hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqa3E1bmFOazh3Y0NfNlV3eVBfS2o4Z3pKV0NUZ3xBQ3Jtc0tsX2NuM0JuUElkV1lTdmFZTUxMLThPUFFVN2tFcDFVZTFoMXBrN0NXVXFkNGlkSUtCRnQ3bDhvem5HcDd6ZUxPZ0E1djFNUEM5anN4bVBYRWpEZWIzYWlhNmNzOTZEcmtmRlNRZ3NJbHUxd1l2dDZSVQ&q=https%3A%2F%2Ft[.]me%2Fflisk_drops&v=WkB1f2dcx_M

Analysis

max time kernel
220s
max time network
223s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
24-05-2024 21:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa3E1bmFOazh3Y0NfNlV3eVBfS2o4Z3pKV0NUZ3xBQ3Jtc0tsX2NuM0JuUElkV1lTdmFZTUxMLThPUFFVN2tFcDFVZTFoMXBrN0NXVXFkNGlkSUtCRnQ3bDhvem5HcDd6ZUxPZ0E1djFNUEM5anN4bVBYRWpEZWIzYWlhNmNzOTZEcmtmRlNRZ3NJbHUxd1l2dDZSVQ&q=https%3A%2F%2Ft.me%2Fflisk_drops&v=WkB1f2dcx_M

Score

8^/10

discovery persistence spyware stealer

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 4 IoCs

Processes:

Setup.exeWebCompanion-Installer.exeWebCompanion.exeWebCompanion.exe

pid process

1540 Setup.exe
2988 WebCompanion-Installer.exe
1604 WebCompanion.exe
3116 WebCompanion.exe

pid	process
1540	Setup.exe
2988	WebCompanion-Installer.exe
1604	WebCompanion.exe
3116	WebCompanion.exe

Loads dropped DLL 64 IoCs

Processes:

WebCompanion-Installer.exeWebCompanion.exeWebCompanion.exe

pid	process
2988	WebCompanion-Installer.exe
2988	WebCompanion-Installer.exe
2988	WebCompanion-Installer.exe
2988	WebCompanion-Installer.exe
2988	WebCompanion-Installer.exe
2988	WebCompanion-Installer.exe
1604	WebCompanion.exe
1604	WebCompanion.exe
1604	WebCompanion.exe
1604	WebCompanion.exe
1604	WebCompanion.exe
1604	WebCompanion.exe
1604	WebCompanion.exe
1604	WebCompanion.exe
1604	WebCompanion.exe
1604	WebCompanion.exe
1604	WebCompanion.exe
1604	WebCompanion.exe
1604	WebCompanion.exe
1604	WebCompanion.exe
1604	WebCompanion.exe
1604	WebCompanion.exe
1604	WebCompanion.exe
1604	WebCompanion.exe
1604	WebCompanion.exe
1604	WebCompanion.exe
1604	WebCompanion.exe
1604	WebCompanion.exe
1604	WebCompanion.exe
1604	WebCompanion.exe
1604	WebCompanion.exe
1604	WebCompanion.exe
1604	WebCompanion.exe
1604	WebCompanion.exe
1604	WebCompanion.exe
1604	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

WebCompanion.exeWebCompanion.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Windows\CurrentVersion\Run\Web Companion = "C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Web Companion\\Application\\WebCompanion.exe --minimize "	WebCompanion.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Windows\CurrentVersion\Run\Web Companion = "C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Web Companion\\Application\\WebCompanion.exe --minimize "	WebCompanion.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

WebCompanion.exe

description	ioc	process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	WebCompanion.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WebCompanion.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133610580856221856"	chrome.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

WebCompanion.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4	WebCompanion.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0400000001000000100000004be2c99196650cf40e5a9392a00afeb20f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d4190000000100000010000000fa46ce7cbb85cfb4310075313a09ee052000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	WebCompanion.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 5c000000010000000400000000080000190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd940400000001000000100000004be2c99196650cf40e5a9392a00afeb22000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	WebCompanion.exe

NTFS ADS 2 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Setup.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\FreePDF_49360150.msi:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 41 IoCs

Processes:

chrome.exeWebCompanion-Installer.exeWebCompanion.exechrome.exeWebCompanion.exe

pid	process
2764	chrome.exe
2764	chrome.exe
2988	WebCompanion-Installer.exe
2988	WebCompanion-Installer.exe
2988	WebCompanion-Installer.exe
2988	WebCompanion-Installer.exe
2988	WebCompanion-Installer.exe
1604	WebCompanion.exe
1604	WebCompanion.exe
1604	WebCompanion.exe
4932	chrome.exe
4932	chrome.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe
3116	WebCompanion.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 43 IoCs

Processes:

chrome.exe

pid	process
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe

Suspicious use of FindShellTrayWindow 45 IoCs

Processes:

chrome.exeWebCompanion.exe

pid	process
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
3116	WebCompanion.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe

Suspicious use of SendNotifyMessage 13 IoCs

Processes:

chrome.exeWebCompanion.exe

pid	process
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
3116	WebCompanion.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2764 wrote to memory of 4972	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 4972	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 1216	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 1216	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 1216	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 1216	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 1216	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 1216	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 1216	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 1216	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 1216	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 1216	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 1216	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 1216	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 1216	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 1216	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 1216	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 1216	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 1216	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 1216	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 1216	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 1216	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 1216	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 1216	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 1216	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 1216	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 1216	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 1216	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 1216	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 1216	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 1216	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 1216	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 1216	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 2460	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 2460	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 2604	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 2604	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 2604	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 2604	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 2604	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 2604	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 2604	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 2604	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 2604	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 2604	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 2604	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 2604	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 2604	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 2604	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 2604	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 2604	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 2604	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 2604	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 2604	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 2604	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 2604	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 2604	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 2604	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 2604	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 2604	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 2604	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 2604	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 2604	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 2604	2764	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa3E1bmFOazh3Y0NfNlV3eVBfS2o4Z3pKV0NUZ3xBQ3Jtc0tsX2NuM0JuUElkV1lTdmFZTUxMLThPUFFVN2tFcDFVZTFoMXBrN0NXVXFkNGlkSUtCRnQ3bDhvem5HcDd6ZUxPZ0E1djFNUEM5anN4bVBYRWpEZWIzYWlhNmNzOTZEcmtmRlNRZ3NJbHUxd1l2dDZSVQ&q=https%3A%2F%2Ft.me%2Fflisk_drops&v=WkB1f2dcx_M
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffeec42ab58,0x7ffeec42ab68,0x7ffeec42ab78
2⤵
PID:4972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:2
2⤵
PID:1216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:8
2⤵
PID:2460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2148 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:8
2⤵
PID:2604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:4068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:5072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3888 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:1220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3236 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4344 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:8
2⤵
PID:2312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:8
2⤵
PID:1900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4612 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:3440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3232 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4876 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:2332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4224 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:2456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4836 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:1600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4724 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:2756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4492 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:3364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:8
2⤵
PID:1520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4808 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:3936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4344 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:4240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3916 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:3192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4576 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:1420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4884 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:4336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3220 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:3864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5108 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:4840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4764 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:5104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5116 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:3588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5168 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:8
2⤵
PID:2176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5284 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:8
2⤵
PID:3700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4968 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:2860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5592 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:4056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5640 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:1344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5852 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:2536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6104 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:2072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6140 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:8
2⤵
PID:2856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5512 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:1320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:8
2⤵
PID:2864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6116 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:2132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=3196 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:2744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=6024 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:4588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=4556 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:1600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=4524 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:3936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:8
2⤵
PID:4504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4876 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:8
2⤵
PID:4752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5676 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:8
2⤵
PID:4996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:8
2⤵
- NTFS ADS
PID:4564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4976 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:8
2⤵
PID:3668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5816 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:8
2⤵
PID:3388

C:\Users\Admin\Downloads\Setup.exe
"C:\Users\Admin\Downloads\Setup.exe"
2⤵
- Executes dropped EXE
PID:1540

C:\Users\Admin\AppData\Local\Temp\7zS4060BDE8\WebCompanion-Installer.exe
.\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN240401 --nonadmin --direct --tych --campaign=20731534003 --version=12.901.4.1003
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2988

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C netsh http add urlacl url=http://+:9007/ user=Everyone
4⤵
PID:1456

C:\Windows\SysWOW64\netsh.exe
netsh http add urlacl url=http://+:9007/ user=Everyone
5⤵
PID:4452

C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
"C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --install --geo=
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
PID:1604

C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
"C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --afterinstall
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://webcompanion.com/en/install.php?partner=IN240401&campaign=20731534003&
4⤵
PID:1312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffeec42ab58,0x7ffeec42ab68,0x7ffeec42ab78
5⤵
PID:4916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3688 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=4988 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:2072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=6580 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:1900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=5516 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:2004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=4576 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:1620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=6828 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:2200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=4692 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:2220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=6700 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:1768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6592 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:8
2⤵
- NTFS ADS
PID:724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=5568 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:2132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=4352 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:2656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=3896 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:3368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=1456 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:2660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=6576 --field-trial-handle=1816,i,1668298531317955603,9202043924252126902,131072 /prefetch:1
2⤵
PID:2220

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4932

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:2124

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
Filesize
28KB

MD5
4c255731cbf559fe8bbf5e153ffc215f

SHA1
837262c5d71e54d1c834a01d489fe9181bbaca12

SHA256
287d47abb4af3a340290b18ff132be5522beb5a5b5cb259f035c891ee223493a

SHA512
3c3f45935e1d6b145cbf9ea48a809e45d5828c8c20c51d733d3386e3aca592a98f85f5ec6f53655e1b930a8423a0752268e52f47af4bd4c89fa131b423e2883c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
Filesize
80KB

MD5
14e39be019da848a73da7658165674cb

SHA1
e016473c4189a8cc3dbff754a48b3e42d68af25a

SHA256
39595a1806156cfcadf3cc4e20c5c3f3eec721386a0551790a15f025ba9402bd

SHA512
828a383de549871aa80ec960a7e371ef47da96d01ebb9628d1484ceed9eb698aec5109b3de0b24ff8000610a2c2d633616c9fd28d380656fecbaa930cffed029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
Filesize
20KB

MD5
9b3d940b2d583cf3242f8658b7c9207d

SHA1
9f3b198c286df98b65b9ea31ba8cbc8b43dd1e95

SHA256
0a3468a56300bbfaa2b55997a24d6af70bb9b2d70b4685f2600d4044f9b31894

SHA512
52d4f933fa1eec3b623d9faf6a10df45a71fa617cf8a1d151cb6c7423537010df3244bc38a68803bf0eb327210470d9f9d494bbb97e98530cfcdeabbeb5b39d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
Filesize
25KB

MD5
ad8274c9e206dbe7a5d67ee8133976bf

SHA1
49bfa94431fc7edd170ebf8e4f4ad5887eb1aa9b

SHA256
dad2768d56535f7bd25c1bcfaca202b9b8373f53e5cb8a36ebdb82bb2fd406a3

SHA512
a83077cf2edbec5a017a15a0c4e38bd31f04f2ced88ce20e8a7e91afd20bb339909154658f4ad376641aa72c3a5520a03c306554a670eecb28152794f5a0a2ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f
Filesize
23KB

MD5
7680465c99b9bbd9eb5e3055a95ff481

SHA1
4f035af69ca6076226746c23e900846846dce364

SHA256
b53b1d67494e1a4c85056d2bbd233fb9241dd02d88261f72aacf17584f0731e1

SHA512
3c78423f29234a1bc867a73f3c8ddb792869fdb388537867a8d78e68d545386c6cd92891f05221194113ddbc822532184d0763ec329db396c7d41c4f59d447d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020
Filesize
24KB

MD5
7c2224075fd41741e27aab8e01cc338a

SHA1
61ab9ba861743b87f8af0c55e977aa1c653f8d73

SHA256
efaecafb3b690ff5bddf38ffb089a715f083e311ae55761697fcd3ba69b5a141

SHA512
d6dbda96d49ff4b36d6906dcf001e7ffbbd953e06a347abd5d3db8784feda2d134b875f7612611061628ba175656fcb6da378e8bd06764a287add3e64e33ce82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021
Filesize
22KB

MD5
2b175f9be1bc413666c2cb94b7b82aa6

SHA1
296e059cc0330c35c1a6bea8192c835894a63178

SHA256
0d7de85a8632a76524cf886ae28005a4e8b1c8f06cb19b30e0f51375a27cc0e9

SHA512
101552f23d0f961e17ca887724da8011f5dab7a1324ebb775e5d6c1e41718f4f2d6bec317aa9986fc8b28d8064adb0cde9fce827029da55762ed0558acae5606

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023
Filesize
30KB

MD5
04f4c51c1b1ae4347d3ef9e63dd650f8

SHA1
87e0f582937e3aa332e9fe12b9bb0b8b45bfc418

SHA256
590d1c3dd1db6db4deb55d98a95fd11ed040d8ca1775f406558b66441b50e6ec

SHA512
9c271842736e0cfb9198bcc29003fe93b319984fa65ccc571fc5bbfbbc7165fe89effc76f9a2fa4d052bc44633badc2dc8bc73bb3b68022a4d1c626e386c23e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024
Filesize
50KB

MD5
5b9db40cd1a208263b2d652ba60ebbd2

SHA1
81b88616439c056268d3685dc38accd0f7134a9b

SHA256
6fd934bfb26fae576df101bdd24c77a41bfd049f4b545124f72b184efbc9bb1b

SHA512
77e63a65cab9618247572bf119c3bedc181258184cd501c46a5e08ff19baa71c37b89f13f2d07a99ee600b150714f6c63db8eb0d4b5fed2a89e5e3d7cd1f7564

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025
Filesize
92KB

MD5
51fbc96cfdd6ab974e3a1f241062410b

SHA1
3475a079e3d3ab7b3dad0f652d46be01b733b7f3

SHA256
9880875b98d05e44e8d7eb6786f478bd4a3ce987629b4c0b4b89ed9719e9db62

SHA512
74ea0ad2b2bf78337a6353b23c6f698ea4ae25dc9ba7f8b14fdfe1462ef8a96aa25117e7b1c7f610d9ca1e799e760a20b28cf5bb8f53064efa830b693ea833dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026
Filesize
16KB

MD5
abe083d96b58eb02ada8b7c30d7b09f2

SHA1
61447d66d13a8c8f4335696777a85c438c46f749

SHA256
db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9

SHA512
d17e095a6f0871fa0c9cddde08f87a63589574eb23f3dca7430ea23fd6ff5c3523e9807dc0ed0cf9c874e1a37046461e79ee47e1e9aa64513fff25bdd48c3696

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b
Filesize
31KB

MD5
8a3b3c6dfca5dd2cdd5191cccc3359e4

SHA1
d00ddef2be876710e692d1a7131d71ebd84cbbf4

SHA256
847a9efe235b849cc71858da8db3c5eb79cb14bd85e2e964570ab9e5630a52e8

SHA512
58e9fbe484c23dde494bd7af47f1964d2d8686fbe14a25b4fe01273bb5519eda965283b80e014f289ff1e7659131fbabed3834011dae7236ca05b5a12cd42074

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c
Filesize
140KB

MD5
15da3d07004cad7bdcd76a2a5979fcd1

SHA1
3771c1fdb45f6d1aa590e4b0dcd7dae6190feb77

SHA256
110f65f9d0e66775ae145a2b09081c8860f14b4c2d84a453fa021b6cf30bf4d8

SHA512
8f44c605270d59760ec93a912e2bdbb41350fdfc8bbf6b53214ea2acb2542ede8c6aaa1d00e7da13746854d0644c3a342f4a77673d594d12dade98d55ab5f0d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d
Filesize
433KB

MD5
d9ad457ea57c9dd6e680a95fd8c3906b

SHA1
2903a69a5b410dd37ebb1af54b7e3f00c1e5ac98

SHA256
bae44b63554c7fd920b541b9911d03fbea617c2a9d79765c0bd4c3e197c83386

SHA512
47aedd16658535b98f2246b08faf48d49e822dfc081fa1ed4cf97e57a488bc86adcf96963db86014776a619e649b71b8dc1be7767aa758e6a7885b0def73f46f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031
Filesize
64KB

MD5
d84862513956cbe61aeb4ebbfdd3355a

SHA1
14ab269df17cb0333b1556ce120d587324479f6b

SHA256
a18b26912ab9e034923cc64fbfdb59d682500f2c556456930e480b6bd69e33b5

SHA512
d04ca96d72595f1e291a6ce96f092c1707064800103cde733512a186c1b22e089b63690a0c53965c97248dd782731b22fa2d27b8ee3ae112647382f1c06d1a9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034
Filesize
34KB

MD5
0e8eefb4549a2edf26c560cb9845952e

SHA1
8d0b1718aacad934fd0043c87cbc54aa091396bf

SHA256
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a

SHA512
237659dd4b8680ab4856d38290d57ae9211b479c51033d8db4ac61326551e33cc245ebf10eed35aab6854d8196d6651eb70cb63a2ba1d7373404851fe084772e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035
Filesize
29KB

MD5
0e7e5f9d3a8ef121149827180b790b5c

SHA1
0e9f9333078e5df9245630ff6f68ba1d9da3c403

SHA256
e8e147e15907f25cad69b2bcf060213efad4ed04e0d36374715cbca17b2afc1c

SHA512
e6fb4856d43ac4d2dda6b7fefc89fe5e8d446bbb3fe187cfe1f49c8e24cc5a76bab505d5b6e7e70b84caa67d0052f02b136a9e99b5637ae19873d382e0432a16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037
Filesize
19KB

MD5
2b845c3bbfbcb4e28ffbd1838368decd

SHA1
4414c101a651bbc06ab2d1eced6932338278e7fb

SHA256
addd85cdf92ff6c8fe37ab271bbaf49b204ebb8f0e0782ff412959c1e9ac57e4

SHA512
c6a374402b6b038387d385b81040d0d6ae83b2a503be91335b4b641e9eaecace2696871b7ac79af7e78e526212de77f128738cd47142c8ff1494a11bc3a4548d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039
Filesize
85KB

MD5
29bda76a4dbe9716fcf12e3ecddbc452

SHA1
9e50cc6860664bc60ecca0f1702ada29a7ebfe6b

SHA256
d0b0679c8c39a39db8aa001d00a980332bfca1ba7903406984fc988b7d20615f

SHA512
f1c5bb1731ff30197ce83743b6b46f1546b62d108a50ed80e784b670a59aaab139c5cfa9cf85b7e358e4a4e5933e323ea8d8052e191b4968f89033d9128e8290

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a
Filesize
16KB

MD5
eec8dbfc49267c4d33cf31b49661bf37

SHA1
0f49d4563cf9e22e3af6907d0785b9a6facadbf0

SHA256
661d4b208656c006e7aab58acf7784857963123675de2302279fbe6c05313547

SHA512
50be539d4c45c62d73a49bbd7a043f7b79101d43d5ffe47f0ecc347dffca2d50043238e845e26351eb49e81286a1234b76ca92bd0eb749224d0823d92265bc9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040
Filesize
28KB

MD5
3372e695908e25eeb98abc399b905f09

SHA1
0be42c417ef57e433725e5a8d5711d7cc46c1877

SHA256
06d5c9b1e64c4d512fbd35f6af9b394b8760fb374d2bdc912197bcced82c24e7

SHA512
bfcda76ccc41c08941ad425f001a3e2f2c3e6c8e5cab5a4761c9511add98b3ac10559444eb5eb72034c53622796d4390ab52f891fd6406f4af343f661ab53f58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041
Filesize
83KB

MD5
494bc155632ca9bd6c28f79c9902a375

SHA1
89529047e32bde0b85afa68c8ac041a4e5b130cc

SHA256
08256be0dcaaa01845d67b0587edf30a1a7500a1099822d8c4f0cde56ee7f588

SHA512
7148e7770440b26217365660579194a5a3ffdf034e223beb88c1f403ecfe8d09670549202c21b6028cb92a6098248c93081cfb6ceb390b338f856ba0f6b6f589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042
Filesize
77KB

MD5
b3bd3b507fd6b4cf888655b8a39936cb

SHA1
5b0ff63f5aef44013bfdaf00a2e37a36914d7182

SHA256
46d8a45f1dcede3cc250fe5843d78337514a0629e567fdf461f68218d37a419c

SHA512
60f91a4905b0bff2477708e544dc32b9a0931b878f2ea3a30c82ddaa5ab8127b0a79e8bbeab28556063a8ab671ea52360b078a207bd76c6aaacfbca05fb790bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000049
Filesize
25KB

MD5
1b7ac631e480d5308443e58ad1392c3d

SHA1
95f148383063ad9a5dff765373a78ce219d94cd7

SHA256
7fb66071ac6c7cfff583072c47bc255706222c2a4672c75400893f4993c31738

SHA512
15134314dfd36247db86f9b3d4dcb637e162f8fd87c0ce73492ffdb73a87492fc80330655617f165dd969812ed2ebcc42503f632d757bb89ba9116137882119d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004b
Filesize
101KB

MD5
263741194c449abc07e7817b1ba3ad59

SHA1
227ed57bd58e31617f88aa6ce1d5e6eb1a132981

SHA256
4399566e12ec1e6a7efd5846ed738526b0eab9343b1e39eb19f20e9b9dc1e9be

SHA512
450e7b2649292c7503403018f26f1a9239041af20ba92274ee942796b5ed256829c8d43b8068abf4ef2cd6cb88b1f3ffc4b3f4c892a9b1a2ff990a096f27b068

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004c
Filesize
92KB

MD5
d1a3a97c414a5eaf024f2894c218997f

SHA1
be04f32b75390654705765620020493ee4e1cc72

SHA256
4793ffaaeff81376b4b2dedc95b8f79b280f29b5f0f6e156c4d7384c49fd3358

SHA512
1dc2c10efaa4c8e32425c076c5fac28da52bc3c3329e4e5498ea6732090bd5c0eda96ef10b299326cd229a38135b4bdfe6beff751861ad114c09e95fb554437c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000051
Filesize
107KB

MD5
b3baa6daf6e650d825afa26de64f4a1c

SHA1
32fd720530ed7f3ee44abf37adc43c13e7a98521

SHA256
52a3e4e414c9669beeb24f18a109bc892147a81a328f791a93817221f60cd481

SHA512
b4b5f4bee5e5411647c6ea0c01d09fa096139e8bb8701bb4422f5c63665da1d4cae6fd0153e3178dfae67d58a6674916e298315c7246b027368a33a124756d38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\05db63df760449db_0
Filesize
299B

MD5
46dafbe8f1ca82021d2a484170216783

SHA1
18db8aa5c930cfb9de63763922ab460c86b9d358

SHA256
f6897fe97203bf61e683a1f2950108acd0a738a42e4a19ee1e46ec2f3bc91e9d

SHA512
9d36eb04a0f620e991450bbbaa3bf7e5ec85a794c32d4f755c0ee07c05ddd6c084c25fac541eecab60d251834ceed22ea1b45cce51e1c5ede9f6c4fde2059fa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\093b1dd9413b9314_0
Filesize
391KB

MD5
552c81d4be214b97cf18d4a49c7a7d25

SHA1
5b3371d14926f40540297b7a920aee5f27ba8142

SHA256
4b54c8048375264a35715be3c1bb07f3638fa3c044460af8c119b0ea30da9191

SHA512
d4858cda4a8065913d856e3fc58819939b03b05ccddadde7fe56dfc28d212827bfd8fbf444594954dd599a20fc4582d78cbd45213e9e9d3b8411d07ae8615aef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\11b00c02fd88ef73_0
Filesize
322B

MD5
165e53f05e698b1faa9adcc911c30903

SHA1
9830bc81358cd5826f95369df022f5b7e955cfbc

SHA256
facaf977ef98c99107bcc68cb3d5912e9fbd6630aad5e26c6a6d862173fc850c

SHA512
02ffb13dfb2f8b39627c07156f45ad624b00b425930de71c9c88d246ca43a93a4c3fd8418e5ee0b73dcfd5a2514a35deb1d4c326527c1b6acc63b65593219df7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1c7d6b701233d922_0
Filesize
262B

MD5
f02e819189237716330562a8118f2927

SHA1
4a50d436240cc07a07157a2d23af63c55eec5519

SHA256
762f66c22e45392e8f69b62a5977f1f8db8902bf7ade79631abbba9c97653746

SHA512
8039e882f240fa598c0fe15ee4f5d12c7484e83de0125a0ca1b53197930a52639b23c42f26a5392dbf73de870700a9559c364f22e2a3537e0f03c25ba6ab58cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\28bba0e056c72b45_0
Filesize
310B

MD5
3780961d6a96c5d1a0afd4d33cfacd3b

SHA1
5705653c4db4dcd8b3ab2fe8d6c7b73f6e831680

SHA256
8ea08165f9e3d24816a7fe36b3cb95de4eb1a352f4a61bcb93e3536b55c6affe

SHA512
8a75fa6527a13057cea066ae7925d4a01b35948277bfc64a4e172e349d8e17ab2d216b613d8b97e255bd39f3ea1cf24541745c71d49d3287909d323a1ed16a36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3dbc88930b92c0c4_0
Filesize
375B

MD5
18aa60d911bddbb382b76e53aaad99f9

SHA1
68312c5bfe663c3d8c379062d3d042c1519a0537

SHA256
2069c827916bf83c9dd65add0e82f4f39ff222570b610ab94ccfd9445d475241

SHA512
18130d05644cbc3f1b7fd5f18df328aa07bd95271278046885f1f422af2ff49e089d08a7f1a01c2fe3c0e9792f340a8f089ec0e443535e576dbb93d418276299

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6a3f5d9c3a4b8cba_0
Filesize
53KB

MD5
d85289e881f075d1e773e64adf668384

SHA1
7a6d0b06ef262ef3fb47c7ca3e268800d1fe8719

SHA256
188189976acd76c1a4d92de61bfdc587f2c3af59d8eacfa645d191772298ee83

SHA512
00769e94cd41c945f31d48252127f0709de79e38294b4d1d07a2c9c3f2eef7c850942f01625cf07a07ef882e0cd5d2b38cf0071e58c415539311a45a1cf35f02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\95762db0efae697b_0
Filesize
3KB

MD5
e617a3c28c21853760d729859a1d0f5a

SHA1
6b0f41d583dac263ac5c925792309fe357aeaee5

SHA256
bcd33a6c5f5271c869f843d21e559ed87ae8adf76874b4de94eae2fe9009db4a

SHA512
c05829f1f53f9802fb5dddcf6010947a66759268775b779cf9c41ea6f5a9f3d6f5ea9b820fd56cef10536d8b5ff68be1c4885217c1b2ef0be6a7a13616cbd2b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9594d45c7f151b05_0
Filesize
577KB

MD5
759d3bb9bbe9db15063505af618d39dd

SHA1
067ea6339953b0074b39f7ad681f0b9c6b9a7b28

SHA256
a0ca0b3869b6b6fc5222d705ccdcf47c6c2b3f37faed4f1662cd9e14c56ccb3c

SHA512
30eb64d4acee04d29fc4252d1358f87124fbd283b35c35b026c2cf88bac4c1c34fc8609db00237a29ddf7a024d51bd6ec35165f2a8e1c00770d53b3e0f8ca9d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9ec1ad8712334fa8_0
Filesize
56KB

MD5
04d51e08252c19d1bf0e58c494ee1326

SHA1
b025b187c7404d60378d77eaa713ff759cdfd715

SHA256
33c8a6a4d2ec180698aa760c34562525c96c576725b0c2cafdcb45c3a8d84909

SHA512
cd80b740a92be8fe9586e099847f886f2f50c9aae1473e1ca0a226062fc3cf59608ff61d248b0755c603706adc39a3acb082d092713f47ff3ea3b84e30fcd263

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a6b478d990de14d0_0
Filesize
208KB

MD5
6fcd409402e080456e6f85c7cc88437b

SHA1
cb122ec215ad718bee96a00cdbd72ee3b908e78a

SHA256
9f07856a048994d5222e9b0fc92dfc60a836d33c3246994afe4a3a85508c7449

SHA512
9e602cc189e7ef0fa58fc5eb45a6582ceefe08454f86c5e4af287cf2d3c45946986ee951428be5bddaa8d8fa65ea7a908f3212b374704221012d669545f39229

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a6e25f2c13cae987_0
Filesize
297B

MD5
695b3ae0606094acdd05d7d5ba263e26

SHA1
3eb8de7375721898465a86795332b883cc9486e7

SHA256
490c5e9a0a020b401c65fd9e510836ee2304eb4f3c69a0ac4755767d22656014

SHA512
1eea0fac5bf84a878b26a45d2c5f5131f58578a0eca1898b5f5e1f436cb5fd3edbf6932a5ceb22291829c1f2b9247963af067eeebf0759f04216eedeec55d632

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b1cef52ab645b85d_0
Filesize
22KB

MD5
d68ff9012da4801b549b5907bbb9256e

SHA1
fc0deb7d0c5cb8a9e673911a07e8d44b9f79d59c

SHA256
985d1c647f95aa32a3814874c4706ff8c8c70ccfe6b8fe5b221095231f3793f1

SHA512
a632490d91448de11329e20d3a36494b35d00e1b919ade9dc17be55b85e88e7c4eb889912e2802371d5e056b7db5f3b6e07a3e1a5c9a3ae84800d411d630bcd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c20b50cfb3c60172_0
Filesize
35KB

MD5
4836c3cb7e3436d3882a24388d01c1e4

SHA1
7d336f91780dfe3190b4e505f399a18d7504667b

SHA256
4f36d92d1e9d7174211eef6e2a44c0acf1a6f787142e23eaac211ea2c4457113

SHA512
b2fd293e86df47bc1b596add1ba64de099a3c7a417abde87e9cdbbc387ba24375594ccd7992d3a0d967bd8627e9b17e8820c9f946b9464cb72bb15045646d921

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d30d3f3d05502dd9_0
Filesize
241B

MD5
d5151fe9b2b4ccdbeb862191a64b7a08

SHA1
96f7d070c5a57289799f32a1213583ecb52af359

SHA256
c09f5dc14d705102e0983799417a6171eb35cb654f64f9bd5dfa0c6476dfa77d

SHA512
6d85350a90e6bfda37447d7dbad7c43625b6da7699de8de7bb83ae17bfc6c153555539833b2b1255ecaf8d3844d4d1519a0a2a8435d6fce3068d892b7c3af1ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d8b7c9cdd161894b_0
Filesize
413KB

MD5
64922e6b1bff4076e97d247f009c6bf5

SHA1
b54bf6c09090290bd347321210e21762f85c224a

SHA256
094d5f7e4b11e33c2754a517accb35351bac151a0835c70b7ac5d5195a266482

SHA512
248b3c34d1e810c1d8dbb0f1d00947b2a31943481c4bb63990635ad9390fd06630a80ec283672aa5f379b39a4832a871dd94a6655fb010568049acfd78bbab7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\df53bad28ea1e322_0
Filesize
303B

MD5
5c0809bb6db81654136617b9efdc6fc2

SHA1
6cef58b16fa21ddd01c59f9726a622f9bcae8cb2

SHA256
60dfe3e6787f91e622170100f1763a1b83dbfe19c5a394d4ebd7ba682f507bab

SHA512
8de200b6e1fbf2f1ec3209b35f748dd300e0b50635ec331ed65870efeb0cff6213c27964ceebca06efb8e5e302f18e231c55c3c523878965ae816bd122ac2da0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e074146c635177fb_0
Filesize
309B

MD5
7fd8fae1061e4c9ccf23a3d71f7af965

SHA1
b5f5308779094980bb5c6300bcfcba60062f07fe

SHA256
8d49bd1c112687630a8587ee0cd66db5c4cec878ea601b81c9346b9f8dd3c9db

SHA512
72a585620f751b69990d5d4848e86079987c96cea877870c841f93c478b8d1642e5ac7a2779835d6d7df755a389f7e4c8307bcda96f7047288d9dcd304438831

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\efa986235cc38916_0
Filesize
6KB

MD5
ca9b4da0feb255f005738edb43085e6b

SHA1
a6bbcedbf9ccbd656ac47e3afd202c2d18aebbf2

SHA256
357daed81e2abce2392c06d71b1d0cdfd275f84e61cc31badf0db8ed653c2fc3

SHA512
11cf06403e9bed3310510fb20c55656a4a5ae197053cb7bf14c2ddd99c16b5725bdb6199486b72ee7ae00661205a62b87a3bc46a0ed6954cf3324562d6995f14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f0dc228f78ecc57d_0
Filesize
92KB

MD5
1841c3d56630721a6a9f43c8e1dae85f

SHA1
1796b4cb5bc826cc9ab9d4bc424654aae3426537

SHA256
4da1b110aaf0214ff50c8a1f49ff643d1e271c646b0ac27c2135ea9bbd072e63

SHA512
50b5bf71f96f823d28e7f6d05d61caa48490ffa21e304ff8bf38dccfdc9eeb6c7833bfebf4d408626b3c8fffee1585d67842124d6b58455e8e0a06393b332565

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f2b15e0690d4f107_0
Filesize
292B

MD5
a1ed2f429bb0a5c4301a776fd314a734

SHA1
24df4eb083bf68c022a50cd26538729745a9fff6

SHA256
20de080e73ecb089a0f363ab8000893a4634b2664271bc86d89c7ea452d26f7f

SHA512
9f9e59b23bf410b09867ab8c219edd79e86650faa4a1fc8e986f6dc8e4e0b1a89bcfb146124ad7d5cb57e3a5bacb0e1f5d69581bac93e404915dd7bb3c27721c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fdfeae0c8be083d2_0
Filesize
33KB

MD5
1d6a4a0cd2d28cc4163de448a2ed1339

SHA1
69f613821794c2e66e6fdfeb8da4b0c926d20ff1

SHA256
560a6a009f5dac55730544016b095441174100acc0c13508fbb00d94d198f8cd

SHA512
3e8d1204730c993b5951b7005075d22aa1d697d0f85f76e6280ceea14f08deffefd66fe0eda1e0229557fd493102d1da68172e9d4eb321fd4a57ae57e6bdfa9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
Filesize
3KB

MD5
051229ff87e2d110dee16c11e13c2f27

SHA1
dc0b3f7f4e3d82b7a1d7c8bec6d91dc8b77f5251

SHA256
6c8191aeda50848ff5724e65b10a85900d7578e47f9131500ad625ad294d179c

SHA512
49bf719b5b7c6a3d8231e1ccedfd635056cdd0410a92030d904a20729f60a826f818bfb9ffc7ab783653d14ed1dc35216d05c8d3a6354af92115d7c1be333818

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
eebea05f52eaacb48107015e292fa3e2

SHA1
f9b832ca72c1a643fc4b81e60bc165d787ef4d31

SHA256
ea6cf5bdaa87281d0e32a23df5ce487e7332d5f9ea5baabc85d4e26728637b8c

SHA512
cc4b6d014f04f22cb6a9f0a643171b46a050dc92a597b762f39bdf20a93413aaf7512631fea7f17b193d6ce1e3e6aa4465eda994527d45689b27d6afc84440a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
83a6c26464fccab55e55410cf4526c7d

SHA1
f75b22945059f7ab18379026a70f4a788bfa7033

SHA256
6c6b84a32c60ebdb003749b2f027e2b509ef0a198c49be1e5b47dea27ec47ef7

SHA512
89b5f0b720f861d81f0744546033ca3958670b63bc1133249d085ca18aadfc78290bf867837cf939a1d6d35fd46cfe41011dc86a529791fb29768d4d6fe1b448

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
9KB

MD5
65c96dca1efbf3ef1629759bc77f7d9e

SHA1
fb3fbe7ab29094859cb90a0b83c9215673c546b0

SHA256
d4d85349da75713b92882845a1ca1ce6f0e408201a9dba17bf6c81ca6c5db344

SHA512
3ddd530bd8f42aceaeedbd25ecfeee332aa6943d61079daf849a18ac12758b8fa8b17794605e783c092db1de579de1ec6d40babbaa057231484ca7869721825b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
12KB

MD5
ba42ce0dbcd3a104b7c27bae0160ad12

SHA1
0df4359f1c8f6a3ff19cbcb27553a892877958b0

SHA256
7778c6dd2be5fd63d89cd99e139011b2e38d2047f178f11bc7b3cb1726af38f8

SHA512
9303db8674d4c42b09234af9db9a626326fe3c356d5648585d6e291c5e87695157b7d4053a5f928350f3e7c133176b64d47840ebcac0a656c0e0a7f73fed471d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
63136b53a7d079fb4b246c940a8262e9

SHA1
4f5511abd56207ddf00577300397f39e173158e2

SHA256
fcf0d1207e1a9de25e2abf0efb403865ecf4f0294387948284db5ac0565983fc

SHA512
1aa47f33690d5285ed25690166e9a88cb8c9e3f0b3501639cf1eb7208c9ed35de065c8573c025a5f755ec7f67916f7e89aa9cb8c3debb021bb0509b76547684e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
36db8c8a1f7e31cd3cf40207531e7851

SHA1
091848a242f45bdac2244e6737981017846bd467

SHA256
c1973622ac60dcda0931c54d74886c102ab090516b3607bbcd0fce55c233eaa2

SHA512
c25f0af28c804521cc82626da5b3467f78ed845912515b63b81209d47f3af5e03f93d9a392a6ad67e713437bc04d1a02d05382bec122010f46b85d4c825d1261

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
c63e7635311cc4a5348087d6147e939c

SHA1
93cc8920a1e856ec76122b364ad118eeb56cb2f9

SHA256
9d83c4f506bf10ee880deb9010a6b439dcb735c5a8091a475d115c84bdb9b4b2

SHA512
924547f44d5f25897bed605461cb816624d7ce5c8a9f310ed995335b328b3ed5c686af2be4efd8b44c37756921bab44dff7d5d83fa160386528d9eeb30ec09cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
7cd6b19610ca211166384523fa76aa3b

SHA1
b1881b83554b882f101a7415d7307e62c411e547

SHA256
1a38d98c2759bbdcb161f3ab7a2a2694943cf337234e24af149d74acf7f2bc0c

SHA512
1b9dd0645fd4629aa2de5ce3390e0db30c6a25abef4f516d868f31af3e57b2c9e07e678a7173f745532765457e07a80a5397df9dd431340d80b4ae37c8683e13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
a1fa448f951f26a7712dca1495a5f579

SHA1
639ddde394abf0b7529f8d9f6c7a5c2378def97d

SHA256
e77d7655b23360f8b71e6b6e60d8f3ed696cf8291fc0f2bbd3d25039dfb47054

SHA512
47f7a5716446e956194c6e37c2671702c3b11c4bd190aaa8a6767986614dea6aefea48d4dbdbc7326d8d2cfe98efd9a333df2ae2c1f9f9c2823cd7f8feef2f43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
dce02032a0323a33b3b3df6ebbb7594d

SHA1
affd3d465192815ee48ccfa8bd47e279951ec04b

SHA256
8837d39b1f9952f47605364ae2f6763bb8c54e40a9940139c4c9d9f457c9d909

SHA512
61b8bfff474b4dfe8600c9d7bba04261f2f49e66770b0ba21428ae273917fdd63296b62558c754b8fa0d71e026ed8a5577030e19bcb9cbb2f265e1102728db21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
e46cef579c3f5f42a797f1d672058747

SHA1
2aadb6af8e9337da377d1b91c29ee631b0e54d3b

SHA256
6b32e895fd7c2d0eb4f960c40c6a88960d7ca78a385c6e6c34620ec9cd09a3c3

SHA512
c200fd21139d982f3648d45e55b7a080605da264266024cbe3ddc85b8bc1b3766b22c548707ffeef8d1d63bcbf5b68b634fae51c61b5dea9c92f400bab82d3dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
7de14be99df5cd5a2a7844ab29f7da3c

SHA1
d2ef4f903b0d2a8f948df0538b24c35fa1188db4

SHA256
2065a37f3c0965f5bea4c807b7e1ffe7ef066d21b1241675a433e8ac65d0a826

SHA512
bb8f7d2af8dfdde0eedac15c27859a587a72260cc98079dadf3d65044770d4ed32c4a8d9c707c5ec95cadceabe6d5b69eecf6addc65c029a7a60ae762195fb5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
accbd2c5a2d6b6855042fa9faaf09aa4

SHA1
5c1df6a5cd4a4792b2ccdf90969e8a501c06f8fc

SHA256
553f00854994196f20148b6ba9eee6c490d7a6d0e0ac9bbcca7961b443cae77c

SHA512
47b7f743fce9ee58aa62377256b1d9c788949f4c69fa19d496f6e5298948c9ad6a4b6110c50144978747f4bb5b4baafe8ccc38b77110fe7fb33e0193b2bc257c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
a2202ae6b2b7c52bcb8d5e479b805ea4

SHA1
2dfc39444e7334d14e5ba5a6535ee066f4266cfd

SHA256
d59ef7d60b46e603eb40abae0ed4236e6b17be134a5b7c3536581c834a8fcd8f

SHA512
7f3c1fd5fdd8d75c94ee26f6d0fa73d0b4430cac6fbbb0a84adf657947b9d44fb368ab011661075f7811d19194986a4f479b5d3bff549e307cc8946128711e37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
1b2c25e789f37c407bb52210da5ed3f8

SHA1
ae3d5b8eb01e20268c0260d0c15d1d622c485f3d

SHA256
430d02bab04e85ed3d98d7e54cd066d863c1735b4d6a5d00399ecc4e16dd1461

SHA512
aeb8f9b6e3414431e56860d3e738ea5138316b241eae037d9f4c6c1bd24341406425d7ffd7abcd15dda6344aba8824fc3d466ecce2303d4b7ec12b2fcf874561

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
9ac5503c374b6faf1fc26fb1432229a3

SHA1
bc244928b6a16ee74e381cc4c9bb5c2287435a9c

SHA256
65870c4e3ded19dc52400c1c522c5025ddbf5c8221a0b6b1778f5fc69cc81230

SHA512
4d9dbb0131470c181108031d3a85c075062e77d050fd8eb4f0ed3b90345dd6fa23645853d2d8376d5a5ebc28c5972a15829aa6bb5b5bd9dc7678fa62c76d261f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
6669b09241a2595df89d287f6260cc02

SHA1
ec25bf43bb1620c0daa2b5c306d938606b14175d

SHA256
63d5beb2c323938a5033c992df2ac5d04ff3e1d4b1285273bb43b2573ea58849

SHA512
2b87574256741631dcb07731358035b307a371e998bec6d0476d656bff5f7bb5bfe19746d137997b2877cde9f443e786b3da9730b0151fdbd991123a8cfdf606

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
12KB

MD5
8c792234bab5daaf174b7ccb8a5797a5

SHA1
7be74dd0356642f01cc38cc64668b7c0fa99abd9

SHA256
505bf71013dfc033c5617a083318de2e7b1ddc43f61b20d9e233b824276defd1

SHA512
bfbd166e54056d070e10645ba3e15b63a1c202a8fd33f26900f52ab75ec7591af3163ff3829203d695e6256012fac58530c78d72051b902e9a4dd98376e7e3af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
fb95ed532a2056b3b4833dd2da807dbf

SHA1
fd9b3308511b2426cda70b0e05d9bcf3ba056d6d

SHA256
dcc4917c4e5b386da1cfd3d9ea8289b8fd9ff18580da7c383ee4d8ea8e3ae46c

SHA512
48b1dab04339a9d4b5c4fe7b47ca2b75b3fec7b97a557d3f76d799ae63c40a1fa28e4d351940e59b9a29dfe2eb57d641959b2755e574dbd083a4d8bb06848c12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
e4e2fc0da0c0d763b70a0fde17bd05d7

SHA1
074105a86eab006a9c06e0e84b8d61d0ad8d8997

SHA256
cd261fc64e3b939ee50fb24e125488dfeb72956fd90393ccafe49fe88cdb9056

SHA512
3a697832bfdd2b7a0a48bd8e602bbb4940972f17ae94118c37388aefa3a5c209b0b36f461286243cc9f3a5067be8f72e635f4b1e94fedc1453ce2556ff643b79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
5bec0a17e559392d82d50be4638917e1

SHA1
b57061c3150f92038a69cdc60536e630e070a1ba

SHA256
648106142da3c9f4fc4dd2c3d8d70230e917ef137e924c825d58c2792dbb5292

SHA512
17902c9f6a44fd5256c1e37e2a84e592636605f0ab88e4b5b719ed7fa838f54e46cc05e1843310e9ef280a49dbae0b84f0edb3b0fd6dae2feeb1cdee75c3e372

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58436d.TMP
Filesize
120B

MD5
5a66c603adbe97148d7073efca8f2a0a

SHA1
bc489fe554d8576c952300631571613e4cf440fc

SHA256
83973cc570361d8c1f5303d38a452e30fa713edb1d01115278fc555fc261d6f9

SHA512
a9bb580ae87d6bbd0165cfde562de5317c721b39caf183fc450f02d7422e1eeacd3047857ec96c23f8ef40791d8eb0c667e7ae0f0b1466e4d293ae400f4cf8be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
129KB

MD5
1cbb32220f6d1937f31a98a70b91a620

SHA1
23f8d2239d3f79f8621f9d7c50647dfe71327d1c

SHA256
91788252562914c702e561d9717d52ceec3adcfa722b27f64d837a10ef925563

SHA512
b797c443b084eae87b5dc3c5dccef25fa1986a461185754aaec2baf3996786081e6ecca22a208932d0cc126f780d8a64f1af1b11f3d74524d0c3ae306b7388d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
129KB

MD5
0ec6d80f436c3ce8a9a2dade9ba72cdb

SHA1
ae448393ba50bc756724a1d36d12a34071139bff

SHA256
bc7828a010738b6edc3de374d0f6c7bc3d7f6d0a92ed06fe0add31f58542264a

SHA512
2e7614657f7cd313c09117724e392cb17ad844cee8b56dac45b3deb9b95237cf40a6aa31d08e5e07606599eeddb7fcaeb85d13879658e7a59951637448e063e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
129KB

MD5
c8c47d953385651e0cbb0f050219d38f

SHA1
c1aba8544ae5dd678257622224c3e9e9517628d4

SHA256
ad5cc8042637d5225664352dee2c3201fead496d919edde8569b9fe0a16fe052

SHA512
9032f8d67c1f5f0ef1996965d239995aab40b865e0254a71e487d8084b354f8cb2b40d1b9e374cb4ec003266139ec6197d6b547761661e53dc2feaf1e08a385b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
129KB

MD5
78561963efdf4d2b94f6286a0342579d

SHA1
8b53b20e73a43d089df5a09be35988ee8ce54f25

SHA256
b5a6b5c96ff9e386c1905552eb54cdebfb2da8bc404a7c4f688f6b42fc90bab2

SHA512
b9c021a3aa59a089188fd7373517664e850517919fc06a25c832e554e59189235539543639ce53fbf26e38a1dbeb37878880828d4c2a6045537e8ab8691a8155

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
129KB

MD5
a0615546fd48d05a8eac77caec5e6713

SHA1
c262574d5a18ae705bf2d8d8e377d4933e7e8848

SHA256
5eb1228a053d1ecf43198ca0d0cc9b7742eee1db3e0018285ec4592d5fe1eeb2

SHA512
08732b1c9c13a23b7d28cb13f973e102de3e1ba8ff47480ea4e6f917c22f2c6820398380c2890cd1ae1fe7f408521dcb83b6258d1d1403e74cfae5a1dcfef37e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
129KB

MD5
4d9ea4fbcdee318605f16297a5af2649

SHA1
070f005f5131ca57f5f103dd5a8f0fc4ca227d9e

SHA256
2f13cc5d8d34bf8e31fa85713cfb3be045c6269f66c950c8e8144af172b64ced

SHA512
d246c55031d794c4cc5724540efef0d0fb9a7cd1e829fd11d9f88fd9f326733151b44738dda923c9d9920335b5e48940b94be4626aec6d5f96d95ecb3305b324

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
88KB

MD5
854eba551e8654ba1ff0cb689fe3c446

SHA1
4f524b6ea93a69cbee91f59372480bd0d2a8190f

SHA256
df9b9690aada9697c8f62990f27bacdf837828369b62bfdfd34fbd0349cba4fe

SHA512
2e8a3bf91beb6b8b67f68175e5d3f490218987389dc27068aa0cd730a847d436d48a57874443020a8ffcea668e805df8016c8f34a0259c75a740b21aed02bd6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
107KB

MD5
305c4442ce9ec19d72583e3ed49a2ad8

SHA1
37c985aadafc28c0f4bfc3e684045e635e6aa632

SHA256
0bafafee5645d71fd76336dd585a1e96fc271c947c20838eb9f28689ae8a6c12

SHA512
0c646139bdc236bbc4ceeb2be25e90489e856bc05a435b304d8ab64d4ab51bac82cad26a53eb3e93b9df0fc8237f584bc6e05ff2de4fd0d5362478aea172dff5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
87KB

MD5
996ce54cebd4642567d90f124714f084

SHA1
61a8a62360b3f4be9114c2f13a3885400a36bd88

SHA256
750471e505cfed5e8cbe60a7250736d3a41ec31419ef269ff8b8c7832dab81dd

SHA512
e79cf2e66908569c4430033bbc75514fcf850ba88b9d6eb203ef3d68cea8c47001073917611ddabaf519239f3dd7cbbdb6a9aac7909c6e7111e663baa84b6978

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57de89.TMP
Filesize
83KB

MD5
d933fc9e4b753804e59b1a415852734b

SHA1
580cfbf746a9661f29012db270446570f5d67643

SHA256
2b4cb44f568d1d59a9f458e8a985bd06bcb6c588209049762c4fffba04daba73

SHA512
6a696102fa1d018b8ee93962dcf0b9152eb0f6699547d43e16e5bd16284bb2bdfcc24baf2f9dfb55fb67486b8ed2133499415a41c6867a03b29c812c6645dfeb

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log
Filesize
4KB

MD5
4af8988fb44530702a4ef7e2fa0e42e8

SHA1
78fe73331fca3b56bcb7706c9d16d8f9d75d3521

SHA256
411e8e6de00deda516e3a4d7ce66cce8ea8677c6b2e68d0faff09ee78833f97b

SHA512
ef29862054f203cb0dc53d30d23d3a7f957e3bffe02f4862794a7912bfb33c52f0fd5cd80531f84e625c68e2c42700154582a20667718897ab0f16a6dabd3053

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\10154ixk.newcfg
Filesize
594B

MD5
d2a31af04b72f10b334cf6d83e329178

SHA1
87ce6a8c7c38b66bf229932daa43d10acd43f5df

SHA256
be6034c3d1169b8b945d3a6e939cfd25759ac788ade5b59dde8aa299d1cec49b

SHA512
f5dcd0d132ee4119550ef8f2c6675120e03647d36e2a1dd4e5bcae2bef0445398f4fcb4dac8287ba745a14e89d93c7cdae7c6701e4c6ede89a869c5b354f95bb

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\1rrkabsd.newcfg
Filesize
1KB

MD5
503758332f80d2c0cd5445e7fcd507c1

SHA1
897977a2e51e562e20fce5af1af7cde0fa2ca136

SHA256
0022a59125e8f274ec86835d3218f0b89baaa85cf2d25a4d8cde5e7ab1626822

SHA512
fb7b9f690b73f559edd5e3ea60e450bda2ee7438f819aa766ada3485a67a683623f381337726f2682615f9e0e266bef2417fbda6870c31c65fe05000ac29b285

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\1tp5pcz2.newcfg
Filesize
2KB

MD5
3771805435af99a7c365405091eabc4a

SHA1
ef727aa009adac2620112999943f31fc80d9d01c

SHA256
05f826e148d6f65b43ae81e5127072ab9663ca9085e99b431138675423ef1f43

SHA512
0e13e23b5ba65c8f387bce0d019b52773b4c7d2d5f438ce810c205e3eb4b1dabafcce5091de2629650b2edc59c18afb9489109536117e97bbaebf3f4e03b1421

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\2mwhmd00.newcfg
Filesize
861B

MD5
8fcfed0307b17dbe792fd477141ebaa7

SHA1
eadeff417fee31215a1449982f3e58b9f52330bb

SHA256
04119e97067e832137e094aceaa61f131aa4984fff9a8930592ca8c30914f982

SHA512
ffa98e1347556f207e958c923f0a98f84891682ed5c28f60e81b2b7d8ef10d5fcaec81dfe440d51eff53dbcd77249596bb8c471e0056f807a7985a3f47e27544

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\acfffemi.newcfg
Filesize
1KB

MD5
20ec30386ea816c3cd4de0ef82d794bf

SHA1
57ba6017f473277ae3253843f9cfa88904100bc1

SHA256
c78715b2f97cab896f09a47f210a96bdb8b4391326850e288f3987607ccc74fd

SHA512
aa5d07c8175bdea1ee64db54d929344dcf48fa77ca07088b7c35db4dcd9ace0a7177dcee81bf235890471021c81b6db899f7a0020c0cd1c889e39b426a0d8da6

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\b3lc0ilp.newcfg
Filesize
2KB

MD5
1ec3ec01d94515a4629d9e73cb79ebf6

SHA1
3c2629db0f74977ce56ed88c73ad0a33a99065bf

SHA256
cbc500964f2dbf3858f053fbd362fd6d6a42e6927511d5f8078b1a00d9db2d5f

SHA512
cd061f92f3adb196981526653c84a357218e5d28f56fd80b03bdc80960d5b03dd6e20a76259a43d80e8f8bd4e433c3a4aeaa93c799a2d61e1c19cf869c6b21c3

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\hh12zt5u.newcfg
Filesize
2KB

MD5
7b31b64c873a5eb560f5fd9ae23a7184

SHA1
4bc67d86d8380bb58efdbbec0b630550ce34b2f3

SHA256
6008b6b6c773bbc879c0a4bace476b631ba4f27e9b270ab3ab534e37531285e9

SHA512
e826625a0a112e3d28f8b1cd952b24d516b4d83ef8c92a01a5da7d0a14b885cd070a1609baa468b9acd2294953fe1da75ff1551a0ecba365ff8b9a5d0cd3a7bd

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\m1pdknmw.newcfg
Filesize
2KB

MD5
2375103757a1a5e0d7b29dc4ea5c1cc9

SHA1
642d285c8a8ed150d4f1a66fdf03ccf92ae618cd

SHA256
84ff0d2558330d9f328c95fef725f19469de981016fc93d93ee0476239ce0660

SHA512
fc8de292e4b2f5a9c24220429afeb9abcf939d9ec8565cece3c70487b07d0c6e6a4d1ec70a5fae80caa143b9453d8794a4f8583a3d216441da40b00035507546

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\odzf4jou.newcfg
Filesize
723B

MD5
eae39683b5f9117fcde036e28aa6ea09

SHA1
b362a0882a2afb7d470b94ec9d72dcacad82737d

SHA256
e205315b625f88ba5db9fab72956be091f45fdc9e298f06d3408f04bacf183a0

SHA512
44d032ef7a455e11f20425ad351c743363d5583554db23003f3cdfa3aa12a0fd7c175f5b0e2d363619909d76ba92617784705f370ccb902295f2e96c2b6ce5fd

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\rjt3evra.newcfg
Filesize
462B

MD5
6c7428ee170827af95a42c36eea3c79b

SHA1
0f3c9a3ed6b8ddb27afe69932de2b96a5ec2a84a

SHA256
acb6dd2a0049c987baaa2d46c6fcd6de74cc90aa79f3b5a5713454fceb299a46

SHA512
e4fe547e171e2d90a48876592dbfcd688ac61d63ff2c69fca4ab9bd4935600f362bf18ebcee1d7b2e2a8c16f15695627c28133d55e79be18d48c27c63c2e5b54

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\user.config
Filesize
330B

MD5
335d8b10a6988eb38995ef38644b1552

SHA1
6e7f535cfa1e3ba2a2117a5a0801a00c6ec1e523

SHA256
aa0da1dc9950d1e0ef36e6429976cd1388561b5320aefef1f3f99a1a7b05c1dd

SHA512
f5060a2e0f2d5d5bba229a8a34442efe0b5334b41c9b76fd52f09325efcf6efc599f87e59f3a904ee299fbc9eb6519843559d539396ac25039a4696f045bb3ba

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\user.config
Filesize
2KB

MD5
7795dd233439fe79667b34aa97169568

SHA1
949c3f2831ae08196c109d6df246856245b036c4

SHA256
2ec261c4b39e6d7bd8ffc42158f15f4922cd3d6d085e00daa382c7363174698e

SHA512
76771ca4d8b8f6776fd0a56f408d431779331f08e2e78d851ef1da5c64219d2a8d8efff1c8b37b15a011dc18095b6586c5e927ebb98eef9492578e96c40cc89e

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\user.config
Filesize
1KB

MD5
b0628594873ebc9a43dd09053c427832

SHA1
4bf395e5f8b9fb106b49b8117f465567b55185ed

SHA256
356bb6636c434b416dab029df028dc8fdb398377135a0d11769704e2d0b1d533

SHA512
c1bf0609ceb8db44a2c43ba263a97e25b62daa0a4781a08407d2d1adbe7ad33f613f72a5b25acc6f9079d4f7cae1945f8777b3623a1b6ba8d915309d7ce32a82

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\user.config
Filesize
2KB

MD5
a652477586d6e4acbb2ae2501a23ecf6

SHA1
b6f1b2725fde2f68b0f5876108f304f1b0fbddbd

SHA256
c70dd9ecc9274bfc4986aa28e784c97bcebc58b9ec9f001bc277b1146577fb2a

SHA512
448ebbf9e1e286a6394c3b19dbb5dc0091e8a1cfb4415c8252dd5ef39579c210f4b0a86ca476c6f934bb463ba6465691c1d21b2ada1bbce0b00d202142c75993

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\user.config
Filesize
2KB

MD5
70cbd0209cd11649d41901e5ea518075

SHA1
76d5bfe214d0733c49d374148d76eb8ee8e5d248

SHA256
d4d7aa948ea2fefe2bc3dae6a81bdebd82f9551fcfec7b894d923e52b2ebbd53

SHA512
aad7f14f8c00c75cf196ce0907937650a7fa79117bf9ac810d462e9993f75d8e9a8b1f1e9ea31bd4c8924777c0bf6447adbbfaaf33f5380a4a38fe01541e3af9

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\user.config
Filesize
1KB

MD5
ecd060de5155e15d173e7f9ad586e93c

SHA1
c983c8479f95f76b41b8d23032c3ab7c7a30daff

SHA256
d1fdda3e24a736baed9ac7002140ea4ce2517ef82a14ce3a8957b146fff3aa72

SHA512
b94b4d3daee170098d1a01f4ecc6c02f045f3aebb02eba76f3447d06c2a58056623fa22f8ff378a9874dc1381a0a62de1f8682dcb895c73ae4f6c747cf575395

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\xo2lnxno.newcfg
Filesize
2KB

MD5
43e51f95bead3db44da7ac23f1500e13

SHA1
c1fde245dba4f3cd17be8af4066695aec94fc24f

SHA256
d76c5b40e1217dc80c11b59a7cbf3ba8e8005bf6c76d5125ce1b91e94fe6b81c

SHA512
bbe42f85cd1d62726232b1d742b3f8df82ca18836fa32fbf915224c24ff31d395e48cd1eabdbf6ff148eb59c5f9a4984e53185f9f35eea38fa5f27519b7560d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4060BDE8\ICSharpCode.SharpZipLib.dll
Filesize
208KB

MD5
b0040d764201abd71c26560e798bfa7f

SHA1
a3f32be47621d353d67c6a72b7059b553801a9b8

SHA256
13c3e0fec7ff29eb8ab28b321102c2d27afcbb410884cd693cfd3d211bbef1d5

SHA512
104f157b822901375cacbb22121c1c866254eca5979422741768aed5536b0d51f5efce24b6106927cb16843276fc8e4b8f70ba20f5ac3c48a75460b2ab14e478

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4060BDE8\Newtonsoft.Json.dll
Filesize
428KB

MD5
746c1f0ea5a5c0a67fe96dba4e32ac76

SHA1
cb31834984b5c7509499f0a9a5febe2e3575de78

SHA256
9ee20b0b7e54e633eff1a25b6e379201d499552689ad29eebd5ad90f221b1386

SHA512
b07f6032d609291f3f3d6e75abc055cbc0751c2cde4cfb4eb5ab93611ad8391e877dad92009dec70c0c2a7fb96b20cb4392a1a51634006466bca06fec36ce358

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4060BDE8\WebCompanion-Installer.exe
Filesize
428KB

MD5
f6271b5d4729c2fd7dd9950f41d57c8b

SHA1
b201f20d58d3d0de4edbc513b25c4af8d3790d13

SHA256
04e8c3de51503351b4d52fa9b010aebb41d3cca46387046e8e689fbaa7063c16

SHA512
8e4ff8ec79b154211d2b6ded28025b92c4f09e36ee160be689af986ae2aeb0f444d834b04f2c6887e757f618f1d7dfe049f8d8e6a6c460c99f79a80a1580db9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4060BDE8\WebCompanion-Installer.exe.config
Filesize
2KB

MD5
be34b448b611dc35dd383ed545e8fa96

SHA1
6c9dcd8d936f0e39648f8fa80e7f07d9ce6f550e

SHA256
deeba89fab938088e2e65942e93210e6e368eef6bc1ca8e8724ed43154701851

SHA512
796bc2ee8672b64d9f5859f0b091e76de9523beb91a7c8a1aaf59be30902bb73f5d197f271d9d50ba6139b109b00f121efa11929f322af71fe9d32c683ad8c44

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4060BDE8\en-US\WebCompanion-Installer.resources.dll
Filesize
6KB

MD5
e4266f63970e9bb702fded23abb07ad7

SHA1
fb53dbbc93788d7ac3672520706195ab3eb75fd0

SHA256
83cf07757ca5e7c3dd2a8cabc44ba246b6b6f24c3d7042ceb3fc91ddfa8c4160

SHA512
4632e8af8c60b242d7213ec4eebfff358c59e0408e2f6d1821bd87553877e0ff4c9e874992242b303d26a2c53ac53e628674ce2ddb0dc0102e581c05f25c5f54

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
Filesize
3.3MB

MD5
a89871f4fb8517d47eaf356fcba5f9c2

SHA1
4a19ea78e1ea859447c584a4eee2fd62a1c3903f

SHA256
afc118ca9b161f9b2439a63c84a1a172d6e854540aa8a24538ac73e83a09273b

SHA512
3574660b1156f1501d42a1406093c416237457f8331fac32419e26a8cdb6a8e582a17c0be1c960bc86206b7a12d0324b588e51ebc9a87933233507ecaec8991f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\ActiveFeatures.zip
Filesize
404B

MD5
17f361e9a5395789fb1d8ac84a52560b

SHA1
9577925aa03fa0379c0edf4fee2a3053a24a47c7

SHA256
ab970f448ab5159a7710931430ead59cfb95c44445876bf59a0d752ad0513847

SHA512
baec89456480b263e542b68da4b7dd9008d94dc7faa734cbddc531af34ffb22f894a5cd334d3fe4fd2a4560c19be6905dca3b805834232ca556c2985086e43bd

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\ActiveFeatures.zip
Filesize
404B

MD5
8b04e1f7ae7d65dbd75b79a4d22e8f98

SHA1
9d095176717a9469cde935ccf511b9e8fd60979e

SHA256
14137ca3c7a178879ee87c984049207712611224ecbb4851c11bd072a7ad2220

SHA512
de11378dbe352791336bb6ffc1557ab0ad8fd0a9110bf03a04d603bdb06fd62ca47254238dfb556d34a60527ac54191707ce9dac96f236d6850f67578356d117

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\AppSettings.txt
Filesize
332B

MD5
590fd86ad024f2b655deec8333e240a9

SHA1
f1946050248dd1aea834f139063ac8eb3e41677e

SHA256
7afe6a8c5bf14cace6e9bb2d40df2adb5f31325fc024f448138106cf7b63f7c1

SHA512
c19bf730552e548b6caaa27f5ff2c5b34d34ac9408b3b6e388361635ddfd4f619b9205fad76b9141f2804b8dd364cd843dcbabd4d9d7b7b712f320f6729d87ec

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\CData.txt
Filesize
209B

MD5
bdb05aec3b480d6d0ef2c1b63110387c

SHA1
a148f00b85c0d9267d842fa4021c601363204e5a

SHA256
075400a94e93e8d3cd22b9f9bf64260c1e59dc0c7e36ded436ab3922b7a043ea

SHA512
429706d46d65fc03bf83311824c5d0855947cd198759608f1d188be7f3d472102da15a5136a97921089f3514f2618e67d49300f6d76b5ad169bd3ed978a21c43

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\FData.txt
Filesize
208B

MD5
79cbe529ff6bf371ee89f64ec6dc7993

SHA1
0b14d49b3a26ee2e4ab4882bdc3f6e3e0cc2a22d

SHA256
4f764c23933925e5dccdcc12ecb2bbcb66d4fd23c737f81dd2446c08776bbf5a

SHA512
f6d64597d5a667d73bb3aa0f0f97d1836671c1621b684c69c5271f2d73527e64baf98ac767c76c1c0f2b9c4de8c894d2131f5de1b114d7faac7285e7443b4790

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\FeatureActions.zip
Filesize
656B

MD5
7118d50bd919de53d5c48f6f51340544

SHA1
65ba8bc7592d0d316fc526520a2ce8c5d1fa6737

SHA256
b74e90e71ce010696f9a5d8c4a0515255470d3c61d1ebea803048b6662614c73

SHA512
02570936e7814e8b534c3662e99e557d87e893c06f3f32e0b53b44f5d14e69d84e7ded5633f8aa8368acda51364ec2112bd771d4d57527c3d6ff6913c34dd9b8

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\FeatureActions.zip
Filesize
225B

MD5
b6c7aaa13ce22e5af7275916cbe9a6a0

SHA1
8843af9e853f0c5bbca5f4cf65cc571093deefe5

SHA256
f139ad62abcba319262a4d0e3402cd725bf4536589e300ee29c852f832541217

SHA512
87de67fc94dbb818a5dcca4ad037a13b2d9131b56b67bc23be3179f63a1ad1a15cc3ed2817c1bf47a3af8d21c9b2ceda6f438cd40eea5565f57d373d5cd441ec

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\ServicePartnerInfo.txt
Filesize
186B

MD5
d23fadff54d6c4e34d5076351869c57a

SHA1
931958b4e67b59348de8a655139f68d2c1f7794e

SHA256
9beb84c1e6d8d7fcac62d2d6e248b9d6751590a465d5f2c02c9768b930fdf4a9

SHA512
eaaf409b7d3aae98dcb699d639a0d66bdf70e87d91b61d2ed248b7774a0147fe5ecfcae4e68161d511228167d54879aa2ec32859a25c118a543a8443f6abfdec

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\WebProtectionConfig.txt
Filesize
308B

MD5
0cb1cc6ebd3113ffa4d08cb8e611b0c1

SHA1
c084178a890875d41c400e8950537e1f8a58a50f

SHA256
b578ec7cfe4cdf6690c83daa66b068fc585a8b35fc3a8722e29f2dc0fabb26e2

SHA512
c86f4c9a16249313e1a4e0561dc6241e931c5d382a830b64e3aa9d1447734716417bc2f08e4860edc0d2945cc5091170b90039194c90985395d33a36662fffec

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\statistic.db
Filesize
2KB

MD5
e66a9a014a9c69e7de22ffe082886c34

SHA1
339978babeac335b25aea133d46b6067801003c3

SHA256
603316adafd702b1929eeb9daaf8b3f5672dfbb4cdd5b73a317c145c5e7a1244

SHA512
e085f6c3372b6d611df84d52102821dfe9d1a4d807837298c57f7970b4b5ddf3c72dc1dae1eaa62a3a30ab13abe291e93d9a2c9383eeba8e5716aee394f09182

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\statistic.db
Filesize
2KB

MD5
381619b6580fe77bbc79d599f7e89f83

SHA1
33f2e49d3c6b4720f320e400118917f0c0f78501

SHA256
a5c0772381cbf6a570462c1946ba34af6d20fa2426b4050fd6006d561d07b690

SHA512
c09dd221361b6801b73f24a39b76525a80fb137f40107a1d6f2bb3eb584060c09f7d638d2fe2c5b6b6b0aa8448c9838212a4af38f7755b5c6b88b26496eb6db9

Download Submit
C:\Users\Admin\Downloads\Setup.exe:Zone.Identifier
Filesize
200B

MD5
6f2c303968034329469b6c5d3d1a6d44

SHA1
016c489077f5414edb58e17021132057663f26e1

SHA256
2c68591cd24887356cfc0c2f7482e40382f276a39bb3304f9e69c3e38fd2eaba

SHA512
bc20b5075a00cc5616943709c9b1bad6d7ee32f6b8504da3ab823769440f2d8c28b6f9659817e52b17bfa4661e56f5240d836942259368204c9e758d6c4c1007

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 432460.crdownload
Filesize
532KB

MD5
afa78239104ca3390c06abe38e9f1b1b

SHA1
01347c6e6862c341f28edc471cdcac093affd773

SHA256
d6a88f3db32c236f17223cce04ee8a6082e3afa3d359a1c9ddaa014d613f951c

SHA512
47268dd4db26299d00ea686717f981998090d01f34021d415f829971a3fd04e55a6ffaa3a6cadf0c3ab47d0a34f18f8118044ae034db4c267b084a7206c006b1

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 784175.crdownload
Filesize
7.2MB

MD5
3688679a0c759881d78c19f0336d31a1

SHA1
ff4b828ca340c27efde9cea0e70c631818b0fc37

SHA256
daf34fd06790422f42ee9b0922de21a98778a911d7557d3224e06c83f0ce08d7

SHA512
2745efdd4bfe8ce18f6dc28f632756fa67d1cd95d558423360c6681447a081814e274c5ec08e3a79abb4b3d564c40f38b030ab02822b7671b7415f31b4d608b6

Download Submit
\??\pipe\crashpad_2764_FPRBSUNAALOADOKE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1604-1068-0x0000000005B90000-0x0000000005BB8000-memory.dmp

Filesize
160KB

Download
memory/1604-1211-0x00000000074D0000-0x0000000007504000-memory.dmp

Filesize
208KB

Download
memory/1604-1259-0x0000000007BF0000-0x0000000007C66000-memory.dmp

Filesize
472KB

Download
memory/1604-1295-0x0000000008BC0000-0x0000000009166000-memory.dmp

Filesize
5.6MB

Download
memory/1604-1070-0x0000000006640000-0x0000000006652000-memory.dmp

Filesize
72KB

Download
memory/1604-1071-0x000000006B170000-0x000000006B182000-memory.dmp

Filesize
72KB

Download
memory/1604-1069-0x0000000006690000-0x00000000066FE000-memory.dmp

Filesize
440KB

Download
memory/1604-1249-0x0000000007400000-0x000000000740C000-memory.dmp

Filesize
48KB

Download
memory/1604-1370-0x00000000085B0000-0x00000000085D2000-memory.dmp

Filesize
136KB

Download
memory/1604-1157-0x0000000007410000-0x0000000007488000-memory.dmp

Filesize
480KB

Download
memory/1604-1261-0x0000000007E90000-0x0000000007EAE000-memory.dmp

Filesize
120KB

Download
memory/1604-1063-0x0000000005B10000-0x0000000005B32000-memory.dmp

Filesize
136KB

Download
memory/1604-1059-0x00000000059F0000-0x0000000005A11000-memory.dmp

Filesize
132KB

Download
memory/1604-1058-0x0000000005A30000-0x0000000005A6C000-memory.dmp

Filesize
240KB

Download
memory/1604-1057-0x00000000055D0000-0x0000000005618000-memory.dmp

Filesize
288KB

Download
memory/1604-1056-0x0000000005570000-0x0000000005578000-memory.dmp

Filesize
32KB

Download
memory/1604-1053-0x0000000005520000-0x0000000005546000-memory.dmp

Filesize
152KB

Download
memory/1604-1052-0x00000000054B0000-0x00000000054CE000-memory.dmp

Filesize
120KB

Download
memory/1604-1051-0x0000000005330000-0x0000000005350000-memory.dmp

Filesize
128KB

Download
memory/1604-1050-0x0000000004F60000-0x0000000004FB0000-memory.dmp

Filesize
320KB

Download
memory/1604-1049-0x0000000000320000-0x0000000000668000-memory.dmp

Filesize
3.3MB

Download
memory/1604-1397-0x00000000661C0000-0x00000000661E2000-memory.dmp

Filesize
136KB

Download
memory/2988-935-0x000000000C420000-0x000000000C458000-memory.dmp

Filesize
224KB

Download
memory/2988-894-0x0000000005E20000-0x0000000006438000-memory.dmp

Filesize
6.1MB

Download
memory/2988-936-0x000000000C3E0000-0x000000000C3EE000-memory.dmp

Filesize
56KB

Download
memory/2988-1779-0x00000000744C0000-0x0000000074C71000-memory.dmp

Filesize
7.7MB

Download
memory/2988-934-0x0000000009920000-0x0000000009928000-memory.dmp

Filesize
32KB

Download
memory/2988-933-0x0000000009900000-0x0000000009908000-memory.dmp

Filesize
32KB

Download
memory/2988-932-0x00000000744C0000-0x0000000074C71000-memory.dmp

Filesize
7.7MB

Download
memory/2988-931-0x0000000007840000-0x00000000078D2000-memory.dmp

Filesize
584KB

Download
memory/2988-892-0x00000000744CE000-0x00000000744CF000-memory.dmp

Filesize
4KB

Download
memory/2988-930-0x0000000005910000-0x0000000005918000-memory.dmp

Filesize
32KB

Download
memory/2988-1515-0x00000000744C0000-0x0000000074C71000-memory.dmp

Filesize
7.7MB

Download
memory/2988-926-0x0000000007370000-0x00000000073D6000-memory.dmp

Filesize
408KB

Download
memory/2988-925-0x0000000006E00000-0x0000000007157000-memory.dmp

Filesize
3.3MB

Download
memory/2988-924-0x0000000006DB0000-0x0000000006DD0000-memory.dmp

Filesize
128KB

Download
memory/2988-923-0x0000000006970000-0x00000000069DE000-memory.dmp

Filesize
440KB

Download
memory/2988-1371-0x00000000744CE000-0x00000000744CF000-memory.dmp

Filesize
4KB

Download
memory/2988-909-0x00000000059B0000-0x0000000005ABA000-memory.dmp

Filesize
1.0MB

Download
memory/2988-899-0x00000000057A0000-0x00000000057EC000-memory.dmp

Filesize
304KB

Download
memory/2988-898-0x0000000005760000-0x000000000579C000-memory.dmp

Filesize
240KB

Download
memory/2988-897-0x00000000056A0000-0x00000000056B2000-memory.dmp

Filesize
72KB

Download
memory/2988-896-0x00000000056D0000-0x0000000005720000-memory.dmp

Filesize
320KB

Download
memory/2988-895-0x00000000744C0000-0x0000000074C71000-memory.dmp

Filesize
7.7MB

Download
memory/2988-943-0x00000000099B0000-0x00000000099E4000-memory.dmp

Filesize
208KB

Download
memory/2988-893-0x0000000000BB0000-0x0000000000C1E000-memory.dmp

Filesize
440KB

Download
memory/3116-1424-0x000000006B170000-0x000000006B182000-memory.dmp

Filesize
72KB

Download
memory/3116-1638-0x0000000008E10000-0x0000000008E66000-memory.dmp

Filesize
344KB

Download
memory/3116-1825-0x00000000661C0000-0x00000000661E2000-memory.dmp

Filesize
136KB

Download
memory/3116-1639-0x0000000008FF0000-0x0000000008FFC000-memory.dmp

Filesize
48KB

Download
memory/3116-1666-0x000000000C1F0000-0x000000000C1F8000-memory.dmp

Filesize
32KB

Download