bc1f3d71749244bbddf94ec26a9a59960fce471be1759d14e66b146c0647c037

Analysis

max time kernel
77s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
07/08/2024, 00:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a04cfc7c0e2e7c912e5919dcbedc470N.exe
Size

532KB
MD5

3a04cfc7c0e2e7c912e5919dcbedc470
SHA1

1ee8d9b40996bfd641040ab8e64f9e6df626dd43
SHA256

bc1f3d71749244bbddf94ec26a9a59960fce471be1759d14e66b146c0647c037
SHA512

86de8390ea8c30969f67181d8a58fee6b11ad0cd6c17266da6f89045163ffb6d5256a6a88b1cf1c1f483623b46d682f6fa241a4d2fe5d0c5dc4a4f0889627283
SSDEEP

12288:CG5knZfFKeTLOydwORmV42Y5RBHtf8WS8sejGxUeRx7/U5:CG50ZfFKMLRCa0gDS8geeQ5

Score

7^/10

discovery persistence privilege_escalation spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\Web Companion = "C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Web Companion\\Application\\WebCompanion.exe --minimize "	WebCompanion.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\Web Companion = "C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Web Companion\\Application\\WebCompanion.exe --minimize "	WebCompanion.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 3 IoCs

pid	Process
2252	WebCompanion-Installer.exe
1588	WebCompanion.exe
2300	WebCompanion.exe

Loads dropped DLL 64 IoCs

pid	Process
2348	3a04cfc7c0e2e7c912e5919dcbedc470N.exe
2252	WebCompanion-Installer.exe
2252	WebCompanion-Installer.exe
2252	WebCompanion-Installer.exe
2252	WebCompanion-Installer.exe
2252	WebCompanion-Installer.exe
2252	WebCompanion-Installer.exe
2252	WebCompanion-Installer.exe
2252	WebCompanion-Installer.exe
2252	WebCompanion-Installer.exe
2252	WebCompanion-Installer.exe
2252	WebCompanion-Installer.exe
2252	WebCompanion-Installer.exe
2252	WebCompanion-Installer.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
2300	WebCompanion.exe
2300	WebCompanion.exe
2300	WebCompanion.exe
2300	WebCompanion.exe
2300	WebCompanion.exe
2300	WebCompanion.exe
2300	WebCompanion.exe
2300	WebCompanion.exe
2300	WebCompanion.exe
2300	WebCompanion.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3a04cfc7c0e2e7c912e5919dcbedc470N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WebCompanion-Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WebCompanion.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WebCompanion.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	WebCompanion.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	WebCompanion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	WebCompanion.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	WebCompanion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	WebCompanion.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	WebCompanion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	WebCompanion.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	WebCompanion.exe

Suspicious behavior: EnumeratesProcesses 23 IoCs

pid	Process
2252	WebCompanion-Installer.exe
2252	WebCompanion-Installer.exe
2252	WebCompanion-Installer.exe
2252	WebCompanion-Installer.exe
2252	WebCompanion-Installer.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
1588	WebCompanion.exe
2956	chrome.exe
2956	chrome.exe
2300	WebCompanion.exe
2300	WebCompanion.exe
2300	WebCompanion.exe
2300	WebCompanion.exe
2300	WebCompanion.exe
2300	WebCompanion.exe
2300	WebCompanion.exe
2300	WebCompanion.exe
2300	WebCompanion.exe
2300	WebCompanion.exe
2300	WebCompanion.exe
2300	WebCompanion.exe
2300	WebCompanion.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2252	WebCompanion-Installer.exe
Token: SeDebugPrivilege	1588	WebCompanion.exe
Token: SeDebugPrivilege	2300	WebCompanion.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2300	WebCompanion.exe

Suspicious use of SendNotifyMessage 33 IoCs

pid	Process
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2300	WebCompanion.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 2252	2348	3a04cfc7c0e2e7c912e5919dcbedc470N.exe	31
PID 2348 wrote to memory of 2252	2348	3a04cfc7c0e2e7c912e5919dcbedc470N.exe	31
PID 2348 wrote to memory of 2252	2348	3a04cfc7c0e2e7c912e5919dcbedc470N.exe	31
PID 2348 wrote to memory of 2252	2348	3a04cfc7c0e2e7c912e5919dcbedc470N.exe	31
PID 2348 wrote to memory of 2252	2348	3a04cfc7c0e2e7c912e5919dcbedc470N.exe	31
PID 2348 wrote to memory of 2252	2348	3a04cfc7c0e2e7c912e5919dcbedc470N.exe	31
PID 2348 wrote to memory of 2252	2348	3a04cfc7c0e2e7c912e5919dcbedc470N.exe	31
PID 2252 wrote to memory of 1748	2252	WebCompanion-Installer.exe	33
PID 2252 wrote to memory of 1748	2252	WebCompanion-Installer.exe	33
PID 2252 wrote to memory of 1748	2252	WebCompanion-Installer.exe	33
PID 2252 wrote to memory of 1748	2252	WebCompanion-Installer.exe	33
PID 1748 wrote to memory of 1156	1748	cmd.exe	35
PID 1748 wrote to memory of 1156	1748	cmd.exe	35
PID 1748 wrote to memory of 1156	1748	cmd.exe	35
PID 1748 wrote to memory of 1156	1748	cmd.exe	35
PID 2252 wrote to memory of 1588	2252	WebCompanion-Installer.exe	36
PID 2252 wrote to memory of 1588	2252	WebCompanion-Installer.exe	36
PID 2252 wrote to memory of 1588	2252	WebCompanion-Installer.exe	36
PID 2252 wrote to memory of 1588	2252	WebCompanion-Installer.exe	36
PID 2252 wrote to memory of 2300	2252	WebCompanion-Installer.exe	37
PID 2252 wrote to memory of 2300	2252	WebCompanion-Installer.exe	37
PID 2252 wrote to memory of 2300	2252	WebCompanion-Installer.exe	37
PID 2252 wrote to memory of 2300	2252	WebCompanion-Installer.exe	37
PID 2252 wrote to memory of 2956	2252	WebCompanion-Installer.exe	38
PID 2252 wrote to memory of 2956	2252	WebCompanion-Installer.exe	38
PID 2252 wrote to memory of 2956	2252	WebCompanion-Installer.exe	38
PID 2252 wrote to memory of 2956	2252	WebCompanion-Installer.exe	38
PID 2956 wrote to memory of 2164	2956	chrome.exe	39
PID 2956 wrote to memory of 2164	2956	chrome.exe	39
PID 2956 wrote to memory of 2164	2956	chrome.exe	39
PID 2956 wrote to memory of 908	2956	chrome.exe	40
PID 2956 wrote to memory of 908	2956	chrome.exe	40
PID 2956 wrote to memory of 908	2956	chrome.exe	40
PID 2956 wrote to memory of 908	2956	chrome.exe	40
PID 2956 wrote to memory of 908	2956	chrome.exe	40
PID 2956 wrote to memory of 908	2956	chrome.exe	40
PID 2956 wrote to memory of 908	2956	chrome.exe	40
PID 2956 wrote to memory of 908	2956	chrome.exe	40
PID 2956 wrote to memory of 908	2956	chrome.exe	40
PID 2956 wrote to memory of 908	2956	chrome.exe	40
PID 2956 wrote to memory of 908	2956	chrome.exe	40
PID 2956 wrote to memory of 908	2956	chrome.exe	40
PID 2956 wrote to memory of 908	2956	chrome.exe	40
PID 2956 wrote to memory of 908	2956	chrome.exe	40
PID 2956 wrote to memory of 908	2956	chrome.exe	40
PID 2956 wrote to memory of 908	2956	chrome.exe	40
PID 2956 wrote to memory of 908	2956	chrome.exe	40
PID 2956 wrote to memory of 908	2956	chrome.exe	40
PID 2956 wrote to memory of 908	2956	chrome.exe	40
PID 2956 wrote to memory of 908	2956	chrome.exe	40
PID 2956 wrote to memory of 908	2956	chrome.exe	40
PID 2956 wrote to memory of 908	2956	chrome.exe	40
PID 2956 wrote to memory of 908	2956	chrome.exe	40
PID 2956 wrote to memory of 908	2956	chrome.exe	40
PID 2956 wrote to memory of 908	2956	chrome.exe	40
PID 2956 wrote to memory of 908	2956	chrome.exe	40
PID 2956 wrote to memory of 908	2956	chrome.exe	40
PID 2956 wrote to memory of 908	2956	chrome.exe	40
PID 2956 wrote to memory of 908	2956	chrome.exe	40
PID 2956 wrote to memory of 908	2956	chrome.exe	40
PID 2956 wrote to memory of 908	2956	chrome.exe	40
PID 2956 wrote to memory of 908	2956	chrome.exe	40
PID 2956 wrote to memory of 908	2956	chrome.exe	40
PID 2956 wrote to memory of 908	2956	chrome.exe	40

C:\Users\Admin\AppData\Local\Temp\3a04cfc7c0e2e7c912e5919dcbedc470N.exe
"C:\Users\Admin\AppData\Local\Temp\3a04cfc7c0e2e7c912e5919dcbedc470N.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Users\Admin\AppData\Local\Temp\7zSC29485D6\WebCompanion-Installer.exe
  .\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN240701 --nonadmin --direct --tych --campaign=20622070018 --version=13.900.0.1080
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2252
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /C netsh http add urlacl url=http://+:9007/ user=Everyone
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1748
  - - C:\Windows\SysWOW64\netsh.exe
      netsh http add urlacl url=http://+:9007/ user=Everyone
      4⤵
      Event Triggered Execution: Netsh Helper DLL
      System Location Discovery: System Language Discovery
      PID:1156
- - C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
    "C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --install --geo=
    3⤵
    - Adds Run key to start application
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1588
- - C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
    "C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --afterinstall
    3⤵
    - Adds Run key to start application
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:2300
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" https://webcompanion.com/en/install.php?partner=IN240701&campaign=20622070018&
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2956
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7569758,0x7fef7569768,0x7fef7569778
      4⤵
      PID:2164
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1212,i,939116556683253662,14407563411377752688,131072 /prefetch:2
      4⤵
      PID:908
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1544 --field-trial-handle=1212,i,939116556683253662,14407563411377752688,131072 /prefetch:8
      4⤵
      PID:1292
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1212,i,939116556683253662,14407563411377752688,131072 /prefetch:8
      4⤵
      PID:2120
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2184 --field-trial-handle=1212,i,939116556683253662,14407563411377752688,131072 /prefetch:1
      4⤵
      PID:1644
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2192 --field-trial-handle=1212,i,939116556683253662,14407563411377752688,131072 /prefetch:1
      4⤵
      PID:2032
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1484 --field-trial-handle=1212,i,939116556683253662,14407563411377752688,131072 /prefetch:2
      4⤵
      PID:1696
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3528 --field-trial-handle=1212,i,939116556683253662,14407563411377752688,131072 /prefetch:8
      4⤵
      PID:608

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1424

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
213886048a6c922e578c4efec2cf0aba

SHA1
4dbceeec03fd57a99b31297fd6ee54889b4cf577

SHA256
d0cd1472059e1c5ce3e25c0342c8b2bb10fbe37c520d276ed423f65d23fdec43

SHA512
deede631be96f38b7582357e2a42c4b22bd8940cf59e8645d81ccaafbfc2b17117a899a5e788c00ff310c7c1af310c280c094b74a8131c745ca3f698c7e6d844

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bb49d49e4ed48d8403592d7e560d6c28

SHA1
d9b0f92f7a6d95e23e5484c07f2cc40b3306c2d4

SHA256
d7cd58d2f12eb60b2ffc4860ecfd6d758a654304367f593dbb1423f11e403903

SHA512
ccb3e10cf4d7354bfc23f6fe1267b92929435e83d9a71fb33274f06df29a2ef250749c4e9e6ff4242ac17fe3a0d850abe033797e8a6395118b3b30ccb6e16149

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log

Filesize
4KB

MD5
a497a6c6d58d95311e7d8e488f09df41

SHA1
79a3246f22f553ca2a02c4c57100b0d731fefbc2

SHA256
072f9796f3bb102539807901595a337d1b1fe2c6aced6c3e82ac885b1a7bb7ec

SHA512
e3e6804c8a5f4fdd28701662d73f9bec29910b935920d7e5fcf5075d797de373ae78790df5b33c99a045c5d63c291772f34536a6ecf53f3e94edb8c42adfac0b

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\2tc1qlmq.newcfg

Filesize
2KB

MD5
9fcd42cb3a98489a46eabc67988f384f

SHA1
58db4f76df881c69afe029272d8c0ab769d0703c

SHA256
609029b78d8d7fd2a1a7ccd08115f9bbe65d1827bf0f9aea9fbfaa72e8fbd29b

SHA512
e8ca0489d7362d3a58d38820767f58adf5a06ba8b61dc191105c32d34d57341bcd67dc69bc402b01318803c95800dea4915ee6d3c4dd519be816c52cd79cb6f7

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\dumrajzr.newcfg

Filesize
2KB

MD5
e2832b8b9d551de87e2d38503bcb5b74

SHA1
658e63df28dc64feaaa33df4e874a56c00caa17f

SHA256
ff24e6e1b85d4674b24d4ce6942d4cb950ec21ed59ab752c3a86fd52d8bb48d3

SHA512
249f37273e30bb1c5691ca6be587f55e6bc4aec3a7dfe616f1bbfa62bcc59e6193f7ce3406cbf883e249ba2bf4c61d11e9b20fd1de065df8b598e8264b2550d9

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\s42pt5mq.newcfg

Filesize
2KB

MD5
658ac0cbb66361b613bc80244081090d

SHA1
63367aa61ff22cd6c24916ee0847370eac5e1852

SHA256
e8a3ad8d77aea5530f9c831a6968645210c55532d594baf87d8b1d6b483d2d34

SHA512
2011c28f9a6284fdd9e4d8fa0beeca12e7d65db927fb5e305f12942018fc5460e80f3907671ad6929d7eec0f5dbd7262345cf11c87aed5f10d165eee74659c06

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\user.config

Filesize
330B

MD5
335d8b10a6988eb38995ef38644b1552

SHA1
6e7f535cfa1e3ba2a2117a5a0801a00c6ec1e523

SHA256
aa0da1dc9950d1e0ef36e6429976cd1388561b5320aefef1f3f99a1a7b05c1dd

SHA512
f5060a2e0f2d5d5bba229a8a34442efe0b5334b41c9b76fd52f09325efcf6efc599f87e59f3a904ee299fbc9eb6519843559d539396ac25039a4696f045bb3ba

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\user.config

Filesize
462B

MD5
6c7428ee170827af95a42c36eea3c79b

SHA1
0f3c9a3ed6b8ddb27afe69932de2b96a5ec2a84a

SHA256
acb6dd2a0049c987baaa2d46c6fcd6de74cc90aa79f3b5a5713454fceb299a46

SHA512
e4fe547e171e2d90a48876592dbfcd688ac61d63ff2c69fca4ab9bd4935600f362bf18ebcee1d7b2e2a8c16f15695627c28133d55e79be18d48c27c63c2e5b54

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\user.config

Filesize
594B

MD5
d2a31af04b72f10b334cf6d83e329178

SHA1
87ce6a8c7c38b66bf229932daa43d10acd43f5df

SHA256
be6034c3d1169b8b945d3a6e939cfd25759ac788ade5b59dde8aa299d1cec49b

SHA512
f5dcd0d132ee4119550ef8f2c6675120e03647d36e2a1dd4e5bcae2bef0445398f4fcb4dac8287ba745a14e89d93c7cdae7c6701e4c6ede89a869c5b354f95bb

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\user.config

Filesize
723B

MD5
eae39683b5f9117fcde036e28aa6ea09

SHA1
b362a0882a2afb7d470b94ec9d72dcacad82737d

SHA256
e205315b625f88ba5db9fab72956be091f45fdc9e298f06d3408f04bacf183a0

SHA512
44d032ef7a455e11f20425ad351c743363d5583554db23003f3cdfa3aa12a0fd7c175f5b0e2d363619909d76ba92617784705f370ccb902295f2e96c2b6ce5fd

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\user.config

Filesize
1KB

MD5
503758332f80d2c0cd5445e7fcd507c1

SHA1
897977a2e51e562e20fce5af1af7cde0fa2ca136

SHA256
0022a59125e8f274ec86835d3218f0b89baaa85cf2d25a4d8cde5e7ab1626822

SHA512
fb7b9f690b73f559edd5e3ea60e450bda2ee7438f819aa766ada3485a67a683623f381337726f2682615f9e0e266bef2417fbda6870c31c65fe05000ac29b285

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\user.config

Filesize
2KB

MD5
86f5e63c87d4bb17ba34935512919e07

SHA1
9e6baaec0e2333a15c4ba05737cefdfc94c7fb5a

SHA256
a96fba1ab935728ab2a31fcf196b326b4eb87d0e91606bc053d68017ca1c7840

SHA512
40fb42e1a47cda20dad2f7ba860a0981e95d27ea1e581ed76960a12bf191c6f99591d33daf026589e3c064d82684f39851ec6c7767387bf4aefeb36863a14aa9

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\user.config

Filesize
861B

MD5
8fcfed0307b17dbe792fd477141ebaa7

SHA1
eadeff417fee31215a1449982f3e58b9f52330bb

SHA256
04119e97067e832137e094aceaa61f131aa4984fff9a8930592ca8c30914f982

SHA512
ffa98e1347556f207e958c923f0a98f84891682ed5c28f60e81b2b7d8ef10d5fcaec81dfe440d51eff53dbcd77249596bb8c471e0056f807a7985a3f47e27544

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\user.config

Filesize
1KB

MD5
96e3ffe6a81df7e2b7a1555cf0233732

SHA1
0fe714d1fd8c15570c7399b3168669b5af0f5d16

SHA256
0a7331b69b026b92b73113d6eeb35854f251bbe65937deaa7ffdd8c1cd9421fd

SHA512
9ba8584a28420d0a5d8f0ed07a3c726e1bd8ee3e15490c7580f00924ad57ac65dc747e9b160871213d92efd44a4983bd78f234e9d28e351aa0003a096ea97e65

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\user.config

Filesize
1KB

MD5
5f75d2cfc14768dfb7603334e412c2a3

SHA1
d4d987280c2bb17fdbbcdc0226755323c8d98c47

SHA256
ca9133939f5122b612881a6500f61e4d98da184b7e5042f6844261225f026144

SHA512
80918b278d4637afa97ace1149f59a95d83c9e6d0fc70e7c96157e9e7b1849d01eef189f75599ea33633868c19e433d25e7000d4a610c8471b130a02826fbd9f

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\user.config

Filesize
1KB

MD5
b1faffb6c72d70a74671a68ba6ca0372

SHA1
54dc4127b2ac5669fb042f5419cbf8b8c6dd616c

SHA256
eb76e8f9d3a131784cc06c3d8283d42ca4939dd761fd7c8e809d4f8c3b351e83

SHA512
6c9aa20189d338116c1b0a562c741cd59c095c3bfb514efadfe6fbefa59ab8cc303aae7d0a66262007911b1e3350d0eac5204f35dcaf7f68256f174880ff3b88

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\user.config

Filesize
2KB

MD5
e616a87854e47f66602306948e135864

SHA1
fd9aea092952ec9fda6ea37ee506add5e3bde7ec

SHA256
716879e40394a685acbefe7ce012c760b6083cb58cf8d2212e6eedbdbc3b6abd

SHA512
e2fb78bb38a63600ac0fd822e3c5f129758fc6766903e8db9ec5c3203b205678f64d9780291e1ed4676209c0f3b77b4617a59491abedf187daf4f1a2716c16db

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\user.config

Filesize
2KB

MD5
0b2961ee39baf1202b5f5727d11d467a

SHA1
b8b3b3a7b4afb74da47a8f18ec9ce23f9e9535d4

SHA256
fde184407b6e9b5190f2477ae0160cd78e6dbcfac3faacad6f9ad6620527737a

SHA512
397977b5e39707c3ac5eaf113f75128e61d872cd555916804cc90560862595e1fdbec501ccd996bd1a748b57a09610e73c79e9f29d34ce949bea811fdf218a7e

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\vj51c0iv.newcfg

Filesize
2KB

MD5
e0a3f5a42104fef142db3411119a07b9

SHA1
160d42811a42781d5975b6bc28849a62ee4c4cfd

SHA256
b8cd16745d59138b8a5f0753bce58ac676dbadf4a2077e4fd53729fa97175e3a

SHA512
c1e1f01c9dfb746718d6cdb02d2a7dddd38ae5343dbe0bd6e5837bf41872670ea403697a47f000ff8ec985f753a24c226bf3c8a44dee5ab7ec222dd2ac3b9a2c

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\x41hjkxj.newcfg

Filesize
2KB

MD5
e66662cbc1e4f884090349354ef01ff9

SHA1
30883033b819e9211ed0b4648ccbc18575d9584c

SHA256
6e9fc35a3037b28122ed1b86caef2acf6c3f0385d619dd287f1bd9644c47d3c2

SHA512
6083d28b86a39fcd1f1ba7ab035868c5465c5dac6b989b387bb230b550da165cf8d10834da0530715b1284c6d0709fcd26fe5b0454014778edd125c90ef3cb95

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC29485D6\ICSharpCode.SharpZipLib.dll

Filesize
208KB

MD5
0cfe19791546a96c6699657a94604596

SHA1
5d1a1b74cca9f74fffebcb583661c02e4ca626dd

SHA256
56fdfd148f0d60805b2873a5a49739909001d11789b75dab2b0ea8e55bc60913

SHA512
586cc695a2c3c03008d0a1032c221cd3384b5f4363e83c9d903753fb1dad65b340bc8cd0659f7f891a641f8bd7535c9b889219842045854aa98cd380f0fe4aa3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC29485D6\Newtonsoft.Json.dll

Filesize
428KB

MD5
461c476f474a5f13d2ea9344ae6f70f6

SHA1
8f74702b99f08277d4514c63956e2e69e8090073

SHA256
4f0ec6439b24652f16df066f4a38b64518b5a874080eda63de45968545830f67

SHA512
e69080c205cd82ea2c056fa1328bbec4c03ca3fdc3ee381c4fb44cb356247be5fe4b8add53036dcb19cac2c6d59b8e02f81932320ea534b5ba50db80a0647017

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC29485D6\WebCompanion-Installer.exe.config

Filesize
2KB

MD5
e3d3aa100b93504676414b9268dfbad4

SHA1
a7d1e59c9d8c48dfe259d2973c13b0e2965e67aa

SHA256
ea7747d876307b0022f055c311c4f8f8112fdde380e0848fd35508c00edf8e7a

SHA512
9470e0b4784ce3aa94248ddbd9c17bca988b6a680754511cbe1f1c368270f6d18c75ad1ea0f3a438ca5bb1a12e55e8745f68f2ebc9f78c68b373a6541ac9efbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab285A.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar287C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\FeatureComponent.dll

Filesize
150KB

MD5
76f9ff88bfab074cf3657e8cd007c858

SHA1
06da56379c0819cc2a46e7a60de79c00f1cf2956

SHA256
42087b3045c86316d2b85fa23466a0bb84935b52d0537d9b2a6c857dec4eda38

SHA512
74a2ea1008318629a9e275360bdeddf23ad375b8b1d0cfd8c9d064acd0cbbf1a06f124af1003adf523f7cfe1d1b2944b6033e9287b86ceca7c3220a8801bec4a

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll

Filesize
118KB

MD5
cfecee7a0dcfb3fa24cf1927562a6acf

SHA1
7fa9e9275efec1b7a139e612b916884c18b20cdc

SHA256
890f09a222b8a6e2f70035b8bea140965c67b974d1ace67252fe58518f6e587e

SHA512
97241f04d7811303e1f92728d3a191825818bc6eec24ac095f627672ebcc16286e820041d40556d1d8ec1f9f3af93e25a6a78049a2d0a373b799c4c9e9e3b724

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Events.dll

Filesize
137KB

MD5
6bc835697a34037cf6ab77089ee5910a

SHA1
7f97d93cb024507c03e13cdfabd2e61dada6dfbb

SHA256
2cf1f139036c9160a2acdfbe48a47a6d7b4baaabe5ef66ba102402ddb066b0fb

SHA512
87c0afed8a7bd2bbc91abd915c5e2e83ca46e30fdaac903e91201369aa4fee50dd694a1628975dac9d011855a7c13a655a2d0521b40f50414dc685ff79e3a560

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll

Filesize
22KB

MD5
889d4b9110f1071e52a6f4b8f2013cff

SHA1
c9c1a3fa499e584a3b5e82500a95ff71fc51927f

SHA256
c8d28b60de8663606c96f845e487625cfa0b477e695f0b8d1a1d131f8fb1365f

SHA512
fc8b589c98c721ad94b0ea74ae1b61444f8f417d208f5c5724c1d45b2c3ed32cab025855990759474c0cd7fc798610990392a2899bd4acf590a6d537ad02fab8

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll

Filesize
108KB

MD5
f25adfa3039a29edb5cb74189904f788

SHA1
c23b88625c2615a15e08838fd74181a280cf786c

SHA256
927f01c4e87ce5398eab9a16afb46d0ffa4d7d3ece446925c79c5cca112ca7f9

SHA512
0ad529a688ffa6299c7a80f05c31cb31f330c707c2ebc06d9389f65787618606c1c919c84cc8508d2a355dc6df017a6023a52d6673ab439910ebddc348ca771b

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\MozCompressor.dll

Filesize
65KB

MD5
e870dbf328208aca0fed55f8b4fb1063

SHA1
41957f491b48944995b4491404a086524552d122

SHA256
e41d0bf274d8de7fb27f74f90eb64ac1d51f546077f2a0a88fcbcd1fde3d2ea2

SHA512
ff16fb50bf44ce3a86fc12df642e6f47e4f99b0ab9002f86ef26ce8235a71db5f56fe9b5d82136e1d75d129e3b140d5fb1723c1cecb019435cb39bdace04308e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Newtonsoft.Json.dll

Filesize
428KB

MD5
6e5c9f66ba81fe1bbd9bc1f74eac4c3f

SHA1
a086b924140d48669ea4d68f9f71629795a4638d

SHA256
19edf009ded32747460c806ec42cb3e04afc24397c8fa6e9f8c26c0d03292c48

SHA512
a4023f8c61d08aaa01d61f0ca7b9646322712539b170fab01036809d4e35b660c2793dc01f4861884c15ace8b381ea9b3dab07a42a21c928f9f46d5ef136a99e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\System.Data.SQLite.dll

Filesize
284KB

MD5
b2736d639e98021b4b881a7b7da8eb1b

SHA1
4c8c87206ccfa086bffc5bd667315cd895020705

SHA256
7ce90c260fe55275bc91b53a4c01f50ccd6a699c31d220cc83f6b02f92839f65

SHA512
2cb512cbf004830f05a474ac6a8dd9fcd7ce0b1bf63bceac9a155d7add689433a0faf35a6b25c1f228d0a198f28655941d596a359d6bd5dd9051261a0bd77810

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\VCRUNTIME140D.dll

Filesize
106KB

MD5
6efe34e639c8204dcfd47c901c845cb6

SHA1
05336741d8a6068e6739985e08476d2dee18ca8a

SHA256
648ea8b46db5eda404b6d8006ab3a731f27528ce9f8eb9969d3b3531a26ec809

SHA512
4f0222dc3e06047a3e613328f83bd3e809bc66b3a8cb4400a421fa34f0ac19bcacd6c65d79a31662917138a9e731c6c2ef6e59d95de4dfcdd4d7fe20183f7e2c

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe.config

Filesize
11KB

MD5
cd4e494e258c7eb0585fe76ebe9e6233

SHA1
e93eb57e6c38e496fda92dbcb31021b34ae47cfe

SHA256
bf61730717f05b95c4f43d425b6d7d15deac39d53e28eb302e5723c7a9b7b0b2

SHA512
413b3727a71126e3f35551232607d95f8bd79342526c0144cbca929e6dd3e65aab56b2d1f37baafad53ea23dca4c55bdd363cd45d0c54792c3118726ea45c07c

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\liblz4.dll

Filesize
133KB

MD5
c19ad979210347af77e81f1143ed202d

SHA1
f98d00fe7568a70b8f9bf418ca9e61dc02a696f8

SHA256
77762787949dab142218c7b6848991ac04ddae42c0d24c0497e9a13209494f1f

SHA512
cc54cdbcde5124004719314d242b43b57ff89a329e6f52b3bd67fa19b56819aa79da115f732773adb6b0c18222b91ec71908773634ba452f80e9b5e17a37332e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\log4net.dll

Filesize
316KB

MD5
4181e0070f4d57ef36dfa1970ff79bcc

SHA1
5f74e8f9af08c73d40fe83615ec0b47f100ce6d0

SHA256
3ceb7c1ae8dfc9892cb671f98f775ebbc14a94f8c77bdf64cc232aa86d789b72

SHA512
88eafc0ed5c2de287d4df445616c3b93664add5a2a8a3d40eff35b179bd7ac9dd32cc98374b5f7e7cff84674e6be85166f4be60fac9ef7cdb4606611f7be9200

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\ucrtbased.dll

Filesize
1.6MB

MD5
0ecedcb3eb14eb6ce8194338bbcd3628

SHA1
05c2e0f4c368b12f467735a9256cff7275f47c95

SHA256
d2d54155de04a91248841e32ac0bb04b3753277f1e3fc896c43decae666233ef

SHA512
abd876e099cffbaa2d459e5a7ecdd495b526fe1addd5717405db922aeea080a92d2921dfea8ade9667bac431cacf67c0a1892d7e5f9e702b13537e173af12c50

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\x86\SQLite.Interop.dll

Filesize
824KB

MD5
5214d9ff559fc297c8e30f63def15fe7

SHA1
b69dc38127efd00e8155b6d3c1f5e0d31d834340

SHA256
a501a8c2c5c42d02064b220dee8d440b2f67fe66c352063f8142425c1fe82ca5

SHA512
b4b4798b70123b2e3d3745880a01b69f583cca86a0c5a41094d2bfa6838a3d45c895d26ccccb3368e62f95e644517d5b63c6d147ef5da932117b9b588848dad9

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\ActiveFeatures.zip

Filesize
403B

MD5
71e4cd627081d5120d27a3eb16dab2b8

SHA1
9732bf2406c3281861a12ddbf2a731f06a166e7e

SHA256
5a87481fa64501eb1293e4728f1edaea207bb4d9115b4e90960e8784ab3e80a0

SHA512
b18be209e6bc535e2813f32ccbe0c1579acc390416c943ecea82f4c0160c3a13b72fb6c50e8fb1fb196e5c07988fc59d3990dbd22b3c3936ac15d909b3fa9d12

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\ActiveFeatures.zip

Filesize
403B

MD5
bf5a2c5d99b939fc84f22e4134b5674e

SHA1
a46e876b21a4eb293186edab798ab9f9348161b2

SHA256
d045b21ee2448a9aa2d5e0df24c09cb868e444221d8a7a2b71910cbfc1ae18a4

SHA512
5222ba24be44515371ce6b32f4ce42a60874c16c314205e936bf770933f3db8843bc68ab123604e4941a8bd0f6a56c1e4970fe4383ec0e9a5e901c0501fd987c

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\AppSettings.txt

Filesize
332B

MD5
590fd86ad024f2b655deec8333e240a9

SHA1
f1946050248dd1aea834f139063ac8eb3e41677e

SHA256
7afe6a8c5bf14cace6e9bb2d40df2adb5f31325fc024f448138106cf7b63f7c1

SHA512
c19bf730552e548b6caaa27f5ff2c5b34d34ac9408b3b6e388361635ddfd4f619b9205fad76b9141f2804b8dd364cd843dcbabd4d9d7b7b712f320f6729d87ec

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\CData.txt

Filesize
209B

MD5
4f0dae3c48b9c85ba0ec68e866a2616a

SHA1
6a9ca164ee620b0a90d9e8c0d7bf5e12c7f9c286

SHA256
980721caa671c83772a96f75f970dfbb524a570c41c719379503a3be83cf1ee4

SHA512
7590169c08b906a8e69d1b1ea9a1c61dc2e007e747dc32591c271c6a978e8734e6506c6820115bfe8f41a8bddbc89c88bb573b571c6281cda4c989e10ab8a841

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\FData.txt

Filesize
208B

MD5
65f7647af4d50277872c0341db16409c

SHA1
4733dc4d0c57c0f2aafb90272f37cfa9c84d3b35

SHA256
0d44b80ca80b207c6b441310f71c4cede33585162add2dc8b69f5b9c4064448d

SHA512
aeefdaee2e97d5261f490d4b26efc9ba698ada8db912c9d0f6fd663063ed0f28b7c86c81bb529636abe9ff29d1913e778f6ad8a07f270d53880c92c2efe00b80

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\FeatureActions.zip

Filesize
656B

MD5
2d34a615dd8eaddfc4e3cb0ca2b61eac

SHA1
c9f9eccd432246a220e23c8c56404d5257bc0763

SHA256
238d2059b5bce1813207cf13150c87bcc6e7e1fd1e3f122a6be76adab8265b92

SHA512
242b8e21ab85b3a3619c42fc590564c7c74cff4c6bdc331a7e43f2ffc94e9d1db007cf7e8b4d113d407b6123649154bd0adc4be6dce4ecda62ce496d6b4d232f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\FeatureActions.zip

Filesize
225B

MD5
70bece9341715fa60f847bbb33c1b968

SHA1
494d558ea81840e9331b7ab5729f8f9995fa03f6

SHA256
1c918027a8b2751860fb2f293e3f649b8e3d9d0edb72132065c4a19977de35a7

SHA512
21315f9ff338f4b692715a7b426c35dc4a8e2225187d66866f1d94cfe79972f3ddda96f970780c47f5994db011cb6b9a4b4d6a85b7d192dc45d5d859a8732b72

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\ServicePartnerInfo.txt

Filesize
186B

MD5
406ff97d1450b88576cc5a10c2736a47

SHA1
48ef8c88271ba0fde7db82c7840678b3cd81d106

SHA256
39e5d6e405e75a3bf3a3449dcbd8d681ad9cf712256121f9145d2435f801641e

SHA512
70f22ac9745050e3ddd21811d13399fb00d0c6c44b8f0122062b80757c596dfcd26cce1157361487285a83b9eeeb38431f428f614ff6011f84a75f169ed679a4

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\WebProtectionConfig.txt

Filesize
308B

MD5
0cb1cc6ebd3113ffa4d08cb8e611b0c1

SHA1
c084178a890875d41c400e8950537e1f8a58a50f

SHA256
b578ec7cfe4cdf6690c83daa66b068fc585a8b35fc3a8722e29f2dc0fabb26e2

SHA512
c86f4c9a16249313e1a4e0561dc6241e931c5d382a830b64e3aa9d1447734716417bc2f08e4860edc0d2945cc5091170b90039194c90985395d33a36662fffec

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\statistic.db

Filesize
2KB

MD5
e45094414718e17984281c8b4c2c00ba

SHA1
8ee7f9c9c20cf679f7204a9af7609690dd883648

SHA256
d2ea2634c227be878a247ba63462899e3fe600b595735fe2529c50d1ce8ad2cb

SHA512
b2cee0a45db3bcd5fa234b39efa71edf04ef86ad10364fcd9a55a754e625e4fcb913fee76c297f37e8d3d5edc11f86bff9947268024bf2b1c905083d731e7202

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\statistic.db

Filesize
2KB

MD5
d0e15f32cc7ca6ece1567c238538dec9

SHA1
c43d0f6cde4051966c9ee55a59ffa006af2bcc30

SHA256
f439c9abbb907b8504c17e7e00300afa129bd8e0cdfead576b2562570e5d1a34

SHA512
75b0c5b0fbd2a1a8738edaaa39b5d3b8461f0dbc7b277e7d39b90eb39ef276f8a085d9ca035b5c6c580e19e4f3d42b149c0e9c87cdbe2a4947be0bac3cd768a4

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC29485D6\WebCompanion-Installer.exe

Filesize
428KB

MD5
a27f9713db1688d03d2082bfa1827803

SHA1
b8df4649659003609419d052757166499d2322e8

SHA256
2f86eb0d3902a11da1f534d9734dabae37d33e2c57b03f968198a1cfc2e652a9

SHA512
f952c6792f10cb60ca3ecc00b317c33aadb65c8471d106171660ec0fcb0603c8d18b8ad2a90aacda6581d342647290099af0ed0fdd897edb390d5bf9209ea905

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC29485D6\en-US\WebCompanion-Installer.resources.dll

Filesize
6KB

MD5
88498f281d2bc857f09c3a0effe97a35

SHA1
5560555ded4d2336ebaac6aecbd80c2fc6f0aae7

SHA256
2fbd9c10cec246d5e6ee2f41635f283c3064773724253bae598bfaea735b702d

SHA512
2550c9c2e42e77a44520ec53418636721c3a56be7b647c839b7a3063a9bde4ffd304a6812f51a95df19b1f04e05285fa9c23af946472f07de10f514ddb0df9c0

Download Submit
\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe

Filesize
3.3MB

MD5
d5180525e08932a69dd1903ab30313ef

SHA1
4a7981b66fe6185177de6d001ad9ce77d2a437ec

SHA256
38b605a45b286c4827327bc6e10d08afc71e5dd8d2c9b4f717b1d8039e0f92c8

SHA512
ee7324000acaef8c40e5f8d9397fe5a1ceac5a4888808a33758a350fa9ab2783d8421164e8de34e61c74cb1e013f0b3e0cd777b54bfa2e97877dec9f3f1e5b4a

Download Submit
memory/1588-175-0x0000000001020000-0x0000000001068000-memory.dmp

Filesize
288KB

Download
memory/1588-171-0x0000000000BC0000-0x0000000000BC8000-memory.dmp

Filesize
32KB

Download
memory/1588-207-0x0000000004D40000-0x0000000004D52000-memory.dmp

Filesize
72KB

Download
memory/1588-195-0x0000000004E80000-0x0000000004EEE000-memory.dmp

Filesize
440KB

Download
memory/1588-191-0x0000000004890000-0x00000000048B8000-memory.dmp

Filesize
160KB

Download
memory/1588-180-0x0000000000C30000-0x0000000000C50000-memory.dmp

Filesize
128KB

Download
memory/1588-161-0x0000000000720000-0x000000000073E000-memory.dmp

Filesize
120KB

Download
memory/1588-466-0x0000000005CE0000-0x0000000005CEC000-memory.dmp

Filesize
48KB

Download
memory/1588-165-0x0000000000AE0000-0x0000000000B06000-memory.dmp

Filesize
152KB

Download
memory/1588-208-0x000000006AD00000-0x000000006AD12000-memory.dmp

Filesize
72KB

Download
memory/1588-382-0x0000000006760000-0x00000000067D8000-memory.dmp

Filesize
480KB

Download
memory/1588-603-0x00000000661C0000-0x00000000661E2000-memory.dmp

Filesize
136KB

Download
memory/1588-147-0x0000000001070000-0x00000000013B8000-memory.dmp

Filesize
3.3MB

Download
memory/1588-151-0x0000000000640000-0x0000000000690000-memory.dmp

Filesize
320KB

Download
memory/1588-157-0x0000000000690000-0x00000000006B0000-memory.dmp

Filesize
128KB

Download
memory/1588-432-0x0000000006560000-0x0000000006594000-memory.dmp

Filesize
208KB

Download
memory/2252-50-0x00000000021E0000-0x00000000021EA000-memory.dmp

Filesize
40KB

Download
memory/2252-48-0x00000000747F0000-0x0000000074EDE000-memory.dmp

Filesize
6.9MB

Download
memory/2252-33-0x00000000747FE000-0x00000000747FF000-memory.dmp

Filesize
4KB

Download
memory/2252-35-0x0000000000C30000-0x0000000000C9E000-memory.dmp

Filesize
440KB

Download
memory/2252-36-0x00000000747F0000-0x0000000074EDE000-memory.dmp

Filesize
6.9MB

Download
memory/2252-41-0x0000000004FD0000-0x000000000503E000-memory.dmp

Filesize
440KB

Download
memory/2252-47-0x00000000020D0000-0x00000000020D8000-memory.dmp

Filesize
32KB

Download
memory/2252-467-0x00000000747F0000-0x0000000074EDE000-memory.dmp

Filesize
6.9MB

Download
memory/2252-596-0x00000000021E0000-0x00000000021EA000-memory.dmp

Filesize
40KB

Download
memory/2252-49-0x00000000021E0000-0x00000000021EA000-memory.dmp

Filesize
40KB

Download
memory/2252-55-0x00000000049C0000-0x00000000049F4000-memory.dmp

Filesize
208KB

Download
memory/2252-595-0x00000000021E0000-0x00000000021EA000-memory.dmp

Filesize
40KB

Download
memory/2252-139-0x00000000747FE000-0x00000000747FF000-memory.dmp

Filesize
4KB

Download
memory/2252-140-0x00000000747F0000-0x0000000074EDE000-memory.dmp

Filesize
6.9MB

Download
memory/2300-1189-0x00000000661C0000-0x00000000661E2000-memory.dmp

Filesize
136KB

Download
memory/2300-604-0x0000000000480000-0x00000000004D0000-memory.dmp

Filesize
320KB

Download
memory/2300-605-0x00000000004D0000-0x00000000004F0000-memory.dmp

Filesize
128KB

Download
memory/2300-606-0x0000000000780000-0x000000000079E000-memory.dmp

Filesize
120KB

Download
memory/2300-980-0x0000000005DA0000-0x0000000005DAC000-memory.dmp

Filesize
48KB

Download
memory/2300-607-0x0000000000C40000-0x0000000000C66000-memory.dmp

Filesize
152KB

Download
memory/2300-784-0x0000000006C00000-0x0000000006C78000-memory.dmp

Filesize
480KB

Download
memory/2300-1165-0x0000000005ED0000-0x0000000005EDC000-memory.dmp

Filesize
48KB

Download
memory/2300-1190-0x0000000006640000-0x000000000664A000-memory.dmp

Filesize
40KB

Download
memory/2300-1191-0x0000000006640000-0x000000000664A000-memory.dmp

Filesize
40KB

Download
memory/2300-610-0x0000000000CE0000-0x0000000000CE8000-memory.dmp

Filesize
32KB

Download
memory/2300-611-0x0000000000F40000-0x0000000000F88000-memory.dmp

Filesize
288KB

Download
memory/2300-860-0x0000000005E90000-0x0000000005EC4000-memory.dmp

Filesize
208KB

Download
memory/2300-616-0x000000006ACC0000-0x000000006ACD2000-memory.dmp

Filesize
72KB

Download
memory/2300-615-0x0000000004E80000-0x0000000004E92000-memory.dmp

Filesize
72KB

Download
memory/2300-614-0x0000000004DD0000-0x0000000004E3E000-memory.dmp

Filesize
440KB

Download
memory/2300-613-0x0000000004A90000-0x0000000004AB8000-memory.dmp

Filesize
160KB

Download
memory/2300-1389-0x0000000006640000-0x000000000664A000-memory.dmp

Filesize
40KB

Download
memory/2300-1388-0x0000000006640000-0x000000000664A000-memory.dmp

Filesize
40KB

Download
memory/2300-612-0x0000000000E70000-0x0000000000E90000-memory.dmp

Filesize
128KB

Download