7eafd76e185909362cccdb1545ff48b6e58e9df8825cd185bc3353e7b7ea499cd605279b516475

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
277KB

MD5
b06a831ded5dc390cdcf257930451e2a

SHA1
c18760bc59d77573b6fc283616a6fb998bb632e8

SHA256
8f5015ae98f022f31d07452ae94cee382340aed4cc08bdd3f1a555157f46d118

SHA512
8a73d1a7172723aca872226f5acf342720f7ca8cfbf5a7d31ac6db414ac5a8d00bcfbf9841ef4b48bb83b7ebd1333f712d5553c8729d7c459930a623dcac433a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
277KB

MD5
1bb60534551bdc4e0837445aa6021bbb

SHA1
ee58e43360455fc72181f0442f9812c483846e8c

SHA256
e83dc93a9e009cf6ee94753f074e66520ef6da98bfed1d162de6320e8e8c3377

SHA512
3ceb2a43bd8440827ecda158c19fa902e78a42625cc50e752ba49551e2e499efaf94d73aea4c2fb629b854526ddbd1e75d59895eabb3b61b8767b2d688793c36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
277KB

MD5
ad7e4e16686da2fbb7ff232629ba1926

SHA1
b71ddb03c49da8a4dd036e05d7c274778e99c535

SHA256
e63136d377bb76c2e88ae032bb448cceda588e4d372cde32fc5e9e6cfa80894a

SHA512
cc9e1689db4e275c6a773543a3985a36f3d074a760a0e97bd833bb9ccfe3febe41dee11ca53f2900d6d14507e61f03bdda98db34a0b7c444b1f7cb2694a03dad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
99KB

MD5
a49bc0c80f1b9abafa60fdcddab551df

SHA1
79151f853413c41c3b2d7bbf4c907891202c84c5

SHA256
854439088f8fed17c48bc1190292eaaaa123f6823cff56ffb1db2ad206728bc0

SHA512
328ffa1e2df6d2dca1f55fd4d08f2fb8bd468bd699dbac67090e5165b4104f3ce3877c2f50752a446e41b51bad87525ff145dc2225b2a10babd91134943260bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
111KB

MD5
d95c429b7b860fc20f5da45453759e58

SHA1
dc8841cedfc7b047b93fb33176e1a10d9a7fa71f

SHA256
8d9bd3b43714c02bede16691bb87729c0102e9646a88c96626ee5b0d437bafd9

SHA512
0a140ccf3d246f5e43eab49a8285eaac7edeab87d8fa322cf3bcf133b984581e026979e0b7def3d226a3c3705f6c1b26a4fa4d7c58bc8ef99e6d914613f34d08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
100KB

MD5
87ef93b16e1256b50f092933619d66f0

SHA1
0a5720a2d51aa0c8a218faf56cddfc78fb347062

SHA256
1557cb4504af88f1010b847dfb8892303e17d27cf17744737b9eb64f71d9769b

SHA512
37b6cb587a5f94e1bfac6c627de70ca20573cc3d0eeea26d87ce6a4934239ce21fe3147db64ffcfba01f6e6956a7c03d32a763c2d2291e90896f5e32f9dd83ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
113KB

MD5
5b717f61ad7c1bc1d7f5243ae543d226

SHA1
ad15a956741894addb7ce4a605f821d2bde1b2d4

SHA256
2d977498513e54815ef25826f3c02f72ddd305aac5adda541dd281316757624b

SHA512
1b575650c9b8410122135dd6761c7ffdbe946e05fd3d6053508f5ed406033e091d81657f0f09f57188a56aeaab354298d029d13b154299e01dc43be74435177e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
108KB

MD5
af0d103fef5bc6dd5de7ccefcd77a5f1

SHA1
b47a276c53fc2050af2262f65b46b56b61f3fca9

SHA256
e6c6fa81ca703dd8fb6f0a797dc443cc356ba60aa2c7e27a1407967cfc90e899

SHA512
ea9cc8da6ddc32c68e3bbaf5cb199693321d18b32c899fb2c1a9574d63406b73d402ef0d57057de936b725d3cfba518d48a54a67c9ade051acda3f7059812442

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe581cca.TMP
Filesize
92KB

MD5
536499c65a9dff7a39ad87701e3859fd

SHA1
85eb79a270f5aa28e65c838f7b90b65fe1d8b6ee

SHA256
4c68c29ff921696dd4f343bbb5e45c55b7f5f2250e6ee63ec470e6ffea939433

SHA512
901a2f060241a37b0e81c363fe6562adc5f22f33270214cbd93a165b24bad11ca7271a8840b178ad811cd0cff4b3930c4576fefee7f615a5fe771a6346b99c67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log
Filesize
4KB

MD5
20ab38320f8b888f4f0ba2a9a106ca1f

SHA1
04a889544c3e945495442d83cdce5dc4f21e4876

SHA256
df0433cfba2759aec7b0f6e92c69cdd558c315223bb312e5a7b7e536a745ef17

SHA512
1ea9c9355df4750186d624daf68d8da958662b5d4e4f04621c77a28f161b4336961dab751df0c0168198d3bafcde2594b9265f414374ca95f26a994fc48cd8a1

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\3xojniiz.newcfg
Filesize
462B

MD5
6c7428ee170827af95a42c36eea3c79b

SHA1
0f3c9a3ed6b8ddb27afe69932de2b96a5ec2a84a

SHA256
acb6dd2a0049c987baaa2d46c6fcd6de74cc90aa79f3b5a5713454fceb299a46

SHA512
e4fe547e171e2d90a48876592dbfcd688ac61d63ff2c69fca4ab9bd4935600f362bf18ebcee1d7b2e2a8c16f15695627c28133d55e79be18d48c27c63c2e5b54

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\aa4lffse.newcfg
Filesize
2KB

MD5
61eb868ea5f2e7e68dcbe92a64f55d24

SHA1
d33235764699d0cdc861a10ddbfbdd51a7a8fc0e

SHA256
450624dfb2f20c4caf9baa3eacde851d60e702c4058d801a9a449a5f605b8427

SHA512
b224b55ebef12c0f1468b0f319bb02a9a5acddd3d17027502638ddf1a545b7dd1a4e5f6849680c19eecbd54746cc7099435a95fcd5b2e86a617dac2901aba66a

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\ew4iqxz4.newcfg
Filesize
2KB

MD5
9d100b232cd2efabaa6eed1ba51574fe

SHA1
67f0a2d4526c01a1e87adcf03f352924dd92c2f2

SHA256
eb770d5437e4d0842b8f266a8d33b7f6ed8a4b436f4313886f8c2bd9d690159a

SHA512
362c6d05c699729fe57730669f71f01404aa68e6bd6bf3b7b66075096ef7db687e0f57203b2f6e983861465c2f85659b18f2e4465c30fb40e8aea4bbbc9e521b

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\hjdlrbez.newcfg
Filesize
1KB

MD5
8241951a0c9e510372d188b320eca5d4

SHA1
b7115cdd39beeaeffb76b9551b4118651d687d58

SHA256
ccf8ef3b3f26a92163379489149a483f27a2af1074dcbfab659b05e853da8669

SHA512
b25d5100ad821fee002533f5df3bf9b5f9b117f59c154364005eb0564bb8cfa4cd624e039934ae3503499df5c431505b3f576f9051b6a7e05f0e82f9b4c8310e

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\krq0ijxs.newcfg
Filesize
2KB

MD5
1e5f9408a66d57426d5460c36cfc162a

SHA1
315699e501e4f4ab130a4e76fa6d236bfd5b0def

SHA256
6d1da386086b96fa546579dbe736c5dea6256cc7ed2ff22ef5b4aa9309703ae2

SHA512
26e4df11fd2c8a541f74df7d429d5e1f228df08f0e1bb37f46b1fac0d9abd0e3cd8d7747dcb2793b665c6df6e0830f245903cf2c7caa9468df3d92756c541cad

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\mrkwoqtt.newcfg
Filesize
1KB

MD5
7ac90a60d27110fa4e8d70132b501a24

SHA1
4d02d011d43128b27173842f359c029952515f92

SHA256
a6a47749118655ceb332b544e11e15a0566ce1234b0079cc76b4f84e8ab62176

SHA512
22b675e5401832c598345351731bbffcc89aec7633f2f7cb8edca31f58012972702c7b7311cac1b55d14d5115b8d885dbea1106100ab75aa65b2da4102807000

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\ri35fsmj.newcfg
Filesize
2KB

MD5
3287da4e7a7a9a8ede2dc3fca0dc675a

SHA1
7fa6be99d9c395cc82da0750650f47b751498f72

SHA256
8469cb62af9f3e47596e56534052149843b1f25bd81d012e0410211334052cf2

SHA512
566b45fef69e2cb364342c78bec4cdb43986ef07abc1de75e4f38279b3254c2e3f78942c391ad3f3c94b2e88f02b42ff14e16f92742b9dd7a189475247046649

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\rj5chfmu.newcfg
Filesize
2KB

MD5
16f30c89f5ef255116845929aaa1c958

SHA1
a758d24207c8f28040147970dcfe73355609277b

SHA256
633b8d47b4dc9655841a8cf0ff5811f2677f1df8134e5fbd6d92a6f116354618

SHA512
afe55677901bc25b4fc2abca8376f79289c7d0364a25aeb930e341ff1a9e3c92afbd565b522dea1d58adcea27c9cf43e034fbd733d5ca6a4779718f983cc64b4

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\ucxykovd.newcfg
Filesize
861B

MD5
8fcfed0307b17dbe792fd477141ebaa7

SHA1
eadeff417fee31215a1449982f3e58b9f52330bb

SHA256
04119e97067e832137e094aceaa61f131aa4984fff9a8930592ca8c30914f982

SHA512
ffa98e1347556f207e958c923f0a98f84891682ed5c28f60e81b2b7d8ef10d5fcaec81dfe440d51eff53dbcd77249596bb8c471e0056f807a7985a3f47e27544

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\user.config
Filesize
2KB

MD5
c82971c25c8584fcda6e8c7f2d65cf07

SHA1
8b75937ef8f6b3da190f6691c4b350f5eb93b426

SHA256
4f6cdbf80412b0c4759e581128c31b68b2b438d45abe38c64023d2a9257c543e

SHA512
4fd50ea2636de7d382596857f869a34c5ad3485fee4b0d1d242396f30b89b906c55a6af5cc6de44aeab7643f5de8fe0407e84c0014150d393035523470fb960d

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\user.config
Filesize
2KB

MD5
7b7e05337831ebe1fa31e7f27d9cfb27

SHA1
0ed6f917220ba7c769f1c460abd212f7477fd457

SHA256
a2b3dc3bb7c2036a7dff282c1802d5277bf538db769e9953e6df3bba85652bed

SHA512
e75a0da90e3e192aae1991cde4361603fb303cfdaaf44e7881730c4149f460fcf2517aa02103391533d59a8c17cfd2909f943b47ba8eff961b1767db7e3c090f

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\user.config
Filesize
330B

MD5
335d8b10a6988eb38995ef38644b1552

SHA1
6e7f535cfa1e3ba2a2117a5a0801a00c6ec1e523

SHA256
aa0da1dc9950d1e0ef36e6429976cd1388561b5320aefef1f3f99a1a7b05c1dd

SHA512
f5060a2e0f2d5d5bba229a8a34442efe0b5334b41c9b76fd52f09325efcf6efc599f87e59f3a904ee299fbc9eb6519843559d539396ac25039a4696f045bb3ba

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\user.config
Filesize
594B

MD5
d2a31af04b72f10b334cf6d83e329178

SHA1
87ce6a8c7c38b66bf229932daa43d10acd43f5df

SHA256
be6034c3d1169b8b945d3a6e939cfd25759ac788ade5b59dde8aa299d1cec49b

SHA512
f5dcd0d132ee4119550ef8f2c6675120e03647d36e2a1dd4e5bcae2bef0445398f4fcb4dac8287ba745a14e89d93c7cdae7c6701e4c6ede89a869c5b354f95bb

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\user.config
Filesize
1KB

MD5
503758332f80d2c0cd5445e7fcd507c1

SHA1
897977a2e51e562e20fce5af1af7cde0fa2ca136

SHA256
0022a59125e8f274ec86835d3218f0b89baaa85cf2d25a4d8cde5e7ab1626822

SHA512
fb7b9f690b73f559edd5e3ea60e450bda2ee7438f819aa766ada3485a67a683623f381337726f2682615f9e0e266bef2417fbda6870c31c65fe05000ac29b285

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\user.config
Filesize
2KB

MD5
cbc39066fda6e1594644a091d38e7c6b

SHA1
f7958f86b143a5a7f25b0ce9eb3e9fc7f1006250

SHA256
112316a5d2a09b59036f7b0ae515ba5507b197083617d13bf579d508133167b2

SHA512
0d4ba0d70ad5d65016060d47296caa2b5a2e767170ce380b5901289abc469a4d1a00bb208d75f6c0012af297d19573bd114cc0e8b787793dbe8f61c4cdded549

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\w0fdobzu.newcfg
Filesize
1KB

MD5
1e3f56b1c69ea172acdbf14f6cba39e4

SHA1
628d53d6eace73ecdf0f7800bb24dded714a4c11

SHA256
e8e3b3086a50e2ddbfa5f007435d0c03310cfa7d11fd9f06b04b6f1073612281

SHA512
1e1852e61aab29c1fa271cdbd05217c550b20a76fe38defb6006e4c3dd970fcaa56a9ad9812fe272e96c312ab60d8331fae5edb0ada1b9b17c2ffd0f0488719b

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\xqhdqpev.newcfg
Filesize
723B

MD5
eae39683b5f9117fcde036e28aa6ea09

SHA1
b362a0882a2afb7d470b94ec9d72dcacad82737d

SHA256
e205315b625f88ba5db9fab72956be091f45fdc9e298f06d3408f04bacf183a0

SHA512
44d032ef7a455e11f20425ad351c743363d5583554db23003f3cdfa3aa12a0fd7c175f5b0e2d363619909d76ba92617784705f370ccb902295f2e96c2b6ce5fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS405F5D39\ICSharpCode.SharpZipLib.dll
Filesize
208KB

MD5
b0040d764201abd71c26560e798bfa7f

SHA1
a3f32be47621d353d67c6a72b7059b553801a9b8

SHA256
13c3e0fec7ff29eb8ab28b321102c2d27afcbb410884cd693cfd3d211bbef1d5

SHA512
104f157b822901375cacbb22121c1c866254eca5979422741768aed5536b0d51f5efce24b6106927cb16843276fc8e4b8f70ba20f5ac3c48a75460b2ab14e478

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS405F5D39\Newtonsoft.Json.dll
Filesize
428KB

MD5
746c1f0ea5a5c0a67fe96dba4e32ac76

SHA1
cb31834984b5c7509499f0a9a5febe2e3575de78

SHA256
9ee20b0b7e54e633eff1a25b6e379201d499552689ad29eebd5ad90f221b1386

SHA512
b07f6032d609291f3f3d6e75abc055cbc0751c2cde4cfb4eb5ab93611ad8391e877dad92009dec70c0c2a7fb96b20cb4392a1a51634006466bca06fec36ce358

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS405F5D39\WebCompanion-Installer.exe
Filesize
428KB

MD5
f6271b5d4729c2fd7dd9950f41d57c8b

SHA1
b201f20d58d3d0de4edbc513b25c4af8d3790d13

SHA256
04e8c3de51503351b4d52fa9b010aebb41d3cca46387046e8e689fbaa7063c16

SHA512
8e4ff8ec79b154211d2b6ded28025b92c4f09e36ee160be689af986ae2aeb0f444d834b04f2c6887e757f618f1d7dfe049f8d8e6a6c460c99f79a80a1580db9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS405F5D39\WebCompanion-Installer.exe.config
Filesize
2KB

MD5
be34b448b611dc35dd383ed545e8fa96

SHA1
6c9dcd8d936f0e39648f8fa80e7f07d9ce6f550e

SHA256
deeba89fab938088e2e65942e93210e6e368eef6bc1ca8e8724ed43154701851

SHA512
796bc2ee8672b64d9f5859f0b091e76de9523beb91a7c8a1aaf59be30902bb73f5d197f271d9d50ba6139b109b00f121efa11929f322af71fe9d32c683ad8c44

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS405F5D39\en-US\WebCompanion-Installer.resources.dll
Filesize
6KB

MD5
e4266f63970e9bb702fded23abb07ad7

SHA1
fb53dbbc93788d7ac3672520706195ab3eb75fd0

SHA256
83cf07757ca5e7c3dd2a8cabc44ba246b6b6f24c3d7042ceb3fc91ddfa8c4160

SHA512
4632e8af8c60b242d7213ec4eebfff358c59e0408e2f6d1821bd87553877e0ff4c9e874992242b303d26a2c53ac53e628674ce2ddb0dc0102e581c05f25c5f54

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Events.dll
Filesize
136KB

MD5
b4e90ff038a9640cde9c1eb897cd2878

SHA1
fb26404d6d6630f983d8d95eecb00cd28f1809dc

SHA256
1884da1809e9d5b24f777524e8a9df261d3e39cdbb25846d5b594feb123abbec

SHA512
8fb8b6f4af754c5d2333cb622a953fcc3ed2fc13b604f5f17a94271b82151466f3aac50bc52116e5cdf7269854e4e3ce323cdeeb504551439cadb5b41f4c403c

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
Filesize
108KB

MD5
522a44cd2e255dff02c5e5c67a61b85a

SHA1
c8a9ec53407f729c81126dbb9db81af235b43b58

SHA256
4649fb49605bac2da3925ba3255bbd4017f5a9115206d67de6d51d5a1035b2c3

SHA512
3ea6b1bbd0cb4b78674b58d3ad77cb5d93a6f27be5dd5a4a83feddeacd55d1b8f17a12ee7664d866e32a929debef7183e3991c53a9ad8e056721e7b70d92d252

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
Filesize
3.3MB

MD5
a89871f4fb8517d47eaf356fcba5f9c2

SHA1
4a19ea78e1ea859447c584a4eee2fd62a1c3903f

SHA256
afc118ca9b161f9b2439a63c84a1a172d6e854540aa8a24538ac73e83a09273b

SHA512
3574660b1156f1501d42a1406093c416237457f8331fac32419e26a8cdb6a8e582a17c0be1c960bc86206b7a12d0324b588e51ebc9a87933233507ecaec8991f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe.config
Filesize
11KB

MD5
cd4e494e258c7eb0585fe76ebe9e6233

SHA1
e93eb57e6c38e496fda92dbcb31021b34ae47cfe

SHA256
bf61730717f05b95c4f43d425b6d7d15deac39d53e28eb302e5723c7a9b7b0b2

SHA512
413b3727a71126e3f35551232607d95f8bd79342526c0144cbca929e6dd3e65aab56b2d1f37baafad53ea23dca4c55bdd363cd45d0c54792c3118726ea45c07c

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\log4net.dll
Filesize
316KB

MD5
2354866890cf03971a066b1b0a6e2376

SHA1
a446317cfed4875d5f6b82b507bb9097029277a6

SHA256
83f5dfb7e27c8316ae780d39eaefe6583dfd119a4e9e556a6552df799f300e0d

SHA512
c681e0a545812198f7a89eba33bde9fb0637a3b94b50a63980767f40279618433ed71082c7575c84d5ab1ca2f664bba573c8f3d7fe0a39e8d3229fb85158372a

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\ActiveFeatures.zip
Filesize
404B

MD5
bb0a9610289e898d51069eaf241b0087

SHA1
f7333a72fe24073abb518f4a552c0447c2c2a48f

SHA256
65963b9d4e137bf66695d27a07f914ddb6235221462677cbf9e85c8b713b619c

SHA512
50d2353e314f5f016a68f606f7f483d019505cb73c688adae1250a0c93f414a8f07173f2f32c9348b1eedaca38dae37038eb48a3f61081a472ef88c248203f03

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\ActiveFeatures.zip
Filesize
404B

MD5
4279242d1b27c3572441af877c1058d5

SHA1
694ef1242336ade8d287839647404f390c74128d

SHA256
f8ab064ba856aa71071948292df738548b61550e00499343005865811a416c2c

SHA512
c82983554d1e059aae81774b6573d89d265b960386a551add0beb4b70066e07e6ede210ac8c38a0d49657a4dcacc32a4302290782f757955677e712748e8d734

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\AppSettings.txt
Filesize
332B

MD5
590fd86ad024f2b655deec8333e240a9

SHA1
f1946050248dd1aea834f139063ac8eb3e41677e

SHA256
7afe6a8c5bf14cace6e9bb2d40df2adb5f31325fc024f448138106cf7b63f7c1

SHA512
c19bf730552e548b6caaa27f5ff2c5b34d34ac9408b3b6e388361635ddfd4f619b9205fad76b9141f2804b8dd364cd843dcbabd4d9d7b7b712f320f6729d87ec

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\CData.txt
Filesize
209B

MD5
bdb05aec3b480d6d0ef2c1b63110387c

SHA1
a148f00b85c0d9267d842fa4021c601363204e5a

SHA256
075400a94e93e8d3cd22b9f9bf64260c1e59dc0c7e36ded436ab3922b7a043ea

SHA512
429706d46d65fc03bf83311824c5d0855947cd198759608f1d188be7f3d472102da15a5136a97921089f3514f2618e67d49300f6d76b5ad169bd3ed978a21c43

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\EData.txt
Filesize
192B

MD5
a5dead38b4697c1c3823c206d1f0f32f

SHA1
45fe2ef9fecf8bb3b64996e5fb5bc2f990ef7b95

SHA256
71925f2a65d43cd74f91352cf7dd44489491054dd7eb526c4f1e8927e7a30976

SHA512
b6c34d06e35b58906ddbf3193f20fbb50eb6aad5b23c645548637b1be36922f2b8c97ce053a36013b2b423245ce7a8d542825bb75e0f0fd1ed737b2dfee20940

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\FData.txt
Filesize
208B

MD5
79cbe529ff6bf371ee89f64ec6dc7993

SHA1
0b14d49b3a26ee2e4ab4882bdc3f6e3e0cc2a22d

SHA256
4f764c23933925e5dccdcc12ecb2bbcb66d4fd23c737f81dd2446c08776bbf5a

SHA512
f6d64597d5a667d73bb3aa0f0f97d1836671c1621b684c69c5271f2d73527e64baf98ac767c76c1c0f2b9c4de8c894d2131f5de1b114d7faac7285e7443b4790

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\FeatureActions.zip
Filesize
656B

MD5
696ac124e27397184fd9461e8a1fbe08

SHA1
a7b63b1191c73e8965182344eff183196c3378e1

SHA256
3dad97bfd5a739b74fce6acb491d35ad4dae418100fe756d2adfd15a1889139c

SHA512
9e19fd77e5bb462dac84bfe3edc19ee4bd16fdcb8276d0b0c01d3072fc6fd09fd2a78f9aa8a44e8d3c388fdf0b9ad46a819f31b09f3e40073ddeb94a5ef767a2

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\ServicePartnerInfo.txt
Filesize
195B

MD5
79a7dc5f39b9878c02b22dd6789c326b

SHA1
56b9f70b262beb43f96fd2f0abccdfbc3b022770

SHA256
242e6f82ac1fcee878a3b860a88ba033967b14484ddbfbe811dd7b1ed8f8134f

SHA512
11d62838061018a5d5b1ed69333f0d1c0f695906f5cc624ed7ab9850903a1985d0762e1068f78bdd0f2fb0644e64acad51c2187c8f5ebc4c2e4653f5952dfe49

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\WebProtectionConfig.txt
Filesize
308B

MD5
0cb1cc6ebd3113ffa4d08cb8e611b0c1

SHA1
c084178a890875d41c400e8950537e1f8a58a50f

SHA256
b578ec7cfe4cdf6690c83daa66b068fc585a8b35fc3a8722e29f2dc0fabb26e2

SHA512
c86f4c9a16249313e1a4e0561dc6241e931c5d382a830b64e3aa9d1447734716417bc2f08e4860edc0d2945cc5091170b90039194c90985395d33a36662fffec

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\statistic.db
Filesize
2KB

MD5
3969451ff946645521175a17082b2a5c

SHA1
581bb1d4e41ff6f55079a9eaa0625b63488321c5

SHA256
d32102b9acb779e8c2072711ea1ecdfacdd2db0693befc09dff1dcf0ce977538

SHA512
1b78bdc58e8a85c7fd4a52252afa27dda8d8bd01599c3745dd7f2bfab2bce03c14559fcc95aa302023756e75060bdb2fb7b07b272ad06eb8eec6a585b9e44667

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\statistic.db
Filesize
2KB

MD5
93103834f5362c269c0bd327baf1ae42

SHA1
e9fdf38c01f910e16292a9ecf7bc7db8e20ad5d3

SHA256
0e251140454a6af1625d999612a2e47d0ad925e3b98624c620abca499a39bd73

SHA512
67368c8389ca3cc102e417ac0ab0996c352ca5223ad27f5c643590e035a3ac7b09a8ac85733d9290416b09bd4f925d9d588b6d720aa235c66d8f3352541e78c3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
8KB

MD5
0570130e47f7428f1bffa0e686ba0c25

SHA1
36f8a0e07202b438f5e1294c8e2117c8b495c2aa

SHA256
30831e4f36bb3d741feba449239e52d1c01c0ed44a31c744c4afc71fa4dd0a7c

SHA512
d94d35686cbc5e46233d6014b2c859fca447d49addf1333580cc799cdf71abc262497ed2aa11fd66e6ef5a283a9bd803f7ed5b6aabf8023cb4eb9fa7fc76aa1a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
10KB

MD5
a45e2ac8554e6480feb76fc06c13f1fa

SHA1
02699ca4bb1c02876cabed1e70989950a6ce1a46

SHA256
cd0bbf5bade5e3dd3f398830066c4057f4e81bb4ae3cea01a0deba477f6961cc

SHA512
d5030e8627f0a14d958db7ec0b47e0637e3f9c795034a34b1ba48e27eb96eec0f27ba9287ffec0b90ed603e291f712ff957d7e859eb46510d57a5b00be19662a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
9KB

MD5
c39fe0aeca90923c43532fa04a26016e

SHA1
c4380dd46d19bbe6066075cd611ecf51b8502eb6

SHA256
004f64ab5e31780e650e3cea65de2ba9b6dbbe7d856aadef5d15f0b9901e13ca

SHA512
b148dd06d9cc26ee00d8d5a77816af65dab651d56297aa1c3dc1368b16f8fb44895cf0269eacc3a894221cf40ead0b66d93c9cda7af37112c458e35036023bc0

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 813938.crdownload
Filesize
532KB

MD5
15670358fdfc55fb34e0d108c3a4475a

SHA1
9e937e97ea0bb0acfe4114a1eccac519c0caaa75

SHA256
50f13606550d1a5d9388711007ccfbce88d8b900dc712367b66064d0d4b3fd8b

SHA512
aeeb7f01797f1dc0fc445faeb032d910281fcbf267f6be00e01182356881b8205cd5ef9a8e431c9c2a662114f7bea10867f222fa422e4929cbf4e583bf5be7d1

Download Submit
\??\pipe\crashpad_3652_VWBMGGPOQRJQVUJQ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll
Filesize
118KB

MD5
e9e26816ee6dfa0d4c30357008311c01

SHA1
d4d2f690a08f1ab85b9b02d267b8e138278f2329

SHA256
91ca690f23473476ac201cada9527f71dae1b15f6c272398253f3f0425b34825

SHA512
efe8d18d57b1e95c117789181f51d652eda53849872cbb5331cf5fd73955b04a08e360707d105b7901d72aeb86496baf2644111da289306c2022a7c9f5ee7440

Download Submit
memory/776-1407-0x00000000083F0000-0x00000000083FC000-memory.dmp

Filesize
48KB

Download
memory/776-1406-0x0000000008200000-0x0000000008256000-memory.dmp

Filesize
344KB

Download
memory/776-1150-0x000000006ABC0000-0x000000006ABD2000-memory.dmp

Filesize
72KB

Download
memory/776-1432-0x000000000B3B0000-0x000000000B3B8000-memory.dmp

Filesize
32KB

Download
memory/776-1594-0x00000000661C0000-0x00000000661E2000-memory.dmp

Filesize
136KB

Download
memory/1420-606-0x0000000005710000-0x000000000575B000-memory.dmp

Filesize
300KB

Download
memory/1420-655-0x00000000098F0000-0x0000000009924000-memory.dmp

Filesize
208KB

Download
memory/1420-601-0x0000000000DD0000-0x0000000000E3E000-memory.dmp

Filesize
440KB

Download
memory/1420-602-0x0000000005F80000-0x0000000006586000-memory.dmp

Filesize
6.0MB

Download
memory/1420-603-0x0000000005660000-0x00000000056B0000-memory.dmp

Filesize
320KB

Download
memory/1420-604-0x00000000056B0000-0x00000000056C2000-memory.dmp

Filesize
72KB

Download
memory/1420-605-0x00000000056D0000-0x000000000570E000-memory.dmp

Filesize
248KB

Download
memory/1420-607-0x0000000005970000-0x0000000005A7A000-memory.dmp

Filesize
1.0MB

Download
memory/1420-612-0x0000000006820000-0x000000000688E000-memory.dmp

Filesize
440KB

Download
memory/1420-615-0x0000000005900000-0x0000000005920000-memory.dmp

Filesize
128KB

Download
memory/1420-616-0x0000000006E00000-0x0000000007150000-memory.dmp

Filesize
3.3MB

Download
memory/1420-617-0x0000000007350000-0x00000000073B6000-memory.dmp

Filesize
408KB

Download
memory/1420-621-0x0000000007660000-0x0000000007668000-memory.dmp

Filesize
32KB

Download
memory/1420-622-0x0000000007860000-0x00000000078F2000-memory.dmp

Filesize
584KB

Download
memory/1420-623-0x00000000091E0000-0x00000000091E8000-memory.dmp

Filesize
32KB

Download
memory/1420-624-0x00000000091F0000-0x00000000091F8000-memory.dmp

Filesize
32KB

Download
memory/1420-625-0x000000000C020000-0x000000000C058000-memory.dmp

Filesize
224KB

Download
memory/1616-790-0x0000000007190000-0x00000000071A2000-memory.dmp

Filesize
72KB

Download
memory/1616-788-0x0000000006D20000-0x0000000006D48000-memory.dmp

Filesize
160KB

Download
memory/1616-771-0x0000000005F20000-0x0000000005F3E000-memory.dmp

Filesize
120KB

Download
memory/1616-767-0x0000000005C10000-0x0000000005C30000-memory.dmp

Filesize
128KB

Download
memory/1616-763-0x0000000005AC0000-0x0000000005B10000-memory.dmp

Filesize
320KB

Download
memory/1616-759-0x0000000000FA0000-0x00000000012E8000-memory.dmp

Filesize
3.3MB

Download
memory/1616-776-0x00000000060D0000-0x00000000060D8000-memory.dmp

Filesize
32KB

Download
memory/1616-777-0x0000000006130000-0x0000000006178000-memory.dmp

Filesize
288KB

Download
memory/1616-779-0x0000000006530000-0x0000000006550000-memory.dmp

Filesize
128KB

Download
memory/1616-778-0x00000000065B0000-0x00000000065EC000-memory.dmp

Filesize
240KB

Download
memory/1616-783-0x0000000006660000-0x0000000006682000-memory.dmp

Filesize
136KB

Download
memory/1616-773-0x0000000006080000-0x00000000060A6000-memory.dmp

Filesize
152KB

Download
memory/1616-789-0x00000000071E0000-0x000000000724E000-memory.dmp

Filesize
440KB

Download
memory/1616-1147-0x00000000661C0000-0x00000000661E2000-memory.dmp

Filesize
136KB

Download
memory/1616-791-0x000000006ABC0000-0x000000006ABD2000-memory.dmp

Filesize
72KB

Download
memory/1616-911-0x00000000081E0000-0x0000000008258000-memory.dmp

Filesize
480KB

Download
memory/1616-963-0x00000000082A0000-0x00000000082D4000-memory.dmp

Filesize
208KB

Download
memory/1616-1001-0x00000000081D0000-0x00000000081DC000-memory.dmp

Filesize
48KB

Download
memory/1616-1011-0x00000000083C0000-0x0000000008436000-memory.dmp

Filesize
472KB

Download
memory/1616-1013-0x0000000008460000-0x000000000847E000-memory.dmp

Filesize
120KB

Download
memory/1616-1047-0x0000000009490000-0x000000000998E000-memory.dmp

Filesize
5.0MB

Download
memory/1616-1121-0x0000000009320000-0x0000000009342000-memory.dmp

Filesize
136KB

Download