Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

08751be484...2d.dll

windows7-x64

10

08751be484...2d.dll

windows10-2004-x64

10

0a9f79abd4...51.exe

windows7-x64

3

0a9f79abd4...51.exe

windows10-2004-x64

8

0di3x.exe

windows7-x64

10

0di3x.exe

windows10-2004-x64

10

2019-09-02...10.exe

windows7-x64

10

2019-09-02...10.exe

windows10-2004-x64

10

2c01b00772...eb.exe

windows7-x64

10

2c01b00772...eb.exe

windows10-2004-x64

8

31.exe

windows7-x64

10

31.exe

windows10-2004-x64

10

3DMark 11 ...on.exe

windows7-x64

3

3DMark 11 ...on.exe

windows10-2004-x64

8

42f9729255...61.exe

windows7-x64

10

42f9729255...61.exe

windows10-2004-x64

10

5da0116af4...18.exe

windows7-x64

10

5da0116af4...18.exe

windows10-2004-x64

10

69c56d12ed...6b.exe

windows7-x64

10

69c56d12ed...6b.exe

windows10-2004-x64

10

905d572f23...50.exe

windows7-x64

10

905d572f23...50.exe

windows10-2004-x64

10

948340be97...54.exe

windows7-x64

10

948340be97...54.exe

windows10-2004-x64

10

95560f1a46...f9.dll

windows7-x64

3

95560f1a46...f9.dll

windows10-2004-x64

8

Archive.zi...3e.exe

windows7-x64

8

Archive.zi...3e.exe

windows10-2004-x64

8

DiskIntern...en.exe

windows7-x64

3

DiskIntern...en.exe

windows10-2004-x64

3

ForceOp 2....ce.exe

windows7-x64

7

ForceOp 2....ce.exe

windows10-2004-x64

8

Resubmissions

01/03/2025, 18:58

250301-xmhhrayp15 10

01/03/2025, 18:55

250301-xkqrcaypx7 10

Analysis

  • max time kernel
    896s
  • max time network
    887s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250207-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250207-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/02/2025, 19:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Archive.zip__ccacaxs2tbz2t6ob3e.exe

  • Size

    430KB

  • MD5

    a3cab1a43ff58b41f61f8ea32319386b

  • SHA1

    94689e1a9e1503f1082b23e6d5984d4587f3b9ec

  • SHA256

    005d3b2b78fa134092a43e53112e5c8518f14cf66e57e6a3cc723219120baba6

  • SHA512

    8f084a866c608833c3bf95b528927d9c05e8d4afcd8a52c3434d45c8ba8220c25d2f09e00aade708bbbc83b4edea60baf826750c529e8e9e05b1242c56d0198d

  • SSDEEP

    6144:vU9Q9tD5WuDQa4t3BMgLkzvCOnYxcEaSAOPou8BWinO8DR:8Q9tD5WyQlBBVAnYxRhr8DR

Score
8/10
discoveryexecutionpersistenceprivilege_escalationspywarestealer

Malware Config

Signatures

  • Creates new service(s) 2 TTPs
    persistenceexecution
  • Downloads MZ/PE file 3 IoCs
  • Drops file in Drivers directory 3 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 8 IoCs
  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops desktop.ini file(s) 2 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory 6 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 9 IoCs
  • Launches sc.exe 6 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 18 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 46 IoCs
  • Modifies registry class 1 IoCs
  • Modifies system certificate store 2 TTPs 5 IoCs
    defense_evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 15 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 17 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Archive.zip__ccacaxs2tbz2t6ob3e.exe
    "C:\Users\Admin\AppData\Local\Temp\Archive.zip__ccacaxs2tbz2t6ob3e.exe"
    1⤵
    • Downloads MZ/PE file
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:540
    • C:\Users\Admin\AppData\Local\Temp\A6B.tmp.exe
      C:\Users\Admin\AppData\Local\Temp\A6B.tmp.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:4532
    • C:\Users\Admin\AppData\Local\Temp\Temp\WCInstaller.exe
      C:\Users\Admin\AppData\Local\Temp\Temp\WCInstaller.exe --silent --partner=AE190201 --homepage=11 --search=7 --campaign=292
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2128
      • C:\Users\Admin\AppData\Local\Temp\7zS0585FFAD\WebCompanionInstaller.exe
        .\WebCompanionInstaller.exe --partner=AE190201 --campaign=292 --version=8.9.0.1201 --silent --partner=AE190201 --homepage=11 --search=7 --campaign=292
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • Modifies system certificate store
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2524
        • C:\Windows\SysWOW64\sc.exe
          "sc.exe" Create "WCAssistantService" binPath= "C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe" DisplayName= "WC Assistant" start= auto
          4⤵
          • Launches sc.exe
          • System Location Discovery: System Language Discovery
          PID:3972
        • C:\Windows\SysWOW64\sc.exe
          "sc.exe" failure WCAssistantService reset= 30 actions= restart/60000
          4⤵
          • Launches sc.exe
          • System Location Discovery: System Language Discovery
          PID:4056
        • C:\Windows\SysWOW64\sc.exe
          "sc.exe" description "WCAssistantService" "Ad-Aware Web Companion Internet security service"
          4⤵
          • Launches sc.exe
          • System Location Discovery: System Language Discovery
          PID:2088
        • C:\Windows\system32\RunDLL32.Exe
          "C:\Windows\sysnative\RunDLL32.Exe" syssetup,SetupInfObjectInstallAction BootInstall 128 C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\bddci.inf
          4⤵
          • Drops file in Drivers directory
          • Adds Run key to start application
          • Suspicious use of WriteProcessMemory
          PID:1652
          • C:\Windows\system32\runonce.exe
            "C:\Windows\system32\runonce.exe" -r
            5⤵
            • Checks processor information in registry
            • Suspicious use of WriteProcessMemory
            PID:764
            • C:\Windows\System32\grpconv.exe
              "C:\Windows\System32\grpconv.exe" -o
              6⤵
                PID:4424
          • C:\Windows\system32\net.exe
            "C:\Windows\sysnative\net.exe" start bddci
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:4488
            • C:\Windows\system32\net1.exe
              C:\Windows\system32\net1 start bddci
              5⤵
                PID:2904
            • C:\Windows\SysWOW64\sc.exe
              "sc.exe" Create "DCIService" binPath= "C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe" DisplayName= "DCIService" start= auto
              4⤵
              • Launches sc.exe
              • System Location Discovery: System Language Discovery
              PID:404
            • C:\Windows\SysWOW64\sc.exe
              "sc.exe" description "DCIService" "Webprotection Bridge service"
              4⤵
              • Launches sc.exe
              • System Location Discovery: System Language Discovery
              PID:4532
            • C:\Windows\SysWOW64\cmd.exe
              "C:\Windows\System32\cmd.exe" /C "C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\bridge_start.cmd"
              4⤵
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:3184
              • C:\Windows\SysWOW64\sc.exe
                sc start DCIService
                5⤵
                • Launches sc.exe
                • System Location Discovery: System Language Discovery
                PID:5016
            • C:\Windows\SysWOW64\cmd.exe
              "C:\Windows\System32\cmd.exe" /C netsh http add urlacl url=http://+:9007/ user=Everyone
              4⤵
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:4876
              • C:\Windows\SysWOW64\netsh.exe
                netsh http add urlacl url=http://+:9007/ user=Everyone
                5⤵
                • Event Triggered Execution: Netsh Helper DLL
                • System Location Discovery: System Language Discovery
                PID:3804
            • C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
              "C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe" --silent --install --geo=
              4⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Adds Run key to start application
              • Drops file in Windows directory
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              PID:4276
            • C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
              "C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe" --silent --afterinstall
              4⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Drops desktop.ini file(s)
              • Drops file in Windows directory
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SendNotifyMessage
              • Suspicious use of WriteProcessMemory
              PID:3828
              • C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
                "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\yvwqn9qt.cmdline"
                5⤵
                • System Location Discovery: System Language Discovery
                • Suspicious use of WriteProcessMemory
                PID:3160
                • C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
                  C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2362.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC2361.tmp"
                  6⤵
                  • System Location Discovery: System Language Discovery
                  PID:2008
              • C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Search.exe
                "C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Search.exe" --searchConfigPath="C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\SearchMetadata.txt" --eventConfigPath="C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\EventMetadata.txt"
                5⤵
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:4524
      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTY4NzY0RTktOEFGMy00RDAzLTgyN0MtRjcwQ0ZBOTQyNEZEfSIgdXNlcmlkPSJ7NkQ2RTA0MjEtRjVERS00QUYwLTlBQTYtRkExQzBENjNDQzE2fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NTA5RkUzQUMtODFDQi00NkE5LUI5MjUtOEY5RUFENzYzM0U4fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI2IiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDU5MjEiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxODE5ODA3NzAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0OTMyNjY4OTY3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
        1⤵
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Internet Connection Discovery
        PID:2072
      • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe
        "C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe"
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:1980
      • C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
        "C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe"
        1⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1220
        • C:\Windows\System32\cmd.exe
          "C:\Windows\System32\cmd.exe" /C netsh http add urlacl url=http://+:9007/ user=Everyone
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:756
          • C:\Windows\system32\netsh.exe
            netsh http add urlacl url=http://+:9007/ user=Everyone
            3⤵
            • Event Triggered Execution: Netsh Helper DLL
            PID:4764
      • C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
        C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
        1⤵
          PID:2296

        Network

        MITRE ATT&CK Enterprise v15

        Reconnaissance

        Resource Development

        Initial Access

        Execution

        System Services

        1
        T1569

        Service Execution

        1
        T1569.002

        Persistence

        Boot or Logon Autostart Execution

        1
        T1547

        Registry Run Keys / Startup Folder

        1
        T1547.001

        Create or Modify System Process

        1
        T1543

        Windows Service

        1
        T1543.003

        Event Triggered Execution

        1
        T1546

        Netsh Helper DLL

        1
        T1546.007

        Privilege Escalation

        Boot or Logon Autostart Execution

        1
        T1547

        Registry Run Keys / Startup Folder

        1
        T1547.001

        Create or Modify System Process

        1
        T1543

        Windows Service

        1
        T1543.003

        Event Triggered Execution

        1
        T1546

        Netsh Helper DLL

        1
        T1546.007

        Defense Evasion

        Modify Registry

        2
        T1112

        Subvert Trust Controls

        1
        T1553

        Install Root Certificate

        1
        T1553.004

        Credential Access

        Credentials from Password Stores

        1
        T1555

        Credentials from Web Browsers

        1
        T1555.003

        Unsecured Credentials

        1
        T1552

        Credentials In Files

        1
        T1552.001

        Discovery

        Query Registry

        3
        T1012

        System Information Discovery

        3
        T1082

        System Location Discovery

        1
        T1614

        System Language Discovery

        1
        T1614.001

        System Network Configuration Discovery

        1
        T1016

        Internet Connection Discovery

        1
        T1016.001

        Lateral Movement

        Collection

        Data from Local System

        1
        T1005

        Command and Control

        Web Service

        1
        T1102

        Exfiltration

        Impact

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\PROGRA~2\Lavasoft\WEBCOM~1\Service\x64\bddci.sys
          Filesize

          781KB

          MD5

          2a241af18d9f0466aff6cd77c1561f9b

          SHA1

          2c6bfc8e583ed026fdf9ec01265d99e22d39305a

          SHA256

          528804013487cdb1da617e512d1de68060602887bcc8a7822bdb1346a2995ffd

          SHA512

          6779667bb57c87fdbf4dee57682e7851b5ad5bea39deb09fcb596ae48eb571317749ff59e825f91bd57527dab7477deac5b24bdbd86471844fad36876c08dd28

          Download Submit

        • C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
          Filesize

          8.8MB

          MD5

          33fe4870dffa70f707f0e8ba8f1ca415

          SHA1

          779189a3501aafcf1801bd392aab0d2730ac81d1

          SHA256

          3f5cc7f3c39e73d8c758e8e39891984de2664de9051fb56f654e72850dc8a50b

          SHA512

          9c6497fb5bb0da0481e6d6a50951a182a7a6a38b35ac31fae28a41c721f510cbbb15b94e9e3d970c882a6ded1d94c64b2e638ee18084662c5bab4c32de0d212d

          Download Submit

        • C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe.config
          Filesize

          18KB

          MD5

          b268ad3c2643d55cc89d460e7f7787f0

          SHA1

          634ca884ef19b4e55eeb9d8dbca74786ad609f23

          SHA256

          977d8ae0a472b9f745651fd22a16130f59c84188f50eb58e977082f187457c2b

          SHA512

          7fba51c95103455db78713bbb7dbaf4324d3937b5525b38b141fc4d3f24d9573b1b28bea2a151c50a752716726365b31ddce8ef42bc46df4e36294c2649d9180

          Download Submit

        • C:\Program Files (x86)\Lavasoft\Web Companion\Application\log4net.dll
          Filesize

          316KB

          MD5

          8803556da0150591f8b326b9ba1be4cb

          SHA1

          62052c002e290630dc3ed63ce390ccdbd9f77c6e

          SHA256

          5ac940cee14650b1d490ac12826034c11ec09d17ba98586c8f83cf029006c835

          SHA512

          1b80f5e2c5e1818dc4b1467016f8e27cd7373b9949cde8e8a0d6bd94f67745c80f1c8ee11e39ec68137445736fe7449eb9dac5bbc8064ec12165d8db1adf5191

          Download Submit

        • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe
          Filesize

          3.3MB

          MD5

          3827ca1c0ec114a29bb576bef431f070

          SHA1

          1189dd380f160046de9f5f2f1d74459958f31a4b

          SHA256

          dd45886108aa85350feaa6d9fcc6c922b0874dfa18bbfe23111cc8edcb37fcb1

          SHA512

          480b6a1fc02fdec7fc2316f01b239bce98a6d8152770d329ddc4bfb37e2e00a7987a702900523ccc0380caabbee38a404683dbb20fe9c9b9456083559afb8218

          Download Submit

        • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\MSVCP140.dll
          Filesize

          576KB

          MD5

          e74caf5d94aa08d046a44ed6ed84a3c5

          SHA1

          ed9f696fa0902a7c16b257da9b22fb605b72b12e

          SHA256

          3dedef76c87db736c005d06a8e0d084204b836af361a6bd2ee4651d9c45675e8

          SHA512

          d3128587bc8d62e4d53f8b5f95eb687bc117a6d5678c08dc6b59b72ea9178a7fd6ae8faa9094d21977c406739d6c38a440134c1c1f6f9a44809e80d162723254

          Download Submit

        • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\bddci.inf
          Filesize

          4KB

          MD5

          e8b58a307f96dc9ce1eb2729f86e13b0

          SHA1

          5cee60f070930dc971e4d35d48e30364f623aad2

          SHA256

          2c9a7118ef74c3b168663c8ec6f3a7b27653896e193129ed0bc5e9aa55a0afbb

          SHA512

          7cd9fe7bcc8c8ec1466acc1adc7ab8c9ab6bdaf7c7c27dcc6c0cb43bab741f2519a88647ce43f74d7e9caf4ae39ae172dc639ed1b2027b9e8f15f35353613d91

          Download Submit

        • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\bddci_core.dll
          Filesize

          1.5MB

          MD5

          13efc649989e224c8346c52ae3cc9a93

          SHA1

          bf907fee6fce0745601219f3faa89bc2c08434b0

          SHA256

          f994e407e9f78d521f335f25b7a4217fdcc4a5e6dc050fdf90d7870fda1e0ef7

          SHA512

          7c6f65858e3803ab9abe075c2e257e322594b875bd6001be5a6c6bde0ab271844ccd7f869394666a2ce9b535abb46e0332697d2c19836f886241881a60697ce0

          Download Submit

        • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\bddcihttp.dll
          Filesize

          2.6MB

          MD5

          53f6774df73cc44d29f354aecbdef948

          SHA1

          894158c553f39f8000c858c84ad772714e215d75

          SHA256

          d1130318e699b81f1918f468a8b49c9be7b8b4293c1078da4a17dac6ad999ec6

          SHA512

          5151804071c371fe2458c2fc67441441b01602a529582bed48b0e0226e051f933981dce1f84e3ac0f2ebe608b463fe1e9c226d058edd3bf6c5b35be9e8a9e234

          Download Submit

        • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\bittorrent.dll
          Filesize

          106KB

          MD5

          74d7799c00c804296c0f1b99324b513f

          SHA1

          527380e0e44c9fd8ca5f73d103e8e9f56eb13142

          SHA256

          66c0b9d01afab9db8f87164c747dc6bdd05ffae25092ab4627a8a47857118ab0

          SHA512

          3140d32d4199cc246fddb292400ec31bcc098e18349d9991828fc1462f7cd6aa3a0666037e569511b37b1cb6baf34c94be2fdc70a9685125a72fdd44e427cdac

          Download Submit

        • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\bridge_start.cmd
          Filesize

          49B

          MD5

          95e8c6cd0a911f1ab4969c06b8cf77a2

          SHA1

          be1b1f8abd0420f59ecab7bcf8120cdc2ce34195

          SHA256

          de795f6d8591577054813bee79e7c5b4ee13360039d29aa73971c6b985d26ebd

          SHA512

          e5eefaf761be7bf3cea207e22e98398093fa0a9d3b459af7df22bfbf07755816737a7b8b261acf01aec8b10b5d8f0d90132a4ecdd83c242b2cde883039fac1ff

          Download Submit

        • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\ftp.dll
          Filesize

          121KB

          MD5

          b7c081f03a50c391f5b22a0ee16b8a1e

          SHA1

          2fa63728dddb2e25f69adf0e02cbd75d053a9965

          SHA256

          42ccb6c597d0952042c3d3fdc0027634c3e9d118706a286277a32a7f6af6bd30

          SHA512

          8590e537d7df9523f934cd4bb18c7515d89e74fc8b3e8e35ce70b368c9a99659bf59dedb020fb470cf8577248f607ed271d52107015cdffc8a0a9f7e8ac2880b

          Download Submit

        • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\http.dll
          Filesize

          189KB

          MD5

          c0d7a16ba0340ffaeadedb5fd82f6984

          SHA1

          63ac374a7322e4ecb9b8fed7e67ffcf01b71fc75

          SHA256

          e07a6f752e45e3240c95cbb890b22a154b1cca571c17fb57f11ef0b86108a7bb

          SHA512

          3e50f009b7a43d2fb58f28f0eaab4555d9fc68ed72af970f6a6bd875dab30b5ad32300e95ac570ddf0d925499e709457ea8757033580493f4bbae14a20d06c42

          Download Submit

        • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\lsa.dll
          Filesize

          106KB

          MD5

          f89b978400b6c035f975efc6ab7303a8

          SHA1

          173f9f2bc814b19870c7b98057c948b0292340f9

          SHA256

          ca621b67c0aa1fe669c99abc0ee1a52807321f5be4092bad7c49d4291c194b7c

          SHA512

          d0fc9d302ee3b8be6c65ccb2a2d387a1a914ed9a453ce0cad6734f2c9d59a0ea8694e39b81382ee7b6f6c61b96db81f7ad1c227727b65a5a61c0471a35c39e33

          Download Submit

        • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\pop3.dll
          Filesize

          108KB

          MD5

          4617113b1fa666e743f899d3781483d8

          SHA1

          0a1dadb7051c5a5ed9d108f78f83ac2b21419a84

          SHA256

          30af0cec58983ef5ccf2b30f074faad6ac348cd5fc88461c0b06977839a2c651

          SHA512

          92d0cd9e51de702a04bc2948e2966219b16c1bef93dadddccf801c58c2da1dd22ac5b9651583868957098959beeca2cfdd7465edece1120e364935ff65184675

          Download Submit

        • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\rpc.dll
          Filesize

          107KB

          MD5

          fd8770a4368acd38c18ccb0298dcf587

          SHA1

          867772d872b84988bd7e9ea2271e470dd443874e

          SHA256

          e039a7e9bdecaf697bd73a47da557e5582fbffacc53f9a185790299156c85584

          SHA512

          e1123fa8cf304d082324cfaa5534ea34103226242cef1d6e1640bd2b343d19ae3bcec2302c3a6167c57f8196415190d86050fb55e2e6ba0d90aef189d5ca18c7

          Download Submit

        • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\sav.dll
          Filesize

          726KB

          MD5

          47b40a1348a6eda7087a6241858ef9e1

          SHA1

          ca8ce0ba789baafc75b593fd8a98d4cf8afa4956

          SHA256

          cd83b1612c2823488ea267e88fe91a2aedf6b278bafdd39ff673bed3add39d6b

          SHA512

          dd43a1a08e0dd9386c0c4aa47c2e1a71a6ccd07dec1d70129c43845c5c32ec038efb617bec35320a467bbac77bad6abefd176c747b2a9113190d3e98d1b50130

          Download Submit

        • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\smb.dll
          Filesize

          192KB

          MD5

          b4a0352a49d7661e64693765707a0a1a

          SHA1

          888f7e14cc08ef0ff4f6557bc8ec3a4ac36d18f3

          SHA256

          4295bbc2ce2ccb68b17df07b2364ef90b3bb802fc2f44c710b13c1477f424caa

          SHA512

          8647121a5cfc25fb7ff46308cebe3c261927bac40d2fafe89c01945346993e31ff6b0369e2a686f9f4a16cc61b74c887ed670f30a1a21252e04cd1ba781bb712

          Download Submit

        • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\smtp.dll
          Filesize

          121KB

          MD5

          2b8265dfa5b53b61e875f7a83dde8680

          SHA1

          fa3c87c02750700ac0d20d21b88a90b8122be8e1

          SHA256

          748bac0cddaa20c4967f6f495db6b58f88fb675790c2039e211e42468afbe2eb

          SHA512

          9011bc9b204db910f7a06f89928986f03df234df39309b183b3fe226677eb0c435f0b8c3efaad9689a5fa44bee034ec99b7af2c6fc3a2056bc0a4c0d4d9d5de2

          Download Submit

        • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\ssl.dll
          Filesize

          178KB

          MD5

          9592f5912b31b62193656497e67a2d9b

          SHA1

          b8a92656880a7016edcba43b1e206d83fe3847e0

          SHA256

          5978dd53996bc3856d01010e4ddc41215dc9d7fe046961feabec419972ce94bd

          SHA512

          ffab48be1db5cc30f61d88b3bc02e2ea30c8dcd44bfe9bed786bb7cd699dac8c456c1d390925c9a9ff2994a54cf98eee0e76984eba318792ec9838db1954b98d

          Download Submit

        • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\vcruntime140.dll
          Filesize

          99KB

          MD5

          8697c106593e93c11adc34faa483c4a0

          SHA1

          cd080c51a97aa288ce6394d6c029c06ccb783790

          SHA256

          ff43e813785ee948a937b642b03050bb4b1c6a5e23049646b891a66f65d4c833

          SHA512

          724bbed7ce6f7506e5d0b43399fb3861dda6457a2ad2fafe734f8921c9a4393b480cdd8a435dbdbd188b90236cb98583d5d005e24fa80b5a0622a6322e6f3987

          Download Submit

        • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\vcruntime140_1.dll
          Filesize

          43KB

          MD5

          21ae0d0cfe9ab13f266ad7cd683296be

          SHA1

          f13878738f2932c56e07aa3c6325e4e19d64ae9f

          SHA256

          7b8f70dd3bdae110e61823d1ca6fd8955a5617119f5405cdd6b14cad3656dfc7

          SHA512

          6b2c7ce0fe32faffb68510bf8ae1b61af79b2d8a2d1b633ceba3a8e6a668a4f5179bb836c550ecac495b0fc413df5fe706cd6f42e93eb082a6c68e770339a77c

          Download Submit

        • C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log
          Filesize

          4KB

          MD5

          c66c712855430714282159dde7e72be5

          SHA1

          c34d0cc8ce1ddb7d4b847aaab508fff7c19adbf1

          SHA256

          abcb4db723f6d7b39eb295797eb9e5e298a8c23ecd88b552deb5f61d3fee674c

          SHA512

          055ac2154525758af69dc823b4634e528605305f0ae85368e06f2ec71a5d1bb3d1760a3acebdc796696bc9e45a6d6681135d063b4c8aaae6eebf720a94deb5bc

          Download Submit

        • C:\ProgramData\Lavasoft\Web Companion\Options\ActiveFeatures.zip.tmp
          Filesize

          17KB

          MD5

          80e1acb2c9fd443f4298bce8af7ccc25

          SHA1

          0caed9af7e3e11395246eb697b35532c6d752013

          SHA256

          8fdb29858290d88f953e7eabbbbf6ef7362a54fc50108e9b148cdadc35ed3ac3

          SHA512

          cb89672e2f7b5a596a9d1eb9df1a405c763e24a65d2c5def0ecf9671c5f22b207a48aa44c7e06179b93ecb564df4ed0f5edd26873e47985d99939bcbe034502d

          Download Submit

        • C:\ProgramData\Lavasoft\Web Companion\Options\ServicePartnerInfo.txt
          Filesize

          187B

          MD5

          7da9b70272be5367bd3497a858d99d55

          SHA1

          eb1e5bf59c9d41430d9d0df90afce3332cb17250

          SHA256

          a0ac3a110d15dfe4250bb6cbec15cc57de8f2c3aa2de6701e1d6ad9021239164

          SHA512

          771ad854ff380b84c98cfb30770cfc2fa9f35020c7e588e090a0cb577dbedcda72c4a841d0aac2e0fc71d11624db50dd72a45bd1959c9b7a193ea86d91338d16

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF
          Filesize

          812B

          MD5

          113834e9af5e0ef8cb14306d25bbb5f1

          SHA1

          c1359fd5220f3fce5ac6030244bf1fe8ff4cdae9

          SHA256

          4f91d3ca4ccda6a25c0377f7b1ab882c4ccf21f18831511cebea93c17b350499

          SHA512

          2522c1880a31c549f810f847bc34d506907c219dbd088f60fd21e1a91db523a1234728140415b7ca3896e70bec7055e15e280c85f010366d83c20e28eebe2618

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43D
          Filesize

          1KB

          MD5

          7a524d4f6bf0253c0ae4d1ee6601d249

          SHA1

          e91a44669873eaf2bcaff6a600e96ef217229cbf

          SHA256

          cf556d3b0db36a426409bfd222f5f322a6c783de74300e626c1e3e6917fcaf60

          SHA512

          930846972644f4f617d8cd4d2c97468b411776fd3ee47bfd9ab94e00e1ad6b19191997789c47f67f49cedc24bd24520b3f11e77fe7fc7eab0e06eb75b885e0a5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AF360AACB1570042DEFBC833317997D0_DF48483754A6AE209A217FF51855DB26
          Filesize

          806B

          MD5

          9af3b7ca0d360446579eb4cbcdac9d58

          SHA1

          7cdb55070fb52d6dbb599bba82678cb3f5143080

          SHA256

          8b0f7c96d8e70cbb99474888bb4042f1a6bc1867a40081d0092e6e183c7b3a5f

          SHA512

          ebf391bf4994f6ee218cecdb7ef3dac8692ab042eedbc99b5ec6f0f4d3115b1b115b0845ef6e353f228c7764a57a6e9704dc644e4546d2d68a515c2dfe192405

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF
          Filesize

          540B

          MD5

          183da1c688d53dc07a50a0ae16682ddb

          SHA1

          75eab05374ab5bd07d12e77ba13486b33f4e500b

          SHA256

          06fa438e89350b2f4de4e9469f089fd0ad21c96567dfa6b7e3137a6bdc3d70b8

          SHA512

          19aab58e9f5d325a344bc4ae48ea6c34026e35c5d1c2dcb0c17c7ba674a8c5c45090564d1369d0656c48a36b676e7424149b5aee033a665ca754c9e1fdb5a032

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43D
          Filesize

          528B

          MD5

          6ded4f6c05dba4931f7dcabc6f18a90f

          SHA1

          e2ea3f1e9154c6a56205409838039794254e1649

          SHA256

          1dac70a36cedcd180978798a34bb0c43e8f467219188c8bda4d70f1155a8b4ca

          SHA512

          d37be06e5d5af3eed82aa982235f43681be6db13e38b9a0aa9a54a5bc0e40e124cecce233dfc890e8f4c003107fec30bfc4c0252ed8732a4342e70ab84419876

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF360AACB1570042DEFBC833317997D0_DF48483754A6AE209A217FF51855DB26
          Filesize

          540B

          MD5

          914698740ef04f0aa2f77ec010f40246

          SHA1

          6629b2fab5b3236262199284275d64033227573e

          SHA256

          495279ef0459a46062a9b4ca31feafba3341f8feb81d15f86e5446396684bb14

          SHA512

          3d1f72bb7c5e13c7a2c6389b5b9b51791523c56e8d5127072d6a6da2f356fe8bfbc4ba1f2dc533986a0a16056050ba8107ba4015876851fe5326e28d74882312

          Download Submit

        • C:\Users\Admin\AppData\Local\Lavasoft\Search\Logs\search.log
          Filesize

          4KB

          MD5

          f69c1c11f5f88427dd35033b7cc74b9e

          SHA1

          c0cfc522c308be9a9c09a9d4ff5d98d1176863e0

          SHA256

          a1322f94799f3ee1c3f7e697dfc669f0835ef5ef88bb1bde530313673167ff84

          SHA512

          b1480d4922688fa2759f4604afda003c517ef2ff2b89dc0b836d2e960dbf971698cd79ee18fcb117975b4f9d156a2df902d9cfc7901edf85540bb7c4f40ef179

          Download Submit

        • C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.1201\b5zq8b9x.newcfg
          Filesize

          2KB

          MD5

          6c15347458c318ed60377c88eb2db718

          SHA1

          c1a02db2eadb19e4ff489818037f56626b599a88

          SHA256

          ae3e90cf9a2b00d7510cc83fb4f1d8a4810af13eefe7556240e749e5a849f5da

          SHA512

          df679c8d98da443c756caad864f8499e92591a3a6503f2cb6c97b20c63c9e228692736de12fff1100f5d26fb1076c89897fa235a55926b5c5c402e2a3eadff84

          Download Submit

        • C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.1201\bird0mzg.newcfg
          Filesize

          2KB

          MD5

          f0872e1ce6ba3ab5fc6738a8119bdde6

          SHA1

          0b47ac39f7aa40318eeb94295b6674d0e4871649

          SHA256

          c44fbf5c231c32b63719d924863faaec8154d192d9dc18a4731d78e629c3b069

          SHA512

          8ef5a5a3fcbcdcdd41fc91572ce5e6c71d13e5e2819fa9a267d017244bfdc17647dfad6732d1018b499050c4eeb820d324a8583678a2faa851bd6660554916b4

          Download Submit

        • C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.1201\cidrd2gy.newcfg
          Filesize

          4KB

          MD5

          aab0c119227de8368044033bc445177d

          SHA1

          5f67c1651c6d27d45c349af3a61c60b01a1dbbfd

          SHA256

          5e6fefaf7263a414f97bc7e5de2d14bcb7258c49327c87df8db2c4ec39c6b4a0

          SHA512

          fdfb5afcd8a69507bedf5a4f8f1eca8fd60e5374beb89f68e92939517d5a7083f1b680d34cc615207201bca50d46f3535e8852cbee358ee424845a52fced6e60

          Download Submit

        • C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.1201\fnvdhr9i.newcfg
          Filesize

          2KB

          MD5

          0f52567ff36ee6655a32219f21b54887

          SHA1

          4fb341e09eaf176bc4e2d97f37a9de5d0c30872e

          SHA256

          89deccb3a952f09d39de0a9644cf37fd83afdb4ab97b52d9e0a9935f8a6ed152

          SHA512

          c44616767f441448cb32e40c3ae9c0f7836a726989424fa9d37c0f40af8779d8bb0f035b6763e7280063c3baa500dac59a3edf002195960cb85f53c2c9aa8c48

          Download Submit

        • C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.1201\hmkdgnuk.newcfg
          Filesize

          3KB

          MD5

          701429703fd39622274914c78899f999

          SHA1

          17066be3744a2cd3cccfe75f6ded8b33d24d6127

          SHA256

          06573f2e1de927504c2f8f384686b1490eb7e0f40ab13849ac703e295c88fedd

          SHA512

          023f03b0676d86c6befd1191a3577bcd522ee2e910e1b08559008ef3323f46e80bb34ce231aaed31cf63d669050d1802cdbb6bd1cc4c83fbaaaf73ffbe1eb98a

          Download Submit

        • C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.1201\hungz20w.newcfg
          Filesize

          1KB

          MD5

          e4308a22084be6f951aa99648cdbe1c2

          SHA1

          dbef8d6b73e101397816c3ade09d4f156987a53b

          SHA256

          f96bacba602816427d078505dea2b0423bd391313950e8b60258471d7372b446

          SHA512

          8d1aa1380a5623d247fea0d8e0178cc1dbb61141c7dc45c095930a420a904efbf7f80f3febb5411cb8a152ee12e5e667f6466cf33de58dcdf89e0199fd959867

          Download Submit

        • C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.1201\insmwfnc.newcfg
          Filesize

          4KB

          MD5

          0b4bcde362623f01e5066137981dd42a

          SHA1

          b95b1c8db19a840deba4ffac5b4a15ab0097a720

          SHA256

          5e77e5f345ee2a1547373634514e6dcdc3412de2fb7c965241d3d53926f8ae59

          SHA512

          cde4db7feb77ccbbd888f58c1dc3a48f5241aeee0c6300a8fb5174f764d8c0e04ccbf1a96f9bdd4ec73f330bb6811bb2654b508aa94ac4892ec4cf2cbc88fc89

          Download Submit

        • C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.1201\kdinjwnj.newcfg
          Filesize

          4KB

          MD5

          00de8ce8cf38d1a3686f29bb2f04472a

          SHA1

          88977599bab00d4d7c7b613185c2a338d52f2eba

          SHA256

          b9ad70cce6db66e12fc86b03a779f8d6c49e28e5f9b81b2d52c6a7a217c5ce19

          SHA512

          5ec878bb6cb3c7986b4e651c0ddc00c44cc264c6e721718db143ec5d068936465b826d64fc1d691968d8e01dfa434da5dbb17952a5ec69b181c8efff020c9b21

          Download Submit

        • C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.1201\mkstlf2a.newcfg
          Filesize

          3KB

          MD5

          efa55daacb21b6d8795aea23494c014d

          SHA1

          2642d417c00ddcbc284b9ada9e93b75c555678de

          SHA256

          128e36c8097091258b35f7cfa676e8d7bc1d0b8cd9df4a1f74e60118672067ed

          SHA512

          2bf55079694955aa28bedef9406008427986fb6d2a7615dd830102a6765f77329f5be6a17e934a7aecb517507e6e44581cb4620beb4acb6e8df972f3fb91b599

          Download Submit

        • C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.1201\rnjm7fqt.newcfg
          Filesize

          2KB

          MD5

          5e85fee8a49268aa0e67218a60f813c3

          SHA1

          8bb23e6bad533d2970e28a315832f63d18d40b3b

          SHA256

          5c864a6531f5fc6a8d30477897786f6b1c7c7f530e3afafb25d5669dbfcf1c48

          SHA512

          3ee1029154ef44a29dfab09b068624507ba403c8f45d0bdbb907df697e4c4cbdaa96c3a0826414dbb266e61c464f4ebf1b30a05a0beb8fe0c402226afb3cc162

          Download Submit

        • C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.1201\svfx_6wh.newcfg
          Filesize

          2KB

          MD5

          d46c59d50e542dd597ca2976e34e89a8

          SHA1

          e6f8cea7b1e1064eeb1b6c6641ce563dc0896231

          SHA256

          616076e7cabb11a1f10fe2c306b16508ab5a1b995f989ba1e75378316eda3f15

          SHA512

          3fd40dc7362eee325a5f13dc339200581317e18cd3e053a91ac30792ba5877ca8d6f0da064f2e083c825bea9b816e80934a0a14eeed1da2a8dfa26f282a1b943

          Download Submit

        • C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.1201\user.config
          Filesize

          338B

          MD5

          0a35fbae99f45bc0dccdb777ecfd0436

          SHA1

          65e295fde91f90d55b107680e060895654fe66e4

          SHA256

          19af84c48a15820c94367390d58588ddad8164b0ac4056c258a766c726329550

          SHA512

          db3a0973a373c039603c750f0f196cbf65553cddb83739f1942402eaacbe178a775be87c4b034feb706830ae69d20158c3e3ecad8d5d3febc45146b487c3c42c

          Download Submit

        • C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.1201\xksvpsuc.newcfg
          Filesize

          2KB

          MD5

          73410a4916dfb2bafd49613586f6980c

          SHA1

          a94cc135085d71bc4dc9467888d141912f7d8f67

          SHA256

          0c85600408e67390b67ae6bf8cc1881f5082728f0e1faf4e08b4fe804dbe96d2

          SHA512

          f457145992ff2115a58a6a5958c14593cf32ac7121a24559eacc5cf093b3b8edbe626ee8ad1ca5d59d3cb6afa2e2560baa32d4ab6f1d58bd1a112f8c4544784d

          Download Submit

        • C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng\8.9.0.1201\zvuueqdc.newcfg
          Filesize

          4KB

          MD5

          c4aaa0db41ed1a47b0755ec0e0209163

          SHA1

          a33aee8caefeb44fba96ec6c1c5f26ac0a1b2112

          SHA256

          f92a31c90a7d1251d21b6b6e40cb9d65ec6c7af2132e36546f28855ce0114d58

          SHA512

          af213dea06476924db42afc3dd85f35be2ee322b3117c7f411bdbb7213a0af291b4390ff4a197d3fb91f9dc5e4acb09ad13a1f204736581f96f95ff2d90e13d5

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7zS0585FFAD\ICSharpCode.SharpZipLib.dll
          Filesize

          208KB

          MD5

          94893afa464938ab2169c8be39d971a7

          SHA1

          4926bef17768e8e0e05bbd10d2321e475ab491a7

          SHA256

          a02c4fae529a5b48a28236bf15cd54ed3f7a613210e40970f3cca82f0f68075e

          SHA512

          fa5214c5190e5fe6b347504e8c8817f52ad2549254e985d13d71798e820c6f2ba956585afa0240fb6806a3e74816c869bfac7d9b9564136825abc9a57b4e125f

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7zS0585FFAD\Newtonsoft.Json.dll
          Filesize

          428KB

          MD5

          3a4649717bdaf9e86dc93cfbcf8a4baa

          SHA1

          d1a1ecd90691fbd768ec9a7f2ebc89340b447e84

          SHA256

          f2d262cd645b7888b88ffa0e799e3e77c982bd2b09e68ad625b218d1435b6f6b

          SHA512

          c40b8f51120fde698fae9907c335e9c7f9d957e073da88c2ea5dbaaa7bf609a44bdedf104092f442f6172dbef3693ee5c1b0ec683b3125f13c95b9e48b10f181

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7zS0585FFAD\WebCompanionInstaller.exe
          Filesize

          454KB

          MD5

          36a9001422c3e6532893e9a2f43658eb

          SHA1

          5189fab41f5d43634367bfca2729ad9b6f36ba20

          SHA256

          7f86c7e4a65835f9c12d2425d611902d23b15626960a19d2da03ec511b6a7b9c

          SHA512

          1d60a35e2f64e70b6489a13426f0f5952d3e93e79051fa37a4a5bc8a89614c5614a07de25715670c6618db27b7682c7b4589c356418716a3aae764568bf3371e

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7zS0585FFAD\WebCompanionInstaller.exe.config
          Filesize

          1KB

          MD5

          025f5c132b47e5a5723d982bd652d5bc

          SHA1

          10460431043d2400166da8f464678d733f2e4f84

          SHA256

          6309de6d3c423af1dc0c47869793c37a108fa32da063d3f5bbb96927f93b4c25

          SHA512

          a72ad7f040acde97aac0f13f502bdfa395864497d1db9c012549377be9201252a59d5b8ce2e3bffb634e75efa6e594e6150ade60e2547760306cba8c568aa090

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\A6B.tmp.exe
          Filesize

          149KB

          MD5

          060404f288040959694844afbd102966

          SHA1

          e0525e9ef6713fd7f269a669335ce3ddaab4b6a1

          SHA256

          40517e822f3442a2f389a50e905f40a6a2c4930077c865e3ea7b1929405f760a

          SHA512

          ddf8c53e1e1888084fa5422f297cc3ba9d97f7576c36f6b633ce67ca789127f7e259e9fb374fcbced66f883dadde0717d81ecce9776770bf07d8cf3b94b1a43f

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Temp\WCInstaller.exe
          Filesize

          551KB

          MD5

          f6cafe8321409eb7e885ef119cc161ce

          SHA1

          d6f1b4181c2e982fefe32808c6aff556f4e5d2ba

          SHA256

          6d2a2227681cf096a5783131a7a744da178fa103dc41dbdf4cbdd49b9909b60f

          SHA512

          2b9c02ebc8cddc478958ee7bdc3c9e3850940473737096b0940125f2f27acaa0bff405dbb19312a0966129de9351fd4d638b83ce153cf1769e4a6c6f26ba242e

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Webprotection.zip
          Filesize

          17.8MB

          MD5

          3d0ac3a6ad22c725b16b8700311b8684

          SHA1

          a2c754712df826f2eb9340d57827e3d86b59780d

          SHA256

          b6e89da77ac668a93a2eb877a1eced7398291af68b97e2b2b6f841a279a8edca

          SHA512

          777ce4490ca45664cf0e81fb0155c0839d8c2c14bdeb1da3914e7c2d86b111d1a232e4622bfbbb37a739dbebab6c60b1dbdae1d309f934dce7eb615ee282a135

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Lavasoft\Search\ProfileInfo.txt
          Filesize

          78B

          MD5

          143f9b085165a4d27cb62e396257f6eb

          SHA1

          ea70338e783868b6c9351f1502eb13bf31d5b0bc

          SHA256

          0f8b6a4db2652e695690795eae0145c54ee638503aa7012caa6c2c5489864b45

          SHA512

          d83cd38ca921ce0371adb1d19b38c3b80a4d077df8114f783f6d4ce69c608b0dcafc4306dc7b6f96c06fca7f668fb0a76b6e74e93926a654639fa0eeedb6afdf

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Lavasoft\Search\searchenginetemplate.xml
          Filesize

          1KB

          MD5

          b3c45cbea8dd3685f189db517db7992b

          SHA1

          e950121e65a194d735925fd9f8b6619acd735082

          SHA256

          6b391592ade248e6dfbc9711cc78c3e91090999e131c620de3dedb3f83202f75

          SHA512

          a3e2a6903c7a3daaeace184b1e54dad1b3896a62c3d613dac2b9d68bec12d9ed4af852835d1bc1432fddeff3fac1eaf567b2d8d4ea57a0986e647cea30f75b74

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\b_search.json
          Filesize

          676B

          MD5

          92ff3e51f55a2f70720c07f67acd3ca8

          SHA1

          4aaec240b744fa049bd6d2043106e9b5ca138bdd

          SHA256

          607783ec67ab3cc77fc9298011d53f2c1bb6b0882504c0164a167f787599532f

          SHA512

          47117d866fb6932bb0d6bf00e54a6e26517127be5f84fcdb9759372cbf6da2db4e7faf830793c215ecc94f6d080087b7a28663e4a358c9e1659e0986b3b1b93b

          Download Submit

        • C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new
          Filesize

          466B

          MD5

          3e37aa20582e35d682cbd7b1716765f1

          SHA1

          4c136cf2c68ed31184eab2533f3c713acbe0d408

          SHA256

          082c1cd8dfaef64350fa1ff3a6746a7ea6aeee36e6da066028f501c0a4f27e30

          SHA512

          f36e53070d5e6f72781cbcafc3fad4346c4296030cdc023634af89fea51b66a04e729494afc7a2759467944dfff34d8aeec9f587d98122e987479fb4468fadde

          Download Submit

        • memory/1220-547-0x000000001CD90000-0x000000001CDD9000-memory.dmp

          Filesize

          292KB

          Download

        • memory/1220-545-0x000000001B370000-0x000000001B38E000-memory.dmp

          Filesize

          120KB

          Download

        • memory/1220-552-0x000000001DAF0000-0x000000001DB7E000-memory.dmp

          Filesize

          568KB

          Download

        • memory/1220-551-0x000000001D9E0000-0x000000001DA5E000-memory.dmp

          Filesize

          504KB

          Download

        • memory/1220-550-0x000000001D8F0000-0x000000001D960000-memory.dmp

          Filesize

          448KB

          Download

        • memory/1220-549-0x000000001D3E0000-0x000000001D8EE000-memory.dmp

          Filesize

          5.1MB

          Download

        • memory/1220-548-0x000000001CDE0000-0x000000001CED0000-memory.dmp

          Filesize

          960KB

          Download

        • memory/1220-532-0x000000001A7F0000-0x000000001A810000-memory.dmp

          Filesize

          128KB

          Download

        • memory/1220-546-0x000000001C8F0000-0x000000001C952000-memory.dmp

          Filesize

          392KB

          Download

        • memory/1220-534-0x000000001ACC0000-0x000000001AD10000-memory.dmp

          Filesize

          320KB

          Download

        • memory/1220-542-0x000000001B340000-0x000000001B350000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1220-533-0x000000001AC60000-0x000000001AC68000-memory.dmp

          Filesize

          32KB

          Download

        • memory/1220-540-0x000000001C230000-0x000000001C7EA000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/2296-823-0x000000001A7D0000-0x000000001A906000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2296-822-0x000000001A140000-0x000000001A514000-memory.dmp

          Filesize

          3.8MB

          Download

        • memory/3828-882-0x0000000074280000-0x0000000074292000-memory.dmp

          Filesize

          72KB

          Download

        • memory/3828-881-0x0000000011B40000-0x0000000011B52000-memory.dmp

          Filesize

          72KB

          Download

        • memory/3828-1039-0x00000000661C0000-0x00000000661E2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4276-681-0x00000000661C0000-0x00000000661E2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4276-553-0x00000000661C0000-0x00000000661E2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4276-513-0x0000000070630000-0x0000000070642000-memory.dmp

          Filesize

          72KB

          Download

        • memory/4276-512-0x000000000B780000-0x000000000B792000-memory.dmp

          Filesize

          72KB

          Download

        • memory/4524-1026-0x000000001C8A0000-0x000000001C8C6000-memory.dmp

          Filesize

          152KB

          Download

        • memory/4524-1027-0x000000001C8D0000-0x000000001CBDE000-memory.dmp

          Filesize

          3.1MB

          Download

        • memory/4524-1029-0x000000001CE10000-0x000000001CE20000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4524-1025-0x000000001C670000-0x000000001C682000-memory.dmp

          Filesize

          72KB

          Download

        • memory/4524-1023-0x000000001C5C0000-0x000000001C62E000-memory.dmp

          Filesize

          440KB

          Download

        • memory/4524-1021-0x000000001BFF0000-0x000000001C05C000-memory.dmp

          Filesize

          432KB

          Download