2354cbb45b7104fd96f69d61f0562cf488b94b23f98f603ffcef103ca6b7307b

Analysis

max time kernel
111s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 16:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2354cbb45b7104fd96f69d61f0562cf488b94b23f98f603ffcef103ca6b7307b.exe
Size

532KB
MD5

ec7f1fc48fcf4840804c3b1ae41c38d1
SHA1

b6be3bce2b1eb01564ebe1ec61124f32fce566cc
SHA256

2354cbb45b7104fd96f69d61f0562cf488b94b23f98f603ffcef103ca6b7307b
SHA512

3c629958e342daaeddb6845aba3d9a7e039f4218d6fe37ce1cb8ae611b205a97356de7e41188f44456d9ea295d6f5632f223d9da1f9068a4f1c19dffd357f43a
SSDEEP

12288:LG5knZfFKeT8OydwORmV42Y5RBHtf8WS8sejGxUeRx7/jS:LG50ZfFKM8RCa0gDS8geeHS

Score

7^/10

discovery persistence privilege_escalation spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation	WebCompanion-Installer.exe

Executes dropped EXE 3 IoCs

pid	Process
4940	WebCompanion-Installer.exe
3172	WebCompanion.exe
1056	WebCompanion.exe

Loads dropped DLL 64 IoCs

pid	Process
4940	WebCompanion-Installer.exe
4940	WebCompanion-Installer.exe
4940	WebCompanion-Installer.exe
4940	WebCompanion-Installer.exe
4940	WebCompanion-Installer.exe
4940	WebCompanion-Installer.exe
3172	WebCompanion.exe
3172	WebCompanion.exe
3172	WebCompanion.exe
3172	WebCompanion.exe
3172	WebCompanion.exe
3172	WebCompanion.exe
3172	WebCompanion.exe
3172	WebCompanion.exe
3172	WebCompanion.exe
3172	WebCompanion.exe
3172	WebCompanion.exe
3172	WebCompanion.exe
3172	WebCompanion.exe
3172	WebCompanion.exe
3172	WebCompanion.exe
3172	WebCompanion.exe
3172	WebCompanion.exe
3172	WebCompanion.exe
3172	WebCompanion.exe
3172	WebCompanion.exe
3172	WebCompanion.exe
3172	WebCompanion.exe
3172	WebCompanion.exe
3172	WebCompanion.exe
3172	WebCompanion.exe
3172	WebCompanion.exe
3172	WebCompanion.exe
3172	WebCompanion.exe
3172	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Web Companion = "C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Web Companion\\Application\\WebCompanion.exe --minimize "	WebCompanion.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Web Companion = "C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Web Companion\\Application\\WebCompanion.exe --minimize "	WebCompanion.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2354cbb45b7104fd96f69d61f0562cf488b94b23f98f603ffcef103ca6b7307b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WebCompanion-Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WebCompanion.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WebCompanion.exe

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WebCompanion.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	WebCompanion.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	firefox.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4	WebCompanion.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d42000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	WebCompanion.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd942000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	WebCompanion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4	WebCompanion.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0400000001000000100000004be2c99196650cf40e5a9392a00afeb20f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d4190000000100000010000000fa46ce7cbb85cfb4310075313a09ee052000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	WebCompanion.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 5c000000010000000400000000080000190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd940400000001000000100000004be2c99196650cf40e5a9392a00afeb22000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	WebCompanion.exe

Suspicious behavior: EnumeratesProcesses 40 IoCs

pid	Process
4940	WebCompanion-Installer.exe
4940	WebCompanion-Installer.exe
4940	WebCompanion-Installer.exe
4940	WebCompanion-Installer.exe
4940	WebCompanion-Installer.exe
3172	WebCompanion.exe
3172	WebCompanion.exe
3172	WebCompanion.exe
3172	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe
1056	WebCompanion.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4940	WebCompanion-Installer.exe
Token: SeDebugPrivilege	3172	WebCompanion.exe
Token: SeDebugPrivilege	1056	WebCompanion.exe
Token: SeDebugPrivilege	4512	firefox.exe
Token: SeDebugPrivilege	4512	firefox.exe

Suspicious use of FindShellTrayWindow 22 IoCs

pid	Process
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
1056	WebCompanion.exe

Suspicious use of SendNotifyMessage 21 IoCs

pid	Process
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
4512	firefox.exe
1056	WebCompanion.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4512	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3980 wrote to memory of 4940	3980	2354cbb45b7104fd96f69d61f0562cf488b94b23f98f603ffcef103ca6b7307b.exe	83
PID 3980 wrote to memory of 4940	3980	2354cbb45b7104fd96f69d61f0562cf488b94b23f98f603ffcef103ca6b7307b.exe	83
PID 3980 wrote to memory of 4940	3980	2354cbb45b7104fd96f69d61f0562cf488b94b23f98f603ffcef103ca6b7307b.exe	83
PID 4940 wrote to memory of 2552	4940	WebCompanion-Installer.exe	94
PID 4940 wrote to memory of 2552	4940	WebCompanion-Installer.exe	94
PID 4940 wrote to memory of 2552	4940	WebCompanion-Installer.exe	94
PID 2552 wrote to memory of 4772	2552	cmd.exe	96
PID 2552 wrote to memory of 4772	2552	cmd.exe	96
PID 2552 wrote to memory of 4772	2552	cmd.exe	96
PID 4940 wrote to memory of 3172	4940	WebCompanion-Installer.exe	97
PID 4940 wrote to memory of 3172	4940	WebCompanion-Installer.exe	97
PID 4940 wrote to memory of 3172	4940	WebCompanion-Installer.exe	97
PID 4940 wrote to memory of 1056	4940	WebCompanion-Installer.exe	100
PID 4940 wrote to memory of 1056	4940	WebCompanion-Installer.exe	100
PID 4940 wrote to memory of 1056	4940	WebCompanion-Installer.exe	100
PID 4940 wrote to memory of 640	4940	WebCompanion-Installer.exe	101
PID 4940 wrote to memory of 640	4940	WebCompanion-Installer.exe	101
PID 640 wrote to memory of 4512	640	firefox.exe	102
PID 640 wrote to memory of 4512	640	firefox.exe	102
PID 640 wrote to memory of 4512	640	firefox.exe	102
PID 640 wrote to memory of 4512	640	firefox.exe	102
PID 640 wrote to memory of 4512	640	firefox.exe	102
PID 640 wrote to memory of 4512	640	firefox.exe	102
PID 640 wrote to memory of 4512	640	firefox.exe	102
PID 640 wrote to memory of 4512	640	firefox.exe	102
PID 640 wrote to memory of 4512	640	firefox.exe	102
PID 640 wrote to memory of 4512	640	firefox.exe	102
PID 640 wrote to memory of 4512	640	firefox.exe	102
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103
PID 4512 wrote to memory of 2244	4512	firefox.exe	103

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\2354cbb45b7104fd96f69d61f0562cf488b94b23f98f603ffcef103ca6b7307b.exe
"C:\Users\Admin\AppData\Local\Temp\2354cbb45b7104fd96f69d61f0562cf488b94b23f98f603ffcef103ca6b7307b.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3980
- C:\Users\Admin\AppData\Local\Temp\7zSC8F58DF7\WebCompanion-Installer.exe
  .\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN240402 --nonadmin --direct --tyff --campaign=20398341592 --version=13.900.0.1080
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4940
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /C netsh http add urlacl url=http://+:9007/ user=Everyone
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2552
  - - C:\Windows\SysWOW64\netsh.exe
      netsh http add urlacl url=http://+:9007/ user=Everyone
      4⤵
      Event Triggered Execution: Netsh Helper DLL
      System Location Discovery: System Language Discovery
      PID:4772
- - C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
    "C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --install --geo=
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3172
- - C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
    "C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --afterinstall
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:1056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://webcompanion.com/en/install.php?partner=IN240402&campaign=20398341592&
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:640
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://webcompanion.com/en/install.php?partner=IN240402&campaign=20398341592&
      4⤵
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4512
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1960 -parentBuildID 20240401114208 -prefsHandle 1864 -prefMapHandle 1856 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {84acefa1-63ff-4fea-8a5c-c4b9798d9431} 4512 "\\.\pipe\gecko-crash-server-pipe.4512" gpu
        5⤵
        
        PID:2244
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2436 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ddff84a-7559-49a9-bdad-ce48f5f7b15b} 4512 "\\.\pipe\gecko-crash-server-pipe.4512" socket
        5⤵
        
        PID:8
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3152 -childID 1 -isForBrowser -prefsHandle 3160 -prefMapHandle 3052 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {576b7a17-c5e6-44fb-b9a3-bee0af5189eb} 4512 "\\.\pipe\gecko-crash-server-pipe.4512" tab
        5⤵
        
        PID:4436
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3184 -childID 2 -isForBrowser -prefsHandle 3208 -prefMapHandle 3420 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f098e087-3b49-4b5e-ae98-7958e427993d} 4512 "\\.\pipe\gecko-crash-server-pipe.4512" tab
        5⤵
        
        PID:1964
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4960 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4984 -prefMapHandle 4980 -prefsLen 29197 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37ff8737-061e-4f41-bf15-69399e182282} 4512 "\\.\pipe\gecko-crash-server-pipe.4512" utility
        5⤵
        Checks processor information in registry
        
        PID:5784
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5412 -childID 3 -isForBrowser -prefsHandle 5312 -prefMapHandle 5400 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99a40f6b-97cf-4b77-88c9-15f722fd72e3} 4512 "\\.\pipe\gecko-crash-server-pipe.4512" tab
        5⤵
        
        PID:5316
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5680 -childID 4 -isForBrowser -prefsHandle 5676 -prefMapHandle 5536 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96225d40-fed0-4527-a7b4-2edf9b0c176c} 4512 "\\.\pipe\gecko-crash-server-pipe.4512" tab
        5⤵
        
        PID:3868

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:4772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log

Filesize
4KB

MD5
55163a6a695e52795fbdaaf3644a3e75

SHA1
c71134b9389264200717d599920bd6baa6db0567

SHA256
921234c5a61099d1ebfc37898c437e02f71acf87dac9a6772d6406729706f45c

SHA512
2c32b94b71b266f564427d03742471f3a9945a3208231035712c642a2efe8ad2be310d389d1e29b80013ffc0c302d906d65a504ca03e43f25e2ed4e85f5e534c

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\14gflgt5.newcfg

Filesize
2KB

MD5
03a7cd1a60a201a023edf5a1dc8f23eb

SHA1
04c1c342fe1d2f2dfeebe5ef6d54c23282dc5866

SHA256
ded8eb57569d2a349023eb5238ac28fc994219c1215e8bfa2e1578a7c0ec5c14

SHA512
c9b9325bc1de6e4ee4c6d3b9c51ee1bbdaf1c6adf487a319345b741f7e8ea313974104edce0a35f3ace180582e9f66ec208d67c89825a0c10d44067c1b79fee9

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\4z0ydbgs.newcfg

Filesize
462B

MD5
6c7428ee170827af95a42c36eea3c79b

SHA1
0f3c9a3ed6b8ddb27afe69932de2b96a5ec2a84a

SHA256
acb6dd2a0049c987baaa2d46c6fcd6de74cc90aa79f3b5a5713454fceb299a46

SHA512
e4fe547e171e2d90a48876592dbfcd688ac61d63ff2c69fca4ab9bd4935600f362bf18ebcee1d7b2e2a8c16f15695627c28133d55e79be18d48c27c63c2e5b54

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\ajijzrlz.newcfg

Filesize
2KB

MD5
06e2a368139a22f5d57e32608135d105

SHA1
8d8de8b5b34761c6cda10718c9633d6ef6226e7d

SHA256
b1fb4b1414ccd99c3c818e0a9fc01d4a19477f63085179c9164e96c126451ce3

SHA512
b1cb51e8e103d676baa97733413a5c57f752d997cb5d2c430b036d400115f16b302a5f11162768885b44f5aa1762847fdc7235ce727c903c26fdd77cfb4c3481

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\apcc0dfs.newcfg

Filesize
2KB

MD5
e71d7489390ddf4db9cc3eaf18c1011f

SHA1
d247f369298b6c44b79ca7fe43fa6bba9037b1a9

SHA256
2db558d2e0f29745ff46e0171018b54cdf4dd1564484e60ba1017cc0ea31e4a2

SHA512
e548b8f689fd85eeb4ab45c6abad2261b500ecda703ea0282dda3524a079b9812a9f3779fdc8efa08d94517bd0a7f642680f78496183099892761bfca2ecd458

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\devwotw2.newcfg

Filesize
2KB

MD5
e176c532de7458558940bb47f4049904

SHA1
63c71414eec4b62ba75605f3262c6e0806a14c4a

SHA256
1b463837935a29ecb962cdfcb4c2e3b486b509d7f047558e8a1548cbbc9df28c

SHA512
742ab4a141187122c108538d8df989b0362ac8186ad23e50f4313a2b6dbd7cd9b031ffb7cd8d8ed5a5ec5ab5f8e1a3eaa89cdbcb514d6f56a82bd5182f22d9e6

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\ekopuzpl.newcfg

Filesize
594B

MD5
d2a31af04b72f10b334cf6d83e329178

SHA1
87ce6a8c7c38b66bf229932daa43d10acd43f5df

SHA256
be6034c3d1169b8b945d3a6e939cfd25759ac788ade5b59dde8aa299d1cec49b

SHA512
f5dcd0d132ee4119550ef8f2c6675120e03647d36e2a1dd4e5bcae2bef0445398f4fcb4dac8287ba745a14e89d93c7cdae7c6701e4c6ede89a869c5b354f95bb

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\gf5g3234.newcfg

Filesize
1KB

MD5
05342c983d4b67c980f75142e5f9ccb5

SHA1
af52cd88a2600cc28a7c1bf1af20bbc7aeafe759

SHA256
2c7572bdf3e3949a609c6c5b35e91ed1979277916ff1eb7a9d22db38d2829617

SHA512
804bb8b28e325ed888c737d9c05a726d0cd2cf282a31f09a9ec5cbb16f352d1cafb8896f21f18fb81b5428b314077f8d5dec96dcc87ce41a3bc2a4d1463c0731

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\mhja2vty.newcfg

Filesize
1KB

MD5
503758332f80d2c0cd5445e7fcd507c1

SHA1
897977a2e51e562e20fce5af1af7cde0fa2ca136

SHA256
0022a59125e8f274ec86835d3218f0b89baaa85cf2d25a4d8cde5e7ab1626822

SHA512
fb7b9f690b73f559edd5e3ea60e450bda2ee7438f819aa766ada3485a67a683623f381337726f2682615f9e0e266bef2417fbda6870c31c65fe05000ac29b285

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\t0kjuq5q.newcfg

Filesize
2KB

MD5
279565ff1aa2e5e36b154de5fc05c2c5

SHA1
a8a6fb6cbd466822557091220765de745e8a2ff4

SHA256
270a3ecd41069bc1399f3fe5fbc4731520a2c7937e5efac033ec3d20997eb81b

SHA512
527a267b207fa48bc15c6964145755b3a01823da15c326ee9db8279f6f05d216ac91a5a38de880bc9f4f8a8124ab6e250b278ca330fea89cba239c9d8baf4e4c

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\twcc3fbq.newcfg

Filesize
723B

MD5
eae39683b5f9117fcde036e28aa6ea09

SHA1
b362a0882a2afb7d470b94ec9d72dcacad82737d

SHA256
e205315b625f88ba5db9fab72956be091f45fdc9e298f06d3408f04bacf183a0

SHA512
44d032ef7a455e11f20425ad351c743363d5583554db23003f3cdfa3aa12a0fd7c175f5b0e2d363619909d76ba92617784705f370ccb902295f2e96c2b6ce5fd

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\user.config

Filesize
330B

MD5
335d8b10a6988eb38995ef38644b1552

SHA1
6e7f535cfa1e3ba2a2117a5a0801a00c6ec1e523

SHA256
aa0da1dc9950d1e0ef36e6429976cd1388561b5320aefef1f3f99a1a7b05c1dd

SHA512
f5060a2e0f2d5d5bba229a8a34442efe0b5334b41c9b76fd52f09325efcf6efc599f87e59f3a904ee299fbc9eb6519843559d539396ac25039a4696f045bb3ba

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\user.config

Filesize
2KB

MD5
92563bcd8eb1cd7b6fc7cbbfec10b4a5

SHA1
02dbe07c53032fd97b06706f318bd4ad0f73dba1

SHA256
dfd55e95242be31966d3797795333e189e6050b9161d759ec718199c3fd92c2c

SHA512
652ba70a8ebb315e196b5a97b19bf80e742eeb04ab832618ab11528ba8c25e7be42c49b68f1fe42b77c6b1ab4a49be0fdd85bd131e9ff84198c290b2db39f0f9

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\user.config

Filesize
1KB

MD5
1e3f56b1c69ea172acdbf14f6cba39e4

SHA1
628d53d6eace73ecdf0f7800bb24dded714a4c11

SHA256
e8e3b3086a50e2ddbfa5f007435d0c03310cfa7d11fd9f06b04b6f1073612281

SHA512
1e1852e61aab29c1fa271cdbd05217c550b20a76fe38defb6006e4c3dd970fcaa56a9ad9812fe272e96c312ab60d8331fae5edb0ada1b9b17c2ffd0f0488719b

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\user.config

Filesize
1KB

MD5
dcd718823c700ec3a8fdb2056ff289d6

SHA1
294894b690e3b0c475e95a9ca5186e16cd12ea35

SHA256
aaf03d9cb3063b627512dc3d58a99d5a07e4691d1d5edbb1aac4f2269393e25b

SHA512
00ca75e5dff8e0339678dce5be6e0aa3a5448d3e907f66db3a22c2c0786a109e4174f30cfde7f318889577f243634d765500d0a2da6604ffd95415fae01a20e9

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\user.config

Filesize
2KB

MD5
7333221acc83bf5e68becca8b506f225

SHA1
de5c081a340c9913efa7a30708b030f4a57a3d3d

SHA256
01ceec942703a02c868dccf18ad2090d348b96df0716d515406b7cf10372de7a

SHA512
012d30d820ca956e7bbe5ea39dbb24b1077e1c7704778a3d940ab3ce73b7d797b4954990f97dfd37941ef96dac9dc6be0847612095573773ccd83a7ef048a866

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\v0a23vbo.newcfg

Filesize
2KB

MD5
8b52a771aba97679c0ea4bb99012ff79

SHA1
fefec209823178fd68b42c046c30c4b6f3bcd499

SHA256
d4ca7c7506e35b5a7b037548f9450d0920ff7c24a60ea244584a523c098f560a

SHA512
85769971547a92e6687b5ad66f9572c1920f9c256ee0544d7a53e8edd3726bd5edbdc5a0fc9cf5c8eb5d2c614bd4da52dfb57ac5ccd6f056224401bdb3c65884

Download Submit
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\13.900.0.1080\wlbty1cc.newcfg

Filesize
861B

MD5
8fcfed0307b17dbe792fd477141ebaa7

SHA1
eadeff417fee31215a1449982f3e58b9f52330bb

SHA256
04119e97067e832137e094aceaa61f131aa4984fff9a8930592ca8c30914f982

SHA512
ffa98e1347556f207e958c923f0a98f84891682ed5c28f60e81b2b7d8ef10d5fcaec81dfe440d51eff53dbcd77249596bb8c471e0056f807a7985a3f47e27544

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yuzka873.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
4183ceccfd7aba8011d30b2e6a0efa3e

SHA1
f84fcd28a6abc65ddccc8b14119c1d7d4fb9945f

SHA256
cb2078cecc4b97e44f4d8ef91f387dfb5e4fe891e9c6438a7ee186f8b5bd7d16

SHA512
5f2612b84bd745ec533c234a5b0bea687abde4a575a89852a5d3f3027804e768ea4131f829d75e1b34def6c7fff1d6f68cf5f52a6f236c48953616878bf92f44

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC8F58DF7\ICSharpCode.SharpZipLib.dll

Filesize
208KB

MD5
0cfe19791546a96c6699657a94604596

SHA1
5d1a1b74cca9f74fffebcb583661c02e4ca626dd

SHA256
56fdfd148f0d60805b2873a5a49739909001d11789b75dab2b0ea8e55bc60913

SHA512
586cc695a2c3c03008d0a1032c221cd3384b5f4363e83c9d903753fb1dad65b340bc8cd0659f7f891a641f8bd7535c9b889219842045854aa98cd380f0fe4aa3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC8F58DF7\Newtonsoft.Json.dll

Filesize
428KB

MD5
461c476f474a5f13d2ea9344ae6f70f6

SHA1
8f74702b99f08277d4514c63956e2e69e8090073

SHA256
4f0ec6439b24652f16df066f4a38b64518b5a874080eda63de45968545830f67

SHA512
e69080c205cd82ea2c056fa1328bbec4c03ca3fdc3ee381c4fb44cb356247be5fe4b8add53036dcb19cac2c6d59b8e02f81932320ea534b5ba50db80a0647017

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC8F58DF7\WebCompanion-Installer.exe

Filesize
428KB

MD5
a27f9713db1688d03d2082bfa1827803

SHA1
b8df4649659003609419d052757166499d2322e8

SHA256
2f86eb0d3902a11da1f534d9734dabae37d33e2c57b03f968198a1cfc2e652a9

SHA512
f952c6792f10cb60ca3ecc00b317c33aadb65c8471d106171660ec0fcb0603c8d18b8ad2a90aacda6581d342647290099af0ed0fdd897edb390d5bf9209ea905

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC8F58DF7\WebCompanion-Installer.exe.config

Filesize
2KB

MD5
e3d3aa100b93504676414b9268dfbad4

SHA1
a7d1e59c9d8c48dfe259d2973c13b0e2965e67aa

SHA256
ea7747d876307b0022f055c311c4f8f8112fdde380e0848fd35508c00edf8e7a

SHA512
9470e0b4784ce3aa94248ddbd9c17bca988b6a680754511cbe1f1c368270f6d18c75ad1ea0f3a438ca5bb1a12e55e8745f68f2ebc9f78c68b373a6541ac9efbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC8F58DF7\en-US\WebCompanion-Installer.resources.dll

Filesize
6KB

MD5
88498f281d2bc857f09c3a0effe97a35

SHA1
5560555ded4d2336ebaac6aecbd80c2fc6f0aae7

SHA256
2fbd9c10cec246d5e6ee2f41635f283c3064773724253bae598bfaea735b702d

SHA512
2550c9c2e42e77a44520ec53418636721c3a56be7b647c839b7a3063a9bde4ffd304a6812f51a95df19b1f04e05285fa9c23af946472f07de10f514ddb0df9c0

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\FeatureComponent.dll

Filesize
150KB

MD5
76f9ff88bfab074cf3657e8cd007c858

SHA1
06da56379c0819cc2a46e7a60de79c00f1cf2956

SHA256
42087b3045c86316d2b85fa23466a0bb84935b52d0537d9b2a6c857dec4eda38

SHA512
74a2ea1008318629a9e275360bdeddf23ad375b8b1d0cfd8c9d064acd0cbbf1a06f124af1003adf523f7cfe1d1b2944b6033e9287b86ceca7c3220a8801bec4a

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\ICSharpCode.SharpZipLib.dll

Filesize
208KB

MD5
beb11bf49e70f87b3dfc3b5a51266e48

SHA1
927b448f4d02cde7920b2ea2417c4d4784c00a91

SHA256
cb51d070c1e2bde393f2a65db17e872c395b55d0e3c47e5cce49a8a1ed4d69fb

SHA512
9b70e5acabbffc58bfac5c310ddf1baed4290753859ba05b4386f71989e59a821a3341ddf6c1d3df3d37d92d9a58cb37a306fd82996525140d0490b184356dd4

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Ionic.Zip.dll

Filesize
464KB

MD5
ae643bd347eb6bf2e3aa05608924782b

SHA1
c46380bb4c5dfeb71f36b57a59dfa51f672fc015

SHA256
2cb3dd4e6cd2bd6dc4aaeeb48ce47bb5ce3e2c67c040aff388e9165e655b06a2

SHA512
4adbc05558fc0d34ae30240699f63b7c15894d408d3f3b28f37072558bcaedbbf4e8c61e2b42f3bff3b610f9f4f2ebdfefccaafb768733965e2c104adb88e8a3

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll

Filesize
118KB

MD5
cfecee7a0dcfb3fa24cf1927562a6acf

SHA1
7fa9e9275efec1b7a139e612b916884c18b20cdc

SHA256
890f09a222b8a6e2f70035b8bea140965c67b974d1ace67252fe58518f6e587e

SHA512
97241f04d7811303e1f92728d3a191825818bc6eec24ac095f627672ebcc16286e820041d40556d1d8ec1f9f3af93e25a6a78049a2d0a373b799c4c9e9e3b724

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Events.dll

Filesize
137KB

MD5
6bc835697a34037cf6ab77089ee5910a

SHA1
7f97d93cb024507c03e13cdfabd2e61dada6dfbb

SHA256
2cf1f139036c9160a2acdfbe48a47a6d7b4baaabe5ef66ba102402ddb066b0fb

SHA512
87c0afed8a7bd2bbc91abd915c5e2e83ca46e30fdaac903e91201369aa4fee50dd694a1628975dac9d011855a7c13a655a2d0521b40f50414dc685ff79e3a560

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll

Filesize
37KB

MD5
d155dfd9f27e340fb3e47d28159e02f2

SHA1
85ab8c8f2284f69378660f96e09f774a36ad4149

SHA256
bccda5db0d6ef7b99533e209c7ce3ffe2706d96afee79eaea957470ab77e8e84

SHA512
b337b685205af08ff7f9e3d2a96a91095fe93ce6fadeabbe1309185ce1a59b229d3a48b59694cce1558581340409b046512b40f311f7f6ce122524aa9f8c2163

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll

Filesize
22KB

MD5
889d4b9110f1071e52a6f4b8f2013cff

SHA1
c9c1a3fa499e584a3b5e82500a95ff71fc51927f

SHA256
c8d28b60de8663606c96f845e487625cfa0b477e695f0b8d1a1d131f8fb1365f

SHA512
fc8b589c98c721ad94b0ea74ae1b61444f8f417d208f5c5724c1d45b2c3ed32cab025855990759474c0cd7fc798610990392a2899bd4acf590a6d537ad02fab8

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll

Filesize
108KB

MD5
f25adfa3039a29edb5cb74189904f788

SHA1
c23b88625c2615a15e08838fd74181a280cf786c

SHA256
927f01c4e87ce5398eab9a16afb46d0ffa4d7d3ece446925c79c5cca112ca7f9

SHA512
0ad529a688ffa6299c7a80f05c31cb31f330c707c2ebc06d9389f65787618606c1c919c84cc8508d2a355dc6df017a6023a52d6673ab439910ebddc348ca771b

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\MozCompressor.dll

Filesize
65KB

MD5
e870dbf328208aca0fed55f8b4fb1063

SHA1
41957f491b48944995b4491404a086524552d122

SHA256
e41d0bf274d8de7fb27f74f90eb64ac1d51f546077f2a0a88fcbcd1fde3d2ea2

SHA512
ff16fb50bf44ce3a86fc12df642e6f47e4f99b0ab9002f86ef26ce8235a71db5f56fe9b5d82136e1d75d129e3b140d5fb1723c1cecb019435cb39bdace04308e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Newtonsoft.Json.dll

Filesize
428KB

MD5
6e5c9f66ba81fe1bbd9bc1f74eac4c3f

SHA1
a086b924140d48669ea4d68f9f71629795a4638d

SHA256
19edf009ded32747460c806ec42cb3e04afc24397c8fa6e9f8c26c0d03292c48

SHA512
a4023f8c61d08aaa01d61f0ca7b9646322712539b170fab01036809d4e35b660c2793dc01f4861884c15ace8b381ea9b3dab07a42a21c928f9f46d5ef136a99e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\System.Data.SQLite.dll

Filesize
284KB

MD5
b2736d639e98021b4b881a7b7da8eb1b

SHA1
4c8c87206ccfa086bffc5bd667315cd895020705

SHA256
7ce90c260fe55275bc91b53a4c01f50ccd6a699c31d220cc83f6b02f92839f65

SHA512
2cb512cbf004830f05a474ac6a8dd9fcd7ce0b1bf63bceac9a155d7add689433a0faf35a6b25c1f228d0a198f28655941d596a359d6bd5dd9051261a0bd77810

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\VCRUNTIME140D.dll

Filesize
106KB

MD5
6efe34e639c8204dcfd47c901c845cb6

SHA1
05336741d8a6068e6739985e08476d2dee18ca8a

SHA256
648ea8b46db5eda404b6d8006ab3a731f27528ce9f8eb9969d3b3531a26ec809

SHA512
4f0222dc3e06047a3e613328f83bd3e809bc66b3a8cb4400a421fa34f0ac19bcacd6c65d79a31662917138a9e731c6c2ef6e59d95de4dfcdd4d7fe20183f7e2c

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe

Filesize
3.3MB

MD5
d5180525e08932a69dd1903ab30313ef

SHA1
4a7981b66fe6185177de6d001ad9ce77d2a437ec

SHA256
38b605a45b286c4827327bc6e10d08afc71e5dd8d2c9b4f717b1d8039e0f92c8

SHA512
ee7324000acaef8c40e5f8d9397fe5a1ceac5a4888808a33758a350fa9ab2783d8421164e8de34e61c74cb1e013f0b3e0cd777b54bfa2e97877dec9f3f1e5b4a

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe.config

Filesize
11KB

MD5
cd4e494e258c7eb0585fe76ebe9e6233

SHA1
e93eb57e6c38e496fda92dbcb31021b34ae47cfe

SHA256
bf61730717f05b95c4f43d425b6d7d15deac39d53e28eb302e5723c7a9b7b0b2

SHA512
413b3727a71126e3f35551232607d95f8bd79342526c0144cbca929e6dd3e65aab56b2d1f37baafad53ea23dca4c55bdd363cd45d0c54792c3118726ea45c07c

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\liblz4.dll

Filesize
133KB

MD5
c19ad979210347af77e81f1143ed202d

SHA1
f98d00fe7568a70b8f9bf418ca9e61dc02a696f8

SHA256
77762787949dab142218c7b6848991ac04ddae42c0d24c0497e9a13209494f1f

SHA512
cc54cdbcde5124004719314d242b43b57ff89a329e6f52b3bd67fa19b56819aa79da115f732773adb6b0c18222b91ec71908773634ba452f80e9b5e17a37332e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\log4net.dll

Filesize
316KB

MD5
4181e0070f4d57ef36dfa1970ff79bcc

SHA1
5f74e8f9af08c73d40fe83615ec0b47f100ce6d0

SHA256
3ceb7c1ae8dfc9892cb671f98f775ebbc14a94f8c77bdf64cc232aa86d789b72

SHA512
88eafc0ed5c2de287d4df445616c3b93664add5a2a8a3d40eff35b179bd7ac9dd32cc98374b5f7e7cff84674e6be85166f4be60fac9ef7cdb4606611f7be9200

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\ucrtbased.dll

Filesize
1.6MB

MD5
0ecedcb3eb14eb6ce8194338bbcd3628

SHA1
05c2e0f4c368b12f467735a9256cff7275f47c95

SHA256
d2d54155de04a91248841e32ac0bb04b3753277f1e3fc896c43decae666233ef

SHA512
abd876e099cffbaa2d459e5a7ecdd495b526fe1addd5717405db922aeea080a92d2921dfea8ade9667bac431cacf67c0a1892d7e5f9e702b13537e173af12c50

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\x86\SQLite.Interop.dll

Filesize
824KB

MD5
5214d9ff559fc297c8e30f63def15fe7

SHA1
b69dc38127efd00e8155b6d3c1f5e0d31d834340

SHA256
a501a8c2c5c42d02064b220dee8d440b2f67fe66c352063f8142425c1fe82ca5

SHA512
b4b4798b70123b2e3d3745880a01b69f583cca86a0c5a41094d2bfa6838a3d45c895d26ccccb3368e62f95e644517d5b63c6d147ef5da932117b9b588848dad9

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\ActiveFeatures.zip

Filesize
405B

MD5
d4b692811f7918adb612a5db72899f62

SHA1
07c66331d70bb503e5c03e57389eadb3dd2ddb0e

SHA256
aae7fabccb79fb555d7866f2beacbdbb465fd6723515a44d1853a67e98daf91f

SHA512
122f7005b471d6507621b247218175d4cfcb640642b4919902b4a0ebc418c7cfaacf339631120c39f5ebb3e12a00385b701cfdfc886fec98ab5c01e26994a5bf

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\ActiveFeatures.zip

Filesize
405B

MD5
85d752c54aaa5d7443f44d921b77b3de

SHA1
b2a5826dc28cd1f3c14b9258a973f55d49ba99cc

SHA256
f8c70352f651d27dd8759070044ff19328b19b77d47b65eb394d797dcda4af9e

SHA512
0210edc0534a6a5b16bb1fbf9cffade6384a04b7b9d392a83afc4bc747405ac9e34dd1502e53d4b218973a798b748c7ec5927508e165c68536cff2e7f7f03653

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\AppSettings.txt

Filesize
332B

MD5
590fd86ad024f2b655deec8333e240a9

SHA1
f1946050248dd1aea834f139063ac8eb3e41677e

SHA256
7afe6a8c5bf14cace6e9bb2d40df2adb5f31325fc024f448138106cf7b63f7c1

SHA512
c19bf730552e548b6caaa27f5ff2c5b34d34ac9408b3b6e388361635ddfd4f619b9205fad76b9141f2804b8dd364cd843dcbabd4d9d7b7b712f320f6729d87ec

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\CData.txt

Filesize
209B

MD5
b2e693b0a56cb72b6e1a7f492a42e1b9

SHA1
8ba3534203771d2505d1f781d13e2a7d48c37473

SHA256
90ff84a75c1b4087b304c74702d39217fb4414bc43d1e7a04e64cac7e161329c

SHA512
5dab653d739be00c05272cc01e7731928d5fd1defe97121e918ca67811f7dd07fd556a7c9b8d1de1348720a629eb90527a64fe4728645d6176099d4c317a05e2

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\EData.txt

Filesize
207B

MD5
146fef56374bc2ec78d7f2aab4486b2b

SHA1
c1c7a4090ee3ba7fb78a78115217e51a76f7b467

SHA256
3ed1d8e15d7b05b9f7aef32681a12a1066f4157823394748b3dbbac320df287b

SHA512
423a5ebd37d307849b1661d796944d8b1793ca718b62fbb5942c7fffe1b1f85c4afdf8cd59eb9721614332c28c14e78abbaa325d0541d47724542457a1c4b590

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\FData.txt

Filesize
208B

MD5
dcc17445adbca39e82fc636157bab710

SHA1
4f27eee12e158c8782560e2f6a143f447798b2ab

SHA256
bc9e27211bc9253c8e4ea3f4f6519a0d9388fdf9cb4dd4e5454b1d7ab3362e6c

SHA512
5b960b92fea147ccb0814fd1290404bad85d685b28fac0401c12df30c481c3ebaa3158fa42cfa56daf6c404c1777f515b354a3d994a3302fb8fe7c1c680a10f9

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\FeatureActions.zip

Filesize
656B

MD5
e9c2fe04c7d95dea22a3848651768517

SHA1
77dc18bc576c1ec8bd015463fceca9578a315372

SHA256
5b14c023cb176a74bda9cc6788056d640ac6ec02b168c39cb73c98af21e64fe3

SHA512
876ffc6dc6f7275fb04bac14d00206cd918850178a28794b4a3ab613c9d8286ebe1b6328d5c4cbef6373a1d24244cbab961f1929be2837ed3d68fdbc64033b6f

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\FeatureActions.zip

Filesize
225B

MD5
c210f6b0e5448beb5a99ffcec2754b44

SHA1
4709d51768f5e45d12cd49f32f6ded03667f1eb4

SHA256
64b58e0c1156117d82fdd64d467b8b512ec693315a2b3c36aebba9213bc8bf90

SHA512
7c0ca1fbbccb4887582c6ede250788376b38054f3ce7acdbecb882281117185a2c5390f8f2036f1cf2e4f10cbf803509ba22c8ae162381e5a7d141f85537837c

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\Language.txt

Filesize
20B

MD5
3e682eb51baee9f27b0775287510ac6e

SHA1
0c62c14b2d05af414cdc225db43b60e79ec7b280

SHA256
05a960000c74ca2f31fac1800e5156e2e4d04a78873f005218aeeb8fbacbbff6

SHA512
885ffe4359bf0fd7793b304312c7c6c3e36e767490d0ee542be5b41a74e8c4a2567c4929bb0c4bf8021a3f07ed97cf05f3feac224b79bd76a0aac9f3b1bd3a06

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\Partner.txt

Filesize
59B

MD5
c0b924c4db7704e999e5ce2b629e60e4

SHA1
62ece7d9191cd889cbd8b2f6abfd4adfc9403ace

SHA256
5b772aff4f2923f93262868dd866256c8d4fda1fa13b8b71e1629831f5e78120

SHA512
59c271d90ff16900ee85c6509788254a24d5f55ce4e66dbefc6fd60f4cd2ad97e0bd0f5db0a114cd2dd61192c058471ce49468c2a415c1275101678096cd9085

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\ServicePartnerInfo.txt

Filesize
187B

MD5
f670fcdc8876cf94c947bb1906f56e4d

SHA1
acbdbad58294b3de19061bd4447ee044feb02b72

SHA256
97d8475baf1db7f3bfd5491cb15da94a07e92d60d4d75dea0f3790032d4842ca

SHA512
52cb22df3014260362b872af138ce715c5ead4560e7e7a2080cd2f55f82915a565c42a1ce2af22d3b14c5a63ae9cb075a979cb2c7598a014a55ceeb120f6807e

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\Statistics.txt

Filesize
56B

MD5
e3ad7c6098e00bcbfafadcae71590e46

SHA1
e8653cd7ae9a35335d02da46ad3ac8c35492382f

SHA256
0716c22420a65f05357473e8686bb30a4295c76187bdef053f21f9126e495b0c

SHA512
1b34b16e4db2db192a3191c14922b53e21f85eaa7349e029d2c19eb7b9b9ca817391f7d05027ea30344cf4b1b0c1b760bff1ec5a36eb294255dd1a7f759e0d51

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\WebProtectionConfig.txt

Filesize
308B

MD5
0cb1cc6ebd3113ffa4d08cb8e611b0c1

SHA1
c084178a890875d41c400e8950537e1f8a58a50f

SHA256
b578ec7cfe4cdf6690c83daa66b068fc585a8b35fc3a8722e29f2dc0fabb26e2

SHA512
c86f4c9a16249313e1a4e0561dc6241e931c5d382a830b64e3aa9d1447734716417bc2f08e4860edc0d2945cc5091170b90039194c90985395d33a36662fffec

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\statistic.db

Filesize
2KB

MD5
03eaa6388fe07c207143d545775e3f87

SHA1
d2091f2f3898a38ce705e7de73981c816e27474a

SHA256
5752a0666ccd8ea14271e3837e319d1e79488c31e352d4db46c6d331a6c73552

SHA512
07f830e0486b26f21f1f0edfaa16961aad37ccbf72917ee8b5b35f91b40331a578367b237ddaeb108a6c9fb77eef17f5ce5f318906349105c13704e15b31da01

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\statistic.db

Filesize
2KB

MD5
c5cb9bf00721cd706797b177881150fc

SHA1
1a2606b2158a2f856ceb3fbe213e1f4e8a0d8428

SHA256
099b67aa13ef4c2d0a76ef8244d81fdbaafeffc69c94de66b644688a3852e474

SHA512
ffecb2cf496a822698c26ba5a62b289c943b558960c6429f64107c9332443a58615060bb9d023d50e83ad8412a045c4e528296ca33f0865edb21377625c91dc4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\AlternateServices.bin

Filesize
6KB

MD5
1f82772de77add1b23b0d91249f1ebbb

SHA1
6991d57bddd4476ce38809388fd7762b55b8899d

SHA256
31c935a8fff2526878442ebfeb6c300a472bf951ef03822dfe4dacc8c56984f2

SHA512
d90534f17ab6c182d6bcb2330c3d3eec652a184dc357ab8dd975171d9c2cbdf848e23d70626509fe998babc15098ac7a592fad66a17dbd113fce0c8bda69e2aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\AlternateServices.bin

Filesize
6KB

MD5
da98d22c1dacb5cad87ebff926de7b13

SHA1
9762deff8168bfb6d6a52680aaab70a9127e87e5

SHA256
216c517a94892c561ecbf2b77b07e271bf7a573b137515728786f549019ca044

SHA512
330508d0e395833d6aa891634aa91fd477820fa4dc92b99dc7f4207d01e84a99a5ba706ee4b5406eeb350c915129c44c983392e51c5bd53fa6ac173fcfac7cbc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
f905de73f949c3bbc7b99c5a952700ed

SHA1
cdfa72f58f42201e5bf90fd6c672fe19420e0e88

SHA256
ec2b99693b034ba87a71311d56215983888fd61ca2603ef54df932dfdbc7cc98

SHA512
b99c2c425a3f4713a3f1ce18365ce4fe361d9c1519976978c95fef9a19aa220b5c0b3733ca5a0c38784967991ff8e7394a87c22986653b17715ede79baa45d86

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\52e4806f-6260-4650-a319-a445d89adeb8

Filesize
982B

MD5
01c4a3c0a272ffe95f01e2ae1b57be8a

SHA1
7ae5cab83659409adb1cd47810043c475f5810b8

SHA256
3a27e525521e4c795c42aeb81b0e2079635d52d46a6e37a6ed51804f8fbea4b5

SHA512
5dab13026101df7ec8350eb5b6b2b754db9e72ecbced63a653dce6e21ffa690b4893ad4b2eb73010e0c234fc49f23bb8510a81e1321ccd3b99d80685d5854f98

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\b4cf1b47-10dd-4cc3-8cc7-1958c6d70e51

Filesize
671B

MD5
49e4740652ab3b5878d69018ac85fb18

SHA1
359e593d8e08e57faff3feeb654e0b2f86d56673

SHA256
34b11c14b6382254980ee01975c09803168536b272f20b98caed97b95f12592c

SHA512
628d18d7b34b5eb1569d6a4080aeaae4279bd5c4ecc777785973f98b802e8f3a0b8d237cbabbf74e24f09b0eec3a23f8f2cfaaafec847b9a035a7f1152a46e27

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\dd171d16-e944-4358-a5ff-25d9526e1b6b

Filesize
26KB

MD5
a725014bfe3567b9385a62bc7fc8e68a

SHA1
1f2d722a275b2c01deda34c01c236d24778842d6

SHA256
06fc80ad075d2777ae12087d8658e424d4c89ad68e3e6e8fdd55c865b14c9dc4

SHA512
88f220b4e246b4facc2ecec9f28042c2c2bbf7d2cda22f8733633d50d302015bd42a71ff80e3b5216f49f15d516517baeb18a053c98a6b9f1edc466357f8f996

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs-1.js

Filesize
10KB

MD5
e18fe338bbdbc400aaa28f4a40b9b2ab

SHA1
6dbc5df888df35e5c233b8ff98ff6b53be3f1016

SHA256
4ab76fb9270769ed7f89cd522e0ab593f028f70ed1fe980de5808c326da7a5c6

SHA512
d9ba07c6222da4f8bb5e8e2918199443fddc172bf7ec74160d5e0cadc8889e699660fdfa6cccd4c5f227246386fc403a9dcfa399b2bc5c00d6c69c9897fc4265

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs.js

Filesize
10KB

MD5
7316597151925d46238514daed6d44ae

SHA1
6aed2a81119433d195ca88d58c7c3b6e00ff0b1a

SHA256
ab0200ce35418cb40f9914cd73832b297fec778930ba869ff3a4b9eefa80b582

SHA512
3c2d4e60c4692c0d487a4459b419f8bbdc2af5b2f41b3b8e2498e4b6c2d32aebf4c8961804bc9517bc6c334a474cbde1dcd1afc5c2096db706135b836427acd7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\storage\default\https+++www.googletagmanager.com^partitionKey=%28https%2Cwebcompanion.com%29\cache\morgue\246\{e0698492-dd39-4d12-823c-be4f679293f6}.final

Filesize
4KB

MD5
7fd116230491d5754c0b8b21d8aac3a4

SHA1
505c970507e1ee607f55221d72dd3c8d5c34a006

SHA256
c7e87cc66882a9f33a088046f6bccf88d71b3c746c737cd922845e4f964ddc3a

SHA512
2d782cac56b3691bb4189b85a4f2882ab30a5d23eb71e5db4aa04f27d19956cedc246213fcf66c333ce86cdd57a808a1cbebba54f885bc2e85b601d02a9c943c

Download Submit
memory/1056-583-0x000000006B600000-0x000000006B612000-memory.dmp

Filesize
72KB

Download
memory/1056-1380-0x00000000661C0000-0x00000000661E2000-memory.dmp

Filesize
136KB

Download
memory/1056-1284-0x000000000B380000-0x000000000B388000-memory.dmp

Filesize
32KB

Download
memory/1056-1254-0x00000000081D0000-0x00000000081DC000-memory.dmp

Filesize
48KB

Download
memory/1056-1253-0x0000000007FD0000-0x0000000008026000-memory.dmp

Filesize
344KB

Download
memory/3172-179-0x0000000006160000-0x000000000619C000-memory.dmp

Filesize
240KB

Download
memory/3172-329-0x00000000079F0000-0x0000000007A68000-memory.dmp

Filesize
480KB

Download
memory/3172-166-0x0000000005B00000-0x0000000005B26000-memory.dmp

Filesize
152KB

Download
memory/3172-176-0x0000000005CD0000-0x0000000005D18000-memory.dmp

Filesize
288KB

Download
memory/3172-150-0x0000000000B30000-0x0000000000E78000-memory.dmp

Filesize
3.3MB

Download
memory/3172-428-0x0000000007BD0000-0x0000000007BDC000-memory.dmp

Filesize
48KB

Download
memory/3172-158-0x0000000005A30000-0x0000000005A50000-memory.dmp

Filesize
128KB

Download
memory/3172-438-0x0000000008520000-0x0000000008596000-memory.dmp

Filesize
472KB

Download
memory/3172-440-0x00000000086E0000-0x00000000086FE000-memory.dmp

Filesize
120KB

Download
memory/3172-154-0x00000000056A0000-0x00000000056F0000-memory.dmp

Filesize
320KB

Download
memory/3172-172-0x0000000005C70000-0x0000000005C78000-memory.dmp

Filesize
32KB

Download
memory/3172-474-0x00000000091C0000-0x0000000009764000-memory.dmp

Filesize
5.6MB

Download
memory/3172-180-0x0000000006120000-0x0000000006141000-memory.dmp

Filesize
132KB

Download
memory/3172-196-0x0000000006930000-0x000000000699E000-memory.dmp

Filesize
440KB

Download
memory/3172-207-0x0000000006910000-0x0000000006922000-memory.dmp

Filesize
72KB

Download
memory/3172-208-0x000000006B600000-0x000000006B612000-memory.dmp

Filesize
72KB

Download
memory/3172-549-0x0000000008CE0000-0x0000000008D02000-memory.dmp

Filesize
136KB

Download
memory/3172-579-0x00000000661C0000-0x00000000661E2000-memory.dmp

Filesize
136KB

Download
memory/3172-387-0x0000000008420000-0x0000000008454000-memory.dmp

Filesize
208KB

Download
memory/3172-192-0x0000000006890000-0x00000000068B8000-memory.dmp

Filesize
160KB

Download
memory/3172-162-0x0000000005AB0000-0x0000000005ACE000-memory.dmp

Filesize
120KB

Download
memory/3172-184-0x0000000006810000-0x0000000006832000-memory.dmp

Filesize
136KB

Download
memory/4940-48-0x0000000007640000-0x00000000076A6000-memory.dmp

Filesize
408KB

Download
memory/4940-39-0x0000000005960000-0x00000000059AC000-memory.dmp

Filesize
304KB

Download
memory/4940-56-0x0000000009FE0000-0x0000000009FE8000-memory.dmp

Filesize
32KB

Download
memory/4940-45-0x0000000006B30000-0x0000000006B9E000-memory.dmp

Filesize
440KB

Download
memory/4940-46-0x0000000007090000-0x00000000070B0000-memory.dmp

Filesize
128KB

Download
memory/4940-47-0x00000000070B0000-0x0000000007404000-memory.dmp

Filesize
3.3MB

Download
memory/4940-58-0x000000000A040000-0x000000000A04E000-memory.dmp

Filesize
56KB

Download
memory/4940-60-0x00000000752D0000-0x0000000075A80000-memory.dmp

Filesize
7.7MB

Download
memory/4940-57-0x000000000A070000-0x000000000A0A8000-memory.dmp

Filesize
224KB

Download
memory/4940-38-0x0000000005920000-0x000000000595C000-memory.dmp

Filesize
240KB

Download
memory/4940-40-0x0000000005B60000-0x0000000005C6A000-memory.dmp

Filesize
1.0MB

Download
memory/4940-37-0x0000000005860000-0x0000000005872000-memory.dmp

Filesize
72KB

Download
memory/4940-145-0x00000000752D0000-0x0000000075A80000-memory.dmp

Filesize
7.7MB

Download
memory/4940-36-0x0000000005890000-0x00000000058E0000-memory.dmp

Filesize
320KB

Download
memory/4940-59-0x00000000752DE000-0x00000000752DF000-memory.dmp

Filesize
4KB

Download
memory/4940-52-0x0000000005B00000-0x0000000005B08000-memory.dmp

Filesize
32KB

Download
memory/4940-55-0x0000000009FD0000-0x0000000009FD8000-memory.dmp

Filesize
32KB

Download
memory/4940-35-0x0000000005E20000-0x0000000006438000-memory.dmp

Filesize
6.1MB

Download
memory/4940-53-0x0000000007C50000-0x0000000007CE2000-memory.dmp

Filesize
584KB

Download
memory/4940-65-0x000000000C600000-0x000000000C634000-memory.dmp

Filesize
208KB

Download
memory/4940-34-0x00000000752D0000-0x0000000075A80000-memory.dmp

Filesize
7.7MB

Download
memory/4940-33-0x0000000000E70000-0x0000000000EDE000-memory.dmp

Filesize
440KB

Download
memory/4940-54-0x00000000752D0000-0x0000000075A80000-memory.dmp

Filesize
7.7MB

Download
memory/4940-31-0x00000000752DE000-0x00000000752DF000-memory.dmp

Filesize
4KB

Download