Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
WebCompanionInstaller-12.901.5.1061-prod.exe

Overview

General Information

Sample name:WebCompanionInstaller-12.901.5.1061-prod.exe
Analysis ID:1484685
MD5:9f56d40a9b201cbb5598da5055a18367
SHA1:a00f23d64dc668b2f311d816b77c1154c559a24b
SHA256:dc040e4c051687e4b27236f1a2340524b498443ea58cdc87769b818930f01535
Infos:

Detection

Score:42
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to dynamically determine API calls
Contains long sleeps (>= 3 min)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

    Unpacked PEs

    SourceRuleDescriptionAuthorStrings
    1.0.WebCompanion-Installer.exe.980000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      0.3.WebCompanionInstaller-12.901.5.1061-prod.exe.22d64b8.1.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
        0.3.WebCompanionInstaller-12.901.5.1061-prod.exe.22d4eb8.5.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
          0.3.WebCompanionInstaller-12.901.5.1061-prod.exe.22d38b8.0.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            No Snort rule has matched

            Suricata Signatures

            Timestamp:2024-07-30T15:50:55.804937+0200
            SID:2022930
            Source Port:443
            Destination Port:49744
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-07-30T15:50:42.145091+0200
            SID:2803305
            Source Port:49732
            Destination Port:80
            Protocol:TCP
            Classtype:Unknown Traffic
            Timestamp:2024-07-30T15:51:33.833813+0200
            SID:2022930
            Source Port:443
            Destination Port:49751
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: WebCompanionInstaller-12.901.5.1061-prod.exeVirustotal: Detection: 25%Perma Link
            Source: WebCompanionInstaller-12.901.5.1061-prod.exeReversingLabs: Detection: 25%
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.2% probability
            Source: WebCompanionInstaller-12.901.5.1061-prod.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\WcInstaller.logJump to behavior
            Source: WebCompanionInstaller-12.901.5.1061-prod.exeStatic PE information: certificate valid
            Source: unknownHTTPS traffic detected: 104.16.148.130:443 -> 192.168.2.4:49733 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.18.26.149:443 -> 192.168.2.4:49734 version: TLS 1.2
            Source: Binary string: c:\Windows\Temp\drone-JbPFKxqqh58fMcUN\drone\src\WebCompanion\Installer\WebCompanionInstaller\obj\Release\WebCompanion-Installer.pdb source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr
            Source: Binary string: c:\Windows\Temp\drone-JbPFKxqqh58fMcUN\drone\src\WebCompanion\Installer\WebCompanionInstaller\obj\Release\WebCompanion-Installer.pdbD& source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr
            Source: Binary string: c:\Temp\Release\Working\Newtonsoft.Json\Src\Newtonsoft.Json\obj\Release\Newtonsoft.Json.pdb source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, WebCompanion-Installer.exe, 00000001.00000002.4144820152.0000000006782000.00000002.00000001.01000000.00000007.sdmp, Newtonsoft.Json.dll.0.dr
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeCode function: 0_2_00405434 FindFirstFileA,FindFirstFileW,0_2_00405434

            Networking

            barindex
            Yara detected Generic Downloader
            Source: Yara matchFile source: 1.0.WebCompanion-Installer.exe.980000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.3.WebCompanionInstaller-12.901.5.1061-prod.exe.22d64b8.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.3.WebCompanionInstaller-12.901.5.1061-prod.exe.22d4eb8.5.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.3.WebCompanionInstaller-12.901.5.1061-prod.exe.22d38b8.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe, type: DROPPED
            Source: global trafficHTTP traffic detected: POST /api/feature/WC HTTP/1.1Content-Type: application/jsonHost: featureflags.lavasoft.comContent-Length: 179Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /v1/event-stat?Type=Start&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 428Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Start&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 371
            Source: global trafficHTTP traffic detected: POST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 489
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 505
            Source: global trafficHTTP traffic detected: POST /api/Update/WC HTTP/1.1Content-Type: application/jsonHost: featureflags.lavasoft.comContent-Length: 179
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: geo.lavasoft.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: geo.lavasoft.com
            Source: Joe Sandbox ViewIP Address: 104.16.149.130 104.16.149.130
            Source: Joe Sandbox ViewIP Address: 104.16.148.130 104.16.148.130
            Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: geo.lavasoft.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: geo.lavasoft.com
            Source: global trafficDNS traffic detected: DNS query: geo.lavasoft.com
            Source: global trafficDNS traffic detected: DNS query: featureflags.lavasoft.com
            Source: global trafficDNS traffic detected: DNS query: flwadw.com
            Source: unknownHTTP traffic detected: POST /api/feature/WC HTTP/1.1Content-Type: application/jsonHost: featureflags.lavasoft.comContent-Length: 179Connection: Keep-Alive
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.drString found in binary or memory: http://aia.entrust.net/evcs2-chain.p7c01
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.drString found in binary or memory: http://crl.entrust.net/csbr1.crl0
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.drString found in binary or memory: http://crl.entrust.net/evcs2.crl0
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.drString found in binary or memory: http://crl.entrust.net/g2ca.crl0
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
            Source: WebCompanion-Installer.exe.0.drString found in binary or memory: http://geo.lavasoft.com/
            Source: Newtonsoft.Json.dll.0.drString found in binary or memory: http://james.newtonking.com/projects/json
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: http://localhost:9008Fhttp://localhost:9008/webcompanion/4http://rt.webcompanion.com
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.drString found in binary or memory: http://ocsp.digicert.com0A
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.drString found in binary or memory: http://ocsp.digicert.com0C
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.drString found in binary or memory: http://ocsp.digicert.com0X
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.drString found in binary or memory: http://ocsp.entrust.net00
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.drString found in binary or memory: http://ocsp.entrust.net01
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.drString found in binary or memory: http://ocsp.entrust.net02
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: http://rt.webcompanion.com/notifications/download/rt/typolist.txt.http://www.lavasoft.com6http://www
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: http://rt.webcompanion.com/notifications/download/rt/typolist.txt5Creating
            Source: WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
            Source: WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
            Source: WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
            Source: WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
            Source: WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
            Source: WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
            Source: WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002CC3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002D1F000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: http://staging-cloudflow.lavasoft.net/v1/event-stat-wc
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: http://tempuri.org/
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: http://tempuri.org/$
            Source: WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/:WebHttpBinding4
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: http://tempuri.org/GetComponentsInfoByProductT
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: http://tempuri.org/GetComponentsInfoT
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: http://tempuri.org/GetComponentsVersionInfoT
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: http://tempuri.org/GetProductInfoT
            Source: WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/ILocalyHostedServiceInstaller/ChangeScreen
            Source: WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/ILocalyHostedServiceInstaller/ChangeScreenResponse
            Source: WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/ILocalyHostedServiceInstaller/GetDropDownValues
            Source: WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/ILocalyHostedServiceInstaller/GetDropDownValuesResponse
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: http://tempuri.org/SignZipInstallerByProductT
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: http://tempuri.org/SignZipInstallerT
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: http://tempuri.org/T
            Source: WebCompanion-Installer.exe, 00000001.00000002.4139664072.0000000001127000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wc-update-service.lavas
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1677283178.0000000002296000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.drString found in binary or memory: http://wc-update-service.lavasoft.com/components.asmx
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1677283178.0000000002296000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.drString found in binary or memory: http://wc-update-service.lavasoft.com/update.asmx
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1677283178.0000000002296000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.drString found in binary or memory: http://wcdownloadercdn.lavasoft.com/12.1.5.1061/WebCompanion-12.1.5.1061-prod.zip
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1677283178.0000000002296000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.drString found in binary or memory: http://wcdownloadercdn.lavasoft.com/12.1.5.1061/webinstaller-12.1.5.1061-prod.zip
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.drString found in binary or memory: http://www.entrust.net/rpa0
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.drString found in binary or memory: http://www.entrust.net/rpa03
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: http://www.lavasoft.com
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: http://www.webcompanion.com
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: https://acs.lavasoft.com/api/v2/url/blacklist
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: https://acs.lavasoft.com/api/v2/url/permanentwhitelist
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: https://acs.lavasoft.comZhttps://acs.lavasoft.com/api/v2/url/blacklistlhttps://acs.lavasoft.com/api/
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: https://acscdn.lavasoft.com/urlnotificationlist.json
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: https://acscdn.lavasoft.comhhttps://acscdn.lavasoft.com/urlnotificationlist.json0https://webcompanio
            Source: WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002CEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://featureflags.lavasoft.com
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002D88000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: https://featureflags.lavasoft.com/api/Update/WC
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: https://featureflags.lavasoft.com/api/Update/WCyhttps://sandbox-featureflags-api.lavasoft.net/api/fe
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002CEE000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: https://featureflags.lavasoft.com/api/feature/WC
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: https://featureflags.lavasoft.com/api/feature/WC$https://flwadw.comFhttps://flwadw.com/v1/event-stat
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: https://flow.lavasoft.com/v1/event-stat/v1/event-stat
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002D1F000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: https://flwadw.com/v1/event-stat
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002D1F000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: https://flwadw.com/v1/event-stat-wc
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: https://flwadw.com/v1/event-statJhttp://staging-cloudflow.lavasoft.netlhttp://staging-cloudflow.lava
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: https://partner-tracking.lavasoft.com/api/Tracking/Decrypt
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1677283178.0000000002296000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.drString found in binary or memory: https://rt.webcompanion.com/notifications/download/rt/dci/latest/Webprotection.zip
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002D88000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: https://sandbox-featureflags-api.lavasoft.net/api/Update/WC
            Source: WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002CEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sandbox-featureflags-api.lavasoft.net/api/feature/WC
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1677283178.0000000002296000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.drString found in binary or memory: https://staging-webcompanion.lavasoft.net/dci/4.0.0.14/Webprotection.zip
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1677283178.0000000002296000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.drString found in binary or memory: https://wcdownloader-qa.lavasoft.com/12.1.5.1061/WebCompanion-12.1.5.1061-internal.zip
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1677283178.0000000002296000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.drString found in binary or memory: https://wcdownloader-qa.lavasoft.com/12.1.5.1061/WebCompanionInstaller-12.1.5.1061-internal.exe
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1677283178.0000000002296000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.drString found in binary or memory: https://wcdownloader-qa.lavasoft.com/12.1.5.1061/webinstaller-12.1.5.1061-internal.zip
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1677283178.0000000002296000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.drString found in binary or memory: https://wcdownloadercdn.lavasoft.com/12.1.5.1061/WebCompanionInstaller-12.1.5.1061-prod.exe
            Source: WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002D78000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002CBB000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002CC3000.00000004.00000800.00020000.00000000.sdmp, WcInstaller.log.1.drString found in binary or memory: https://wcdownloadercdn.lavasoft.com/12.901.5.1061/WebCompanion-12.901.5.1061-prod.zip
            Source: WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002D78000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002CBB000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002CC3000.00000004.00000800.00020000.00000000.sdmp, WcInstaller.log.1.drString found in binary or memory: https://wcdownloadercdn.lavasoft.com/12.901.5.1061/WebCompanionInstaller-12.901.5.1061-prod.exe
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: https://webcompanion.com/en/help.php
            Source: WebCompanion-Installer.exe.0.drString found in binary or memory: https://webcompanion.com/en/install.php?partner=
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: https://webcompanion.com/uninstall.php?utm_source=wc&utm_medium=
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: https://webcompanion.com/unsafe.php?utm_source=WCHhttps://webcompanion.com/en/help.php.https://www.a
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: https://webcompanion.com/unsafe.php?utm_source=WCghttp://pp.webcompanion.com/unsafe.php?utm_source=W
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: https://www.adaware.com/privacy-policy
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drString found in binary or memory: https://www.adaware.com/terms-of-use
            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
            Source: unknownHTTPS traffic detected: 104.16.148.130:443 -> 192.168.2.4:49733 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.18.26.149:443 -> 192.168.2.4:49734 version: TLS 1.2
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeCode function: 0_2_004160760_2_00416076
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeCode function: 0_2_0040E38E0_2_0040E38E
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeCode function: 0_2_004124800_2_00412480
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeCode function: 0_2_004039C80_2_004039C8
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeCode function: 0_2_00418CC10_2_00418CC1
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeCode function: 0_2_00418D9B0_2_00418D9B
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeCode function: 1_2_02C00DE01_2_02C00DE0
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeCode function: 1_2_02C0F0D01_2_02C0F0D0
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeCode function: 1_2_02C0E3901_2_02C0E390
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeCode function: 1_2_05A252501_2_05A25250
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeCode function: 1_2_06C96DEB1_2_06C96DEB
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeCode function: 1_2_06C9A7801_2_06C9A780
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeCode function: 1_2_06D37C401_2_06D37C40
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeCode function: 1_2_06D385101_2_06D38510
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeCode function: 1_2_06D390F81_2_06D390F8
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeCode function: 1_2_06D378F81_2_06D378F8
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeCode function: String function: 00413724 appears 176 times
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeCode function: String function: 00403A63 appears 33 times
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWebCompanion-Installer.resources.dllL vs WebCompanionInstaller-12.901.5.1061-prod.exe
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll4 vs WebCompanionInstaller-12.901.5.1061-prod.exe
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: get_OriginalFilename vs WebCompanionInstaller-12.901.5.1061-prod.exe
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWebCompanion.exe> vs WebCompanionInstaller-12.901.5.1061-prod.exe
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameInstaller.exeR vs WebCompanionInstaller-12.901.5.1061-prod.exe
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: get_OriginalFilename vs WebCompanionInstaller-12.901.5.1061-prod.exe
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWebCompanion.exe> vs WebCompanionInstaller-12.901.5.1061-prod.exe
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWebCompanion-Installer.resources.dllL vs WebCompanionInstaller-12.901.5.1061-prod.exe
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1677067055.00000000020A1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameInstaller.exeR vs WebCompanionInstaller-12.901.5.1061-prod.exe
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.0000000002299000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWebCompanion-Installer.resources.dllL vs WebCompanionInstaller-12.901.5.1061-prod.exe
            Source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.0000000002299000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameICSharpCode.SharpZipLib.dll8 vs WebCompanionInstaller-12.901.5.1061-prod.exe
            Source: WebCompanionInstaller-12.901.5.1061-prod.exeBinary or memory string: OriginalFilenameInstaller.exeR vs WebCompanionInstaller-12.901.5.1061-prod.exe
            Source: WebCompanionInstaller-12.901.5.1061-prod.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: ICSharpCode.SharpZipLib.dll.0.dr, InflaterInputBuffer.csCryptographic APIs: 'TransformBlock'
            Source: ICSharpCode.SharpZipLib.dll.0.dr, DeflaterOutputStream.csCryptographic APIs: 'TransformBlock'
            Source: ICSharpCode.SharpZipLib.dll.0.dr, ZipAESTransform.csCryptographic APIs: 'TransformBlock'
            Source: classification engineClassification label: mal42.troj.winEXE@3/16@3/3
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeMutant created: NULL
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeFile created: C:\Users\user\AppData\Local\Temp\7zS08AF5899Jump to behavior
            Source: WebCompanionInstaller-12.901.5.1061-prod.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: WebCompanionInstaller-12.901.5.1061-prod.exeVirustotal: Detection: 25%
            Source: WebCompanionInstaller-12.901.5.1061-prod.exeReversingLabs: Detection: 25%
            Source: WebCompanion-Installer.exeString found in binary or memory: WebCompanion-Installer.resources
            Source: WebCompanion-Installer.exeString found in binary or memory: WebCompanion-Installer.resources.dll
            Source: WebCompanionInstaller-12.901.5.1061-prod.exeString found in binary or memory: RunProgram="WebCompanion-Installer.exe"
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeFile read: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exe "C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exe"
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe .\WebCompanion-Installer.exe
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe .\WebCompanion-Installer.exeJump to behavior
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: msvcp140_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: httpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: rtutils.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: dwmapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: d3d9.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: d3d10warp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: wtsapi32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: winsta.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: powrprof.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: umpdc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: dataexchange.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: d3d11.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: dcomp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: dxgi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: twinapi.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: resourcepolicyclient.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: dxcore.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: msctfui.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: uiautomationcore.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeSection loaded: d3dcompiler_47.dllJump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: WebCompanionInstaller-12.901.5.1061-prod.exeStatic PE information: certificate valid
            Source: Binary string: c:\Windows\Temp\drone-JbPFKxqqh58fMcUN\drone\src\WebCompanion\Installer\WebCompanionInstaller\obj\Release\WebCompanion-Installer.pdb source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr
            Source: Binary string: c:\Windows\Temp\drone-JbPFKxqqh58fMcUN\drone\src\WebCompanion\Installer\WebCompanionInstaller\obj\Release\WebCompanion-Installer.pdbD& source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr
            Source: Binary string: c:\Temp\Release\Working\Newtonsoft.Json\Src\Newtonsoft.Json\obj\Release\Newtonsoft.Json.pdb source: WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, WebCompanion-Installer.exe, 00000001.00000002.4144820152.0000000006782000.00000002.00000001.01000000.00000007.sdmp, Newtonsoft.Json.dll.0.dr
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeCode function: 0_2_004180F0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004180F0
            Source: WebCompanionInstaller-12.901.5.1061-prod.exeStatic PE information: real checksum: 0x8ab48 should be: 0x93284
            Source: WebCompanion-Installer.resources.dll8.0.drStatic PE information: real checksum: 0x0 should be: 0x99f7
            Source: WebCompanion-Installer.resources.dll5.0.drStatic PE information: real checksum: 0x0 should be: 0xc748
            Source: WebCompanion-Installer.resources.dll1.0.drStatic PE information: real checksum: 0x0 should be: 0x64de
            Source: WebCompanion-Installer.resources.dll7.0.drStatic PE information: real checksum: 0x0 should be: 0xf3db
            Source: WebCompanion-Installer.resources.dll2.0.drStatic PE information: real checksum: 0x0 should be: 0x1ae8
            Source: WebCompanion-Installer.resources.dll4.0.drStatic PE information: real checksum: 0x0 should be: 0x3fde
            Source: WebCompanion-Installer.resources.dll6.0.drStatic PE information: real checksum: 0x0 should be: 0xa5f4
            Source: WebCompanion-Installer.resources.dll0.0.drStatic PE information: real checksum: 0x0 should be: 0x410c
            Source: WebCompanion-Installer.resources.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x7c46
            Source: WebCompanion-Installer.resources.dll3.0.drStatic PE information: real checksum: 0x0 should be: 0xc446
            Source: WebCompanionInstaller-12.901.5.1061-prod.exeStatic PE information: section name: .sxdata
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeCode function: 0_2_00411130 push ecx; mov dword ptr [esp], ecx0_2_00411131
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeCode function: 0_2_00413724 push eax; ret 0_2_00413742
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeCode function: 0_2_00413A90 push eax; ret 0_2_00413ABE
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeCode function: 1_2_05A28330 push es; ret 1_2_05A28340
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeCode function: 1_2_05A28370 push es; ret 1_2_05A28380
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeCode function: 1_2_05A28350 push es; ret 1_2_05A28360
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeCode function: 1_2_05A2DD80 push es; ret 1_2_05A2DD90
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeCode function: 1_2_05A2DE88 push es; ret 1_2_05A2DE90
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeCode function: 1_2_05A2DE2E push es; ret 1_2_05A2DE30
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeCode function: 1_2_05A2DE0E push es; ret 1_2_05A2DE10
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeCode function: 1_2_06C98EB0 pushad ; ret 1_2_06C98EB1
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeCode function: 1_2_06C94740 push es; ret 1_2_06C94750
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeCode function: 1_2_06C98ADF push es; ret 1_2_06C98AE0
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeCode function: 1_2_06D3A6F1 push es; ret 1_2_06D3A6E0
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeCode function: 1_2_06D3A6BE push es; ret 1_2_06D3A6E0
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeCode function: 1_2_06D3E573 pushfd ; iretd 1_2_06D3E581
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeCode function: 1_2_06D3DA6A pushfd ; iretd 1_2_06D3DC01
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeCode function: 1_2_06D3DBD2 pushfd ; iretd 1_2_06D3DC01
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeCode function: 1_2_06D3DBC2 pushad ; iretd 1_2_06D3DBD1
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeCode function: 1_2_06D328C9 push FFFFFF8Bh; iretd 1_2_06D328B0
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeCode function: 1_2_06D3A8F1 push es; ret 1_2_06D3A900
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeFile created: C:\Users\user\AppData\Local\Temp\7zS08AF5899\fr-CA\WebCompanion-Installer.resources.dllJump to dropped file
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeFile created: C:\Users\user\AppData\Local\Temp\7zS08AF5899\tr-TR\WebCompanion-Installer.resources.dllJump to dropped file
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeFile created: C:\Users\user\AppData\Local\Temp\7zS08AF5899\en-US\WebCompanion-Installer.resources.dllJump to dropped file
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeFile created: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeJump to dropped file
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeFile created: C:\Users\user\AppData\Local\Temp\7zS08AF5899\it-IT\WebCompanion-Installer.resources.dllJump to dropped file
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeFile created: C:\Users\user\AppData\Local\Temp\7zS08AF5899\de-DE\WebCompanion-Installer.resources.dllJump to dropped file
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeFile created: C:\Users\user\AppData\Local\Temp\7zS08AF5899\ru-RU\WebCompanion-Installer.resources.dllJump to dropped file
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeFile created: C:\Users\user\AppData\Local\Temp\7zS08AF5899\ja-JP\WebCompanion-Installer.resources.dllJump to dropped file
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeFile created: C:\Users\user\AppData\Local\Temp\7zS08AF5899\Newtonsoft.Json.dllJump to dropped file
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeFile created: C:\Users\user\AppData\Local\Temp\7zS08AF5899\pt-BR\WebCompanion-Installer.resources.dllJump to dropped file
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeFile created: C:\Users\user\AppData\Local\Temp\7zS08AF5899\zh-CHS\WebCompanion-Installer.resources.dllJump to dropped file
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeFile created: C:\Users\user\AppData\Local\Temp\7zS08AF5899\ICSharpCode.SharpZipLib.dllJump to dropped file
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeFile created: C:\Users\user\AppData\Local\Temp\7zS08AF5899\es-ES\WebCompanion-Installer.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\WcInstaller.logJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeMemory allocated: 2C00000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeMemory allocated: 2C50000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeMemory allocated: 4C50000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 599875Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 599766Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 599641Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 599516Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 599407Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 599282Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 599157Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 599029Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 598918Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 598806Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 598696Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 598579Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 598453Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 598344Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 598202Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 598090Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 597982Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 597875Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 597766Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 597641Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 597532Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 597407Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 597282Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 597172Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 597063Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 596938Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 596813Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 596688Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 596563Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 596454Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 596312Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 596157Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 596047Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 595922Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 595812Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 595703Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 595594Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 595469Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 595360Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 595235Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 595110Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 594985Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 594860Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 594735Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 594610Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 594485Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 594360Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 594235Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 594110Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeWindow / User API: threadDelayed 3063Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeWindow / User API: threadDelayed 6752Jump to behavior
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS08AF5899\fr-CA\WebCompanion-Installer.resources.dllJump to dropped file
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS08AF5899\en-US\WebCompanion-Installer.resources.dllJump to dropped file
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS08AF5899\tr-TR\WebCompanion-Installer.resources.dllJump to dropped file
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS08AF5899\it-IT\WebCompanion-Installer.resources.dllJump to dropped file
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS08AF5899\de-DE\WebCompanion-Installer.resources.dllJump to dropped file
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS08AF5899\ru-RU\WebCompanion-Installer.resources.dllJump to dropped file
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS08AF5899\ja-JP\WebCompanion-Installer.resources.dllJump to dropped file
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS08AF5899\Newtonsoft.Json.dllJump to dropped file
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS08AF5899\pt-BR\WebCompanion-Installer.resources.dllJump to dropped file
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS08AF5899\ICSharpCode.SharpZipLib.dllJump to dropped file
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS08AF5899\zh-CHS\WebCompanion-Installer.resources.dllJump to dropped file
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS08AF5899\es-ES\WebCompanion-Installer.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -35971150943733603s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -600000s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -599875s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -599766s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -599641s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -599516s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -599407s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -599282s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -599157s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -599029s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -598918s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -598806s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -598696s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -598579s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -598453s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -598344s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -598202s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -598090s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -597982s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -597875s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -597766s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -597641s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -597532s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -597407s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -597282s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -597172s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -597063s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -596938s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -596813s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -596688s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -596563s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -596454s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -596312s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -596157s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -596047s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -595922s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -595812s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -595703s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -595594s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -595469s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -595360s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -595235s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -595110s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -594985s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -594860s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -594735s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -594610s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -594485s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -594360s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -594235s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe TID: 6744Thread sleep time: -594110s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeCode function: 0_2_00405434 FindFirstFileA,FindFirstFileW,0_2_00405434
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 599875Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 599766Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 599641Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 599516Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 599407Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 599282Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 599157Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 599029Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 598918Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 598806Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 598696Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 598579Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 598453Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 598344Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 598202Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 598090Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 597982Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 597875Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 597766Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 597641Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 597532Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 597407Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 597282Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 597172Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 597063Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 596938Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 596813Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 596688Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 596563Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 596454Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 596312Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 596157Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 596047Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 595922Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 595812Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 595703Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 595594Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 595469Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 595360Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 595235Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 595110Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 594985Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 594860Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 594735Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 594610Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 594485Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 594360Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 594235Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeThread delayed: delay time: 594110Jump to behavior
            Source: WebCompanion-Installer.exe.0.drBinary or memory string: vmware
            Source: WebCompanion-Installer.exe, 00000001.00000002.4139664072.00000000011C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlluu(6
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeAPI call chain: ExitProcess graph end nodegraph_0-16392
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeCode function: 0_2_004180F0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004180F0
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeCode function: 0_2_0041561A SetUnhandledExceptionFilter,0_2_0041561A
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeCode function: 0_2_0041562C SetUnhandledExceptionFilter,0_2_0041562C
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS08AF5899\Newtonsoft.Json.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS08AF5899\en-US\WebCompanion-Installer.resources.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXmlLinq\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXmlLinq.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exeCode function: 0_2_004148D4 EntryPoint,GetVersion,GetCommandLineA,GetStartupInfoA,GetModuleHandleA,0_2_004148D4
            Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
            Command and Scripting Interpreter            		1
            DLL Side-Loading            		1
            Process Injection            		1
            Disable or Modify Tools            		OS Credential Dumping1
            Query Registry            		Remote Services11
            Archive Collected Data            		11
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts1
            Native API            		Boot or Logon Initialization Scripts1
            DLL Side-Loading            		31
            Virtualization/Sandbox Evasion            		LSASS Memory1
            Security Software Discovery            		Remote Desktop ProtocolData from Removable Media1
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
            Process Injection            		Security Account Manager1
            Process Discovery            		SMB/Windows Admin SharesData from Network Shared Drive3
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
            Deobfuscate/Decode Files or Information            		NTDS31
            Virtualization/Sandbox Evasion            		Distributed Component Object ModelInput Capture4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
            Obfuscated Files or Information            		LSA Secrets1
            Application Window Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            DLL Side-Loading            		Cached Domain Credentials1
            File and Directory Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync13
            System Information Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            WebCompanionInstaller-12.901.5.1061-prod.exe25%VirustotalBrowse
            WebCompanionInstaller-12.901.5.1061-prod.exe25%ReversingLabs

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\7zS08AF5899\ICSharpCode.SharpZipLib.dll4%ReversingLabs
            C:\Users\user\AppData\Local\Temp\7zS08AF5899\Newtonsoft.Json.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe11%ReversingLabs
            C:\Users\user\AppData\Local\Temp\7zS08AF5899\de-DE\WebCompanion-Installer.resources.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\7zS08AF5899\en-US\WebCompanion-Installer.resources.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\7zS08AF5899\es-ES\WebCompanion-Installer.resources.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\7zS08AF5899\fr-CA\WebCompanion-Installer.resources.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\7zS08AF5899\it-IT\WebCompanion-Installer.resources.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\7zS08AF5899\ja-JP\WebCompanion-Installer.resources.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\7zS08AF5899\pt-BR\WebCompanion-Installer.resources.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\7zS08AF5899\ru-RU\WebCompanion-Installer.resources.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\7zS08AF5899\tr-TR\WebCompanion-Installer.resources.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\7zS08AF5899\zh-CHS\WebCompanion-Installer.resources.dll0%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            geo.lavasoft.com0%VirustotalBrowse
            featureflags.lavasoft.com0%VirustotalBrowse
            flwadw.com0%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            http://ocsp.entrust.net020%URL Reputationsafe
            http://schemas.xmlsoap.org/soap/envelope/0%URL Reputationsafe
            http://tempuri.org/0%URL Reputationsafe
            http://schemas.xmlsoap.org/ws/2004/08/addressing/fault0%URL Reputationsafe
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
            http://schemas.xmlsoap.org/soap/encoding/0%URL Reputationsafe
            http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous0%URL Reputationsafe
            http://www.entrust.net/rpa030%URL Reputationsafe
            http://james.newtonking.com/projects/json0%URL Reputationsafe
            http://schemas.xmlsoap.org/ws/2004/08/addressing0%URL Reputationsafe
            http://schemas.xmlsoap.org/soap/actor/next0%URL Reputationsafe
            http://wcdownloadercdn.lavasoft.com/12.1.5.1061/WebCompanion-12.1.5.1061-prod.zip0%Avira URL Cloudsafe
            http://crl.entrust.net/g2ca.crl00%Avira URL Cloudsafe
            http://tempuri.org/GetComponentsVersionInfoT0%Avira URL Cloudsafe
            https://flwadw.com/v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=10%Avira URL Cloudsafe
            https://featureflags.lavasoft.com/api/Update/WCyhttps://sandbox-featureflags-api.lavasoft.net/api/fe0%Avira URL Cloudsafe
            http://crl.entrust.net/g2ca.crl00%VirustotalBrowse
            https://featureflags.lavasoft.com/api/feature/WC0%Avira URL Cloudsafe
            https://flwadw.com/v1/event-stat-wc0%Avira URL Cloudsafe
            http://tempuri.org/GetComponentsVersionInfoT3%VirustotalBrowse
            https://featureflags.lavasoft.com/api/Update/WCyhttps://sandbox-featureflags-api.lavasoft.net/api/fe0%VirustotalBrowse
            http://ocsp.entrust.net010%Avira URL Cloudsafe
            http://tempuri.org/ILocalyHostedServiceInstaller/GetDropDownValuesResponse0%Avira URL Cloudsafe
            https://featureflags.lavasoft.com/api/Update/WC0%Avira URL Cloudsafe
            http://tempuri.org/ILocalyHostedServiceInstaller/GetDropDownValuesResponse1%VirustotalBrowse
            http://ocsp.entrust.net000%Avira URL Cloudsafe
            https://flwadw.com/v1/event-stat0%Avira URL Cloudsafe
            https://flwadw.com/v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=10%VirustotalBrowse
            https://wcdownloader-qa.lavasoft.com/12.1.5.1061/WebCompanionInstaller-12.1.5.1061-internal.exe0%Avira URL Cloudsafe
            https://featureflags.lavasoft.com/api/Update/WC0%VirustotalBrowse
            https://acs.lavasoft.com/api/v2/url/permanentwhitelist0%Avira URL Cloudsafe
            https://www.adaware.com/privacy-policy0%Avira URL Cloudsafe
            http://wcdownloadercdn.lavasoft.com/12.1.5.1061/WebCompanion-12.1.5.1061-prod.zip0%VirustotalBrowse
            https://flwadw.com/v1/event-stat0%VirustotalBrowse
            http://tempuri.org/:WebHttpBinding40%Avira URL Cloudsafe
            http://www.webcompanion.com0%Avira URL Cloudsafe
            https://featureflags.lavasoft.com/api/feature/WC0%VirustotalBrowse
            https://flwadw.com/v1/event-stat-wc0%VirustotalBrowse
            https://rt.webcompanion.com/notifications/download/rt/dci/latest/Webprotection.zip0%Avira URL Cloudsafe
            https://acs.lavasoft.com/api/v2/url/permanentwhitelist0%VirustotalBrowse
            https://rt.webcompanion.com/notifications/download/rt/dci/latest/Webprotection.zip3%VirustotalBrowse
            https://wcdownloadercdn.lavasoft.com/12.901.5.1061/WebCompanionInstaller-12.901.5.1061-prod.exe0%Avira URL Cloudsafe
            https://wcdownloader-qa.lavasoft.com/12.1.5.1061/WebCompanion-12.1.5.1061-internal.zip0%Avira URL Cloudsafe
            http://tempuri.org/:WebHttpBinding41%VirustotalBrowse
            http://tempuri.org/ILocalyHostedServiceInstaller/ChangeScreenResponse0%Avira URL Cloudsafe
            https://wcdownloadercdn.lavasoft.com/12.901.5.1061/WebCompanionInstaller-12.901.5.1061-prod.exe0%VirustotalBrowse
            https://wcdownloadercdn.lavasoft.com/12.901.5.1061/WebCompanion-12.901.5.1061-prod.zip0%VirustotalBrowse
            https://wcdownloader-qa.lavasoft.com/12.1.5.1061/WebCompanion-12.1.5.1061-internal.zip0%VirustotalBrowse
            http://www.webcompanion.com3%VirustotalBrowse
            http://crl.entrust.net/csbr1.crl00%Avira URL Cloudsafe
            http://tempuri.org/ILocalyHostedServiceInstaller/ChangeScreenResponse1%VirustotalBrowse
            http://crl.entrust.net/csbr1.crl00%VirustotalBrowse
            https://sandbox-featureflags-api.lavasoft.net/api/feature/WC0%Avira URL Cloudsafe
            http://tempuri.org/ILocalyHostedServiceInstaller/GetDropDownValues0%Avira URL Cloudsafe
            https://wcdownloader-qa.lavasoft.com/12.1.5.1061/WebCompanionInstaller-12.1.5.1061-internal.exe0%VirustotalBrowse
            https://featureflags.lavasoft.com/api/feature/WC$https://flwadw.comFhttps://flwadw.com/v1/event-stat0%Avira URL Cloudsafe
            http://rt.webcompanion.com/notifications/download/rt/typolist.txt.http://www.lavasoft.com6http://www0%Avira URL Cloudsafe
            https://staging-webcompanion.lavasoft.net/dci/4.0.0.14/Webprotection.zip0%Avira URL Cloudsafe
            https://sandbox-featureflags-api.lavasoft.net/api/feature/WC0%VirustotalBrowse
            http://aia.entrust.net/evcs2-chain.p7c010%Avira URL Cloudsafe
            http://rt.webcompanion.com/notifications/download/rt/typolist.txt5Creating0%Avira URL Cloudsafe
            http://rt.webcompanion.com/notifications/download/rt/typolist.txt.http://www.lavasoft.com6http://www2%VirustotalBrowse
            https://acscdn.lavasoft.com/urlnotificationlist.json0%Avira URL Cloudsafe
            https://staging-webcompanion.lavasoft.net/dci/4.0.0.14/Webprotection.zip0%VirustotalBrowse
            http://www.entrust.net/rpa00%Avira URL Cloudsafe
            http://rt.webcompanion.com/notifications/download/rt/typolist.txt5Creating1%VirustotalBrowse
            http://tempuri.org/ILocalyHostedServiceInstaller/GetDropDownValues1%VirustotalBrowse
            https://www.adaware.com/privacy-policy0%VirustotalBrowse
            http://wcdownloadercdn.lavasoft.com/12.1.5.1061/webinstaller-12.1.5.1061-prod.zip0%Avira URL Cloudsafe
            http://aia.entrust.net/evcs2-chain.p7c010%VirustotalBrowse
            http://tempuri.org/$0%Avira URL Cloudsafe
            https://featureflags.lavasoft.com/api/feature/WC$https://flwadw.comFhttps://flwadw.com/v1/event-stat0%VirustotalBrowse
            https://webcompanion.com/en/install.php?partner=0%Avira URL Cloudsafe
            https://webcompanion.com/en/help.php0%Avira URL Cloudsafe
            http://www.entrust.net/rpa00%VirustotalBrowse
            http://tempuri.org/GetProductInfoT2%VirustotalBrowse
            https://www.adaware.com/terms-of-use0%Avira URL Cloudsafe
            https://acscdn.lavasoft.com/urlnotificationlist.json0%VirustotalBrowse
            http://tempuri.org/ILocalyHostedServiceInstaller/ChangeScreen0%Avira URL Cloudsafe
            http://wcdownloadercdn.lavasoft.com/12.1.5.1061/webinstaller-12.1.5.1061-prod.zip0%VirustotalBrowse
            https://flwadw.com/v1/event-statJhttp://staging-cloudflow.lavasoft.netlhttp://staging-cloudflow.lava0%Avira URL Cloudsafe
            https://wcdownloader-qa.lavasoft.com/12.1.5.1061/webinstaller-12.1.5.1061-internal.zip0%Avira URL Cloudsafe
            https://featureflags.lavasoft.com0%Avira URL Cloudsafe
            http://tempuri.org/$1%VirustotalBrowse
            https://flow.lavasoft.com/v1/event-stat/v1/event-stat0%Avira URL Cloudsafe
            https://webcompanion.com/uninstall.php?utm_source=wc&utm_medium=0%Avira URL Cloudsafe
            https://flwadw.com/v1/event-stat?Type=Start&ProductID=wc&EventVersion=10%Avira URL Cloudsafe
            https://partner-tracking.lavasoft.com/api/Tracking/Decrypt0%Avira URL Cloudsafe
            http://geo.lavasoft.com/0%Avira URL Cloudsafe
            https://acs.lavasoft.comZhttps://acs.lavasoft.com/api/v2/url/blacklistlhttps://acs.lavasoft.com/api/0%Avira URL Cloudsafe
            https://flwadw.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=10%Avira URL Cloudsafe
            https://webcompanion.com/en/install.php?partner=1%VirustotalBrowse
            http://localhost:9008Fhttp://localhost:9008/webcompanion/4http://rt.webcompanion.com0%Avira URL Cloudsafe
            http://staging-cloudflow.lavasoft.net/v1/event-stat-wc0%Avira URL Cloudsafe
            https://wcdownloadercdn.lavasoft.com/12.1.5.1061/WebCompanionInstaller-12.1.5.1061-prod.exe0%Avira URL Cloudsafe
            http://tempuri.org/GetComponentsInfoByProductT0%Avira URL Cloudsafe
            http://www.lavasoft.com0%Avira URL Cloudsafe
            https://webcompanion.com/unsafe.php?utm_source=WCHhttps://webcompanion.com/en/help.php.https://www.a0%Avira URL Cloudsafe
            https://acs.lavasoft.com/api/v2/url/blacklist0%Avira URL Cloudsafe
            https://acscdn.lavasoft.comhhttps://acscdn.lavasoft.com/urlnotificationlist.json0https://webcompanio0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            geo.lavasoft.com
            		104.16.149.130
            		truefalseunknown
            featureflags.lavasoft.com
            		104.16.148.130
            		truefalseunknown
            flwadw.com
            		104.18.26.149
            		truefalseunknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://flwadw.com/v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1false
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://featureflags.lavasoft.com/api/feature/WCfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://featureflags.lavasoft.com/api/Update/WCfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://flwadw.com/v1/event-stat?Type=Start&ProductID=wc&EventVersion=1false
            • Avira URL Cloud: safe
            		unknown
            http://geo.lavasoft.com/false
            • Avira URL Cloud: safe
            		unknown
            https://flwadw.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1false
            • Avira URL Cloud: safe
            		unknown
            https://flwadw.com/v1/event-stat-wc?Type=Start&ProductID=wc&EventVersion=1false
            • Avira URL Cloud: safe
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://crl.entrust.net/g2ca.crl0WebCompanionInstaller-12.901.5.1061-prod.exe, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://tempuri.org/GetComponentsVersionInfoTWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drfalse
            • 3%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://featureflags.lavasoft.com/api/Update/WCyhttps://sandbox-featureflags-api.lavasoft.net/api/feWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://wcdownloadercdn.lavasoft.com/12.1.5.1061/WebCompanion-12.1.5.1061-prod.zipWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1677283178.0000000002296000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://flwadw.com/v1/event-stat-wcWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002D1F000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://tempuri.org/ILocalyHostedServiceInstaller/GetDropDownValuesResponseWebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002C51000.00000004.00000800.00020000.00000000.sdmpfalse
            • 1%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://ocsp.entrust.net02WebCompanionInstaller-12.901.5.1061-prod.exe, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.drfalse
            • URL Reputation: safe
            		unknown
            http://ocsp.entrust.net01WebCompanionInstaller-12.901.5.1061-prod.exe, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://ocsp.entrust.net00WebCompanionInstaller-12.901.5.1061-prod.exe, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://flwadw.com/v1/event-statWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002D1F000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://wcdownloader-qa.lavasoft.com/12.1.5.1061/WebCompanionInstaller-12.1.5.1061-internal.exeWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1677283178.0000000002296000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://acs.lavasoft.com/api/v2/url/permanentwhitelistWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://schemas.xmlsoap.org/soap/envelope/WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002C51000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://www.adaware.com/privacy-policyWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://tempuri.org/WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drfalse
            • URL Reputation: safe
            		unknown
            http://tempuri.org/:WebHttpBinding4WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002C51000.00000004.00000800.00020000.00000000.sdmpfalse
            • 1%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://www.webcompanion.comWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drfalse
            • 3%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://rt.webcompanion.com/notifications/download/rt/dci/latest/Webprotection.zipWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1677283178.0000000002296000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.drfalse
            • 3%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://wcdownloadercdn.lavasoft.com/12.901.5.1061/WebCompanion-12.901.5.1061-prod.zipWebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002D78000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002CBB000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002CC3000.00000004.00000800.00020000.00000000.sdmp, WcInstaller.log.1.drfalseunknown
            https://wcdownloadercdn.lavasoft.com/12.901.5.1061/WebCompanionInstaller-12.901.5.1061-prod.exeWebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002D78000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002CBB000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002CC3000.00000004.00000800.00020000.00000000.sdmp, WcInstaller.log.1.drtrue
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://wcdownloader-qa.lavasoft.com/12.1.5.1061/WebCompanion-12.1.5.1061-internal.zipWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1677283178.0000000002296000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://tempuri.org/ILocalyHostedServiceInstaller/ChangeScreenResponseWebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002C51000.00000004.00000800.00020000.00000000.sdmpfalse
            • 1%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://crl.entrust.net/csbr1.crl0WebCompanionInstaller-12.901.5.1061-prod.exe, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://schemas.xmlsoap.org/ws/2004/08/addressing/faultWebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002C51000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://sandbox-featureflags-api.lavasoft.net/api/feature/WCWebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002CEE000.00000004.00000800.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://tempuri.org/ILocalyHostedServiceInstaller/GetDropDownValuesWebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002C51000.00000004.00000800.00020000.00000000.sdmpfalse
            • 1%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://rt.webcompanion.com/notifications/download/rt/typolist.txt.http://www.lavasoft.com6http://wwwWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drfalse
            • 2%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://featureflags.lavasoft.com/api/feature/WC$https://flwadw.comFhttps://flwadw.com/v1/event-statWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://staging-webcompanion.lavasoft.net/dci/4.0.0.14/Webprotection.zipWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1677283178.0000000002296000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://aia.entrust.net/evcs2-chain.p7c01WebCompanionInstaller-12.901.5.1061-prod.exe, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://rt.webcompanion.com/notifications/download/rt/typolist.txt5CreatingWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drfalse
            • 1%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://acscdn.lavasoft.com/urlnotificationlist.jsonWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameWebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002CC3000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.entrust.net/rpa0WebCompanionInstaller-12.901.5.1061-prod.exe, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://wcdownloadercdn.lavasoft.com/12.1.5.1061/webinstaller-12.1.5.1061-prod.zipWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1677283178.0000000002296000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://tempuri.org/GetProductInfoTWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drfalseunknown
            http://tempuri.org/$WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drfalse
            • 1%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://webcompanion.com/en/install.php?partner=WebCompanion-Installer.exe.0.drfalse
            • 1%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://webcompanion.com/en/help.phpWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://www.adaware.com/terms-of-useWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://schemas.xmlsoap.org/soap/encoding/WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002C51000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymousWebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002C51000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://tempuri.org/ILocalyHostedServiceInstaller/ChangeScreenWebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002C51000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://flwadw.com/v1/event-statJhttp://staging-cloudflow.lavasoft.netlhttp://staging-cloudflow.lavaWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://wcdownloader-qa.lavasoft.com/12.1.5.1061/webinstaller-12.1.5.1061-internal.zipWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1677283178.0000000002296000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.entrust.net/rpa03WebCompanionInstaller-12.901.5.1061-prod.exe, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.drfalse
            • URL Reputation: safe
            		unknown
            https://featureflags.lavasoft.comWebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002CEE000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://flow.lavasoft.com/v1/event-stat/v1/event-statWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://partner-tracking.lavasoft.com/api/Tracking/DecryptWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://webcompanion.com/uninstall.php?utm_source=wc&utm_medium=WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://acs.lavasoft.comZhttps://acs.lavasoft.com/api/v2/url/blacklistlhttps://acs.lavasoft.com/api/WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://localhost:9008Fhttp://localhost:9008/webcompanion/4http://rt.webcompanion.comWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://staging-cloudflow.lavasoft.net/v1/event-stat-wcWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002D1F000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://james.newtonking.com/projects/jsonNewtonsoft.Json.dll.0.drfalse
            • URL Reputation: safe
            		unknown
            https://wcdownloadercdn.lavasoft.com/12.1.5.1061/WebCompanionInstaller-12.1.5.1061-prod.exeWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1677283178.0000000002296000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://tempuri.org/GetComponentsInfoByProductTWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.lavasoft.comWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://schemas.xmlsoap.org/ws/2004/08/addressingWebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002C51000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://webcompanion.com/unsafe.php?utm_source=WCHhttps://webcompanion.com/en/help.php.https://www.aWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://acs.lavasoft.com/api/v2/url/blacklistWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://acscdn.lavasoft.comhhttps://acscdn.lavasoft.com/urlnotificationlist.json0https://webcompanioWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://tempuri.org/TWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://sandbox-featureflags-api.lavasoft.net/api/Update/WCWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002D88000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://webcompanion.com/unsafe.php?utm_source=WCghttp://pp.webcompanion.com/unsafe.php?utm_source=WWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://tempuri.org/SignZipInstallerByProductTWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://wc-update-service.lavasWebCompanion-Installer.exe, 00000001.00000002.4139664072.0000000001127000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://crl.entrust.net/evcs2.crl0WebCompanionInstaller-12.901.5.1061-prod.exe, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://wc-update-service.lavasoft.com/update.asmxWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1677283178.0000000002296000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://wc-update-service.lavasoft.com/components.asmxWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1677283178.0000000002296000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://tempuri.org/SignZipInstallerTWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://schemas.xmlsoap.org/soap/actor/nextWebCompanion-Installer.exe, 00000001.00000002.4140051466.0000000002C51000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://tempuri.org/GetComponentsInfoTWebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678540620.00000000022D0000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller-12.901.5.1061-prod.exe, 00000000.00000003.1678689948.00000000004C0000.00000004.00001000.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1678881634.0000000000982000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.drfalse
            • Avira URL Cloud: safe
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            104.16.149.130
            		geo.lavasoft.comUnited States
            		13335CLOUDFLARENETUSfalse
            104.16.148.130
            		featureflags.lavasoft.comUnited States
            		13335CLOUDFLARENETUSfalse
            104.18.26.149
            		flwadw.comUnited States
            		13335CLOUDFLARENETUSfalse

            General Information

            Joe Sandbox version:40.0.0 Tourmaline
            Analysis ID:1484685
            Start date and time:2024-07-30 15:49:44 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 9m 13s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:7
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:WebCompanionInstaller-12.901.5.1061-prod.exe
            Detection:MAL
            Classification:mal42.troj.winEXE@3/16@3/3
            EGA Information:
            • Successful, ratio: 50%
            HCA Information:
            • Successful, ratio: 100%
            • Number of executed functions: 335
            • Number of non-executed functions: 32
            Cookbook Comments:
            • Found application associated with file extension: .exe
            • Override analysis time to 240000 for current running targets taking high CPU consumption

            Warnings

            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
            • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, ocsp.entrust.net, fe3cr.delivery.mp.microsoft.com
            • Execution Graph export aborted for target WebCompanion-Installer.exe, PID 1748 because it is empty
            • Not all processes where analyzed, report is missing behavior information
            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
            • Report size getting too big, too many NtOpenKeyEx calls found.
            • Report size getting too big, too many NtProtectVirtualMemory calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.
            • Report size getting too big, too many NtReadVirtualMemory calls found.

            Simulations

            Behavior and APIs

            TimeTypeDescription
            09:50:41API Interceptor11228894x Sleep call for process: WebCompanion-Installer.exe modified

            Joe Sandbox View / Context

            IPs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            104.16.149.130FileZilla_3.67.1_win64_sponsored-setup.exeGet hashmaliciousUnknownBrowse
            • flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
            FileZilla_3.67.1_win64_sponsored-setup.exeGet hashmaliciousUnknownBrowse
            • flow.lavasoft.com/v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1
            SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exeGet hashmaliciousPetite VirusBrowse
            • flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubBundleStart
            Setup.exeGet hashmaliciousUnknownBrowse
            • geo.lavasoft.com/
            Setup.exeGet hashmaliciousUnknownBrowse
            • geo.lavasoft.com/
            Setup.exeGet hashmaliciousUnknownBrowse
            • geo.lavasoft.com/
            Setup.exeGet hashmaliciousUnknownBrowse
            • geo.lavasoft.com/
            SecuriteInfo.com.Program.Unwanted.4662.20461.1147.exeGet hashmaliciousUnknownBrowse
            • downloadnada.lavasoft.com/update/12.10.158.0/win32/AdAwareWebInstaller.exe
            Setup (1).exeGet hashmaliciousUnknownBrowse
            • wcdownloadercdn.lavasoft.com/12.1.4.1003/WebCompanion-12.1.4.1003-prod.zip
            104.16.148.130FileZilla_3.67.1_win64_sponsored-setup.exeGet hashmaliciousUnknownBrowse
            • flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
            FileZilla_3.67.1_win64_sponsored-setup.exeGet hashmaliciousUnknownBrowse
            • wcdownloadercdn.lavasoft.com/9.1.0.993/WebCompanion-9.1.0.993-prod.zip
            SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exeGet hashmaliciousPetite VirusBrowse
            • flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubBundleStart
            Setup.exeGet hashmaliciousUnknownBrowse
            • geo.lavasoft.com/
            Setup.exeGet hashmaliciousUnknownBrowse
            • geo.lavasoft.com/
            Setup.exeGet hashmaliciousUnknownBrowse
            • geo.lavasoft.com/
            Setup.exeGet hashmaliciousUnknownBrowse
            • geo.lavasoft.com/
            SecuriteInfo.com.Program.Unwanted.4662.20461.1147.exeGet hashmaliciousUnknownBrowse
            • downloadnada.lavasoft.com/update/12.10.158.0/win32/AdAwareWebInstaller.exe
            Setup (1).exeGet hashmaliciousUnknownBrowse
            • geo.lavasoft.com/
            Setup (1).exeGet hashmaliciousUnknownBrowse
            • geo.lavasoft.com/

            Domains

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            geo.lavasoft.comSetup.exeGet hashmaliciousUnknownBrowse
            • 104.16.149.130
            Setup.exeGet hashmaliciousUnknownBrowse
            • 104.16.149.130
            Setup.exeGet hashmaliciousUnknownBrowse
            • 104.16.148.130
            Setup.exeGet hashmaliciousUnknownBrowse
            • 104.16.148.130
            Setup.exeGet hashmaliciousUnknownBrowse
            • 104.16.149.130
            Setup.exeGet hashmaliciousUnknownBrowse
            • 104.16.148.130
            Setup (1).exeGet hashmaliciousUnknownBrowse
            • 104.16.148.130
            Setup (1).exeGet hashmaliciousUnknownBrowse
            • 104.16.148.130
            https://webcompanion.com/nano_download.php?savename=Setup.exe&partner=IN230901&nonadmin&direct&tych&campaign=18022583703Get hashmaliciousUnknownBrowse
            • 104.16.148.130
            https://download.adaware.com/nano_download.php?partner=IN221105&nonadmin&tych&campaign=20540828322Get hashmaliciousUnknownBrowse
            • 104.17.8.52
            featureflags.lavasoft.comSetup.exeGet hashmaliciousUnknownBrowse
            • 104.16.148.130
            Setup.exeGet hashmaliciousUnknownBrowse
            • 104.16.149.130
            Setup.exeGet hashmaliciousUnknownBrowse
            • 104.16.148.130
            Setup.exeGet hashmaliciousUnknownBrowse
            • 104.16.148.130
            Setup.exeGet hashmaliciousUnknownBrowse
            • 104.16.148.130
            Setup.exeGet hashmaliciousUnknownBrowse
            • 104.16.148.130
            Setup (1).exeGet hashmaliciousUnknownBrowse
            • 104.16.148.130
            Setup (1).exeGet hashmaliciousUnknownBrowse
            • 104.16.148.130
            https://webcompanion.com/nano_download.php?savename=Setup.exe&partner=IN230901&nonadmin&direct&tych&campaign=18022583703Get hashmaliciousUnknownBrowse
            • 104.16.149.130
            https://download.adaware.com/nano_download.php?partner=IN221105&nonadmin&tych&campaign=20540828322Get hashmaliciousUnknownBrowse
            • 104.17.9.52
            flwadw.comSetup.exeGet hashmaliciousUnknownBrowse
            • 104.18.26.149
            Setup.exeGet hashmaliciousUnknownBrowse
            • 104.18.27.149
            Setup.exeGet hashmaliciousUnknownBrowse
            • 104.18.26.149
            Setup.exeGet hashmaliciousUnknownBrowse
            • 104.18.27.149
            Setup.exeGet hashmaliciousUnknownBrowse
            • 104.18.26.149
            Setup.exeGet hashmaliciousUnknownBrowse
            • 104.18.26.149
            Setup (1).exeGet hashmaliciousUnknownBrowse
            • 104.18.26.149
            Setup (1).exeGet hashmaliciousUnknownBrowse
            • 104.18.27.149
            https://webcompanion.com/nano_download.php?savename=Setup.exe&partner=IN230901&nonadmin&direct&tych&campaign=18022583703Get hashmaliciousUnknownBrowse
            • 104.18.26.149
            https://download.adaware.com/nano_download.php?partner=IN221105&nonadmin&tych&campaign=20540828322Get hashmaliciousUnknownBrowse
            • 104.18.26.149

            ASNs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            CLOUDFLARENETUSArrival Notice.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            General Attachment.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            EXTERN Zahlungsbest#U00e4tigung.msgGet hashmaliciousCVE-2024-21412Browse
            • 104.16.231.132
            SN-2013189_781463Q.exeGet hashmaliciousUnknownBrowse
            • 104.21.12.82
            EXTERN Zahlungsbest#U00e4tigung.msgGet hashmaliciousCVE-2024-21412Browse
            • 104.16.231.132
            down.exeGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
            • 104.16.185.241
            QH098767890000.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • 188.114.97.3
            SOA.r09.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
            • 188.114.96.3
            Shipping Documents 2906381504.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • 188.114.96.3
            https://www.naturist.guide/stats/ct.php?t=2&g=3&id=118&url=https://MSOFT_DOCUSIGN_VERIFICATION_SECURED-DOC_OFFICE.zatrdg.com/page-authentication/lp1KnkIVTV4OQaYeRtRaU7PfJ8aa3O/CnicholsGet hashmaliciousUnknownBrowse
            • 188.114.96.3
            CLOUDFLARENETUSArrival Notice.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            General Attachment.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            EXTERN Zahlungsbest#U00e4tigung.msgGet hashmaliciousCVE-2024-21412Browse
            • 104.16.231.132
            SN-2013189_781463Q.exeGet hashmaliciousUnknownBrowse
            • 104.21.12.82
            EXTERN Zahlungsbest#U00e4tigung.msgGet hashmaliciousCVE-2024-21412Browse
            • 104.16.231.132
            down.exeGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
            • 104.16.185.241
            QH098767890000.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • 188.114.97.3
            SOA.r09.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
            • 188.114.96.3
            Shipping Documents 2906381504.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • 188.114.96.3
            https://www.naturist.guide/stats/ct.php?t=2&g=3&id=118&url=https://MSOFT_DOCUSIGN_VERIFICATION_SECURED-DOC_OFFICE.zatrdg.com/page-authentication/lp1KnkIVTV4OQaYeRtRaU7PfJ8aa3O/CnicholsGet hashmaliciousUnknownBrowse
            • 188.114.96.3
            CLOUDFLARENETUSArrival Notice.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            General Attachment.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            EXTERN Zahlungsbest#U00e4tigung.msgGet hashmaliciousCVE-2024-21412Browse
            • 104.16.231.132
            SN-2013189_781463Q.exeGet hashmaliciousUnknownBrowse
            • 104.21.12.82
            EXTERN Zahlungsbest#U00e4tigung.msgGet hashmaliciousCVE-2024-21412Browse
            • 104.16.231.132
            down.exeGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
            • 104.16.185.241
            QH098767890000.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • 188.114.97.3
            SOA.r09.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
            • 188.114.96.3
            Shipping Documents 2906381504.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • 188.114.96.3
            https://www.naturist.guide/stats/ct.php?t=2&g=3&id=118&url=https://MSOFT_DOCUSIGN_VERIFICATION_SECURED-DOC_OFFICE.zatrdg.com/page-authentication/lp1KnkIVTV4OQaYeRtRaU7PfJ8aa3O/CnicholsGet hashmaliciousUnknownBrowse
            • 188.114.96.3

            JA3 Fingerprints

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            3b5074b1b5d032e5620f69f9f700ff0ePayment_Reference_2024020202119439207_20240807_96,239.00USD_Paymentconfirmation.vbsGet hashmaliciousGuLoaderBrowse
            • 104.18.26.149
            • 104.16.148.130
            http://cdn.ldplayer.net/download/ldad/LDPlayer9.exe?n=LDPlayer9_ens_com.auxbrain.zh2_3040_ld.exeGet hashmaliciousUnknownBrowse
            • 104.18.26.149
            • 104.16.148.130
            down.exeGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
            • 104.18.26.149
            • 104.16.148.130
            QH098767890000.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • 104.18.26.149
            • 104.16.148.130
            Shipping Documents 2906381504.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • 104.18.26.149
            • 104.16.148.130
            https://rportal.hiperos.com/External/_si7314?xS=egCCA8m4M1GhwVGENYEZbbsTN6GK6PLpy%2FGgBG2qFbh75B9S1MrrM2oECJvsJx5gM0TTNQLxknsKOrRtIcBBGO21%2BQ8e5ZCNnINeaIMRsRUSdaOrlAs1b7YbUOhYcySgvzugLXJW2RPlqhsN%2BJNccFg%2Fwns759REC4gKc59Qj7wGYqTivj9T2HoQJvt2EfObtGQ3nTRmEy0%3DGet hashmaliciousUnknownBrowse
            • 104.18.26.149
            • 104.16.148.130
            https://xiy.kpidevi.com/ex2S/Get hashmaliciousUnknownBrowse
            • 104.18.26.149
            • 104.16.148.130
            qnOcrxwuiR.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
            • 104.18.26.149
            • 104.16.148.130
            SecuriteInfo.com.Trojan.DownLoaderNET.986.27001.9963.exeGet hashmaliciousAsyncRAT, PureLog Stealer, XWormBrowse
            • 104.18.26.149
            • 104.16.148.130
            1000825337654U.htmlGet hashmaliciousUnknownBrowse
            • 104.18.26.149
            • 104.16.148.130

            Dropped Files

            No context

            Created / dropped Files

            C:\ProgramData\Lavasoft\Web Companion\Options\Statistics.txt

            Download File
            Process:C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):56
            Entropy (8bit):4.292841637894509
            Encrypted:false
            SSDEEP:3:asLGY9J0BQo5uRQQHYn:aqGY/0Bbc2SYn
            MD5:3690BEE12FEEAFEB1189E32A4E7E4157
            SHA1:850DE040D826B0F3C43E12962795019EBF6363B6
            SHA-256:A1306A5FB127D00A7313AB829783A1380CA67B3F8E5692556B103AB14C187F34
            SHA-512:608A885B825CE5CD320022DE66CFB71E3DD4EA9E810E865722B1C73ADEE0BFBDACE20305C8D89057F21A812CF141BF8D6454BA56439DDADEE01444405E022538
            Malicious:false
            Reputation:low
            Preview:{ "install_id" : "899a5556-4f4a-4024-8034-5a57845d54c3"}

            C:\Users\user\AppData\Local\Temp\7zS08AF5899\ICSharpCode.SharpZipLib.dll

            Download File
            Process:C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):213656
            Entropy (8bit):5.758858930739789
            Encrypted:false
            SSDEEP:3072:PK1c/KCOAUXk31Vv91GOtJJKuE1iA5mGPB8qd9OTymIpn+64kRAclDwRNG95ZI4G:Ce9OAQsFtJrGPBnmIRZGT
            MD5:AA46F1AAC968484C82CD1316A3CE7015
            SHA1:6083BD31295BA49168886D3103C5CD1895AE663B
            SHA-256:16DC00D1D39A153B915E5BAC309F51C11980924CC378B3EB23FF127B875EE754
            SHA-512:DAEC60B8C3B9408FB8D9BF1A6A7878E7ED81D23EA5E5C9046CB1CD76AB1FACE5868452D6D30E835A8FA6F832D6EDF4CBCE68E897D4728A7CCB9A03F34BA4FA44
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 4%
            Reputation:low
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......S...........!......... ........... ........@.. .......................@............@.................................d...W........................2... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\7zS08AF5899\Newtonsoft.Json.dll

            Download File
            Process:C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):438424
            Entropy (8bit):6.098869856602685
            Encrypted:false
            SSDEEP:6144:dHerwzLkqCG3uKWf4g6tUwoOkErUx5/Rsnaszr0tZDPEaN+YB5+GonXt:dHerIacuKUtOkESbKQrvB5+Jt
            MD5:CF415AB5A5A0BF6A80EA910CEA0025D4
            SHA1:B5ECB71F12D0C2F0FC4492827BD22B41092F0F1E
            SHA-256:E3FF89C26921FDCCDC604F30CAF3CDE6D36B4F22435EEC8F7DD9C8DAEB833BB1
            SHA-512:B75B934272FF07066B6E0C06D52577CB7D2281565010253141B239A0E0A2DF7BAD130574173EAC06BE2A5497442851A892C59893E99FE201F1F61092C2FEA70F
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:low
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....L.R...........!.....t............... ........... ....................................@.....................................K.......8............~...2..........x................................................ ............... ..H............text....s... ...t.................. ..`.rsrc...8............v..............@..@.reloc...............|..............@..B........................H.......h...................X...P ......................................yK.N...f....i5.#I..xV. ..%BR..^.....t0"..z.%./.G'.j....{...2...k)w...'>.c..P..X.......n...h....E...ex..X/H].R.e.{..;&.-.'....{....*"..}....*V.(x.....(......}....*2.{....oy...*2.{....oz...*B..(....&..(....*...0...........oo........YE....}...............}...n...............n.......I...I...I...I...3...I...X...8D....t......{.....or...o{....ow.....+U..o|.....{.....o....oo...o}.....o....o....t.....o....o..

            C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe

            Download File
            Process:C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):438424
            Entropy (8bit):6.429453905929263
            Encrypted:false
            SSDEEP:6144:dLNBhpdg/Zytotu4DKNdg1dr619WTRIlY57pR39p8aiSVBre/sY:xnhHI1n2NUF619WQY57pRTgsY
            MD5:F6DFE983850039A9EC8DD2F93E2D25CC
            SHA1:40B2E3F3995C22ECBC45DF6B68CA8431856CDCD3
            SHA-256:2BCDB38E9BDD47E5CA87A683FDCB45CB8D3B95ADA15A7C7610618D02FC112660
            SHA-512:20919988479922ECD422D9F89A6C20D117EE912EC78A043F1239FEBE8853D5F95932323282A3DB07965B906F507845958322822751D24ECEA89601185048D5AF
            Malicious:true
            Yara Hits:
            • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe, Author: Joe Security
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 11%
            Reputation:low
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.f.....................t......n&... ...@....@.. ....................................@..................................&..O....@...q...........~...2...........$............................................... ............... ..H............text...t.... ...................... ..`.rsrc....q...@...r..................@..@.reloc...............|..............@..B................P&......H.......X...........{....h...9............................................~....}.....(......su...}......(....}....*.r...p*z.(....r'..p.{....(......(....*....0..j..........{....r...pov...,.(.....+.(......r...p(......(......r...p.{....o....o.......(........sG........o......z*..........UU......N.(....r...p..(....*.r...p.....*..{....*"..}....*.rA..p*.rS..p*.(....oV...*f.~....}.....(......(....*.ro..p*N.(....r...p..(....*.0..i.......~......(....(!...,.r...p.+..(.......(j.....(...+

            C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe.config

            Download File
            Process:C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exe
            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):2273
            Entropy (8bit):5.080334490497203
            Encrypted:false
            SSDEEP:48:c5+qM3D8EAwAG1syE5KUcCUrz1rAn6EVr6R841docr7S3tB:jV3FSSmBKr+rAN3r7sz
            MD5:44B1970376FBA163AA49B183915D0EAA
            SHA1:D40B53733AD76D6CCAFF27A648DE6A3A7EBFEA3A
            SHA-256:13C41E9C66B82DC0BAA0B2762AA7B91FFD418F2C9FCB9DC35DFB40A5C555414C
            SHA-512:1A492DCDCEB76B81599A680CF4125CCDAFC1978979705CAD0B990D491AC57626E80D79E3B9C308102A756B1F4F55FE0E6A730C774003AB5274211D7ED721EC35
            Malicious:false
            Reputation:low
            Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ProdSettings" type="System.Configuration.NameValueSectionHandler"/>.. <section name="StagingSettings" type="System.Configuration.NameValueSectionHandler"/>.. </configSections>.. <ProdSettings>.. <add key="Installer" value="https://wcdownloadercdn.lavasoft.com/12.1.5.1061/WebCompanionInstaller-12.1.5.1061-prod.exe"/>.. <add key="WebProtectionZip" value="https://rt.webcompanion.com/notifications/download/rt/dci/latest/Webprotection.zip"/>.. <add key="InstallerZip" value="http://wcdownloadercdn.lavasoft.com/12.1.5.1061/WebCompanion-12.1.5.1061-prod.zip"/>.. <add key="WebInstallerZip" value="http://wcdownloadercdn.lavasoft.com/12.1.5.1061/webinstaller-12.1.5.1061-prod.zip"/>.. </ProdSettings>.. <StagingSettings>.. <add key="Installer" value="https://wcdownloader-qa.lavasoft.com/12.1.5.1061/WebCompanionInstaller-12.1.5.1061-internal.exe"/>.. <add key="WebProtectionZip" va

            C:\Users\user\AppData\Local\Temp\7zS08AF5899\de-DE\WebCompanion-Installer.resources.dll

            Download File
            Process:C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):6656
            Entropy (8bit):4.424486672566625
            Encrypted:false
            SSDEEP:96:MGfMjBmbsmYpthmv13DA+7ZaOrO2I72LYltpT5dPolY:MGEjBmb/Ypthmd3k+7LBTUB5NolY
            MD5:B0DC52BB18BBA0D07ECDE9D6C8D258C7
            SHA1:F823BDD095AA141E05DECD0003D19DAEEB167367
            SHA-256:F18DE12839E91CC00BA2BB922385E547D1E411651CECC9911778BBFA6D7E01A6
            SHA-512:0C2F9A357FFCBE70DE63F7FFC7258DE732E113A23CE93390FE7A8BFF44FA969B83F6886B6015D909E6DBCF1E8D9CD9E81441CDA48C2A7DCFA96A040CD49F46B8
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:low
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.f...........!.................1... ...@....... ....................................@..................................0..O....@.......................`....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................1......H.......h-..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....".......PADPADP......n.....V ...].......}.E(/....xv.|.-..X:..o.....V..................v...1.D|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq............g...i...............!.......z...............5...v.......K....... .......3...<...

            C:\Users\user\AppData\Local\Temp\7zS08AF5899\en-US\WebCompanion-Installer.resources.dll

            Download File
            Process:C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):6144
            Entropy (8bit):4.336182241396478
            Encrypted:false
            SSDEEP:96:eDXGBpbsiopCUoHve6v7ptEAT0VOGSxQ7F0ltEL78dPolY:erGBpbLopDoHm1MeG08NolY
            MD5:C3960A3BAB680030553F7E6487923CE1
            SHA1:898B46D4BE184B8054AF9B9F72EA418704B50EBE
            SHA-256:86D292BA352431FB0B634BAA6DA34B2F609EFAFE85E437C008D619943D93B0E2
            SHA-512:AFCF6B5A8A5F5E92AF36D98B8FEEF5BBDC637BC6B0F4D65FD920F45C4649E359C7EF3F996FE3DA68443C8E1AF01D4AFDFC619AF4CDA5179E452372AA82BDE95E
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:low
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.f...........!................N/... ...@....... ....................................@................................../..K....@.......................`....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................0/......H........+..d...........P ..I...........................................E..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet.... .......PADPADP......n.....V ...].......}.E(/....xv.|.-..X:..o.....V..............v.D|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq........\.......i.......t...............z...O...L...<...5...*.......................E...........L...

            C:\Users\user\AppData\Local\Temp\7zS08AF5899\es-ES\WebCompanion-Installer.resources.dll

            Download File
            Process:C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):6656
            Entropy (8bit):4.322701009589959
            Encrypted:false
            SSDEEP:96:XfMjBDbsPnpEaLv3lhC3E1Wb/xg/x9lt2EZdPolY:XEjBDbWnpEaLPlhC3falZNolY
            MD5:79294917AD2338E68818B12D28B83242
            SHA1:7B9516EDD5F852C482E0E7372F8EFF7C0172FA59
            SHA-256:756F6A886906E170AA46ED50EB8D1268391C0B82FAF00ADA47CCCF7198FC7DDD
            SHA-512:CD32A2847989B0CCC98A35BD443EFF80709F4B95D3D560B758AA938557BA18A8782A737B3B119CF7145810D2D4C24A6201D2F600B5C3A5245EA25AFA95825AE0
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:low
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.f...........!.................0... ...@....... ....................................@.................................<0..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p0......H........,..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....".......PADPADP......n.....V ...].......}.E(/....xv.|.-..X:..o.....V..................v...1.D|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq............g...i...............!.......z...............5...v.......K....... .......3...<...

            C:\Users\user\AppData\Local\Temp\7zS08AF5899\fr-CA\WebCompanion-Installer.resources.dll

            Download File
            Process:C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):6656
            Entropy (8bit):4.414185867504937
            Encrypted:false
            SSDEEP:96:gfMjBwbssSpcuov88johXbk3LFXRq7hltm5dPolY:gEjBwbJSpcuo0aX07hO5NolY
            MD5:A818A9C320F78A222E5EC02B35F93830
            SHA1:9C5B08439E189F4F61381B81F91490D80549D264
            SHA-256:64772244ECB4CC37B2A0AF361881D47CD971FDDF1B7F288D6810FA35A56B39B7
            SHA-512:06D0C10E4C9584A306F101CF4B3D2BE260D059719C2B0BBDFE6A51EABBAED153C39170F38992E03FB0242683F51813A08D9BCDCA912959E20579DFFB830558DF
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:low
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.f...........!.................0... ...@....... ....................................@..................................0..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................0......H.......8-..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....".......PADPADP......n.....V ...].......}.E(/....xv.|.-..X:..o.....V..................v...1.D|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq............g...i...............!.......z...............5...v.......K....... .......3...<...

            C:\Users\user\AppData\Local\Temp\7zS08AF5899\it-IT\WebCompanion-Installer.resources.dll

            Download File
            Process:C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):5632
            Entropy (8bit):4.058834175346331
            Encrypted:false
            SSDEEP:48:6FWHsDO4eUqFAjpI1UhCvEWRCYVl6TxNLu6hxPFraKuhuXahZ439M/oKx8Welt4N:rFfAjpI1fvC6StPPtM+7tltZtdPolY
            MD5:5C1FDC78B09BD8AAA1300448D76F1478
            SHA1:BF204844E0004508B481AB7498F04D6484CACF80
            SHA-256:0CBA22A6A949DF65346E668E1E159D8E66C88BA0F613AD4CDD3D14D564E80BCE
            SHA-512:92EB2E9D35F21766B083CD3E37460A48D24C6D19427BEFA9172A49F3BF314C421DDDD962AD3BD1F7538471F10135FCB84753B32C72177ADA5B16BC80637EC0EF
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:low
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.f...........!................n,... ...@....... ....................................@..................................,..W....@.......................`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P,......H........(..d...........P ..`...........................................\..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP........V ...].......}....xv.|.-..X:.....V..................v...1.D|-...."..&#Uv=.9.W.F.^:1;j........a.......J...'...........(...............p.......E...........{...........b.......B...O............B.T.N._.C.L.O.S.E......

            C:\Users\user\AppData\Local\Temp\7zS08AF5899\ja-JP\WebCompanion-Installer.resources.dll

            Download File
            Process:C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):5632
            Entropy (8bit):4.698530064660263
            Encrypted:false
            SSDEEP:96:5sC3ASpa3kvBYTnRDzIWI2dPRp0Qlt9HmdPolY:5sOASpa3kpXoR+QlGNolY
            MD5:034EACEFA8AD7B4C7C540405D33B6584
            SHA1:70768866BE6EC4C0D6FABF016668F85B5580E43E
            SHA-256:3F6546C3A6A3E6942E9DE69A669A2CF89DE380D55CFDA4B70053ADE557A1B6A0
            SHA-512:F7809235E8D3AC8E1EB61D5802A8CAFB0CA9FF5D2890C7088C15A261C69FB150DC521C42D4F350D8DCA592202CB2EF58D4DA924C8BC26C12448C0718C76B1BDD
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:low
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.f...........!.................-... ...@....... ....................................@..................................-..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H....... *..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP........V ...].......}....xv.|.-..X:.....V..................v...1.D|-...."..&.9.W.F.^:1;j........a.......)...............(...............O.......$...........{.......j...b...B...O............B.T.N._.C.L.O.S.E......B.T.N._.

            C:\Users\user\AppData\Local\Temp\7zS08AF5899\pt-BR\WebCompanion-Installer.resources.dll

            Download File
            Process:C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):6656
            Entropy (8bit):4.2689311288082505
            Encrypted:false
            SSDEEP:96:afMjBsbswapvL6vu1667y4UNGaB3q4kUO6ltPNdPolY:aEjBsb9apvL6ms67yJ3h3NNolY
            MD5:6A1420991FC822A287EA8BBF26A62A32
            SHA1:06B9A55F0D33EDA444F472CBC395F9B1329A0EC9
            SHA-256:E64740ABA131EEC078A387435A762F92161B32881EDBC72BD874E5199CA97502
            SHA-512:91861D974B0160A33882330259E2A3DE386C39CE8B8F5A76F6C9B0736D990F9C25FE57677C9F544F2FF6CFC46835D648C949001ECB2E50CB5288B3D44059CA2B
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Reputation:low
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.f...........!.................0... ...@....... ....................................@................................../..K....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................0......H.......|,..d...........P ..,...........................................(..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....".......PADPADP......n.....V ...].......}.E(/....xv.|.-..X:..o.....V..................v...1.D|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq............g...i...............!.......z...............5...v.......K....... .......3...<...

            C:\Users\user\AppData\Local\Temp\7zS08AF5899\ru-RU\WebCompanion-Installer.resources.dll

            Download File
            Process:C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):7680
            Entropy (8bit):4.6049299600264915
            Encrypted:false
            SSDEEP:96:41fMjBGbsSopXm7vGQdkxbdV2UCwbT+T/UA7+1styo36glt9odPolY:eEjBGbbopXm7eXxbWqExi1spl1oNolY
            MD5:5738AD57B29ABA8364C4A58B8A4F9E10
            SHA1:94C848EFF1797A1DB309092D935F0337447BEFC8
            SHA-256:C6D0A0EB5E780AAA7F9C55E4676930B69EBF60905782080FF54DD530370ADB43
            SHA-512:4BEECF1655DD3C1A72EC6EC4F5CC8C945F56AE0172452CFFC71BA7C3285B29A50B4D2CB4BC0A5281727EEFE2DA829AC2B26BDD0677D5C6D9E4DAEC6B9F330038
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.f...........!.................3... ...@....... ....................................@..................................3..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................3......H.......L0..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....".......PADPADP......n.....V ...].......}.E(/....xv.|.-..X:..o.....V..................v...1.D|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq............g...i...............!.......z...............5...v.......K....... .......3...<...

            C:\Users\user\AppData\Local\Temp\7zS08AF5899\tr-TR\WebCompanion-Installer.resources.dll

            Download File
            Process:C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):5632
            Entropy (8bit):4.206233816516102
            Encrypted:false
            SSDEEP:48:6UeH9O4G6ULy3ABApQe1eBpQvu18JvLh4jK0YuPx4S8zqeelt4833PP0knI5Klfy:IsC3AWpt1eYvJgjKZSJltpFdPolY
            MD5:413D5ACF01555F7EE573DDBFBA5A5077
            SHA1:DB2C9058DBC0DF37A76DFB997107CA2867034DAA
            SHA-256:8724829216E6D7D5676026F199D35BD3B04F9563392D6F74937F3E2D2831A644
            SHA-512:BAFFCEE18020331F00F220398C44A37A5C05C821D736CF4310256A2398BA9DE46CF13C884748ECB764AB7C893D2E76F685B798C4AABD80DCE432EEDA231DAF57
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.f...........!.................,... ...@....... ....................................@.................................<,..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p,......H........(..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP........V ...].......}....xv.|.-..X:.....V..................v...1.D|-...."..&.9.W.F.^:1;j........a.......)...............(...............O.......$...........{.......j...b...B...O............B.T.N._.C.L.O.S.E......B.T.N._.

            C:\Users\user\AppData\Local\Temp\7zS08AF5899\zh-CHS\WebCompanion-Installer.resources.dll

            Download File
            Process:C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exe
            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):5120
            Entropy (8bit):4.585293174632914
            Encrypted:false
            SSDEEP:96:ksC3AjpTfYGvqLH+/WZGrlqlthkdPolY:ksOAjpTfxyb+/gGJq5kNolY
            MD5:F029B5103E1C10EE320A71CF055A3A3B
            SHA1:85071049AFBE6A19E93A91023DA226529A55B58E
            SHA-256:ADE0932F4691F08A9834ECFA3A0B087A30A92A6D3E35DC29B3F6C2B39A07529C
            SHA-512:421BCD3BCF80C14AC703865B85F41A64355E2775FD926DFA7A380FE9518A4A2AC582500DA4A24444A9317B6649685E072ADFB1416FA095753A332970F0A22429
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.f...........!.................+... ...@....... ....................................@.................................t+..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........(..h...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP........V ...].......}....xv.|.-..X:.....V..................v...1.D|-...."..&.9.W.F.^:1;j........a.......)...............(...............O.......$...........{.......j...b...B...O............B.T.N._.C.L.O.S.E......B.T.N._.

            C:\Users\user\AppData\Local\Temp\WcInstaller.log

            Download File
            Process:C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe
            File Type:ASCII text, with very long lines (376), with CRLF line terminators
            Category:dropped
            Size (bytes):1361
            Entropy (8bit):5.220040277014651
            Encrypted:false
            SSDEEP:24:v2gN4H1+DQCuzYAIfSzpaOnJ2QaNu+K2gN4H1+DQCuzYAERRjlCSqKdEWtSxKUWN:v2E4H1+DQUAmSzEOnJ2tYT2E4H1+DQUn
            MD5:986787A3B09FC41BEEF7562BE800D9EB
            SHA1:21B6E988344825F08960FF03124F32FF2B4A4070
            SHA-256:49D53191305415D754A0A3D348087DD4DD4CEC27C2D9B763F9567D4C46A2DA42
            SHA-512:B2DE81A03D395CAC034ABE4570B328F39A036952AAB86D07FC4191DE5D97E3568D2D38E3A98D6FBC690A9559466AEF2A0CD54927378ECEE04EF67404B104C24C
            Malicious:false
            Preview:Detecting windows culture..Preparing request for featureflag: {"Geo":"US","Partner":"NA","Campaign":"NA","InstallDate":"20240730","TriggerType":"install","TriggerEvent":"installer","Version":"12.901.5.1061","featurewp":true,"featureal":true}..response status code :NoContent..Getting response from featureflag: ..30/07/2024 09:50:38 :-> Start..Failed to report progress in SendPostRequest: System.Net.WebException: The remote server returned an error: (400) Bad Request... at System.Net.HttpWebRequest.GetResponse().. at WebCompanionInstaller.Utils.RestUtils.SendPostRequest(String url, String body)..30/07/2024 09:50:39 :-> Starting installer 12.901.5.1061 with: .\WebCompanion-Installer.exe, Run as admin: True..Preparing request for featureflag: {"Geo":"US","Partner":"NA","Campaign":"NA","InstallDate":"20240730","TriggerType":"install","TriggerEvent":"installer","Version":"12.901.5.1061","featurewp":true,"featureal":true}..Getting response from featureflag: {"code":"UPD","configuration":"

            Static File Info

            General

            File type:PE32 executable (GUI) Intel 80386, for MS Windows
            Entropy (8bit):7.65343300256882
            TrID:
            • Win32 Executable (generic) a (10002005/4) 99.53%
            • InstallShield setup (43055/19) 0.43%
            • Generic Win/DOS Executable (2004/3) 0.02%
            • DOS Executable Generic (2002/1) 0.02%
            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
            File name:WebCompanionInstaller-12.901.5.1061-prod.exe
            File size:544'984 bytes
            MD5:9f56d40a9b201cbb5598da5055a18367
            SHA1:a00f23d64dc668b2f311d816b77c1154c559a24b
            SHA256:dc040e4c051687e4b27236f1a2340524b498443ea58cdc87769b818930f01535
            SHA512:ea2025776a5f973206f64f918386070639c7dcaa035a54d76938082cad5d2e5ea223538d7a63f1709e54979973e71eaf957e5632ecd6446c7dac9a44de0a46c9
            SSDEEP:12288:uG5knZfFKezY8fkSuY+GfR/9n8bwRK1MYXyW2t5oKSPnKYWoN:uG50ZfFKMYMRucR/986UnXyCKSPn/WoN
            TLSH:DFC4F1113DE184B9D5510031D9B46FA5E2FAFE260E21486333993E3E3F7F6868135AAD
            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W..s...s...s..c}...s..Yy...s..w,...s...r./.s..w....s..Yx...s.......s.......s.Zyu...s.Rich..s.................PE..L......M...

            File Icon

            Icon Hash:8011090b07071616

            Static PE Info

            General

            Entrypoint:0x4148d4
            Entrypoint Section:.text
            Digitally signed:true
            Imagebase:0x400000
            Subsystem:windows gui
            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            DLL Characteristics:
            Time Stamp:0x4DAC88CE [Mon Apr 18 18:54:06 2011 UTC]
            TLS Callbacks:
            CLR (.Net) Version:
            OS Version Major:4
            OS Version Minor:0
            File Version Major:4
            File Version Minor:0
            Subsystem Version Major:4
            Subsystem Version Minor:0
            Import Hash:e00de6e48b9b06aceb12a81e7bf494c9

            Authenticode Signature

            Signature Valid:true
            Signature Issuer:CN=Entrust Extended Validation Code Signing CA - EVCS2, O="Entrust, Inc.", C=US
            Signature Validation Error:The operation completed successfully
            Error Number:0
            Not Before, Not After
            • 25/09/2023 21:01:11 25/09/2024 21:01:10
            Subject Chain
            • CN=7270356 Canada Inc., SERIALNUMBER=1417258-2, OID.2.5.4.15=Private Organization, O=7270356 Canada Inc., OID.1.3.6.1.4.1.311.60.2.1.3=CA, L=Saint-Laurent, S=Quebec, C=CA
            Version:3
            Thumbprint MD5:6D04AB66B73B399057E4ABF511DE16CA
            Thumbprint SHA-1:1F7E4FBC0B6CEECF12BC33A7571FA6AC6776CFC9
            Thumbprint SHA-256:ABDED33114B5633557E5E20823AD5D88EF4119D7C8DFF7716EDC178E53E0F411
            Serial:7C14176AA8E635DF334F928C95357690

            Entrypoint Preview

            Instruction
            push ebp
            mov ebp, esp
            push FFFFFFFFh
            push 0041B9E8h
            push 004147FCh
            mov eax, dword ptr fs:[00000000h]
            push eax
            mov dword ptr fs:[00000000h], esp
            sub esp, 58h
            push ebx
            push esi
            push edi
            mov dword ptr [ebp-18h], esp
            call dword ptr [0041B078h]
            xor edx, edx
            mov dl, ah
            mov dword ptr [004233F0h], edx
            mov ecx, eax
            and ecx, 000000FFh
            mov dword ptr [004233ECh], ecx
            shl ecx, 08h
            add ecx, edx
            mov dword ptr [004233E8h], ecx
            shr eax, 10h
            mov dword ptr [004233E4h], eax
            push 00000001h
            call 00007F3644BCC94Bh
            pop ecx
            test eax, eax
            jne 00007F3644BCBABAh
            push 0000001Ch
            call 00007F3644BCBB78h
            pop ecx
            call 00007F3644BCC3FDh
            test eax, eax
            jne 00007F3644BCBABAh
            push 00000010h
            call 00007F3644BCBB67h
            pop ecx
            xor esi, esi
            mov dword ptr [ebp-04h], esi
            call 00007F3644BCE56Ch
            call dword ptr [0041B07Ch]
            mov dword ptr [00425A5Ch], eax
            call 00007F3644BCE42Ah
            mov dword ptr [00423360h], eax
            call 00007F3644BCE1D3h
            call 00007F3644BCE115h
            call 00007F3644BCDB70h
            mov dword ptr [ebp-30h], esi
            lea eax, dword ptr [ebp-5Ch]
            push eax
            call dword ptr [0041B080h]
            call 00007F3644BCE0A6h
            mov dword ptr [ebp-64h], eax
            test byte ptr [ebp-30h], 00000001h
            je 00007F3644BCBAB8h
            movzx eax, word ptr [ebp+00h]

            Rich Headers

            Programming Language:
            • [ C ] VS98 (6.0) SP6 build 8804
            • [C++] VS98 (6.0) SP6 build 8804
            • [ C ] VS2010 build 30319
            • [ASM] VS2010 build 30319
            • [EXP] VC++ 6.0 SP5 build 8804

            Data Directories

            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0x1e9ac0x64.rdata
            IMAGE_DIRECTORY_ENTRY_RESOURCE0x270000x71d4.rsrc
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x81e400x3298
            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0x1b0000x200.rdata
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

            Sections

            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x10000x197c00x19800206b62d600beb166f8bf863ad5301f8cFalse0.5831609987745098DOS executable (COM)6.60822715389085IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            .rdata0x1b0000x44900x4600b0314f39355cab7d4674a0928d3b15f2False0.312109375data4.383775518811042IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .data0x200000x5a680x32008d44c03d32e0c923339cda9fae15827aFalse0.123828125data1.3793356235333818IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
            .sxdata0x260000x40x20035925cfdc1176bd9ffc634a58b40ec17False0.02734375data0.020393135236084953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_LNK_INFO, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
            .rsrc0x270000x71d40x7200163c1f60e2cea650c6f5de7af30d7298False0.3919613486842105data4.656146485034415IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

            Resources

            NameRVASizeTypeLanguageCountryZLIB Complexity
            RT_ICON0x273540x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.37231182795698925
            RT_ICON0x2763c0x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.5472972972972973
            RT_ICON0x277640x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2833 x 2833 px/m0.3200354609929078
            RT_ICON0x27bcc0x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304, resolution 2833 x 2833 px/m0.23688524590163934
            RT_ICON0x285540x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2833 x 2833 px/m0.1721388367729831
            RT_ICON0x295fc0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2833 x 2833 px/m0.1241701244813278
            RT_ICON0x2bba40x1a7bPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9648915769287506
            RT_DIALOG0x2d6200xb8dataEnglishUnited States0.6684782608695652
            RT_STRING0x2d6d80x94dataEnglishUnited States0.668918918918919
            RT_STRING0x2d76c0x34dataEnglishUnited States0.6538461538461539
            RT_GROUP_ICON0x2d7a00x4cdata0.8289473684210527
            RT_GROUP_ICON0x2d7ec0x22dataEnglishUnited States1.0
            RT_VERSION0x2d8100x344dataEnglishUnited States0.43301435406698563
            RT_MANIFEST0x2db540x67fexported SGML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3692122669873722

            Imports

            DLLImport
            OLEAUT32.dllVariantClear, SysAllocString
            USER32.dllSendMessageA, SetTimer, DialogBoxParamW, DialogBoxParamA, SetWindowLongA, GetWindowLongA, SetWindowTextW, LoadIconA, LoadStringW, LoadStringA, CharUpperW, CharUpperA, DestroyWindow, EndDialog, PostMessageA, ShowWindow, MessageBoxW, GetDlgItem, KillTimer, SetWindowTextA
            SHELL32.dllShellExecuteExA
            KERNEL32.dllGetCurrentDirectoryA, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, InterlockedIncrement, InterlockedDecrement, GetProcAddress, GetOEMCP, GetACP, GetCPInfo, IsBadCodePtr, IsBadReadPtr, GetFileType, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, HeapSize, GetCurrentProcess, TerminateProcess, IsBadWritePtr, HeapCreate, HeapDestroy, GetEnvironmentVariableA, SetUnhandledExceptionFilter, TlsAlloc, ExitProcess, GetVersion, GetCommandLineA, GetStartupInfoA, GetModuleHandleA, WaitForSingleObject, CloseHandle, CreateProcessA, GetCommandLineW, GetVersionExA, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, MultiByteToWideChar, WideCharToMultiByte, GetLastError, LoadLibraryA, GetModuleFileNameW, GetModuleFileNameA, LocalFree, FormatMessageW, FormatMessageA, SetFileTime, CreateFileW, SetLastError, SetFileAttributesW, SetFileAttributesA, RemoveDirectoryW, RemoveDirectoryA, CreateDirectoryW, CreateDirectoryA, DeleteFileW, DeleteFileA, GetFullPathNameW, GetFullPathNameA, SetCurrentDirectoryW, SetCurrentDirectoryA, GetCurrentDirectoryW, GetTempPathW, GetTempPathA, GetCurrentProcessId, GetTickCount, GetCurrentThreadId, FindClose, FindFirstFileW, FindFirstFileA, FindNextFileW, FindNextFileA, CreateFileA, GetFileSize, SetFilePointer, ReadFile, WriteFile, SetEndOfFile, GetStdHandle, WaitForMultipleObjects, Sleep, VirtualAlloc, VirtualFree, CreateEventA, SetEvent, ResetEvent, InitializeCriticalSection, RtlUnwind, RaiseException, HeapAlloc, HeapFree, HeapReAlloc, CreateThread, TlsSetValue, TlsGetValue, ExitThread

            Possible Origin

            Language of compilation systemCountry where language is spokenMap
            EnglishUnited States

            Network Behavior

            Suricata IDS Alerts

            TimestampProtocolSIDSignatureSource PortDest PortSource IPDest IP
            2024-07-30T15:50:55.804937+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4434974440.127.169.103192.168.2.4
            2024-07-30T15:50:42.145091+0200TCP2803305ETPRO MALWARE Common Downloader Header Pattern H4973280192.168.2.4104.16.149.130
            2024-07-30T15:51:33.833813+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4434975140.127.169.103192.168.2.4

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            Jul 30, 2024 15:50:37.260771990 CEST4973280192.168.2.4104.16.149.130
            Jul 30, 2024 15:50:37.265877962 CEST8049732104.16.149.130192.168.2.4
            Jul 30, 2024 15:50:37.265960932 CEST4973280192.168.2.4104.16.149.130
            Jul 30, 2024 15:50:37.266769886 CEST4973280192.168.2.4104.16.149.130
            Jul 30, 2024 15:50:37.271611929 CEST8049732104.16.149.130192.168.2.4
            Jul 30, 2024 15:50:37.793384075 CEST8049732104.16.149.130192.168.2.4
            Jul 30, 2024 15:50:37.852437973 CEST4973280192.168.2.4104.16.149.130
            Jul 30, 2024 15:50:38.015619993 CEST49733443192.168.2.4104.16.148.130
            Jul 30, 2024 15:50:38.015676975 CEST44349733104.16.148.130192.168.2.4
            Jul 30, 2024 15:50:38.015832901 CEST49733443192.168.2.4104.16.148.130
            Jul 30, 2024 15:50:38.027035952 CEST49733443192.168.2.4104.16.148.130
            Jul 30, 2024 15:50:38.027070999 CEST44349733104.16.148.130192.168.2.4
            Jul 30, 2024 15:50:38.626928091 CEST44349733104.16.148.130192.168.2.4
            Jul 30, 2024 15:50:38.627083063 CEST49733443192.168.2.4104.16.148.130
            Jul 30, 2024 15:50:38.632186890 CEST49733443192.168.2.4104.16.148.130
            Jul 30, 2024 15:50:38.632199049 CEST44349733104.16.148.130192.168.2.4
            Jul 30, 2024 15:50:38.632599115 CEST44349733104.16.148.130192.168.2.4
            Jul 30, 2024 15:50:38.676369905 CEST49733443192.168.2.4104.16.148.130
            Jul 30, 2024 15:50:38.698831081 CEST49733443192.168.2.4104.16.148.130
            Jul 30, 2024 15:50:38.744503975 CEST44349733104.16.148.130192.168.2.4
            Jul 30, 2024 15:50:38.744574070 CEST49733443192.168.2.4104.16.148.130
            Jul 30, 2024 15:50:38.744597912 CEST44349733104.16.148.130192.168.2.4
            Jul 30, 2024 15:50:38.889530897 CEST44349733104.16.148.130192.168.2.4
            Jul 30, 2024 15:50:38.889688015 CEST44349733104.16.148.130192.168.2.4
            Jul 30, 2024 15:50:38.889739990 CEST49733443192.168.2.4104.16.148.130
            Jul 30, 2024 15:50:38.965770960 CEST49734443192.168.2.4104.18.26.149
            Jul 30, 2024 15:50:38.965800047 CEST44349734104.18.26.149192.168.2.4
            Jul 30, 2024 15:50:38.966046095 CEST49734443192.168.2.4104.18.26.149
            Jul 30, 2024 15:50:38.966162920 CEST49734443192.168.2.4104.18.26.149
            Jul 30, 2024 15:50:38.966169119 CEST44349734104.18.26.149192.168.2.4
            Jul 30, 2024 15:50:39.442406893 CEST44349734104.18.26.149192.168.2.4
            Jul 30, 2024 15:50:39.442486048 CEST49734443192.168.2.4104.18.26.149
            Jul 30, 2024 15:50:39.445727110 CEST49734443192.168.2.4104.18.26.149
            Jul 30, 2024 15:50:39.445744038 CEST44349734104.18.26.149192.168.2.4
            Jul 30, 2024 15:50:39.445993900 CEST44349734104.18.26.149192.168.2.4
            Jul 30, 2024 15:50:39.447813988 CEST49734443192.168.2.4104.18.26.149
            Jul 30, 2024 15:50:39.492494106 CEST44349734104.18.26.149192.168.2.4
            Jul 30, 2024 15:50:39.492631912 CEST49734443192.168.2.4104.18.26.149
            Jul 30, 2024 15:50:39.492636919 CEST44349734104.18.26.149192.168.2.4
            Jul 30, 2024 15:50:39.614159107 CEST44349734104.18.26.149192.168.2.4
            Jul 30, 2024 15:50:39.614471912 CEST44349734104.18.26.149192.168.2.4
            Jul 30, 2024 15:50:39.614547968 CEST49734443192.168.2.4104.18.26.149
            Jul 30, 2024 15:50:39.616446972 CEST49734443192.168.2.4104.18.26.149
            Jul 30, 2024 15:50:39.623800993 CEST49735443192.168.2.4104.18.26.149
            Jul 30, 2024 15:50:39.623897076 CEST44349735104.18.26.149192.168.2.4
            Jul 30, 2024 15:50:39.623980999 CEST49735443192.168.2.4104.18.26.149
            Jul 30, 2024 15:50:39.624193907 CEST49735443192.168.2.4104.18.26.149
            Jul 30, 2024 15:50:39.624218941 CEST44349735104.18.26.149192.168.2.4
            Jul 30, 2024 15:50:40.115431070 CEST44349735104.18.26.149192.168.2.4
            Jul 30, 2024 15:50:40.117110968 CEST49735443192.168.2.4104.18.26.149
            Jul 30, 2024 15:50:40.117177010 CEST44349735104.18.26.149192.168.2.4
            Jul 30, 2024 15:50:40.117243052 CEST49735443192.168.2.4104.18.26.149
            Jul 30, 2024 15:50:40.117265940 CEST44349735104.18.26.149192.168.2.4
            Jul 30, 2024 15:50:40.314929962 CEST44349735104.18.26.149192.168.2.4
            Jul 30, 2024 15:50:40.315015078 CEST44349735104.18.26.149192.168.2.4
            Jul 30, 2024 15:50:40.315074921 CEST49735443192.168.2.4104.18.26.149
            Jul 30, 2024 15:50:40.332855940 CEST49735443192.168.2.4104.18.26.149
            Jul 30, 2024 15:50:40.385499954 CEST49736443192.168.2.4104.18.26.149
            Jul 30, 2024 15:50:40.385570049 CEST44349736104.18.26.149192.168.2.4
            Jul 30, 2024 15:50:40.385658026 CEST49736443192.168.2.4104.18.26.149
            Jul 30, 2024 15:50:40.385953903 CEST49736443192.168.2.4104.18.26.149
            Jul 30, 2024 15:50:40.385986090 CEST44349736104.18.26.149192.168.2.4
            Jul 30, 2024 15:50:40.855504036 CEST44349736104.18.26.149192.168.2.4
            Jul 30, 2024 15:50:40.857036114 CEST49736443192.168.2.4104.18.26.149
            Jul 30, 2024 15:50:40.857101917 CEST44349736104.18.26.149192.168.2.4
            Jul 30, 2024 15:50:40.857192039 CEST49736443192.168.2.4104.18.26.149
            Jul 30, 2024 15:50:40.857208967 CEST44349736104.18.26.149192.168.2.4
            Jul 30, 2024 15:50:41.073776007 CEST44349736104.18.26.149192.168.2.4
            Jul 30, 2024 15:50:41.073889017 CEST44349736104.18.26.149192.168.2.4
            Jul 30, 2024 15:50:41.073970079 CEST49736443192.168.2.4104.18.26.149
            Jul 30, 2024 15:50:41.074470043 CEST49736443192.168.2.4104.18.26.149
            Jul 30, 2024 15:50:41.083647013 CEST49737443192.168.2.4104.18.26.149
            Jul 30, 2024 15:50:41.083689928 CEST44349737104.18.26.149192.168.2.4
            Jul 30, 2024 15:50:41.083853006 CEST49737443192.168.2.4104.18.26.149
            Jul 30, 2024 15:50:41.084067106 CEST49737443192.168.2.4104.18.26.149
            Jul 30, 2024 15:50:41.084078074 CEST44349737104.18.26.149192.168.2.4
            Jul 30, 2024 15:50:41.583525896 CEST44349737104.18.26.149192.168.2.4
            Jul 30, 2024 15:50:41.585313082 CEST49737443192.168.2.4104.18.26.149
            Jul 30, 2024 15:50:41.585329056 CEST44349737104.18.26.149192.168.2.4
            Jul 30, 2024 15:50:41.585387945 CEST49737443192.168.2.4104.18.26.149
            Jul 30, 2024 15:50:41.585400105 CEST44349737104.18.26.149192.168.2.4
            Jul 30, 2024 15:50:41.957437992 CEST44349737104.18.26.149192.168.2.4
            Jul 30, 2024 15:50:41.957532883 CEST44349737104.18.26.149192.168.2.4
            Jul 30, 2024 15:50:41.957617998 CEST49737443192.168.2.4104.18.26.149
            Jul 30, 2024 15:50:41.958179951 CEST49737443192.168.2.4104.18.26.149
            Jul 30, 2024 15:50:41.974210024 CEST4973280192.168.2.4104.16.149.130
            Jul 30, 2024 15:50:41.982109070 CEST8049732104.16.149.130192.168.2.4
            Jul 30, 2024 15:50:42.093812943 CEST8049732104.16.149.130192.168.2.4
            Jul 30, 2024 15:50:42.095150948 CEST49738443192.168.2.4104.16.148.130
            Jul 30, 2024 15:50:42.095207930 CEST44349738104.16.148.130192.168.2.4
            Jul 30, 2024 15:50:42.095278978 CEST49738443192.168.2.4104.16.148.130
            Jul 30, 2024 15:50:42.095524073 CEST49738443192.168.2.4104.16.148.130
            Jul 30, 2024 15:50:42.095539093 CEST44349738104.16.148.130192.168.2.4
            Jul 30, 2024 15:50:42.145091057 CEST4973280192.168.2.4104.16.149.130
            Jul 30, 2024 15:50:42.687138081 CEST44349738104.16.148.130192.168.2.4
            Jul 30, 2024 15:50:42.688894033 CEST49738443192.168.2.4104.16.148.130
            Jul 30, 2024 15:50:42.688911915 CEST44349738104.16.148.130192.168.2.4
            Jul 30, 2024 15:50:42.689018011 CEST49738443192.168.2.4104.16.148.130
            Jul 30, 2024 15:50:42.689026117 CEST44349738104.16.148.130192.168.2.4
            Jul 30, 2024 15:50:42.873043060 CEST44349738104.16.148.130192.168.2.4
            Jul 30, 2024 15:50:42.873146057 CEST44349738104.16.148.130192.168.2.4
            Jul 30, 2024 15:50:42.873212099 CEST49738443192.168.2.4104.16.148.130
            Jul 30, 2024 15:50:42.876250029 CEST49738443192.168.2.4104.16.148.130
            Jul 30, 2024 15:50:46.109606981 CEST49733443192.168.2.4104.16.148.130
            Jul 30, 2024 15:52:22.098934889 CEST4973280192.168.2.4104.16.149.130
            Jul 30, 2024 15:52:22.201035023 CEST8049732104.16.149.130192.168.2.4
            Jul 30, 2024 15:52:22.204766035 CEST4973280192.168.2.4104.16.149.130

            UDP Packets

            TimestampSource PortDest PortSource IPDest IP
            Jul 30, 2024 15:50:37.242681980 CEST5594853192.168.2.41.1.1.1
            Jul 30, 2024 15:50:37.257462978 CEST53559481.1.1.1192.168.2.4
            Jul 30, 2024 15:50:38.006236076 CEST5843153192.168.2.41.1.1.1
            Jul 30, 2024 15:50:38.014799118 CEST53584311.1.1.1192.168.2.4
            Jul 30, 2024 15:50:38.956188917 CEST5929953192.168.2.41.1.1.1
            Jul 30, 2024 15:50:38.964792967 CEST53592991.1.1.1192.168.2.4

            DNS Queries

            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            Jul 30, 2024 15:50:37.242681980 CEST192.168.2.41.1.1.10x1465Standard query (0)geo.lavasoft.comA (IP address)IN (0x0001)false
            Jul 30, 2024 15:50:38.006236076 CEST192.168.2.41.1.1.10x6808Standard query (0)featureflags.lavasoft.comA (IP address)IN (0x0001)false
            Jul 30, 2024 15:50:38.956188917 CEST192.168.2.41.1.1.10xeec2Standard query (0)flwadw.comA (IP address)IN (0x0001)false

            DNS Answers

            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            Jul 30, 2024 15:50:37.257462978 CEST1.1.1.1192.168.2.40x1465No error (0)geo.lavasoft.com104.16.149.130A (IP address)IN (0x0001)false
            Jul 30, 2024 15:50:37.257462978 CEST1.1.1.1192.168.2.40x1465No error (0)geo.lavasoft.com104.16.148.130A (IP address)IN (0x0001)false
            Jul 30, 2024 15:50:38.014799118 CEST1.1.1.1192.168.2.40x6808No error (0)featureflags.lavasoft.com104.16.148.130A (IP address)IN (0x0001)false
            Jul 30, 2024 15:50:38.014799118 CEST1.1.1.1192.168.2.40x6808No error (0)featureflags.lavasoft.com104.16.149.130A (IP address)IN (0x0001)false
            Jul 30, 2024 15:50:38.964792967 CEST1.1.1.1192.168.2.40xeec2No error (0)flwadw.com104.18.26.149A (IP address)IN (0x0001)false
            Jul 30, 2024 15:50:38.964792967 CEST1.1.1.1192.168.2.40xeec2No error (0)flwadw.com104.18.27.149A (IP address)IN (0x0001)false

            HTTP Request Dependency Graph

            • featureflags.lavasoft.com
            • flwadw.com
            • geo.lavasoft.com

            HTTP Packets

            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.449732104.16.149.130801748C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe
            TimestampBytes transferredDirectionData
            Jul 30, 2024 15:50:37.266769886 CEST66OUTGET / HTTP/1.1
            Host: geo.lavasoft.com
            Connection: Keep-Alive
            Jul 30, 2024 15:50:37.793384075 CEST310INHTTP/1.1 200 OK
            Date: Tue, 30 Jul 2024 13:50:37 GMT
            Content-Type: text/plain
            Content-Length: 76
            Connection: keep-alive
            Access-Control-Allow-Origin: *
            CF-Cache-Status: DYNAMIC
            Server: cloudflare
            CF-RAY: 8ab5d19dab64c3eb-EWR
            Data Raw: 7b 22 78 2d 67 65 6f 63 6f 75 6e 74 72 79 22 3a 22 55 53 22 2c 22 78 2d 67 65 6f 63 6f 75 6e 74 72 79 6e 61 6d 65 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 66 2d 69 70 63 6f 75 6e 74 72 79 22 3a 22 55 53 22 7d
            Data Ascii: {"x-geocountry":"US","x-geocountryname":"United States","cf-ipcountry":"US"}
            Jul 30, 2024 15:50:41.974210024 CEST42OUTGET / HTTP/1.1
            Host: geo.lavasoft.com
            Jul 30, 2024 15:50:42.093812943 CEST310INHTTP/1.1 200 OK
            Date: Tue, 30 Jul 2024 13:50:42 GMT
            Content-Type: text/plain
            Content-Length: 76
            Connection: keep-alive
            Access-Control-Allow-Origin: *
            CF-Cache-Status: DYNAMIC
            Server: cloudflare
            CF-RAY: 8ab5d1b8a804c3eb-EWR
            Data Raw: 7b 22 78 2d 67 65 6f 63 6f 75 6e 74 72 79 22 3a 22 55 53 22 2c 22 78 2d 67 65 6f 63 6f 75 6e 74 72 79 6e 61 6d 65 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 66 2d 69 70 63 6f 75 6e 74 72 79 22 3a 22 55 53 22 7d
            Data Ascii: {"x-geocountry":"US","x-geocountryname":"United States","cf-ipcountry":"US"}


            HTTPS Proxied Packets

            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.449733104.16.148.1304431748C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe
            TimestampBytes transferredDirectionData
            2024-07-30 13:50:38 UTC143OUTPOST /api/feature/WC HTTP/1.1
            Content-Type: application/json
            Host: featureflags.lavasoft.com
            Content-Length: 179
            Connection: Keep-Alive
            2024-07-30 13:50:38 UTC179OUTData Raw: 7b 22 47 65 6f 22 3a 22 55 53 22 2c 22 50 61 72 74 6e 65 72 22 3a 22 4e 41 22 2c 22 43 61 6d 70 61 69 67 6e 22 3a 22 4e 41 22 2c 22 49 6e 73 74 61 6c 6c 44 61 74 65 22 3a 22 32 30 32 34 30 37 33 30 22 2c 22 54 72 69 67 67 65 72 54 79 70 65 22 3a 22 69 6e 73 74 61 6c 6c 22 2c 22 54 72 69 67 67 65 72 45 76 65 6e 74 22 3a 22 69 6e 73 74 61 6c 6c 65 72 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 31 32 2e 39 30 31 2e 35 2e 31 30 36 31 22 2c 22 66 65 61 74 75 72 65 77 70 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 61 6c 22 3a 74 72 75 65 7d
            Data Ascii: {"Geo":"US","Partner":"NA","Campaign":"NA","InstallDate":"20240730","TriggerType":"install","TriggerEvent":"installer","Version":"12.901.5.1061","featurewp":true,"featureal":true}
            2024-07-30 13:50:38 UTC412INHTTP/1.1 204 No Content
            Date: Tue, 30 Jul 2024 13:50:38 GMT
            Connection: close
            Access-Control-Allow-Methods: GET, POST, OPTIONS
            Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
            Access-Control-Expose-Headers: Content-Length,Content-Range
            CF-Cache-Status: DYNAMIC
            Server: cloudflare
            CF-RAY: 8ab5d1a42c9780da-EWR


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.449734104.18.26.1494431748C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe
            TimestampBytes transferredDirectionData
            2024-07-30 13:50:39 UTC166OUTPOST /v1/event-stat?Type=Start&ProductID=wc&EventVersion=1 HTTP/1.1
            Content-Type: application/json
            Host: flwadw.com
            Content-Length: 428
            Connection: Keep-Alive
            2024-07-30 13:50:39 UTC428OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 0d 0a 20 20 22 4d 61 63 68 69 6e 65 49 64 22 3a 20 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 0d 0a 20 20 22 49 6e 73 74 61 6c 6c 49 64 22 3a 20 22 38 39 39 61 35 35 35 36 2d 34 66 34 61 2d 34 30 32 34 2d 38 30 33 34 2d 35 61 35 37 38 34 35 64 35 34 63 33 22 2c 0d 0a 20 20 22 56 65 72 73 69 6f 6e 22 3a 20 22 31 32 2e 39 30 31 2e 35 2e 31 30 36 31 22 2c 0d 0a 20 20 22 54 72 69 67 67 65 72 22 3a 20 22 69 6e 73 74 61 6c 6c 22 2c 0d 0a 20 20 22 4f 73 56 65 72 73 69 6f 6e 22 3a 20 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 0d 0a 20 20 22 4f 73 42 69 74 22 3a 20 22 36 34 22 2c 0d 0a 20 20 22 50 61 72 74 6e 65 72 49 64 22
            Data Ascii: {"Data": { "MachineId": "fdd42ee1-88e9-3143-7f4f-be2c09611698", "InstallId": "899a5556-4f4a-4024-8034-5a57845d54c3", "Version": "12.901.5.1061", "Trigger": "install", "OsVersion": "Microsoft Windows 10 Pro", "OsBit": "64", "PartnerId"
            2024-07-30 13:50:39 UTC479INHTTP/1.1 200 OK
            Date: Tue, 30 Jul 2024 13:50:39 GMT
            Content-Type: application/json; charset=utf-8
            Transfer-Encoding: chunked
            Connection: close
            Access-Control-Allow-Methods: GET, POST, OPTIONS
            Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
            Access-Control-Expose-Headers: Content-Length,Content-Range
            CF-Cache-Status: DYNAMIC
            Server: cloudflare
            CF-RAY: 8ab5d1a8eaf97c90-EWR
            2024-07-30 13:50:39 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
            Data Ascii: 1d{"message":"Event persisted"}
            2024-07-30 13:50:39 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            2192.168.2.449735104.18.26.1494431748C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe
            TimestampBytes transferredDirectionData
            2024-07-30 13:50:40 UTC145OUTPOST /v1/event-stat-wc?Type=Start&ProductID=wc&EventVersion=1 HTTP/1.1
            Content-Type: application/json
            Host: flwadw.com
            Content-Length: 371
            2024-07-30 13:50:40 UTC371OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 38 39 39 61 35 35 35 36 2d 34 66 34 61 2d 34 30 32 34 2d 38 30 33 34 2d 35 61 35 37 38 34 35 64 35 34 63 33 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 31 32 2e 39 30 31 2e 35 2e 31 30 36 31 22 2c 22 54 72 69 67 67 65 72 22 3a 22 69 6e 73 74 61 6c 6c 22 2c 22 4f 73 56 65 72 73 69 6f 6e 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 22 4f 73 42 69 74 22 3a 22 36 34 22 2c 22 50 61 72 74 6e 65 72 49 44 22 3a 22 22 2c 22 50 61 72 74 6e 65 72 49 64 22 3a 22 22 2c 22 43 61 6d 70 61 69 67 6e 49 44 22 3a 22 22
            Data Ascii: {"Data": {"MachineId":"fdd42ee1-88e9-3143-7f4f-be2c09611698","InstallId":"899a5556-4f4a-4024-8034-5a57845d54c3","Version":"12.901.5.1061","Trigger":"install","OsVersion":"Microsoft Windows 10 Pro","OsBit":"64","PartnerID":"","PartnerId":"","CampaignID":""
            2024-07-30 13:50:40 UTC235INHTTP/1.1 400 Bad Request
            Date: Tue, 30 Jul 2024 13:50:40 GMT
            Content-Type: application/json; charset=utf-8
            Transfer-Encoding: chunked
            Connection: close
            CF-Cache-Status: DYNAMIC
            Server: cloudflare
            CF-RAY: 8ab5d1ad4caa431b-EWR
            2024-07-30 13:50:40 UTC39INData Raw: 32 31 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 49 6e 76 61 6c 69 64 20 66 6f 72 6d 61 74 2f 64 61 74 61 22 7d 0d 0a
            Data Ascii: 21{"message":"Invalid format/data"}
            2024-07-30 13:50:40 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            3192.168.2.449736104.18.26.1494431748C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe
            TimestampBytes transferredDirectionData
            2024-07-30 13:50:40 UTC152OUTPOST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
            Content-Type: application/json
            Host: flwadw.com
            Content-Length: 489
            2024-07-30 13:50:40 UTC489OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 0d 0a 20 20 22 4d 61 63 68 69 6e 65 49 64 22 3a 20 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 0d 0a 20 20 22 49 6e 73 74 61 6c 6c 49 64 22 3a 20 22 38 39 39 61 35 35 35 36 2d 34 66 34 61 2d 34 30 32 34 2d 38 30 33 34 2d 35 61 35 37 38 34 35 64 35 34 63 33 22 2c 0d 0a 20 20 22 56 65 72 73 69 6f 6e 22 3a 20 22 31 32 2e 39 30 31 2e 35 2e 31 30 36 31 22 2c 0d 0a 20 20 22 4f 73 56 65 72 73 69 6f 6e 22 3a 20 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 0d 0a 20 20 22 4f 73 42 69 74 22 3a 20 22 36 34 22 2c 0d 0a 20 20 22 50 61 72 74 6e 65 72 49 64 22 3a 20 22 22 2c 0d 0a 20 20 22 43 61 6d 70 61 69 67 6e 49 44 22 3a 20 22 22
            Data Ascii: {"Data": { "MachineId": "fdd42ee1-88e9-3143-7f4f-be2c09611698", "InstallId": "899a5556-4f4a-4024-8034-5a57845d54c3", "Version": "12.901.5.1061", "OsVersion": "Microsoft Windows 10 Pro", "OsBit": "64", "PartnerId": "", "CampaignID": ""
            2024-07-30 13:50:41 UTC479INHTTP/1.1 200 OK
            Date: Tue, 30 Jul 2024 13:50:41 GMT
            Content-Type: application/json; charset=utf-8
            Transfer-Encoding: chunked
            Connection: close
            Access-Control-Allow-Methods: GET, POST, OPTIONS
            Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
            Access-Control-Expose-Headers: Content-Length,Content-Range
            CF-Cache-Status: DYNAMIC
            Server: cloudflare
            CF-RAY: 8ab5d1b1c8591a34-EWR
            2024-07-30 13:50:41 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
            Data Ascii: 1d{"message":"Event persisted"}
            2024-07-30 13:50:41 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            4192.168.2.449737104.18.26.1494431748C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe
            TimestampBytes transferredDirectionData
            2024-07-30 13:50:41 UTC155OUTPOST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
            Content-Type: application/json
            Host: flwadw.com
            Content-Length: 505
            2024-07-30 13:50:41 UTC505OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 38 39 39 61 35 35 35 36 2d 34 66 34 61 2d 34 30 32 34 2d 38 30 33 34 2d 35 61 35 37 38 34 35 64 35 34 63 33 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 31 32 2e 39 30 31 2e 35 2e 31 30 36 31 22 2c 22 4f 73 56 65 72 73 69 6f 6e 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 22 4f 73 42 69 74 22 3a 22 36 34 22 2c 22 50 61 72 74 6e 65 72 49 44 22 3a 22 22 2c 22 50 61 72 74 6e 65 72 49 64 22 3a 22 22 2c 22 43 61 6d 70 61 69 67 6e 49 44 22 3a 22 22 2c 22 4c 61 6e 67 75 61 67 65 49 73 6f 32 22 3a 6e 75 6c 6c
            Data Ascii: {"Data": {"MachineId":"fdd42ee1-88e9-3143-7f4f-be2c09611698","InstallId":"899a5556-4f4a-4024-8034-5a57845d54c3","Version":"12.901.5.1061","OsVersion":"Microsoft Windows 10 Pro","OsBit":"64","PartnerID":"","PartnerId":"","CampaignID":"","LanguageIso2":null
            2024-07-30 13:50:41 UTC479INHTTP/1.1 200 OK
            Date: Tue, 30 Jul 2024 13:50:41 GMT
            Content-Type: application/json; charset=utf-8
            Transfer-Encoding: chunked
            Connection: close
            Access-Control-Allow-Methods: GET, POST, OPTIONS
            Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
            Access-Control-Expose-Headers: Content-Length,Content-Range
            CF-Cache-Status: DYNAMIC
            Server: cloudflare
            CF-RAY: 8ab5d1b67f2a9e02-EWR
            2024-07-30 13:50:41 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
            Data Ascii: 1d{"message":"Event persisted"}
            2024-07-30 13:50:41 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            5192.168.2.449738104.16.148.1304431748C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe
            TimestampBytes transferredDirectionData
            2024-07-30 13:50:42 UTC118OUTPOST /api/Update/WC HTTP/1.1
            Content-Type: application/json
            Host: featureflags.lavasoft.com
            Content-Length: 179
            2024-07-30 13:50:42 UTC179OUTData Raw: 7b 22 47 65 6f 22 3a 22 55 53 22 2c 22 50 61 72 74 6e 65 72 22 3a 22 4e 41 22 2c 22 43 61 6d 70 61 69 67 6e 22 3a 22 4e 41 22 2c 22 49 6e 73 74 61 6c 6c 44 61 74 65 22 3a 22 32 30 32 34 30 37 33 30 22 2c 22 54 72 69 67 67 65 72 54 79 70 65 22 3a 22 69 6e 73 74 61 6c 6c 22 2c 22 54 72 69 67 67 65 72 45 76 65 6e 74 22 3a 22 69 6e 73 74 61 6c 6c 65 72 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 31 32 2e 39 30 31 2e 35 2e 31 30 36 31 22 2c 22 66 65 61 74 75 72 65 77 70 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 61 6c 22 3a 74 72 75 65 7d
            Data Ascii: {"Geo":"US","Partner":"NA","Campaign":"NA","InstallDate":"20240730","TriggerType":"install","TriggerEvent":"installer","Version":"12.901.5.1061","featurewp":true,"featureal":true}
            2024-07-30 13:50:42 UTC472INHTTP/1.1 200 OK
            Date: Tue, 30 Jul 2024 13:50:42 GMT
            Content-Type: application/json; charset=utf-8
            Content-Length: 341
            Connection: close
            Access-Control-Allow-Methods: GET, POST, OPTIONS
            Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
            Access-Control-Expose-Headers: Content-Length,Content-Range
            CF-Cache-Status: DYNAMIC
            Server: cloudflare
            CF-RAY: 8ab5d1bd195e431c-EWR
            2024-07-30 13:50:42 UTC341INData Raw: 7b 22 63 6f 64 65 22 3a 22 55 50 44 22 2c 22 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 22 3a 22 7b 5c 22 56 65 72 73 69 6f 6e 5c 22 3a 20 5c 22 31 32 2e 39 30 31 2e 35 2e 31 30 36 31 5c 22 2c 20 5c 22 49 6e 73 74 61 6c 6c 65 72 45 78 65 5c 22 3a 20 5c 22 68 74 74 70 73 3a 2f 2f 77 63 64 6f 77 6e 6c 6f 61 64 65 72 63 64 6e 2e 6c 61 76 61 73 6f 66 74 2e 63 6f 6d 2f 31 32 2e 39 30 31 2e 35 2e 31 30 36 31 2f 57 65 62 43 6f 6d 70 61 6e 69 6f 6e 49 6e 73 74 61 6c 6c 65 72 2d 31 32 2e 39 30 31 2e 35 2e 31 30 36 31 2d 70 72 6f 64 2e 65 78 65 5c 22 2c 20 5c 22 49 6e 73 74 61 6c 6c 65 72 5a 69 70 5c 22 3a 20 5c 22 68 74 74 70 73 3a 2f 2f 77 63 64 6f 77 6e 6c 6f 61 64 65 72 63 64 6e 2e 6c 61 76 61 73 6f 66 74 2e 63 6f 6d 2f 31 32 2e 39 30 31 2e 35 2e 31 30 36 31 2f 57
            Data Ascii: {"code":"UPD","configuration":"{\"Version\": \"12.901.5.1061\", \"InstallerExe\": \"https://wcdownloadercdn.lavasoft.com/12.901.5.1061/WebCompanionInstaller-12.901.5.1061-prod.exe\", \"InstallerZip\": \"https://wcdownloadercdn.lavasoft.com/12.901.5.1061/W


            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:09:50:35
            Start date:30/07/2024
            Path:C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\Desktop\WebCompanionInstaller-12.901.5.1061-prod.exe"
            Imagebase:0x400000
            File size:544'984 bytes
            MD5 hash:9F56D40A9B201CBB5598DA5055A18367
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            General

            Target ID:1
            Start time:09:50:35
            Start date:30/07/2024
            Path:C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe
            Wow64 process (32bit):true
            Commandline:.\WebCompanion-Installer.exe
            Imagebase:0x980000
            File size:438'424 bytes
            MD5 hash:F6DFE983850039A9EC8DD2F93E2D25CC
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\7zS08AF5899\WebCompanion-Installer.exe, Author: Joe Security
            Antivirus matches:
            • Detection: 11%, ReversingLabs
            Reputation:low
            Has exited:false

            Disassembly

            Reset < >

              Execution Graph

              Execution Coverage:16.3%
              Dynamic/Decrypted Code Coverage:0%
              Signature Coverage:1.8%
              Total number of Nodes:2000
              Total number of Limit Nodes:16
              execution_graph 13008 40b681 13009 40b68e 13008->13009 13013 40b69f 13008->13013 13009->13013 13014 40b6c0 13009->13014 13015 40b6ca __EH_prolog 13014->13015 13029 404349 13015->13029 13020 404349 ctype 34 API calls 13021 40b710 13020->13021 13022 404320 ctype 34 API calls 13021->13022 13023 40b71b 13022->13023 13038 409739 13023->13038 13026 403a63 13115 413d6f 13026->13115 13048 40435e 13029->13048 13032 404320 13033 40432b 13032->13033 13034 404349 ctype 34 API calls 13033->13034 13035 404333 13034->13035 13036 403a63 ctype 29 API calls 13035->13036 13037 40433b 13036->13037 13037->13020 13039 409743 __EH_prolog 13038->13039 13040 404320 ctype 34 API calls 13039->13040 13041 409759 13040->13041 13042 404320 ctype 34 API calls 13041->13042 13043 409765 13042->13043 13044 404320 ctype 34 API calls 13043->13044 13045 409771 13044->13045 13046 404320 ctype 34 API calls 13045->13046 13047 40977c 13046->13047 13047->13026 13050 403a63 29 API calls 13048->13050 13052 40b815 13048->13052 13049 404350 13049->13032 13050->13049 13053 40b82c 13052->13053 13054 40b864 13053->13054 13056 403a63 ctype 29 API calls 13053->13056 13057 409dfc 13053->13057 13054->13049 13056->13053 13058 409e06 __EH_prolog 13057->13058 13077 407782 13058->13077 13061 404320 ctype 34 API calls 13062 409e30 13061->13062 13063 404320 ctype 34 API calls 13062->13063 13064 409e3f 13063->13064 13065 404349 ctype 34 API calls 13064->13065 13066 409e59 13065->13066 13067 404320 ctype 34 API calls 13066->13067 13068 409e64 13067->13068 13069 404349 ctype 34 API calls 13068->13069 13070 409e7b 13069->13070 13071 404320 ctype 34 API calls 13070->13071 13072 409e86 13071->13072 13085 4099f1 13072->13085 13078 407792 13077->13078 13079 407797 13077->13079 13105 413030 SetEvent 13078->13105 13081 4077ad 13079->13081 13109 412fe0 WaitForSingleObject 13079->13109 13081->13061 13083 4077a6 13110 412fb0 13083->13110 13086 4099fb __EH_prolog 13085->13086 13087 407782 5 API calls 13086->13087 13088 409a14 13087->13088 13089 412fb0 ctype 2 API calls 13088->13089 13090 409a1c 13089->13090 13091 412fb0 ctype 2 API calls 13090->13091 13092 409a24 13091->13092 13093 412fb0 ctype 2 API calls 13092->13093 13094 409a2c 13093->13094 13095 409a39 13094->13095 13096 409a43 __EH_prolog 13095->13096 13097 404320 ctype 34 API calls 13096->13097 13098 409a59 13097->13098 13099 404320 ctype 34 API calls 13098->13099 13100 409a65 13099->13100 13101 404320 ctype 34 API calls 13100->13101 13102 409a71 13101->13102 13103 404320 ctype 34 API calls 13102->13103 13104 409a7d 13103->13104 13104->13053 13106 413040 GetLastError 13105->13106 13107 41303d 13105->13107 13108 41304a 13106->13108 13107->13079 13108->13079 13109->13083 13111 412fd5 13110->13111 13112 412fb9 CloseHandle 13110->13112 13111->13081 13112->13111 13113 412fc4 GetLastError 13112->13113 13113->13111 13114 412fce 13113->13114 13114->13081 13116 403a6c 13115->13116 13117 413d9d 13115->13117 13116->13013 13118 413de2 13117->13118 13119 413da7 13117->13119 13120 413dd3 13118->13120 13123 4154da ctype 28 API calls 13118->13123 13132 4154da 13119->13132 13120->13116 13122 413e3b RtlFreeHeap 13120->13122 13122->13116 13128 413dee ctype 13123->13128 13124 413dae ctype 13125 413dc8 13124->13125 13147 415898 13124->13147 13153 413dd9 13125->13153 13127 413e1a 13160 413e31 13127->13160 13128->13127 13156 41661f 13128->13156 13133 415530 EnterCriticalSection 13132->13133 13134 4154f2 13132->13134 13133->13124 13163 413c35 13134->13163 13137 415508 13139 4154da ctype 27 API calls 13137->13139 13140 415510 13139->13140 13141 415521 13140->13141 13142 415517 InitializeCriticalSection 13140->13142 13144 413d6f ctype 27 API calls 13141->13144 13143 415526 13142->13143 13172 41553b LeaveCriticalSection 13143->13172 13144->13143 13146 41552e 13146->13133 13148 4158d6 13147->13148 13152 415b8c ctype 13147->13152 13149 415ad2 VirtualFree 13148->13149 13148->13152 13150 415b36 13149->13150 13151 415b45 VirtualFree HeapFree 13150->13151 13150->13152 13151->13152 13152->13125 13256 41553b LeaveCriticalSection 13153->13256 13155 413de0 13155->13120 13157 416662 13156->13157 13158 41664c 13156->13158 13157->13127 13158->13157 13257 416506 13158->13257 13266 41553b LeaveCriticalSection 13160->13266 13162 413e38 13162->13120 13173 413c47 13163->13173 13166 4149dc 13167 4149e5 13166->13167 13168 4149ea 13166->13168 13236 4175cd 13167->13236 13242 417606 13168->13242 13172->13146 13174 413c44 13173->13174 13176 413c4e ctype 13173->13176 13174->13137 13174->13166 13176->13174 13177 413c73 13176->13177 13178 413ca0 13177->13178 13182 413ce3 13177->13182 13179 4154da ctype 28 API calls 13178->13179 13185 413cce 13178->13185 13180 413cb6 13179->13180 13195 415bc1 13180->13195 13181 413d52 RtlAllocateHeap 13184 413cd5 13181->13184 13182->13185 13186 413d05 13182->13186 13184->13176 13185->13181 13185->13184 13188 4154da ctype 28 API calls 13186->13188 13190 413d0c 13188->13190 13204 416664 13190->13204 13192 413d1f 13211 413d39 13192->13211 13198 415bf3 13195->13198 13196 415c92 13200 413cc1 13196->13200 13221 415f7b 13196->13221 13198->13196 13198->13200 13214 415eca 13198->13214 13201 413cda 13200->13201 13225 41553b LeaveCriticalSection 13201->13225 13203 413ce1 13203->13185 13209 416672 ctype 13204->13209 13205 41675e VirtualAlloc 13210 41672f ctype 13205->13210 13206 416833 13226 41636c 13206->13226 13209->13205 13209->13206 13209->13210 13210->13192 13210->13210 13235 41553b LeaveCriticalSection 13211->13235 13213 413d2c 13213->13184 13213->13185 13215 415f0d HeapAlloc 13214->13215 13216 415edd HeapReAlloc 13214->13216 13217 415f5d 13215->13217 13219 415f33 VirtualAlloc 13215->13219 13216->13217 13218 415efc 13216->13218 13217->13196 13218->13215 13219->13217 13220 415f4d HeapFree 13219->13220 13220->13217 13222 415f8d VirtualAlloc 13221->13222 13224 415fd6 13222->13224 13224->13200 13225->13203 13227 416380 HeapAlloc 13226->13227 13228 416379 13226->13228 13229 41639d VirtualAlloc 13227->13229 13234 4163d5 ctype 13227->13234 13228->13229 13230 416492 13229->13230 13231 4163bd VirtualAlloc 13229->13231 13232 41649a HeapFree 13230->13232 13230->13234 13233 416484 VirtualFree 13231->13233 13231->13234 13232->13234 13233->13230 13234->13210 13235->13213 13237 4175d7 13236->13237 13238 417606 ctype 7 API calls 13237->13238 13241 417604 13237->13241 13239 4175ee 13238->13239 13240 417606 ctype 7 API calls 13239->13240 13240->13241 13241->13168 13244 417619 13242->13244 13243 417730 ctype 13246 417743 GetStdHandle WriteFile 13243->13246 13244->13243 13245 417659 13244->13245 13250 4149f3 13244->13250 13247 417665 GetModuleFileNameA 13245->13247 13245->13250 13246->13250 13248 41767d ctype 13247->13248 13251 4180f0 13248->13251 13250->13137 13252 4180fd LoadLibraryA 13251->13252 13253 41813f 13251->13253 13252->13253 13254 41810e GetProcAddress 13252->13254 13253->13250 13254->13253 13255 418125 GetProcAddress GetProcAddress 13254->13255 13255->13253 13256->13155 13260 416513 13257->13260 13258 4165c3 13258->13157 13259 416534 VirtualFree 13259->13260 13260->13258 13260->13259 13262 4164b0 VirtualFree 13260->13262 13263 4164cd 13262->13263 13264 4164fd 13263->13264 13265 4164dd HeapFree 13263->13265 13264->13260 13265->13260 13266->13162 13267 410f30 13268 413d6f ctype 29 API calls 13267->13268 13269 410f36 13268->13269 13270 406f81 13271 406f91 13270->13271 13272 406f9a 13270->13272 13277 40647d 13271->13277 13273 406fb9 13272->13273 13274 406faf LeaveCriticalSection 13272->13274 13283 4063d0 13272->13283 13274->13273 13278 406486 13277->13278 13279 40648d 13277->13279 13278->13272 13288 405970 SetFilePointer 13279->13288 13295 405a4a 13283->13295 13286 4063ff GetLastError 13287 4063fb 13286->13287 13287->13274 13289 4059a3 13288->13289 13290 405999 GetLastError 13288->13290 13291 4063ff 13289->13291 13290->13289 13292 406403 13291->13292 13293 406406 GetLastError 13291->13293 13292->13278 13294 406410 13293->13294 13294->13278 13296 405a57 13295->13296 13299 405a1d ReadFile 13296->13299 13298 405a68 13298->13286 13299->13298 13300 403724 13305 403740 13300->13305 13303 403739 13304 403a63 ctype 29 API calls 13304->13303 13306 40374a __EH_prolog 13305->13306 13321 4037d4 13306->13321 13308 40376d 13309 403a63 ctype 29 API calls 13308->13309 13310 403778 13309->13310 13325 4036b9 DeleteCriticalSection 13310->13325 13313 403a63 ctype 29 API calls 13314 403789 13313->13314 13315 403a63 ctype 29 API calls 13314->13315 13316 4037a3 13315->13316 13317 403a63 ctype 29 API calls 13316->13317 13318 4037ab 13317->13318 13319 403a63 ctype 29 API calls 13318->13319 13320 40372c 13319->13320 13320->13303 13320->13304 13322 4037e1 DestroyWindow 13321->13322 13323 4037dd 13321->13323 13324 4037f1 13322->13324 13323->13308 13324->13308 13326 412fb0 ctype 2 API calls 13325->13326 13327 4036ce 13326->13327 13328 403a63 ctype 29 API calls 13327->13328 13329 4036d6 13328->13329 13329->13313 13330 4148d4 GetVersion 13361 4157c8 HeapCreate 13330->13361 13332 414932 13333 414937 13332->13333 13334 41493f 13332->13334 13794 414a01 13333->13794 13373 41528c 13334->13373 13338 414944 13339 414950 13338->13339 13340 414948 13338->13340 13383 417411 13339->13383 13341 414a01 8 API calls 13340->13341 13343 41494f 13341->13343 13343->13339 13344 41495a GetCommandLineA 13397 4172df 13344->13397 13348 414974 13429 416fd9 13348->13429 13350 414979 13351 41497e GetStartupInfoA 13350->13351 13442 416f81 13351->13442 13353 414990 GetModuleHandleA 13446 401014 13353->13446 13362 4157e8 13361->13362 13363 41581e 13361->13363 13808 415680 13362->13808 13363->13332 13366 415804 13368 415821 13366->13368 13370 41636c ctype 5 API calls 13366->13370 13367 4157f7 13820 415825 HeapAlloc 13367->13820 13368->13332 13371 415801 13370->13371 13371->13368 13372 415812 HeapDestroy 13371->13372 13372->13363 13923 4154b1 InitializeCriticalSection InitializeCriticalSection InitializeCriticalSection InitializeCriticalSection 13373->13923 13375 415292 TlsAlloc 13376 4152a2 13375->13376 13377 4152dc 13375->13377 13378 416ccc 30 API calls 13376->13378 13377->13338 13379 4152ab 13378->13379 13379->13377 13380 4152b3 TlsSetValue 13379->13380 13380->13377 13381 4152c4 13380->13381 13382 4152ca GetCurrentThreadId 13381->13382 13382->13338 13384 413c35 ctype 29 API calls 13383->13384 13385 417424 13384->13385 13386 417432 GetStartupInfoA 13385->13386 13387 4149dc ctype 7 API calls 13385->13387 13393 417551 13386->13393 13396 417480 13386->13396 13387->13386 13389 41757c GetStdHandle 13392 41758a GetFileType 13389->13392 13389->13393 13390 4175bc SetHandleCount 13390->13344 13391 413c35 ctype 29 API calls 13391->13396 13392->13393 13393->13389 13393->13390 13394 4174f7 13394->13393 13395 417519 GetFileType 13394->13395 13395->13394 13396->13391 13396->13393 13396->13394 13398 4172fa GetEnvironmentStringsW 13397->13398 13399 41732d 13397->13399 13401 417302 13398->13401 13402 41730e GetEnvironmentStrings 13398->13402 13400 41731e 13399->13400 13399->13401 13403 41496a 13400->13403 13406 4173c0 GetEnvironmentStrings 13400->13406 13407 4173cc 13400->13407 13404 417346 WideCharToMultiByte 13401->13404 13405 41733a GetEnvironmentStringsW 13401->13405 13402->13400 13402->13403 13420 417092 13403->13420 13409 41737a 13404->13409 13410 4173ac FreeEnvironmentStringsW 13404->13410 13405->13403 13405->13404 13406->13403 13406->13407 13411 413c35 ctype 29 API calls 13407->13411 13412 413c35 ctype 29 API calls 13409->13412 13410->13403 13418 4173e7 13411->13418 13413 417380 13412->13413 13413->13410 13414 417389 WideCharToMultiByte 13413->13414 13416 4173a3 13414->13416 13417 41739a 13414->13417 13415 4173fd FreeEnvironmentStringsA 13415->13403 13416->13410 13419 413d6f ctype 29 API calls 13417->13419 13418->13415 13419->13416 13421 4170a4 13420->13421 13422 4170a9 GetModuleFileNameA 13420->13422 13924 417fe2 13421->13924 13424 4170cc 13422->13424 13425 413c35 ctype 29 API calls 13424->13425 13426 4170ed 13425->13426 13427 4170fd 13426->13427 13428 4149dc ctype 7 API calls 13426->13428 13427->13348 13428->13427 13430 416fe6 13429->13430 13432 416feb ctype 13429->13432 13431 417fe2 48 API calls 13430->13431 13431->13432 13433 413c35 ctype 29 API calls 13432->13433 13434 417018 13433->13434 13435 4149dc ctype 7 API calls 13434->13435 13441 41702c ctype 13434->13441 13435->13441 13436 41706f 13437 413d6f ctype 29 API calls 13436->13437 13438 41707b 13437->13438 13438->13350 13439 413c35 ctype 29 API calls 13439->13441 13440 4149dc ctype 7 API calls 13440->13441 13441->13436 13441->13439 13441->13440 13443 416f8a 13442->13443 13445 416f8f 13442->13445 13444 417fe2 48 API calls 13443->13444 13444->13445 13445->13353 13953 401a7b GetVersionExA 13446->13953 13451 40218d 30 API calls 13452 401067 13451->13452 13453 40218d 30 API calls 13452->13453 13454 401079 13453->13454 13455 40218d 30 API calls 13454->13455 13456 40108b GetCommandLineW 13455->13456 13961 401cb5 13456->13961 13461 403a63 ctype 29 API calls 13462 4010b4 13461->13462 13463 40218d 30 API calls 13462->13463 13464 4010c7 13463->13464 13975 40460b 13464->13975 13471 401cb5 30 API calls 13472 4010ef 13471->13472 14005 401e6f 13472->14005 13477 403a63 ctype 29 API calls 13478 401112 13477->13478 13479 403a63 ctype 29 API calls 13478->13479 13480 40111a 13479->13480 13481 401154 13480->13481 14146 401e4e 13480->14146 14012 40245b 13481->14012 13488 40117c 13490 401180 13488->13490 13491 401199 13488->13491 13493 401191 13490->13493 14153 410ec0 MessageBoxW 13490->14153 13494 401cb5 30 API calls 13491->13494 13492 403a63 ctype 29 API calls 13495 401143 13492->13495 13499 403a63 ctype 29 API calls 13493->13499 13497 4011a9 13494->13497 13498 40237b 30 API calls 13495->13498 13501 40218d 30 API calls 13497->13501 13500 40114c 13498->13500 13502 401a2f 13499->13502 13503 402340 30 API calls 13500->13503 13508 4011bb 13501->13508 13505 403a63 ctype 29 API calls 13502->13505 13503->13481 13504 4014b2 14025 401c9d 13504->14025 13506 401a37 13505->13506 13509 403a63 ctype 29 API calls 13506->13509 13508->13504 14154 403de4 13508->14154 13512 401a3f 13509->13512 13515 403a63 ctype 29 API calls 13512->13515 13519 401a47 13515->13519 13517 4011f2 13695 401203 13517->13695 14181 410ec0 MessageBoxW 13517->14181 13518 40120b 13523 401cb5 30 API calls 13518->13523 13522 403a63 ctype 29 API calls 13519->13522 13520 4014f1 14044 403a3d 13520->14044 13521 4014d8 13573 4014e9 13521->13573 14189 410ec0 MessageBoxW 13521->14189 13526 401a4f 13522->13526 13528 401218 13523->13528 13531 403a63 ctype 29 API calls 13526->13531 14182 4040fd 13528->14182 13529 404349 ctype 34 API calls 13533 401341 13529->13533 13530 40536a 43 API calls 13534 401a06 13530->13534 13535 401392 13531->13535 13538 404320 ctype 34 API calls 13533->13538 13539 403a63 ctype 29 API calls 13534->13539 13800 416a66 13535->13800 13537 4014f8 14049 407f8e 13537->14049 13541 40134c 13538->13541 13543 401a11 13539->13543 13540 403a63 ctype 29 API calls 13544 401232 13540->13544 13546 403a63 ctype 29 API calls 13541->13546 13548 403a63 ctype 29 API calls 13543->13548 13545 401cb5 30 API calls 13544->13545 13549 401241 13545->13549 13550 401354 13546->13550 13553 401a19 13548->13553 13554 4040fd 30 API calls 13549->13554 13555 403a63 ctype 29 API calls 13550->13555 13551 401529 14190 410ec0 MessageBoxW 13551->14190 13552 40153a 14059 401d16 13552->14059 13558 403a63 ctype 29 API calls 13553->13558 13559 401253 13554->13559 13560 40135f 13555->13560 13558->13493 13562 403a63 ctype 29 API calls 13559->13562 13563 403a63 ctype 29 API calls 13560->13563 13566 40125b 13562->13566 13567 401367 13563->13567 13564 40218d 30 API calls 13565 401561 13564->13565 14062 402efe 13565->14062 13569 401cb5 30 API calls 13566->13569 13570 403a63 ctype 29 API calls 13567->13570 13572 40126a 13569->13572 13574 40136f 13570->13574 13577 4040fd 30 API calls 13572->13577 13573->13530 13578 403a63 ctype 29 API calls 13574->13578 13575 401584 13586 4015b5 13575->13586 13614 4015ef 13575->13614 14191 405ed1 13575->14191 13576 4015f8 13580 403a63 ctype 29 API calls 13576->13580 13581 40127f 13577->13581 13579 401377 13578->13579 13582 403a63 ctype 29 API calls 13579->13582 13583 401600 13580->13583 13584 403a63 ctype 29 API calls 13581->13584 13585 40137f 13582->13585 13588 401c9d 30 API calls 13583->13588 13589 401287 13584->13589 13591 403a63 ctype 29 API calls 13585->13591 13601 405ed1 33 API calls 13586->13601 13586->13614 13593 401609 13588->13593 13594 403b38 ctype 5 API calls 13589->13594 13590 403a63 ctype 29 API calls 13595 401924 13590->13595 13597 401387 13591->13597 13592 4015a1 13598 401daf 30 API calls 13592->13598 14103 404f70 13593->14103 13600 401298 13594->13600 13596 403a63 ctype 29 API calls 13595->13596 13602 40192f 13596->13602 13603 403a63 ctype 29 API calls 13597->13603 13604 4015aa 13598->13604 13606 401cb5 30 API calls 13600->13606 13607 4015d5 MessageBoxW 13601->13607 13612 40536a 43 API calls 13602->13612 13603->13535 13608 403a63 ctype 29 API calls 13604->13608 13610 4012af 13606->13610 13611 403a63 ctype 29 API calls 13607->13611 13608->13586 13623 403a63 ctype 29 API calls 13610->13623 13611->13614 13615 401946 13612->13615 13613 40161c 13616 401650 13613->13616 13617 401620 13613->13617 13614->13590 13618 403a63 ctype 29 API calls 13615->13618 13619 4017b4 13616->13619 13620 401659 13616->13620 13621 404f2c 33 API calls 13617->13621 13624 401951 13618->13624 13626 4017ec 13619->13626 14203 401d50 13619->14203 13625 401a66 31 API calls 13620->13625 13622 401628 13621->13622 13627 403a63 ctype 29 API calls 13622->13627 13628 4012c7 13623->13628 13630 403a63 ctype 29 API calls 13624->13630 13631 401664 13625->13631 13629 401d16 30 API calls 13626->13629 13633 401630 13627->13633 13642 401daf 30 API calls 13628->13642 13644 4012e4 13628->13644 13634 4017fb 13629->13634 13635 401959 13630->13635 13636 401692 13631->13636 13637 40169e 13631->13637 13641 403a63 ctype 29 API calls 13633->13641 14125 405bad 13634->14125 13646 403a63 ctype 29 API calls 13635->13646 14194 401e18 13636->14194 13639 401a66 31 API calls 13637->13639 13648 4016a9 ShellExecuteExA 13639->13648 13641->13573 13642->13644 13643 40139a 13650 401cb5 30 API calls 13643->13650 13644->13643 13651 4012f6 MessageBoxW 13644->13651 13653 401964 13646->13653 13654 401798 13648->13654 13655 4016e8 13648->13655 13657 4013a7 13650->13657 13651->13643 13658 40130e 13651->13658 13660 403a63 ctype 29 API calls 13653->13660 13663 403a63 ctype 29 API calls 13654->13663 13661 4016f9 13655->13661 14197 410ec0 MessageBoxW 13655->14197 13656 4017d2 13664 4040fd 30 API calls 13657->13664 13665 403a63 ctype 29 API calls 13658->13665 13659 401cb5 30 API calls 13666 401810 13659->13666 13667 40196c 13660->13667 13670 403a63 ctype 29 API calls 13661->13670 13671 4017a6 13663->13671 13673 4013bc 13664->13673 13674 401319 13665->13674 14129 401e8b 13666->14129 13676 403a63 ctype 29 API calls 13667->13676 13678 401701 13670->13678 13679 403a63 ctype 29 API calls 13671->13679 13680 401daf 30 API calls 13673->13680 13681 403a63 ctype 29 API calls 13674->13681 13677 401974 13676->13677 13683 403a63 ctype 29 API calls 13677->13683 13684 403a63 ctype 29 API calls 13678->13684 13685 4017ae 13679->13685 13686 4013c5 13680->13686 13687 401321 13681->13687 13691 40197c 13683->13691 13692 401709 13684->13692 13693 4019bf 13685->13693 13694 403a63 ctype 29 API calls 13686->13694 13689 403a63 ctype 29 API calls 13687->13689 13688 403a63 ctype 29 API calls 13690 401828 13688->13690 13689->13695 13696 403a63 ctype 29 API calls 13690->13696 13697 403a63 ctype 29 API calls 13691->13697 13698 404f2c 33 API calls 13692->13698 13699 4019d4 13693->13699 13700 4019c4 WaitForSingleObject CloseHandle 13693->13700 13701 4013d0 13694->13701 13695->13529 13703 401830 13696->13703 13704 401984 13697->13704 13705 401713 13698->13705 13706 404f2c 33 API calls 13699->13706 13700->13699 13702 403a63 ctype 29 API calls 13701->13702 13707 4013d8 13702->13707 13708 401cb5 30 API calls 13703->13708 13709 403a63 ctype 29 API calls 13704->13709 13710 403a63 ctype 29 API calls 13705->13710 13711 4019dc 13706->13711 13713 401cb5 30 API calls 13707->13713 13715 40198c 13709->13715 13718 4013e7 13713->13718 13720 403a63 ctype 29 API calls 13715->13720 13723 4040fd 30 API calls 13718->13723 13720->13535 13726 4013fc 13723->13726 13729 401daf 30 API calls 13726->13729 13732 401405 13729->13732 13735 403a63 ctype 29 API calls 13732->13735 13739 401410 13735->13739 13744 403a63 ctype 29 API calls 13739->13744 13748 401418 13744->13748 13751 401cb5 30 API calls 13748->13751 13754 401427 13751->13754 13758 4040fd 30 API calls 13754->13758 13762 401440 13758->13762 13763 402635 30 API calls 13762->13763 13767 40144d 13763->13767 13769 401daf 30 API calls 13767->13769 13772 401456 13769->13772 13774 403a63 ctype 29 API calls 13772->13774 13776 401461 13774->13776 13778 403a63 ctype 29 API calls 13776->13778 13780 40146c 13778->13780 13782 403a63 ctype 29 API calls 13780->13782 13784 401474 13782->13784 13785 403a63 ctype 29 API calls 13784->13785 13786 40147f 13785->13786 13787 403a63 ctype 29 API calls 13786->13787 13788 401487 13787->13788 13789 403a63 ctype 29 API calls 13788->13789 13790 40148f 13789->13790 13791 404349 ctype 34 API calls 13790->13791 13792 4014a7 13791->13792 13793 404320 ctype 34 API calls 13792->13793 13793->13504 13795 414a0a 13794->13795 13796 414a0f 13794->13796 13797 4175cd ctype 7 API calls 13795->13797 13798 417606 ctype 7 API calls 13796->13798 13797->13796 13799 414a18 ExitProcess 13798->13799 16386 416a88 13800->16386 13803 416e09 13804 4152f3 35 API calls 13803->13804 13805 416e14 13804->13805 13806 416f3a UnhandledExceptionFilter 13805->13806 13807 4149ce 13805->13807 13806->13807 13822 413a90 13808->13822 13810 41568d GetVersionExA 13811 4156c3 GetEnvironmentVariableA 13810->13811 13812 4156a9 13810->13812 13815 4156e2 13811->13815 13819 4157a0 13811->13819 13812->13811 13813 4156bb 13812->13813 13813->13366 13813->13367 13816 415727 GetModuleFileNameA 13815->13816 13817 41571f 13815->13817 13816->13817 13817->13819 13824 4177c0 13817->13824 13819->13813 13827 415653 GetModuleHandleA 13819->13827 13821 415841 13820->13821 13821->13371 13823 413a9c 13822->13823 13823->13810 13823->13823 13829 4177d7 13824->13829 13828 41566a 13827->13828 13828->13813 13832 4177ef 13829->13832 13831 41781f 13833 418578 6 API calls 13831->13833 13835 417948 13831->13835 13837 4177d3 13831->13837 13842 41843d 13831->13842 13832->13831 13838 418578 13832->13838 13833->13831 13835->13837 13853 416cba 13835->13853 13837->13819 13839 418596 13838->13839 13841 41858a 13838->13841 13856 41883c 13839->13856 13841->13832 13843 41845b InterlockedIncrement 13842->13843 13852 418448 13842->13852 13844 418477 InterlockedDecrement 13843->13844 13847 418481 13843->13847 13845 4154da ctype 29 API calls 13844->13845 13845->13847 13868 4184ac 13847->13868 13849 4184a1 InterlockedDecrement 13849->13852 13850 418497 13874 41553b LeaveCriticalSection 13850->13874 13852->13831 13893 4152f3 GetLastError TlsGetValue 13853->13893 13855 416cbf 13855->13837 13857 41886d GetStringTypeW 13856->13857 13858 418885 13856->13858 13857->13858 13859 418889 GetStringTypeA 13857->13859 13860 4188b0 GetStringTypeA 13858->13860 13861 4188d4 13858->13861 13859->13858 13862 418971 13859->13862 13860->13862 13861->13862 13864 4188ea MultiByteToWideChar 13861->13864 13862->13841 13864->13862 13865 41890e ctype 13864->13865 13865->13862 13866 418948 MultiByteToWideChar 13865->13866 13866->13862 13867 418961 GetStringTypeW 13866->13867 13867->13862 13869 4184d7 13868->13869 13873 41848e 13868->13873 13870 4184f3 13869->13870 13871 418578 6 API calls 13869->13871 13870->13873 13875 4185ed 13870->13875 13871->13870 13873->13849 13873->13850 13874->13852 13876 418639 13875->13876 13877 41861d LCMapStringW 13875->13877 13880 418682 LCMapStringA 13876->13880 13881 41869f 13876->13881 13877->13876 13878 418641 LCMapStringA 13877->13878 13878->13876 13879 41877b 13878->13879 13879->13873 13880->13879 13881->13879 13882 4186b5 MultiByteToWideChar 13881->13882 13882->13879 13883 4186df 13882->13883 13883->13879 13884 418715 MultiByteToWideChar 13883->13884 13884->13879 13885 41872e LCMapStringW 13884->13885 13885->13879 13886 418749 13885->13886 13887 41874f 13886->13887 13889 41878f 13886->13889 13887->13879 13888 41875d LCMapStringW 13887->13888 13888->13879 13889->13879 13890 4187c7 LCMapStringW 13889->13890 13890->13879 13891 4187df WideCharToMultiByte 13890->13891 13891->13879 13894 41530f 13893->13894 13895 41534e SetLastError 13893->13895 13904 416ccc 13894->13904 13895->13855 13898 415320 TlsSetValue 13899 415346 13898->13899 13900 415331 13898->13900 13901 4149dc ctype 7 API calls 13899->13901 13903 415337 GetCurrentThreadId 13900->13903 13902 41534d 13901->13902 13902->13895 13903->13895 13914 416d01 ctype 13904->13914 13905 415318 13905->13898 13905->13899 13906 416db9 HeapAlloc 13906->13914 13907 4154da ctype 29 API calls 13907->13914 13908 4154da ctype 29 API calls 13913 416d7b 13908->13913 13909 415bc1 ctype 5 API calls 13909->13914 13910 416664 ctype 6 API calls 13910->13913 13913->13906 13913->13908 13913->13910 13913->13914 13918 416dee 13913->13918 13914->13905 13914->13906 13914->13907 13914->13909 13914->13913 13915 416d65 13914->13915 13921 41553b LeaveCriticalSection 13915->13921 13917 416d6c 13917->13914 13922 41553b LeaveCriticalSection 13918->13922 13920 416df5 13920->13913 13921->13917 13922->13920 13923->13375 13925 417feb 13924->13925 13926 417ff2 13924->13926 13928 417c0a 13925->13928 13926->13422 13929 4154da ctype 29 API calls 13928->13929 13930 417c1a 13929->13930 13939 417db7 13930->13939 13934 417daf 13934->13926 13936 417c56 GetCPInfo 13938 417c6c 13936->13938 13937 417c31 13952 41553b LeaveCriticalSection 13937->13952 13938->13937 13944 417e5d GetCPInfo 13938->13944 13940 417dd7 13939->13940 13941 417dc7 GetOEMCP 13939->13941 13942 417c22 13940->13942 13943 417ddc GetACP 13940->13943 13941->13940 13942->13936 13942->13937 13942->13938 13943->13942 13945 417f48 13944->13945 13947 417e80 13944->13947 13945->13937 13946 41883c 6 API calls 13948 417efc 13946->13948 13947->13946 13949 4185ed 9 API calls 13948->13949 13950 417f20 13949->13950 13951 4185ed 9 API calls 13950->13951 13951->13945 13952->13934 13954 40102d 13953->13954 13955 40218d 13954->13955 13956 40219d 13955->13956 13960 401055 13955->13960 13957 403a3d 30 API calls 13956->13957 13958 4021a7 13957->13958 13959 403a63 ctype 29 API calls 13958->13959 13958->13960 13959->13960 13960->13451 13962 401cd3 13961->13962 13963 40218d 30 API calls 13962->13963 13964 40109a 13963->13964 13965 4038d7 13964->13965 13970 4038e1 __EH_prolog 13965->13970 13966 403956 13967 401e4e 30 API calls 13966->13967 13969 403965 13967->13969 13968 401ded 30 API calls 13968->13970 13971 401daf 30 API calls 13969->13971 13970->13966 13970->13968 13974 4010ac 13970->13974 13972 403972 13971->13972 13973 403a63 ctype 29 API calls 13972->13973 13973->13974 13974->13461 13976 404615 __EH_prolog 13975->13976 13977 404636 GetModuleFileNameA 13976->13977 13978 404697 GetModuleFileNameW 13976->13978 13980 404656 13977->13980 13984 4010cf 13977->13984 13979 4046b8 13978->13979 13978->13984 13982 401d50 30 API calls 13979->13982 13979->13984 13980->13984 14227 403bdf 13980->14227 13982->13984 13993 40237b 13984->13993 13987 401daf 30 API calls 13988 404683 13987->13988 13989 403a63 ctype 29 API calls 13988->13989 13990 40468b 13989->13990 13991 403a63 ctype 29 API calls 13990->13991 13992 404693 13991->13992 13992->13984 13994 402385 __EH_prolog 13993->13994 14248 4025c7 13994->14248 13996 402394 13997 403a63 ctype 29 API calls 13996->13997 13998 4010d7 13997->13998 13999 402340 13998->13999 14000 40234a __EH_prolog 13999->14000 14001 4025c7 30 API calls 14000->14001 14002 402359 14001->14002 14003 403a63 ctype 29 API calls 14002->14003 14004 4010df 14003->14004 14004->13471 14262 40222b 14005->14262 14008 403b38 14011 403b41 14008->14011 14009 403a90 5 API calls ctype 14009->14011 14010 401108 14010->13477 14011->14009 14011->14010 14013 401166 14012->14013 14014 40246b 14012->14014 14018 401b11 14013->14018 14015 403a3d 30 API calls 14014->14015 14016 402472 14015->14016 14016->14013 14017 403a63 ctype 29 API calls 14016->14017 14017->14013 14019 401b1b __EH_prolog 14018->14019 14275 405a0f 14019->14275 14022 401b4d 14022->13488 14023 401b49 ctype 14023->14022 14278 405a6c 14023->14278 14282 401f02 14023->14282 14026 40218d 30 API calls 14025->14026 14027 4014c3 14026->14027 14028 4052cf 14027->14028 14029 4052d9 __EH_prolog 14028->14029 14030 40536a 43 API calls 14029->14030 14031 4052e4 14030->14031 14032 4014d4 14031->14032 14033 40218d 30 API calls 14031->14033 14032->13520 14032->13521 14034 4052ff 14033->14034 14336 4050ee 14034->14336 14037 40530e 14039 403a63 ctype 29 API calls 14037->14039 14039->14032 14043 403a63 ctype 29 API calls 14043->14037 14045 413c35 ctype 29 API calls 14044->14045 14046 403a48 14045->14046 14047 403a61 14046->14047 14479 413b0d RaiseException 14046->14479 14047->13537 14050 407f98 __EH_prolog 14049->14050 14051 404349 ctype 34 API calls 14050->14051 14055 407fa7 14051->14055 14053 401d50 30 API calls 14053->14055 14055->14053 14058 401525 14055->14058 14480 40802f 14055->14480 14483 407d8d 14055->14483 14510 4080cf 14055->14510 14518 4020af 14055->14518 14058->13551 14058->13552 14060 40218d 30 API calls 14059->14060 14061 40154c 14060->14061 14061->13564 14063 402f08 __EH_prolog 14062->14063 14596 40335f 14063->14596 14066 401daf 30 API calls 14067 402f3c 14066->14067 14068 401daf 30 API calls 14067->14068 14069 402f4a 14068->14069 14070 403a3d 30 API calls 14069->14070 14071 402f54 14070->14071 14073 402f67 14071->14073 14662 4034cc 14071->14662 14074 403020 14073->14074 14075 402f83 14073->14075 14604 4030fc 14074->14604 14676 412ff0 14075->14676 14078 402fab 14080 402fb1 14078->14080 14081 402fbe 14078->14081 14079 40302b 14082 401daf 30 API calls 14079->14082 14083 412fb0 ctype 2 API calls 14080->14083 14084 40218d 30 API calls 14081->14084 14085 403039 14082->14085 14086 402fb9 14083->14086 14087 402fd1 14084->14087 14085->14086 14089 401daf 30 API calls 14085->14089 14652 403473 14086->14652 14088 405ed1 33 API calls 14087->14088 14090 402fe0 14088->14090 14089->14086 14092 401daf 30 API calls 14090->14092 14094 402fed 14092->14094 14095 403a63 ctype 29 API calls 14094->14095 14096 402ff9 14095->14096 14682 403086 14096->14682 14098 40300a 14099 403a63 ctype 29 API calls 14098->14099 14100 403012 14099->14100 14101 412fb0 ctype 2 API calls 14100->14101 14102 40301e 14101->14102 14102->14079 14104 404f7a __EH_prolog 14103->14104 14105 404f97 GetCurrentDirectoryA 14104->14105 14106 404fee GetCurrentDirectoryW 14104->14106 14107 403bdf 30 API calls 14105->14107 14108 401d50 30 API calls 14106->14108 14109 404fc0 14107->14109 14111 401611 14108->14111 14110 403bca 31 API calls 14109->14110 14112 404fce 14110->14112 14118 404f2c 14111->14118 14113 401daf 30 API calls 14112->14113 14114 404fda 14113->14114 14115 403a63 ctype 29 API calls 14114->14115 14116 404fe2 14115->14116 14117 403a63 ctype 29 API calls 14116->14117 14117->14111 14119 404f61 SetCurrentDirectoryW 14118->14119 14120 404f3b 14118->14120 14119->13613 14121 403b85 31 API calls 14120->14121 14122 404f46 SetCurrentDirectoryA 14121->14122 14123 403a63 ctype 29 API calls 14122->14123 14124 404f5b 14123->14124 14124->13613 14126 405bb8 14125->14126 14127 401803 14125->14127 14126->14127 14128 401ded 30 API calls 14126->14128 14127->13659 14128->14127 14130 401820 14129->14130 14131 401e9e 14129->14131 14130->13688 14131->14130 16204 4023b6 14131->16204 14147 40222b 30 API calls 14146->14147 14148 401132 14147->14148 14149 401daf 14148->14149 14150 40113b 14149->14150 14151 401dbb 14149->14151 14150->13492 14152 40218d 30 API calls 14151->14152 14152->14150 14153->13493 14155 403dee __EH_prolog 14154->14155 14156 404349 ctype 34 API calls 14155->14156 14160 403dff 14156->14160 14157 4011ee 14157->13517 14157->13518 14158 401c9d 30 API calls 14158->14160 14160->14157 14160->14158 14161 403f76 14160->14161 14167 40245b 30 API calls 14160->14167 14168 403f93 14160->14168 14170 4041a9 30 API calls 14160->14170 14177 403a63 29 API calls ctype 14160->14177 14178 401f02 30 API calls 14160->14178 16212 403fc6 14160->16212 16222 404148 14160->16222 16232 40215c 14160->16232 14162 403a63 ctype 29 API calls 14161->14162 14163 403f7e 14162->14163 14164 403a63 ctype 29 API calls 14163->14164 14165 403f86 14164->14165 14166 403a63 ctype 29 API calls 14165->14166 14166->14157 14167->14160 14169 403a63 ctype 29 API calls 14168->14169 14171 403f9b 14169->14171 14170->14160 14172 403a63 ctype 29 API calls 14171->14172 14173 403fa3 14172->14173 14175 403a63 ctype 29 API calls 14173->14175 14176 403fab 14175->14176 14179 403a63 ctype 29 API calls 14176->14179 14177->14160 14178->14160 14179->14157 14181->13695 14183 404115 14182->14183 14184 404119 14183->14184 14185 40412f 14183->14185 14186 40218d 30 API calls 14184->14186 14187 401d16 30 API calls 14185->14187 14188 40122a 14186->14188 14187->14188 14188->13540 14189->13573 14190->13573 16237 405e00 14191->16237 14195 4021e1 30 API calls 14194->14195 14196 401e28 14195->14196 14196->13637 14197->13661 14204 401d6d 14203->14204 14205 40218d 30 API calls 14204->14205 14206 4017c6 14205->14206 14207 4057af 14206->14207 14208 4057b9 __EH_prolog 14207->14208 14209 404d82 30 API calls 14208->14209 14210 4057c8 14209->14210 14211 405620 37 API calls 14210->14211 14212 4057d5 14211->14212 14213 403a63 ctype 29 API calls 14212->14213 14214 4017ce 14213->14214 14214->13626 14214->13656 14228 403bf6 14227->14228 14228->14228 14229 40245b 30 API calls 14228->14229 14230 403c05 14229->14230 14231 403bca 14230->14231 14234 403c26 14231->14234 14235 403c30 __EH_prolog 14234->14235 14236 40218d 30 API calls 14235->14236 14237 403c53 14236->14237 14238 403c9a 14237->14238 14239 403c6b MultiByteToWideChar 14237->14239 14241 40218d 30 API calls 14237->14241 14240 401d16 30 API calls 14238->14240 14239->14238 14242 403c85 14239->14242 14243 403cb0 14240->14243 14241->14239 14247 413b0d RaiseException 14242->14247 14245 403a63 ctype 29 API calls 14243->14245 14246 403bda 14245->14246 14246->13987 14247->14238 14249 4025d1 __EH_prolog 14248->14249 14250 40218d 30 API calls 14249->14250 14251 4025ed 14250->14251 14252 401ded 30 API calls 14251->14252 14253 4025fa 14252->14253 14254 401ded 30 API calls 14253->14254 14255 402604 14254->14255 14256 401ded 30 API calls 14255->14256 14257 40260e 14256->14257 14258 401d16 30 API calls 14257->14258 14259 40261a 14258->14259 14260 403a63 ctype 29 API calls 14259->14260 14261 402622 14260->14261 14261->13996 14264 402235 __EH_prolog 14262->14264 14263 402269 14266 40218d 30 API calls 14263->14266 14264->14263 14265 40225e 14264->14265 14267 401d16 30 API calls 14265->14267 14268 40227c 14266->14268 14270 4010ff 14267->14270 14269 40218d 30 API calls 14268->14269 14271 402289 14269->14271 14270->14008 14272 401d16 30 API calls 14271->14272 14273 4022bd 14272->14273 14274 403a63 ctype 29 API calls 14273->14274 14274->14270 14285 4059ee 14275->14285 14281 405a79 14278->14281 14279 405a4a ReadFile 14279->14281 14280 405aa5 14280->14023 14281->14279 14281->14280 14332 4024a9 14282->14332 14288 4059d1 14285->14288 14291 405892 14288->14291 14301 405905 14291->14301 14294 4058f7 14294->14023 14295 4058de CreateFileW 14295->14294 14296 4058af 14304 403b85 14296->14304 14299 403a63 ctype 29 API calls 14300 4058db 14299->14300 14300->14294 14302 40590f FindCloseChangeNotification 14301->14302 14303 4058a0 14301->14303 14302->14303 14303->14294 14303->14295 14303->14296 14305 403b8f __EH_prolog 14304->14305 14306 401cb5 30 API calls 14305->14306 14307 403ba2 14306->14307 14312 403d8e 14307->14312 14310 403a63 ctype 29 API calls 14311 403bba CreateFileA 14310->14311 14311->14299 14315 403ccd 14312->14315 14316 403cd7 __EH_prolog 14315->14316 14317 40245b 30 API calls 14316->14317 14318 403cf9 14317->14318 14319 403d5d 14318->14319 14320 403d1a WideCharToMultiByte 14318->14320 14322 40245b 30 API calls 14318->14322 14329 403dae 14319->14329 14320->14319 14323 403d48 14320->14323 14322->14320 14328 413b0d RaiseException 14323->14328 14326 403a63 ctype 29 API calls 14327 403bb2 14326->14327 14327->14310 14328->14319 14330 40245b 30 API calls 14329->14330 14331 403d72 14330->14331 14331->14326 14333 401f0c 14332->14333 14334 4024bd 14332->14334 14333->14023 14335 40245b 30 API calls 14334->14335 14335->14333 14337 4050f8 __EH_prolog 14336->14337 14338 405115 GetTempPathA 14337->14338 14339 40516c GetTempPathW 14337->14339 14340 403bdf 30 API calls 14338->14340 14341 401d50 30 API calls 14339->14341 14342 40513e 14340->14342 14344 405168 14341->14344 14343 403bca 31 API calls 14342->14343 14345 40514c 14343->14345 14344->14037 14351 40485a 14344->14351 14346 401daf 30 API calls 14345->14346 14347 405158 14346->14347 14348 403a63 ctype 29 API calls 14347->14348 14349 405160 14348->14349 14350 403a63 ctype 29 API calls 14349->14350 14350->14344 14352 404864 __EH_prolog 14351->14352 14353 401d16 30 API calls 14352->14353 14354 404877 14353->14354 14375 4048ab 14354->14375 14357 401d16 30 API calls 14358 404891 14357->14358 14359 403a63 ctype 29 API calls 14358->14359 14360 404899 14359->14360 14361 4051b7 GetCurrentThreadId GetTickCount GetCurrentProcessId 14360->14361 14371 4051ea 14361->14371 14362 401d50 30 API calls 14362->14371 14363 4048ab 30 API calls 14363->14371 14365 40526e SetLastError 14365->14371 14366 401ded 30 API calls 14374 40522c 14366->14374 14368 4048ab 30 API calls 14372 405240 GetTickCount 14368->14372 14369 4052b8 14369->14043 14371->14362 14371->14363 14371->14365 14371->14369 14373 405299 GetLastError 14371->14373 14371->14374 14383 405800 14371->14383 14391 4049f4 14371->14391 14399 405ae5 14371->14399 14372->14374 14373->14371 14374->14366 14374->14368 14374->14371 14376 4048c0 14375->14376 14379 4021e1 14376->14379 14380 402225 14379->14380 14381 4021f5 14379->14381 14380->14357 14382 40218d 30 API calls 14381->14382 14382->14380 14384 40580a __EH_prolog 14383->14384 14402 404d82 14384->14402 14389 403a63 ctype 29 API calls 14390 405830 14389->14390 14390->14371 14392 404a03 14391->14392 14393 404a29 CreateDirectoryW 14391->14393 14395 403b85 31 API calls 14392->14395 14394 404a34 14393->14394 14394->14371 14396 404a0e CreateDirectoryA 14395->14396 14397 403a63 ctype 29 API calls 14396->14397 14398 404a23 14397->14398 14398->14394 14473 405ace 14399->14473 14403 40218d 30 API calls 14402->14403 14404 404d99 14403->14404 14405 405620 14404->14405 14406 40562a __EH_prolog 14405->14406 14440 405434 14406->14440 14409 405653 GetLastError 14411 405661 14409->14411 14410 405414 FindClose 14439 405773 14410->14439 14412 401cb5 30 API calls 14411->14412 14418 40564c 14411->14418 14413 4056d3 14412->14413 14414 405788 14413->14414 14415 401cb5 30 API calls 14413->14415 14416 403a63 ctype 29 API calls 14414->14416 14417 4056f0 14415->14417 14416->14418 14419 405705 14417->14419 14420 401ded 30 API calls 14417->14420 14418->14410 14421 401ded 30 API calls 14419->14421 14420->14419 14422 40570f 14421->14422 14423 405434 35 API calls 14422->14423 14424 40571e 14423->14424 14425 405777 SetLastError 14424->14425 14427 405736 14424->14427 14426 403a63 ctype 29 API calls 14425->14426 14426->14414 14428 40222b 30 API calls 14427->14428 14429 405744 14428->14429 14430 401daf 30 API calls 14429->14430 14431 405750 14430->14431 14432 403a63 ctype 29 API calls 14431->14432 14433 405758 14432->14433 14434 403a63 ctype 29 API calls 14433->14434 14435 405760 14434->14435 14436 403a63 ctype 29 API calls 14435->14436 14437 405768 14436->14437 14454 405414 14437->14454 14439->14389 14441 405414 FindClose 14440->14441 14442 405445 14441->14442 14443 4054a4 14442->14443 14444 405452 14442->14444 14445 40548d FindFirstFileW 14442->14445 14443->14409 14443->14418 14446 403b85 31 API calls 14444->14446 14445->14443 14447 4054a8 14445->14447 14448 40545d FindFirstFileA 14446->14448 14469 4054bd 14447->14469 14450 403a63 ctype 29 API calls 14448->14450 14451 405477 14450->14451 14451->14443 14457 40551c 14451->14457 14455 40541e FindClose 14454->14455 14456 405429 14454->14456 14455->14456 14456->14439 14458 405526 __EH_prolog 14457->14458 14459 403bdf 30 API calls 14458->14459 14460 405584 14459->14460 14461 403bca 31 API calls 14460->14461 14462 405592 14461->14462 14463 401daf 30 API calls 14462->14463 14464 40559f 14463->14464 14465 403a63 ctype 29 API calls 14464->14465 14466 4055a7 14465->14466 14467 403a63 ctype 29 API calls 14466->14467 14468 40548b 14467->14468 14468->14443 14470 4054fb 14469->14470 14471 401d50 30 API calls 14470->14471 14472 405518 14471->14472 14472->14443 14476 405ab1 14473->14476 14477 405892 34 API calls 14476->14477 14478 405acb 14477->14478 14478->14371 14479->14047 14481 40218d 30 API calls 14480->14481 14482 40804f 14481->14482 14482->14055 14484 407d97 __EH_prolog 14483->14484 14485 401cb5 30 API calls 14484->14485 14499 407dee 14484->14499 14486 407dd3 14485->14486 14526 407ee9 14486->14526 14487 401cb5 30 API calls 14491 407dff 14487->14491 14488 407e9f 14490 404349 ctype 34 API calls 14488->14490 14494 407eae 14490->14494 14495 407ee9 35 API calls 14491->14495 14492 401c9d 30 API calls 14508 407e1a 14492->14508 14497 404320 ctype 34 API calls 14494->14497 14498 407e0e 14495->14498 14496 403a63 ctype 29 API calls 14496->14499 14500 407eba 14497->14500 14501 403a63 ctype 29 API calls 14498->14501 14499->14487 14499->14508 14502 404349 ctype 34 API calls 14500->14502 14501->14508 14504 407ecc 14502->14504 14503 401daf 30 API calls 14503->14508 14505 404320 ctype 34 API calls 14504->14505 14506 407ed8 14505->14506 14506->14055 14508->14488 14508->14492 14508->14503 14509 403a63 29 API calls ctype 14508->14509 14539 40806e 14508->14539 14509->14508 14511 4080d9 __EH_prolog 14510->14511 14512 403a3d 30 API calls 14511->14512 14513 4080e4 14512->14513 14514 4080fb 14513->14514 14579 408116 14513->14579 14515 40a528 30 API calls 14514->14515 14517 408107 14515->14517 14517->14055 14519 4020b9 __EH_prolog 14518->14519 14520 404349 ctype 34 API calls 14519->14520 14521 4020dd 14520->14521 14522 404320 ctype 34 API calls 14521->14522 14523 4020e8 14522->14523 14524 403a63 ctype 29 API calls 14523->14524 14525 4020f0 14524->14525 14525->14055 14527 407ef3 __EH_prolog 14526->14527 14528 404349 ctype 34 API calls 14527->14528 14529 407f05 14528->14529 14530 40218d 30 API calls 14529->14530 14535 407f1a 14530->14535 14531 407f76 14532 403a63 ctype 29 API calls 14531->14532 14534 407de2 14532->14534 14533 407f65 14533->14531 14537 403981 30 API calls 14533->14537 14534->14496 14535->14531 14535->14533 14536 401ded 30 API calls 14535->14536 14549 403981 14535->14549 14536->14535 14537->14531 14540 408078 __EH_prolog 14539->14540 14541 403a3d 30 API calls 14540->14541 14542 408084 14541->14542 14543 4080ae 14542->14543 14544 401d16 30 API calls 14542->14544 14545 40a528 30 API calls 14543->14545 14546 40809e 14544->14546 14547 4080bf 14545->14547 14548 401d16 30 API calls 14546->14548 14547->14508 14548->14543 14550 40398b __EH_prolog 14549->14550 14551 403a3d 30 API calls 14550->14551 14552 403996 14551->14552 14553 4039ad 14552->14553 14554 401d16 30 API calls 14552->14554 14557 40a528 14553->14557 14554->14553 14560 404372 14557->14560 14561 4039b9 14560->14561 14562 40437a 14560->14562 14561->14535 14564 40439a 14562->14564 14565 40443e 14564->14565 14566 4043ae 14564->14566 14565->14561 14567 4043cb 14566->14567 14576 413b0d RaiseException 14566->14576 14569 4043f2 14567->14569 14577 413b0d RaiseException 14567->14577 14572 403a3d 30 API calls 14569->14572 14575 40441a 14569->14575 14571 403a63 ctype 29 API calls 14571->14565 14573 4043fe 14572->14573 14573->14575 14578 413b0d RaiseException 14573->14578 14575->14571 14576->14567 14577->14569 14578->14575 14580 408120 __EH_prolog 14579->14580 14581 401d16 30 API calls 14580->14581 14582 408147 14581->14582 14585 40816f 14582->14585 14586 408179 __EH_prolog 14585->14586 14587 404349 ctype 34 API calls 14586->14587 14588 4081a0 14587->14588 14591 4081bb 14588->14591 14592 40439a 30 API calls 14591->14592 14595 4081d3 14592->14595 14593 408157 14593->14514 14594 40806e 30 API calls 14594->14595 14595->14593 14595->14594 14597 403369 __EH_prolog 14596->14597 14598 40218d 30 API calls 14597->14598 14599 403385 14598->14599 14600 40218d 30 API calls 14599->14600 14601 40339a 14600->14601 14602 40218d 30 API calls 14601->14602 14603 402f27 14602->14603 14603->14066 14605 403106 __EH_prolog 14604->14605 14606 401c9d 30 API calls 14605->14606 14607 403116 14606->14607 14608 405620 37 API calls 14607->14608 14609 403126 14608->14609 14610 40312a 14609->14610 14613 403141 14609->14613 14611 401d50 30 API calls 14610->14611 14612 403138 14611->14612 14614 403a63 ctype 29 API calls 14612->14614 14696 408d5e 14613->14696 14647 4031aa 14614->14647 14617 404320 ctype 34 API calls 14618 40318f 14617->14618 14619 403194 14618->14619 14620 4031af 14618->14620 14622 401d50 30 API calls 14619->14622 14621 401d16 30 API calls 14620->14621 14623 4031bb 14621->14623 14622->14612 14624 405bad 30 API calls 14623->14624 14625 4031c7 14624->14625 14731 404a3e 14625->14731 14628 403213 14630 401cb5 30 API calls 14628->14630 14629 4031d3 14858 4092e6 14629->14858 14632 403220 14630->14632 14766 402686 14632->14766 14638 403a63 ctype 29 API calls 14640 403252 14638->14640 14773 40bff7 14640->14773 14809 40b98f 14640->14809 14643 40326d 14645 403a63 ctype 29 API calls 14643->14645 14648 403278 14645->14648 14647->14079 14653 40347d __EH_prolog 14652->14653 14654 403a63 ctype 29 API calls 14653->14654 14655 403493 14654->14655 16067 403405 14655->16067 14658 403a63 ctype 29 API calls 14659 4034b5 14658->14659 14660 403a63 ctype 29 API calls 14659->14660 14661 401580 14660->14661 14661->13575 14661->13576 14663 4034d6 __EH_prolog 14662->14663 14664 40218d 30 API calls 14663->14664 14665 403508 14664->14665 14666 40218d 30 API calls 14665->14666 14667 40351e 14666->14667 14668 40218d 30 API calls 14667->14668 14669 403534 14668->14669 14670 40218d 30 API calls 14669->14670 14671 40354d 14670->14671 16077 40358f 14671->16077 14674 40218d 30 API calls 14675 403572 14674->14675 14675->14073 16096 41468e 14676->16096 14679 413013 14679->14078 14680 413018 GetLastError 14681 413022 14680->14681 14681->14078 14683 403090 __EH_prolog 14682->14683 14684 401daf 30 API calls 14683->14684 14685 4030a5 14684->14685 16168 4060e5 14685->16168 14689 4030bd 14690 405ed1 33 API calls 14689->14690 14691 4030c8 14690->14691 16188 405eeb 14691->16188 14694 403a63 ctype 29 API calls 14695 4030de ShowWindow 14694->14695 14695->14098 14697 408d68 __EH_prolog 14696->14697 14698 403a3d 30 API calls 14697->14698 14699 408d82 14698->14699 14700 408d94 14699->14700 14924 408f0b 14699->14924 14702 40218d 30 API calls 14700->14702 14703 408dcb 14702->14703 14704 40218d 30 API calls 14703->14704 14705 408de2 14704->14705 14713 408e11 14705->14713 14866 405039 14705->14866 14711 408e65 14715 402635 30 API calls 14711->14715 14712 408e3e 14714 403a63 ctype 29 API calls 14712->14714 14898 40888f 14713->14898 14716 408e46 14714->14716 14717 408e74 14715->14717 14718 403a63 ctype 29 API calls 14716->14718 14719 403981 30 API calls 14717->14719 14729 403181 14718->14729 14720 408e81 14719->14720 14721 403a63 ctype 29 API calls 14720->14721 14725 408e8d 14721->14725 14722 408ec6 14724 403a63 ctype 29 API calls 14722->14724 14723 402635 30 API calls 14723->14725 14726 408ee0 14724->14726 14725->14722 14725->14723 14727 403981 30 API calls 14725->14727 14730 403a63 ctype 29 API calls 14725->14730 14728 403a63 ctype 29 API calls 14726->14728 14727->14725 14728->14729 14729->14617 14730->14725 14732 404a48 __EH_prolog 14731->14732 14733 401cb5 30 API calls 14732->14733 14736 404a56 14733->14736 14734 401d16 30 API calls 14759 404ab4 14734->14759 14735 4049f4 33 API calls 14735->14759 14736->14734 14740 404a96 14736->14740 14737 404acb GetLastError 14741 404b47 14737->14741 14737->14759 14738 404b9e 14739 401daf 30 API calls 14738->14739 14757 404bab 14739->14757 14745 403a63 ctype 29 API calls 14740->14745 14743 401c9d 30 API calls 14741->14743 14742 404c00 14746 403a63 ctype 29 API calls 14742->14746 14744 404b4f 14743->14744 14747 405620 37 API calls 14744->14747 14748 4031cf 14745->14748 14746->14740 14749 404b5e 14747->14749 14748->14628 14748->14629 14750 404b62 14749->14750 14751 404b92 14749->14751 14752 403a63 ctype 29 API calls 14750->14752 14754 403a63 ctype 29 API calls 14751->14754 14755 404b7a 14752->14755 14753 401e6f 30 API calls 14753->14757 14754->14738 14758 403a63 ctype 29 API calls 14755->14758 14756 401e6f 30 API calls 14756->14759 14757->14742 14757->14753 14760 4049f4 33 API calls 14757->14760 14764 403a63 ctype 29 API calls 14757->14764 14761 404b82 14758->14761 14759->14735 14759->14737 14759->14738 14759->14742 14759->14756 14762 401daf 30 API calls 14759->14762 14765 403a63 ctype 29 API calls 14759->14765 14760->14757 14763 403a63 ctype 29 API calls 14761->14763 14762->14759 14763->14748 14764->14757 14765->14759 14767 401daf 30 API calls 14766->14767 14768 4026ad 14767->14768 14769 401daf 30 API calls 14768->14769 14770 4026d9 14769->14770 14771 405bad 30 API calls 14770->14771 14772 4026e0 14771->14772 14772->14638 14789 40bbbd 14773->14789 14774 40bbe2 14776 40c146 34 API calls 14774->14776 14775 40bc3e 15400 40c146 14775->15400 14778 40bc02 14776->14778 14777 403a3d 30 API calls 14777->14789 14780 404349 ctype 34 API calls 14778->14780 14786 40bc21 14786->14643 14788 40bd0b 14790 40c146 34 API calls 14788->14790 14789->14774 14789->14775 14789->14777 14789->14786 14789->14788 14796 40c820 62 API calls 14789->14796 14797 40beb9 14789->14797 14798 40be1f 14789->14798 14799 40be7b 14789->14799 14802 40bf1c 14789->14802 15410 40c50e 14789->15410 15414 40ab05 14789->15414 15527 40c3ae 14789->15527 14791 40bd3c 14790->14791 14793 404349 ctype 34 API calls 14791->14793 14794 40bd4f 14793->14794 14796->14789 14800 40c146 34 API calls 14797->14800 14803 40c146 34 API calls 14798->14803 14804 40c146 34 API calls 14799->14804 14801 40be49 14800->14801 14805 404349 ctype 34 API calls 14801->14805 14806 40c146 34 API calls 14802->14806 14803->14801 14804->14801 14806->14801 14821 40b999 __EH_prolog 14809->14821 14810 40bb14 14812 40bb56 14810->14812 14813 40bb29 14810->14813 14817 403a3d 30 API calls 14812->14817 14814 404349 ctype 34 API calls 14813->14814 14816 40bb3c 14814->14816 14815 40c233 35 API calls 14815->14821 14818 404320 ctype 34 API calls 14816->14818 14846 40bb7a 14817->14846 14835 40b9e9 14818->14835 14819 40c1d9 30 API calls 14819->14821 14820 404320 34 API calls ctype 14820->14821 14821->14810 14821->14815 14821->14819 14821->14820 14821->14835 16042 40c0d4 14821->16042 16048 40c047 14821->16048 14835->14643 14846->14835 14859 4092f0 __EH_prolog 14858->14859 14860 405ed1 33 API calls 14859->14860 14861 409302 14860->14861 16053 409273 14861->16053 14867 405043 __EH_prolog 14866->14867 14932 404e2e 14867->14932 14870 405066 14872 401e6f 30 API calls 14870->14872 14883 4050d9 14870->14883 14871 401d50 30 API calls 14871->14870 14873 40509d 14872->14873 14874 401daf 30 API calls 14873->14874 14875 4050a9 14874->14875 14876 403a63 ctype 29 API calls 14875->14876 14877 4050b5 14876->14877 14878 401e4e 30 API calls 14877->14878 14879 4050c2 14878->14879 14880 401daf 30 API calls 14879->14880 14881 4050d1 14880->14881 14882 403a63 ctype 29 API calls 14881->14882 14882->14883 14884 409070 14883->14884 14885 40907a __EH_prolog 14884->14885 14886 401daf 30 API calls 14885->14886 14887 40908f 14886->14887 14888 402635 30 API calls 14887->14888 14889 40909c 14888->14889 14890 405620 37 API calls 14889->14890 14891 4090ab 14890->14891 14892 403a63 ctype 29 API calls 14891->14892 14893 4090bf 14892->14893 14894 4090d9 14893->14894 14952 413b0d RaiseException 14893->14952 14896 404349 ctype 34 API calls 14894->14896 14897 4090e1 14896->14897 14897->14713 14921 408899 __EH_prolog 14898->14921 14899 408b4f 14902 405cd6 VariantClear 14899->14902 14900 401daf 30 API calls 14900->14921 14901 408cc9 14904 405cd6 VariantClear 14901->14904 14913 4088b5 14902->14913 14904->14913 14905 408b3c 15063 4038ab 14905->15063 14907 409177 30 API calls 14907->14921 14909 408cf4 30 API calls 14909->14921 14911 408b62 14912 4038ab 29 API calls 14911->14912 14912->14913 14913->14711 14913->14712 14915 408ba9 14918 4038ab 29 API calls 14915->14918 14916 408c02 14919 4038ab 29 API calls 14916->14919 14918->14913 14919->14913 14920 408c5a 14922 4038ab 29 API calls 14920->14922 14921->14899 14921->14900 14921->14901 14921->14905 14921->14907 14921->14909 14921->14911 14921->14913 14921->14915 14921->14916 14921->14920 14923 4038ab 29 API calls 14921->14923 14953 408755 14921->14953 14966 405cd6 14921->14966 14970 4081f4 14921->14970 14995 4083ab 14921->14995 15059 408313 14921->15059 14922->14913 14923->14921 14925 408f15 __EH_prolog 14924->14925 14926 40218d 30 API calls 14925->14926 14927 408f48 14926->14927 14928 404d82 30 API calls 14927->14928 14929 408f53 14928->14929 14930 40218d 30 API calls 14929->14930 14931 408f69 14930->14931 14931->14700 14933 404e38 __EH_prolog 14932->14933 14934 404e59 14933->14934 14935 404edd GetFullPathNameW 14933->14935 14936 403b85 31 API calls 14934->14936 14937 404f02 14935->14937 14938 404ed9 14935->14938 14939 404e6c GetFullPathNameA 14936->14939 14937->14938 14941 401d50 30 API calls 14937->14941 14938->14870 14938->14871 14940 403a63 ctype 29 API calls 14939->14940 14942 404e8f 14940->14942 14941->14938 14942->14938 14943 403bdf 30 API calls 14942->14943 14944 404eaf 14943->14944 14945 403bca 31 API calls 14944->14945 14946 404ebd 14945->14946 14947 401daf 30 API calls 14946->14947 14948 404ec9 14947->14948 14949 403a63 ctype 29 API calls 14948->14949 14950 404ed1 14949->14950 14951 403a63 ctype 29 API calls 14950->14951 14951->14938 14952->14894 14954 40875f __EH_prolog 14953->14954 14955 40877a 14954->14955 14956 40879e 14954->14956 14957 403a3d 30 API calls 14955->14957 14958 408781 14956->14958 14960 403a3d 30 API calls 14956->14960 14957->14958 14959 4083ab 99 API calls 14958->14959 14961 40880c 14959->14961 14962 4087aa 14960->14962 14961->14921 14963 405a0f 34 API calls 14962->14963 14964 4087e4 14963->14964 14964->14958 14965 4087e8 GetLastError 14964->14965 14965->14961 14967 405cdb 14966->14967 14968 405d13 14967->14968 14969 405cfc VariantClear 14967->14969 14968->14921 14969->14921 14971 4081fe __EH_prolog 14970->14971 14972 40822a 14971->14972 14973 40823d 14971->14973 14974 405cd6 VariantClear 14972->14974 14975 408253 14973->14975 14976 408244 14973->14976 14993 408236 14974->14993 14978 4082f1 14975->14978 14979 408251 14975->14979 14977 401d50 30 API calls 14976->14977 14977->14979 14980 405cd6 VariantClear 14978->14980 14981 405cd6 VariantClear 14979->14981 14980->14993 14982 408274 14981->14982 14983 401daf 30 API calls 14982->14983 14982->14993 14984 408284 14983->14984 14985 4082a8 14984->14985 14986 4082b3 14984->14986 14987 4082d6 14984->14987 14990 405cd6 VariantClear 14985->14990 14988 401ded 30 API calls 14986->14988 14987->14985 14989 4082c6 14987->14989 14991 4082bc 14988->14991 14992 405cd6 VariantClear 14989->14992 14990->14993 14994 4048ab 30 API calls 14991->14994 14992->14993 14993->14921 14994->14989 14997 4083b5 __EH_prolog 14995->14997 15070 4045d0 14997->15070 14999 40218d 30 API calls 15001 4083f7 14999->15001 15000 40844b 15002 408466 15000->15002 15014 408476 15000->15014 15001->15000 15006 401e4e 30 API calls 15001->15006 15004 40a528 30 API calls 15002->15004 15003 4084c3 15009 40435e ctype 34 API calls 15003->15009 15021 408471 15003->15021 15050 4084cf 15003->15050 15004->15021 15007 408432 15006->15007 15008 401daf 30 API calls 15007->15008 15011 40843f 15008->15011 15009->15021 15015 403a63 ctype 29 API calls 15011->15015 15012 40a528 30 API calls 15012->15014 15013 404320 ctype 34 API calls 15016 4085c9 15013->15016 15014->15003 15014->15012 15102 407d59 15014->15102 15106 40447a 15014->15106 15015->15000 15017 403a63 ctype 29 API calls 15016->15017 15018 4085d1 15017->15018 15019 403a63 ctype 29 API calls 15018->15019 15020 4085d9 15019->15020 15020->14921 15022 4085f2 15021->15022 15026 408628 15021->15026 15021->15050 15056 40647d 3 API calls 15021->15056 15074 40cf82 15021->15074 15094 40dd29 15021->15094 15023 404320 ctype 34 API calls 15022->15023 15024 40860f 15023->15024 15025 403a63 ctype 29 API calls 15024->15025 15028 408617 15025->15028 15027 40867f 15026->15027 15031 401d50 30 API calls 15026->15031 15026->15050 15029 405cd6 VariantClear 15027->15029 15030 403a63 ctype 29 API calls 15028->15030 15032 40868b 15029->15032 15030->15020 15031->15027 15033 408700 15032->15033 15034 4086a4 15032->15034 15035 407d59 5 API calls 15033->15035 15036 401cb5 30 API calls 15034->15036 15037 40870b 15035->15037 15038 4086b2 15036->15038 15040 407bd5 35 API calls 15037->15040 15039 401cb5 30 API calls 15038->15039 15041 4086bf 15039->15041 15042 408727 15040->15042 15109 407bd5 15041->15109 15044 401daf 30 API calls 15042->15044 15046 408734 15044->15046 15048 403a63 ctype 29 API calls 15046->15048 15047 401daf 30 API calls 15049 4086e3 15047->15049 15048->15050 15051 403a63 ctype 29 API calls 15049->15051 15050->15013 15056->15021 15060 40831d __EH_prolog 15059->15060 15061 405cd6 VariantClear 15060->15061 15062 408398 15061->15062 15062->14921 15064 403a63 ctype 29 API calls 15063->15064 15065 4038b6 15064->15065 15066 403a63 ctype 29 API calls 15065->15066 15067 4038be 15066->15067 15068 403a63 ctype 29 API calls 15067->15068 15069 4038c6 15068->15069 15069->14913 15073 4045e0 15070->15073 15071 401e4e 30 API calls 15072 404605 15071->15072 15072->14999 15073->15071 15075 40cf8c __EH_prolog 15074->15075 15076 40dd29 34 API calls 15075->15076 15077 40cfdf 15076->15077 15078 40cfe5 15077->15078 15079 40d006 15077->15079 15123 40d0a6 15078->15123 15119 40f6e0 15079->15119 15083 40d038 15084 40d019 15093 40cff1 15093->15021 15095 40dd3b 15094->15095 15101 40647d 3 API calls 15095->15101 15096 40dd4f 15097 40dd86 15096->15097 15100 40647d 3 API calls 15096->15100 15097->15021 15098 40dd63 15098->15097 15361 40db62 15098->15361 15100->15098 15101->15096 15104 407d64 15102->15104 15105 407d81 15102->15105 15103 403b38 ctype 5 API calls 15103->15104 15104->15103 15104->15105 15105->15014 15107 404372 30 API calls 15106->15107 15108 404482 15107->15108 15108->15014 15110 407bdf __EH_prolog 15109->15110 15375 407c28 15110->15375 15113 40237b 30 API calls 15114 407c03 15113->15114 15115 401d16 30 API calls 15114->15115 15116 407c0e 15115->15116 15117 403a63 ctype 29 API calls 15116->15117 15118 407c16 15117->15118 15118->15047 15120 40f6ea __EH_prolog 15119->15120 15155 40f449 15120->15155 15124 40d0b0 __EH_prolog 15123->15124 15125 404349 ctype 34 API calls 15124->15125 15126 40d0d4 15125->15126 15127 404320 ctype 34 API calls 15126->15127 15128 40d0df 15127->15128 15128->15093 15156 40f453 __EH_prolog 15155->15156 15195 40d14e 15156->15195 15160 40f495 15161 40d91e RaiseException 15160->15161 15163 40f4ca 15160->15163 15161->15163 15162 40d012 15162->15083 15162->15084 15163->15162 15194 40647d 3 API calls 15163->15194 15164 40f53d 15164->15162 15194->15164 15196 40d1a9 34 API calls 15195->15196 15197 40d156 15196->15197 15198 404349 ctype 34 API calls 15197->15198 15199 40d161 15198->15199 15200 404349 ctype 34 API calls 15199->15200 15201 40d16c 15200->15201 15202 404349 ctype 34 API calls 15201->15202 15203 40d177 15202->15203 15204 404349 ctype 34 API calls 15203->15204 15205 40d182 15204->15205 15206 404349 ctype 34 API calls 15205->15206 15207 40d18d 15206->15207 15207->15160 15353 40d91e 15207->15353 15354 413b0d RaiseException 15353->15354 15355 40d936 15354->15355 15356 40d946 15355->15356 15357 40d91e RaiseException 15355->15357 15356->15160 15357->15356 15362 40db6c __EH_prolog 15361->15362 15363 407689 2 API calls 15362->15363 15365 40db83 15363->15365 15364 40db98 15364->15097 15365->15364 15366 4075ef 30 API calls 15365->15366 15371 40dbbc ctype 15366->15371 15367 40dc78 15368 403a63 ctype 29 API calls 15367->15368 15368->15364 15369 40dc8d 15370 403a63 ctype 29 API calls 15369->15370 15370->15364 15371->15367 15371->15369 15372 40dc90 15371->15372 15374 4063d0 2 API calls 15371->15374 15373 40647d 3 API calls 15372->15373 15373->15369 15374->15371 15377 407c32 __EH_prolog 15375->15377 15376 407d08 15378 407d11 15376->15378 15379 407d22 15376->15379 15380 401e4e 30 API calls 15377->15380 15382 407cb6 15377->15382 15381 40485a 30 API calls 15378->15381 15383 402635 30 API calls 15379->15383 15384 407c6e 15380->15384 15399 407bf7 15381->15399 15382->15376 15386 407ce1 15382->15386 15383->15399 15385 403b38 ctype 5 API calls 15384->15385 15387 407c7b 15385->15387 15388 401e6f 30 API calls 15386->15388 15389 403a63 ctype 29 API calls 15387->15389 15390 407ced 15388->15390 15391 407c8c 15389->15391 15392 402635 30 API calls 15390->15392 15391->15382 15393 407c91 15391->15393 15395 407cb1 15392->15395 15394 401e6f 30 API calls 15393->15394 15396 407c9d 15394->15396 15397 403a63 ctype 29 API calls 15395->15397 15398 402635 30 API calls 15396->15398 15397->15399 15398->15395 15399->15113 15401 40c150 __EH_prolog 15400->15401 15402 404349 ctype 34 API calls 15401->15402 15411 40c537 15410->15411 15531 40c6d6 15411->15531 15415 40ab0f __EH_prolog 15414->15415 15772 40d5a3 15415->15772 15528 40c3b8 __EH_prolog 15527->15528 15529 403a3d 30 API calls 15528->15529 15530 40c3f0 15529->15530 15530->14789 15533 40c6d9 15531->15533 15773 40d5ad __EH_prolog 15772->15773 16043 40c0de __EH_prolog 16042->16043 16044 40c12c 16043->16044 16045 40439a 30 API calls 16043->16045 16044->14821 16046 40c123 16045->16046 16049 40c056 16048->16049 16051 40c05c 16048->16051 16049->14821 16051->16049 16052 413b0d RaiseException 16051->16052 16052->16049 16054 40927d __EH_prolog 16053->16054 16055 401d16 30 API calls 16054->16055 16056 409290 16055->16056 16057 401cb5 30 API calls 16056->16057 16058 4092a1 16057->16058 16059 401e8b 30 API calls 16058->16059 16060 4092b4 16059->16060 16061 403a63 ctype 29 API calls 16060->16061 16062 4092c0 16061->16062 16063 401d16 30 API calls 16062->16063 16064 4092cc 16063->16064 16065 403a63 ctype 29 API calls 16064->16065 16066 4092d4 16065->16066 16068 40340f __EH_prolog 16067->16068 16069 404349 ctype 34 API calls 16068->16069 16070 40343b 16069->16070 16071 404320 ctype 34 API calls 16070->16071 16072 403446 16071->16072 16073 404349 ctype 34 API calls 16072->16073 16074 40345a 16073->16074 16075 404320 ctype 34 API calls 16074->16075 16076 403465 16075->16076 16076->14658 16078 403599 __EH_prolog 16077->16078 16079 40218d 30 API calls 16078->16079 16080 4035c6 16079->16080 16087 40364c 16080->16087 16084 4035fd 16085 403559 16084->16085 16094 413b0d RaiseException 16084->16094 16085->14674 16095 4130e0 InitializeCriticalSection 16087->16095 16089 4035da 16090 413070 CreateEventA 16089->16090 16091 413091 GetLastError 16090->16091 16092 41308e 16090->16092 16093 41309b 16091->16093 16092->16084 16093->16084 16094->16085 16095->16089 16097 416ccc 30 API calls 16096->16097 16098 41469e 16097->16098 16099 4146e1 16098->16099 16102 4146ac CreateThread 16098->16102 16100 413d6f ctype 29 API calls 16099->16100 16101 4146e7 16100->16101 16103 413009 16101->16103 16106 416c47 16101->16106 16102->16103 16104 4146d9 GetLastError 16102->16104 16126 4146f9 TlsGetValue 16102->16126 16103->14679 16103->14680 16104->16099 16123 416cc3 16106->16123 16109 416c80 16110 416cba 35 API calls 16109->16110 16112 416c85 16110->16112 16111 416c69 16113 416c90 16111->16113 16115 416c73 16111->16115 16112->16103 16114 416cad 16113->16114 16117 416ca0 16113->16117 16118 416cba 35 API calls 16114->16118 16116 416cba 35 API calls 16115->16116 16119 416c78 16116->16119 16120 416cba 35 API calls 16117->16120 16121 416cb2 16118->16121 16119->16103 16122 416ca5 16120->16122 16121->16103 16122->16103 16124 4152f3 35 API calls 16123->16124 16125 416c4d 16124->16125 16125->16109 16125->16111 16127 414731 16126->16127 16128 414746 TlsSetValue 16126->16128 16146 41535a 16127->16146 16131 414765 GetCurrentThreadId 16128->16131 16132 41475d 16128->16132 16135 414776 16131->16135 16133 4149dc ctype 7 API calls 16132->16133 16134 414764 16133->16134 16134->16131 16138 4147bf 16135->16138 16139 4147c8 16138->16139 16140 4152f3 35 API calls 16139->16140 16141 4147d0 16140->16141 16142 4147dd 16141->16142 16143 4149dc ctype 7 API calls 16141->16143 16144 41535a 31 API calls 16142->16144 16143->16142 16145 4147e4 ExitThread 16144->16145 16147 4153f9 16146->16147 16148 415368 16146->16148 16147->16128 16149 415371 TlsGetValue 16148->16149 16150 41537e 16148->16150 16149->16150 16151 4153ea TlsSetValue 16149->16151 16152 41538b 16150->16152 16153 413d6f ctype 29 API calls 16150->16153 16151->16147 16154 413d6f ctype 29 API calls 16152->16154 16156 415399 16152->16156 16153->16152 16154->16156 16155 4153a7 16158 413d6f ctype 29 API calls 16155->16158 16160 4153b5 16155->16160 16156->16155 16157 413d6f ctype 29 API calls 16156->16157 16157->16155 16158->16160 16159 4153c3 16162 4153d1 16159->16162 16163 413d6f ctype 29 API calls 16159->16163 16160->16159 16161 413d6f ctype 29 API calls 16160->16161 16161->16159 16164 4153e2 16162->16164 16166 413d6f ctype 29 API calls 16162->16166 16163->16162 16165 413d6f ctype 29 API calls 16164->16165 16167 4153e9 16165->16167 16166->16164 16167->16151 16169 4060ef __EH_prolog 16168->16169 16170 406100 DialogBoxParamW 16169->16170 16171 40611a 16169->16171 16177 4030b3 16170->16177 16172 40245b 30 API calls 16171->16172 16173 40612d 16172->16173 16174 406174 DialogBoxParamA 16173->16174 16176 401cb5 30 API calls 16173->16176 16175 403a63 ctype 29 API calls 16174->16175 16175->16177 16178 406143 16176->16178 16187 412fe0 WaitForSingleObject 16177->16187 16179 401a66 31 API calls 16178->16179 16180 406152 16179->16180 16200 405f5d 16180->16200 16183 403a63 ctype 29 API calls 16184 406167 16183->16184 16185 403a63 ctype 29 API calls 16184->16185 16186 40616f 16185->16186 16186->16174 16187->14689 16189 405ef5 __EH_prolog 16188->16189 16190 405f16 16189->16190 16191 405f07 SetWindowTextW 16189->16191 16193 401cb5 30 API calls 16190->16193 16192 4030d6 16191->16192 16192->14694 16194 405f1e 16193->16194 16195 403d8e 31 API calls 16194->16195 16196 405f2d SetWindowTextA 16195->16196 16197 403a63 ctype 29 API calls 16196->16197 16198 405f43 16197->16198 16199 403a63 ctype 29 API calls 16198->16199 16199->16192 16201 405f69 16200->16201 16203 405f7a 16200->16203 16202 40245b 30 API calls 16201->16202 16202->16203 16203->16183 16205 4023c5 16204->16205 16207 4023de 16205->16207 16208 40257d 16205->16208 16207->14131 16209 40258d 16208->16209 16213 403fd0 __EH_prolog 16212->16213 16214 40245b 30 API calls 16213->16214 16215 403ff3 16214->16215 16216 404024 16215->16216 16218 401f02 30 API calls 16215->16218 16217 403dae 30 API calls 16216->16217 16219 404030 16217->16219 16218->16215 16220 403a63 ctype 29 API calls 16219->16220 16221 404038 16220->16221 16221->14160 16223 404152 __EH_prolog 16222->16223 16224 403a3d 30 API calls 16223->16224 16225 40415e 16224->16225 16226 401d16 30 API calls 16225->16226 16231 404188 16225->16231 16227 404178 16226->16227 16229 401d16 30 API calls 16227->16229 16228 40a528 30 API calls 16230 404199 16228->16230 16229->16231 16230->14160 16231->16228 16233 403a63 ctype 29 API calls 16232->16233 16234 402167 16233->16234 16235 403a63 ctype 29 API calls 16234->16235 16236 40216e 16235->16236 16236->14160 16238 405e0a __EH_prolog 16237->16238 16239 405e21 16238->16239 16240 405e9a 16238->16240 16242 40218d 30 API calls 16239->16242 16253 405d5e 16240->16253 16244 405e35 16242->16244 16247 405e54 LoadStringW 16244->16247 16248 40218d 30 API calls 16244->16248 16246 405e95 16250 403a63 ctype 29 API calls 16246->16250 16247->16244 16249 405e6d 16247->16249 16248->16247 16251 401d16 30 API calls 16249->16251 16252 405ebe 16250->16252 16251->16246 16252->13592 16254 405d68 __EH_prolog 16253->16254 16255 40245b 30 API calls 16254->16255 16256 405d8b 16255->16256 16257 405daa LoadStringA 16256->16257 16258 40245b 30 API calls 16256->16258 16257->16256 16259 405dc3 16257->16259 16258->16257 16260 403dae 30 API calls 16259->16260 16261 405de4 16260->16261 16262 403a63 ctype 29 API calls 16261->16262 16263 405dec 16262->16263 16264 404845 16263->16264 16265 403c26 31 API calls 16264->16265 16266 404855 16265->16266 16266->16246 16395 416b2d 16386->16395 16389 416a99 GetCurrentProcess TerminateProcess 16390 416aaa 16389->16390 16391 416b14 16390->16391 16392 416b1b ExitProcess 16390->16392 16398 416b36 16391->16398 16396 4154da ctype 29 API calls 16395->16396 16397 416a8e 16396->16397 16397->16389 16397->16390 16401 41553b LeaveCriticalSection 16398->16401 16400 4149bd 16400->13803 16401->16400 16402 40c90c 16403 40c919 16402->16403 16404 40c92a 16402->16404 16403->16404 16408 40c931 16403->16408 16407 403a63 ctype 29 API calls 16407->16404 16409 40c93b __EH_prolog 16408->16409 16412 40c96c 16409->16412 16413 40c976 __EH_prolog 16412->16413 16414 404320 ctype 34 API calls 16413->16414 16415 40c98f 16414->16415 16416 404320 ctype 34 API calls 16415->16416 16417 40c99e 16416->16417 16418 404320 ctype 34 API calls 16417->16418 16419 40c9ad 16418->16419 16420 404320 ctype 34 API calls 16419->16420 16421 40c9bc 16420->16421 16422 404320 ctype 34 API calls 16421->16422 16423 40c9cb 16422->16423 16426 40c9e3 16423->16426 16427 40c9ed __EH_prolog 16426->16427 16428 404320 ctype 34 API calls 16427->16428 16429 40ca08 16428->16429 16430 404320 ctype 34 API calls 16429->16430 16431 40ca1d 16430->16431 16432 404320 ctype 34 API calls 16431->16432 16433 40ca28 16432->16433 16434 404320 ctype 34 API calls 16433->16434 16435 40ca3d 16434->16435 16436 404320 ctype 34 API calls 16435->16436 16437 40ca48 16436->16437 16438 404320 ctype 34 API calls 16437->16438 16439 40ca5d 16438->16439 16440 404320 ctype 34 API calls 16439->16440 16441 40ca68 16440->16441 16442 404320 ctype 34 API calls 16441->16442 16443 40ca7a 16442->16443 16444 404320 ctype 34 API calls 16443->16444 16445 40ca85 16444->16445 16446 404349 ctype 34 API calls 16445->16446 16447 40ca9c 16446->16447 16448 404320 ctype 34 API calls 16447->16448 16449 40caa7 16448->16449 16450 404320 ctype 34 API calls 16449->16450 16451 40cab3 16450->16451 16452 404349 ctype 34 API calls 16451->16452 16453 40caca 16452->16453 16454 404320 ctype 34 API calls 16453->16454 16455 40cad5 16454->16455 16456 404320 ctype 34 API calls 16455->16456 16457 40cae1 16456->16457 16458 404320 ctype 34 API calls 16457->16458 16459 40caed 16458->16459 16460 404320 ctype 34 API calls 16459->16460 16461 40c924 16460->16461 16461->16407 16462 4068fd 16463 40690a 16462->16463 16464 40691b 16462->16464 16463->16464 16468 406922 16463->16468 16467 403a63 ctype 29 API calls 16467->16464 16469 40692c __EH_prolog 16468->16469 16472 410f60 16469->16472 16473 406915 16472->16473 16474 410f64 VirtualFree 16472->16474 16473->16467 16474->16473

              Executed Functions

              Function 004148D4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81COMMON
              Download Yara Rule

              Control-flow Graph

              APIs
              • GetVersion.KERNEL32 ref: 004148FA
                • Part of subcall function 004157C8: HeapCreate.KERNELBASE(00000000,00001000,00000000,00414932,00000001), ref: 004157D9
                • Part of subcall function 004157C8: HeapDestroy.KERNEL32 ref: 00415818
              • GetCommandLineA.KERNEL32 ref: 0041495A
              • GetStartupInfoA.KERNEL32(?), ref: 00414985
              • GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 004149A8
                • Part of subcall function 00414A01: ExitProcess.KERNEL32 ref: 00414A1E
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: Heap$CommandCreateDestroyExitHandleInfoLineModuleProcessStartupVersion
              • String ID: `&
              • API String ID: 2057626494-1405188806
              • Opcode ID: d0b0bc6d91067fd433c2cc4b1856fc531dfd5f25a3beb9f48f66dbad23e013fe
              • Instruction ID: fb65514f2d73941f5fb5fe300876562abb5c146ee9b99336205dd39c2cb12ef3
              • Opcode Fuzzy Hash: d0b0bc6d91067fd433c2cc4b1856fc531dfd5f25a3beb9f48f66dbad23e013fe
              • Instruction Fuzzy Hash: BD219EB19407159FDB14EFB6DC46AEE7BB8EF44704F10412FF910AB291DB3C89818A58
              Function 00405434 Relevance: 3.0, APIs: 2, Instructions: 44fileCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1326 405434-405447 call 405414 1329 4054a4-4054a6 1326->1329 1330 405449-405450 1326->1330 1333 4054b8-4054ba 1329->1333 1331 405452-40547b call 403b85 FindFirstFileA call 403a63 1330->1331 1332 40548d-4054a2 FindFirstFileW 1330->1332 1331->1329 1341 40547d-40548b call 40551c 1331->1341 1332->1329 1335 4054a8-4054b1 call 4054bd 1332->1335 1338 4054b6 1335->1338 1338->1333 1341->1338
              APIs
                • Part of subcall function 00405414: FindClose.KERNELBASE(?,000000FF,00405445,000000FF), ref: 0040541F
              • FindFirstFileW.KERNELBASE(?,?,000000FF), ref: 00405497
                • Part of subcall function 00403B85: __EH_prolog.LIBCMT ref: 00403B8A
              • FindFirstFileA.KERNEL32(?,?,000000FF), ref: 00405467
                • Part of subcall function 0040551C: __EH_prolog.LIBCMT ref: 00405521
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: Find$FileFirstH_prolog$Close
              • String ID:
              • API String ID: 3335342080-0
              • Opcode ID: 01ff4a9bc94c78cd279a0d863a54892268cf469c718bfc53d66ce16def007dff
              • Instruction ID: 44fa9ff84b7e7cb6f1e8d7f9ea47a8a098aa0700a3472251c04f15a334366322
              • Opcode Fuzzy Hash: 01ff4a9bc94c78cd279a0d863a54892268cf469c718bfc53d66ce16def007dff
              • Instruction Fuzzy Hash: 33014830401505ABCF20AF64DC456EE7779DF51329F20827AE855672D1D73C9A85CF98
              Function 00401014 Relevance: 48.0, APIs: 8, Strings: 19, Instructions: 715windowsynchronizationCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 0 401014-40111e call 401a7b call 40218d * 4 GetCommandLineW call 401cb5 call 4038d7 call 403a63 call 40218d call 40460b call 40237b call 402340 call 401cb5 call 401e6f call 403b38 call 403a63 * 2 35 401120-40114f call 401e4e call 401daf call 403a63 call 40237b call 402340 0->35 36 401154-40117e call 40245b call 401b11 0->36 35->36 45 401180-401183 36->45 46 401199-4011c5 call 401cb5 call 40218d 36->46 48 401191-401194 45->48 49 401185-40118c call 410ec0 45->49 62 4014b2-4014d6 call 401c9d call 4052cf 46->62 63 4011cb-4011f0 call 402172 call 403de4 46->63 53 401a27-401a5a call 403a63 * 6 48->53 49->48 113 401a5d 53->113 80 4014f1-4014fd call 403a3d 62->80 81 4014d8-4014db 62->81 77 4011f2-4011f5 63->77 78 40120b-40129a call 401cb5 call 4040fd call 403a63 call 401cb5 call 4040fd call 403a63 call 401cb5 call 4040fd call 403a63 call 403b38 63->78 82 401203-401206 77->82 83 4011f7-4011fe call 410ec0 77->83 192 4012a2-4012ca call 401cb5 call 4040cb call 403a63 78->192 193 40129c 78->193 100 401512 80->100 101 4014ff-401510 call 401f2a 80->101 85 4014e9-4014ec 81->85 86 4014dd-4014e4 call 410ec0 81->86 90 40132c-401395 call 404349 call 404320 call 403a63 * 8 82->90 83->82 94 4019fb-401a24 call 40536a call 403a63 * 3 85->94 86->85 90->113 94->53 103 401514-401516 100->103 101->103 109 401518-40151a 103->109 110 40151e-401527 call 407f8e 103->110 109->110 126 401529-401535 call 410ec0 110->126 127 40153a-401582 call 401d16 call 40218d call 402efe 110->127 118 401a5f-401a63 113->118 141 40163d-40163f 126->141 154 401584-401587 127->154 155 4015f8-40161e call 403a63 call 401c9d call 404f70 call 404f2c 127->155 141->85 145 401645-40164b 141->145 145->85 159 4015f0-4015f3 154->159 160 401589-40158c 154->160 209 401650-401653 155->209 210 401620-40163c call 404f2c call 403a63 * 2 155->210 164 40191f-401933 call 403a63 * 2 159->164 165 401593-4015b6 call 405ed1 call 401daf call 403a63 160->165 166 40158e-401591 160->166 196 401935-401937 164->196 197 40193b-40199d call 40536a call 403a63 * 9 164->197 170 4015bb-4015c0 165->170 166->165 166->170 170->159 179 4015c2-4015c5 170->179 179->159 186 4015c7-4015ef call 405ed1 MessageBoxW call 403a63 179->186 186->159 229 4012e4-4012e7 192->229 230 4012cc-4012df call 401daf 192->230 193->192 196->197 197->118 213 4017b4-4017b7 209->213 214 401659-401690 call 401a66 209->214 210->141 220 4017b9-4017d0 call 401d50 call 4057af 213->220 221 4017ec-40185e call 401d16 call 405bad call 401cb5 call 401e8b call 403a63 * 2 call 401cb5 call 401e8b call 403a63 213->221 233 401692-401699 call 401e18 214->233 234 40169e-4016e2 call 401a66 ShellExecuteExA 214->234 220->221 254 4017d2-4017d5 220->254 340 401860-401871 call 401ded call 401e18 221->340 341 401876-4018f6 call 402635 call 401a66 call 403a63 CreateProcessA 221->341 240 40139a-4014ad call 401cb5 call 4040fd call 401daf call 403a63 * 2 call 401cb5 call 4040fd call 401daf call 403a63 * 2 call 401cb5 call 4040fd call 402635 call 401daf call 403a63 * 6 call 404349 call 404320 229->240 241 4012ed-4012f0 229->241 230->229 233->234 252 401798-4017af call 403a63 * 2 234->252 253 4016e8-4016eb 234->253 240->62 241->240 249 4012f6-401308 MessageBoxW 241->249 249->240 256 40130e-401329 call 403a63 * 3 249->256 295 4019bf-4019c2 252->295 259 4016f9-40172a call 403a63 * 2 call 404f2c call 403a63 * 2 253->259 260 4016ed-4016f4 call 410ec0 253->260 261 401914-40191c call 404f2c 254->261 262 4017db-4017e7 call 410ec0 254->262 256->90 329 401732-401793 call 40536a call 403a63 * 9 259->329 330 40172c-40172e 259->330 260->259 261->164 262->261 301 4019d4-4019f3 call 404f2c call 403a63 * 2 295->301 302 4019c4-4019ce WaitForSingleObject CloseHandle 295->302 301->94 335 4019f5-4019f7 301->335 302->301 329->118 330->329 335->94 340->341 363 4019a2-4019ba CloseHandle call 403a63 341->363 364 4018fc-4018ff 341->364 363->295 367 401901-401903 call 410ef6 364->367 368 401908-401913 call 403a63 364->368 367->368 368->261
              APIs
                • Part of subcall function 00401A7B: GetVersionExA.KERNEL32(?), ref: 00401A95
              • GetCommandLineW.KERNEL32(00000003,00000003,00000003,00000003,?,00000000), ref: 0040108B
                • Part of subcall function 004038D7: __EH_prolog.LIBCMT ref: 004038DC
                • Part of subcall function 0040460B: __EH_prolog.LIBCMT ref: 00404610
                • Part of subcall function 0040460B: GetModuleFileNameA.KERNEL32(00400000,?,00000105,00000000,00000000), ref: 00404649
                • Part of subcall function 0040237B: __EH_prolog.LIBCMT ref: 00402380
                • Part of subcall function 00402340: __EH_prolog.LIBCMT ref: 00402345
                • Part of subcall function 00403DE4: __EH_prolog.LIBCMT ref: 00403DE9
              • MessageBoxW.USER32(00000000,?,?,00000010), ref: 004015DE
              • ShellExecuteExA.SHELL32(0000003C,?,00000001,?,?,00000003,?,00000003,00420240,;!@InstallEnd@!,?,00000003,00000000,00000002,00420278,00000003), ref: 004016D5
              • MessageBoxW.USER32(00000000,?,?,00000024), ref: 004012FF
                • Part of subcall function 00410EC0: MessageBoxW.USER32(00000000,?,7-Zip,00000010), ref: 00410EC9
                • Part of subcall function 00402EFE: __EH_prolog.LIBCMT ref: 00402F03
              • CloseHandle.KERNEL32(?,?,00000000), ref: 004019A8
              • WaitForSingleObject.KERNEL32(?,000000FF,?,00000000), ref: 004019C7
              • CloseHandle.KERNEL32(?,?,00000000), ref: 004019CE
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: H_prolog$Message$CloseHandle$CommandExecuteFileLineModuleNameObjectShellSingleVersionWait
              • String ID: $%%T$%%T\$;!@Install@!UTF-8!$;!@InstallEnd@!$<$Can not create temp folder archive$Can not find setup.exe$Can not load codecs$Can not open file$Can't load config info$Config failed$D$Directory$ExecuteFile$ExecuteParameters$RunProgram$Title$setup.exe
              • API String ID: 785510900-2114487665
              • Opcode ID: b600714a671df9a3d5fc716cc4c9e3c9a4f8f064de660c7cce450a41e6d9557d
              • Instruction ID: f92d1a5b025e5f1856d93d01be2b226abe75c3e6546c85d9ed47549f0c040395
              • Opcode Fuzzy Hash: b600714a671df9a3d5fc716cc4c9e3c9a4f8f064de660c7cce450a41e6d9557d
              • Instruction Fuzzy Hash: 485228719002199ACF25EFA5DC82AEDBB75AF04308F1040BFE156721F2DA395B86CF58
              Function 0040AB05 Relevance: 14.2, APIs: 9, Instructions: 682COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 404 40ab05-40ab29 call 413724 call 40d5a3 409 40b0c3-40b0c8 404->409 410 40ab2f-40ab65 call 402172 call 4130e0 call 4062e7 404->410 411 40b3f1-40b3ff 409->411 418 40ab6b 410->418 419 40ac4c-40ac83 call 40aab0 call 40b761 call 40b402 410->419 420 40ab6e-40ab78 call 403a3d 418->420 434 40aca2-40acb2 call 404349 419->434 435 40ac85-40ac9c call 40b519 419->435 427 40ab88 420->427 428 40ab7a-40ab86 420->428 430 40ab8a-40ab8f 427->430 428->430 432 40ab91-40ab93 430->432 433 40ab97-40abc2 call 403a3d 430->433 432->433 442 40abc4-40abd4 433->442 443 40abd6 433->443 445 40acb4-40acba 434->445 446 40acbd-40acc1 434->446 435->434 444 40ae5d-40ae73 435->444 447 40abd8-40abdd 442->447 443->447 458 40ae79-40ae7c 444->458 459 40b2ab-40b2cd call 40a1fc 444->459 445->446 450 40acc3-40acd7 call 403a3d 446->450 451 40ad04-40ad16 446->451 448 40abe5-40ac1e call 4062e7 call 40a3de 447->448 449 40abdf-40abe1 447->449 481 40ac20-40ac22 448->481 482 40ac26-40ac2c 448->482 449->448 461 40ace2 450->461 462 40acd9-40ace0 call 40b626 450->462 466 40ad18-40ad5a call 404320 call 409739 DeleteCriticalSection call 40a594 451->466 467 40ad5f-40ad65 451->467 465 40ae7f-40aeb4 458->465 477 40b2d8-40b2db 459->477 478 40b2cf-40b2d5 459->478 471 40ace4-40acf8 call 4062e7 461->471 462->471 493 40aeb6-40aebf 465->493 494 40aedf-40aee5 465->494 537 40b321-40b335 call 404349 call 404320 466->537 473 40ae4b-40ae5a call 40b735 467->473 474 40ad6b-40ad8f call 406297 467->474 502 40acfa-40acfd 471->502 503 40acff 471->503 473->444 490 40ad94-40ad98 474->490 486 40b33a-40b36a call 403291 call 40439a 477->486 487 40b2dd-40b31f call 404320 call 409739 DeleteCriticalSection call 40a594 477->487 478->477 481->482 491 40ac34-40ac43 482->491 492 40ac2e-40ac30 482->492 552 40b385-40b3a4 486->552 553 40b36c-40b383 call 40a528 486->553 487->537 504 40af83-40af8c 490->504 505 40ad9e-40ada9 490->505 491->420 506 40ac49 491->506 492->491 495 40aec5-40aed6 493->495 496 40b16e-40b174 493->496 499 40aee7-40aee9 494->499 500 40aeed-40af35 call 403291 * 2 call 40439a * 2 494->500 530 40b1c5-40b1ce 495->530 531 40aedc 495->531 512 40b176-40b178 496->512 513 40b17c-40b1c3 call 404320 call 409739 DeleteCriticalSection call 40a594 496->513 499->500 608 40af37-40af4d call 40a528 500->608 609 40af4f-40af55 500->609 509 40ad01 502->509 503->509 514 40af94-40af9d 504->514 515 40af8e-40af90 504->515 516 40add7-40addb 505->516 517 40adab-40adaf 505->517 506->419 509->451 512->513 593 40b218-40b22e call 404349 call 404320 513->593 527 40afa5-40afe9 call 404320 call 409739 DeleteCriticalSection call 40a594 514->527 528 40af9f-40afa1 514->528 515->514 519 40ade1-40adf0 call 4062e7 516->519 520 40b05c-40b065 516->520 517->516 525 40adb1-40adb6 517->525 558 40adf2-40adf8 call 409ed8 519->558 559 40adfd-40ae12 call 40b876 519->559 535 40b067-40b069 520->535 536 40b06d-40b0be call 404320 call 409739 DeleteCriticalSection call 40a594 call 404349 call 404320 520->536 539 40adbc-40adc8 call 4062e7 525->539 540 40afee-40aff7 525->540 527->537 528->527 544 40b1d0-40b1d2 530->544 545 40b1d6-40b211 call 404320 call 409739 DeleteCriticalSection call 40a594 530->545 531->494 535->536 536->409 600 40b3ef 537->600 539->559 569 40adca-40add5 call 409eb3 539->569 547 40b002-40b008 540->547 548 40aff9-40afff 540->548 544->545 545->593 561 40b010-40b057 call 404320 call 409739 DeleteCriticalSection call 40a594 547->561 562 40b00a-40b00c 547->562 548->547 674 40b3a5 call 412ff0 552->674 675 40b3a5 call 409ab3 552->675 553->552 558->559 596 40ae14-40ae16 559->596 597 40ae1a-40ae23 559->597 561->537 562->561 569->559 581 40b3a8-40b3ea call 404320 * 2 call 409739 call 40b60b call 40a3a6 581->600 593->411 596->597 606 40ae25-40ae27 597->606 607 40ae2b-40ae34 597->607 600->411 606->607 616 40ae36-40ae38 607->616 617 40ae3c-40ae45 607->617 608->609 619 40b126-40b15a call 404320 * 2 609->619 620 40af5b 609->620 616->617 617->473 617->474 619->465 659 40b160-40b165 619->659 627 40af5e-40af65 620->627 632 40b0d1 627->632 633 40af6b 627->633 635 40b0d4-40b0d6 632->635 637 40af6e-40af70 633->637 639 40b0e4-40b0eb 635->639 640 40b0d8-40b0e2 635->640 642 40af76-40af7c 637->642 643 40b0cd-40b0cf 637->643 646 40b0fc 639->646 647 40b0ed 639->647 645 40b10a-40b120 call 40a528 640->645 642->637 649 40af7e 642->649 643->635 645->619 645->627 651 40b0ff-40b101 646->651 650 40b0f0-40b0f2 647->650 649->632 654 40b0f4-40b0fa 650->654 655 40b16a-40b16c 650->655 656 40b233-40b2a6 call 404320 * 3 call 409739 DeleteCriticalSection call 40a594 call 404349 call 404320 651->656 657 40b107 651->657 654->646 654->650 655->651 656->411 657->645 659->459 674->581 675->581
              APIs
              • __EH_prolog.LIBCMT ref: 0040AB0A
                • Part of subcall function 0040D5A3: __EH_prolog.LIBCMT ref: 0040D5A8
                • Part of subcall function 004130E0: InitializeCriticalSection.KERNEL32(?,?,?,00000000,00000000), ref: 0041310E
              • DeleteCriticalSection.KERNEL32(?), ref: 0040AD3E
              • DeleteCriticalSection.KERNEL32(?), ref: 0040AFCB
              • DeleteCriticalSection.KERNEL32(?), ref: 0040B036
              • DeleteCriticalSection.KERNEL32(?), ref: 0040B093
              • DeleteCriticalSection.KERNEL32(?), ref: 0040B1A2
              • DeleteCriticalSection.KERNEL32(?), ref: 0040B1FC
              • DeleteCriticalSection.KERNEL32(?,?,?,00000004,00000004), ref: 0040B271
              • DeleteCriticalSection.KERNEL32(?), ref: 0040B303
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: CriticalSection$Delete$H_prolog$Initialize
              • String ID:
              • API String ID: 3452124646-0
              • Opcode ID: 45240ef0458f7de22c559f4b188c7cb8d0a3a55333ee58d2ab3a2bbbd62bfb2d
              • Instruction ID: 4c9a54a47b38b58bbaef36bcc828af5c6ca02983ed7c574d3216c54edcd042c8
              • Opcode Fuzzy Hash: 45240ef0458f7de22c559f4b188c7cb8d0a3a55333ee58d2ab3a2bbbd62bfb2d
              • Instruction Fuzzy Hash: FC627E7090024ADFDB14DFA5C944BDEBBB4FF14308F1080AEE805B7291DB789A49DB99
              Function 004051B7 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 102threadCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 676 4051b7-4051e6 GetCurrentThreadId GetTickCount GetCurrentProcessId 677 4051ea-4051f6 call 401d50 676->677 680 4051f8-4051ff 677->680 681 40524f-405255 677->681 684 405200-40520b 680->684 682 405263-40526c call 405800 681->682 683 405257-40525e call 4048ab 681->683 691 40527b-405280 682->691 692 40526e-405279 SetLastError 682->692 683->682 687 405212 684->687 688 40520d-405210 684->688 690 405215-40521f 687->690 688->690 690->684 693 405221-40522a 690->693 695 405282-40528c call 405ae5 691->695 696 40528e-405290 call 4049f4 691->696 694 4052ab-4052b2 692->694 697 405235-405248 call 4048ab GetTickCount 693->697 698 40522c-405230 call 401ded 693->698 694->677 702 4052b8-4052c2 694->702 705 405295-405297 695->705 696->705 710 40524a-40524c 697->710 711 40524d 697->711 698->697 707 4052c4-4052c8 702->707 708 405299-4052a2 GetLastError 705->708 709 4052cb-4052cd 705->709 708->694 712 4052a4-4052a9 708->712 709->707 710->711 711->681 712->694 712->702
              APIs
              • GetCurrentThreadId.KERNEL32 ref: 004051C5
              • GetTickCount.KERNEL32 ref: 004051D0
              • GetCurrentProcessId.KERNEL32(?,00000000,?,?,00405334,?,00000000,?,00000003,00000003,00000000,00000000,00000003,?,00000000), ref: 004051DB
              • GetTickCount.KERNEL32 ref: 00405240
              • SetLastError.KERNEL32(000000B7,00000000,?,00000000,?,?,00405334,?,00000000,?,00000003), ref: 00405273
              • GetLastError.KERNEL32(00000000,?,00000000,?,?,00405334,?,00000000,?,00000003), ref: 00405299
                • Part of subcall function 004049F4: CreateDirectoryA.KERNEL32(?,00000000,00000000,00000000,?,00000000,?,?,00405334,?,00000000,?,00000003), ref: 00404A13
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: CountCurrentErrorLastTick$CreateDirectoryProcessThread
              • String ID: .tmp$d
              • API String ID: 3074393274-2797371523
              • Opcode ID: 2fda1539db0041318063c64b288010cc5c4c3aedaa5e381c7d8f696092406eab
              • Instruction ID: 4fab17955b769304b7d1cf71853489b42ead9ac2cf2e2055059d54e7646dac87
              • Opcode Fuzzy Hash: 2fda1539db0041318063c64b288010cc5c4c3aedaa5e381c7d8f696092406eab
              • Instruction Fuzzy Hash: CC31C1326506009BDB10ABA098897EF7760EFA5315F14807FE902BB2D2D77C9842CF99
              Function 00404908 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 36filetimeCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 747 404908-404914 748 404922-40493f CreateFileW 747->748 749 404916-404920 SetLastError 747->749 751 404941-404957 SetFileTime CloseHandle 748->751 752 40495d-40495f 748->752 750 404960-404962 749->750 751->752 752->750
              APIs
              • SetLastError.KERNEL32(00000078,.@,00000000,00402AB0,00000000,?,?,?,?), ref: 00404918
              • CreateFileW.KERNELBASE(?,40000000,00000003,00000000,00000003,02000000,00000000,?,.@,00000000,00402AB0,00000000,?,?,?,?), ref: 00404934
              • SetFileTime.KERNELBASE(00000000,00000000,?,?,?,40000000,00000003,00000000,00000003,02000000,00000000,?,.@,00000000,00402AB0,00000000), ref: 0040494B
              • CloseHandle.KERNEL32(00000000,?,40000000,00000003,00000000,00000003,02000000,00000000,?,.@,00000000,00402AB0,00000000,?,?,?), ref: 00404957
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: File$CloseCreateErrorHandleLastTime
              • String ID: .@
              • API String ID: 2291555494-2582305824
              • Opcode ID: 134b82ee1bee937397c61f831c6e8a998fcbb54d8f51f8998ece3d2421389dbd
              • Instruction ID: b13e78268552c33248838deebc4f257ca571263cc4fefdaa9dfe176c52576776
              • Opcode Fuzzy Hash: 134b82ee1bee937397c61f831c6e8a998fcbb54d8f51f8998ece3d2421389dbd
              • Instruction Fuzzy Hash: 66F0E2B12812107BE2201B74BC48F9B6E5CDBCA715F108135B661A21E0C3284D19D7B8
              Function 004083AB Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 328COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 753 4083ab-4083c3 call 413724 756 4083c5-4083cb 753->756 757 4083cd-408400 call 4045d0 call 40218d 753->757 756->757 763 408402-408405 757->763 764 40844c-408464 call 403291 757->764 766 408409-40840d 763->766 771 408476-408480 764->771 772 408466-408474 call 40a528 764->772 768 408417-40841b 766->768 769 40840f-408411 766->769 770 408420-408422 768->770 773 408413-408415 769->773 774 40841d 769->774 770->764 777 408424-40844b call 401e4e call 401daf call 403a63 770->777 775 408482-408493 call 407d59 771->775 776 4084c3-4084c7 771->776 784 4084e5-4084eb 772->784 773->766 774->770 791 4084b4-4084b8 call 40a528 775->791 792 408495-4084b2 call 40447a 775->792 781 4084e3 776->781 782 4084c9-4084cd 776->782 777->764 781->784 787 4084d9-4084de call 40435e 782->787 788 4084cf-4084d4 782->788 789 4084f1-4084f6 784->789 790 4085ba-4085bc 784->790 787->781 794 4085bd-4085dc call 404320 call 403a63 * 2 788->794 796 4084f8-4084ff call 40647d 789->796 797 40850a-408534 call 4062e7 789->797 790->794 804 4084bd-4084c1 791->804 792->804 818 4085dd-4085eb 794->818 807 408502-408504 796->807 816 408536-40853a 797->816 817 40853c-40853f 797->817 804->775 804->776 807->797 811 4085ee-4085f0 807->811 811->794 819 4085ab-4085b4 816->819 820 408541-40854e 817->820 821 408557-408571 817->821 819->789 819->790 884 40854f call 40cf82 820->884 885 40854f call 40dd29 820->885 824 4085f2-4085fb 821->824 825 408573-408588 821->825 823 408552-408555 826 408590-408594 823->826 827 408603-408626 call 404320 call 403a63 * 2 824->827 828 4085fd-4085ff 824->828 825->826 838 40858a-40858c 825->838 829 408628-40862b 826->829 830 40859a-4085a3 826->830 827->818 828->827 831 408646-408665 829->831 832 40862d-408636 829->832 830->819 834 4085a5-4085a7 830->834 842 408667-40866f 831->842 843 40867f-4086a2 call 405cd6 call 4062e7 831->843 836 408638-40863a 832->836 837 40863e-408641 832->837 834->819 836->837 837->794 838->826 845 408671 842->845 846 408676-40867a call 401d50 842->846 854 408700-40870d call 407d59 843->854 855 4086a4-4086fe call 401cb5 * 2 call 407bd5 call 401daf call 403a63 * 3 843->855 845->846 846->843 860 408711-40873c call 407bd5 call 401daf call 403a63 854->860 861 40870f 854->861 875 40873d-408746 855->875 860->875 861->860 877 408748-40874a 875->877 878 40874e-408750 875->878 877->878 878->794 884->823 885->823
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: H_prolog
              • String ID: Unknown error$X3B
              • API String ID: 3519838083-1496835351
              • Opcode ID: 47f253f86f2cbe6f5ea7b7729e7e95f0c02779c145a6591478a86d185b5344b5
              • Instruction ID: 10ffca09dccd2053a4a89f972bfe6bbc607f2b880b0d523777cfa28ffc571443
              • Opcode Fuzzy Hash: 47f253f86f2cbe6f5ea7b7729e7e95f0c02779c145a6591478a86d185b5344b5
              • Instruction Fuzzy Hash: 89D16070900219EFCF05DFA4C984ADEBB74BF48304F14846EE846BB2D1DB78AA45CB95
              Function 00405620 Relevance: 4.6, APIs: 3, Instructions: 130COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 886 405620-40564a call 413724 call 405434 891 405653-40565f GetLastError 886->891 892 40564c-40564e 886->892 894 405661-405664 891->894 895 40566a-405672 891->895 893 405794-40579c call 405414 892->893 901 40579e-4057ac 893->901 894->895 896 405792 894->896 895->896 898 405678 895->898 896->893 900 40567a-405681 898->900 900->900 902 405683-405686 900->902 902->896 903 40568c-405692 902->903 903->896 904 405698-40569c 903->904 904->896 905 4056a2-4056ae call 403a6e 904->905 905->896 908 4056b4-4056d9 call 403a6e call 401cb5 905->908 913 4056e7-4056f6 call 401cb5 908->913 914 4056db-4056e1 908->914 920 405705-405720 call 401ded call 405434 913->920 921 4056f8-405700 call 401ded 913->921 914->913 915 405789-405791 call 403a63 914->915 915->896 927 405722-405734 call 403b11 920->927 928 405777-405788 SetLastError call 403a63 920->928 921->920 927->928 933 405736-405775 call 40222b call 401daf call 403a63 * 3 call 405414 927->933 928->915 933->901
              APIs
              • __EH_prolog.LIBCMT ref: 00405625
                • Part of subcall function 00405434: FindFirstFileA.KERNEL32(?,?,000000FF), ref: 00405467
              • GetLastError.KERNEL32(?,?,00000000,?,00000001), ref: 00405653
                • Part of subcall function 00405414: FindClose.KERNELBASE(?,000000FF,00405445,000000FF), ref: 0040541F
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: Find$CloseErrorFileFirstH_prologLast
              • String ID:
              • API String ID: 364955512-0
              • Opcode ID: e39f0d4d85096f3cd882782c1d04852b930387ce9b142e76bb949cb0f7f9728b
              • Instruction ID: 04b13d9487752735ca5a27f2fc382c225ef0a6c39b2ce108fc8834fd1c85259b
              • Opcode Fuzzy Hash: e39f0d4d85096f3cd882782c1d04852b930387ce9b142e76bb949cb0f7f9728b
              • Instruction Fuzzy Hash: F0418E36900519AACF14FBA5D942AEFBB75EF14308F10403AE412772E1DB795E41DEA8
              Function 0040280E Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 384COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 946 40280e-402831 call 413724 call 402d81 951 402833-402838 946->951 952 40283d-402844 946->952 953 402cdb-402ce9 951->953 954 402846-40284c 952->954 955 40284f-40286f call 40cd84 952->955 954->955 958 402871-402873 955->958 959 402875-402890 call 40218d 955->959 960 4028b5-4028c3 call 405cd6 958->960 965 4028a0-4028a5 959->965 966 402892-40289e call 401daf 959->966 960->953 968 4028a7-4028b0 call 403a63 965->968 969 4028c8-4028ce call 401d50 965->969 973 4028d3-4028e2 call 401daf 966->973 968->960 969->973 977 4028e8-402906 973->977 978 402cbf-402cc2 973->978 982 402908-40290a 977->982 983 40290f-402913 977->983 979 402cc4-402cd9 call 403a63 call 405cd6 978->979 979->953 985 402b4b-402b6e call 405cd6 call 403a63 call 405cd6 982->985 986 402915-402918 983->986 987 40291a-40291f 983->987 985->953 989 40292e-402943 986->989 990 402921-402926 987->990 991 40292b 987->991 989->982 997 402945-402972 989->997 990->985 991->989 1002 402974-4029a3 call 405cd6 * 2 call 403a63 call 405cd6 997->1002 1003 4029a8-4029ad 997->1003 1002->953 1004 4029b7-4029d7 call 405cd6 1003->1004 1005 4029af-4029b3 1003->1005 1004->982 1015 4029dd-4029e3 1004->1015 1005->1004 1017 4029e5-4029e8 1015->1017 1018 4029fe-402a09 1015->1018 1017->990 1021 4029ee-4029fc 1017->1021 1019 402a0c-402a31 call 402172 call 40452f 1018->1019 1026 402a33-402a3a 1019->1026 1027 402a3f-402a52 call 401d16 1019->1027 1021->1019 1028 402b32 1026->1028 1033 402a54-402a57 call 404351 1027->1033 1034 402a5c-402a5f 1027->1034 1030 402b37-402b46 call 404349 call 404320 1028->1030 1030->985 1033->1034 1037 402a71-402a87 call 402635 1034->1037 1038 402a61-402a64 1034->1038 1044 402a89-402a9c call 401daf 1037->1044 1045 402acb-402ae3 call 401c9d call 405620 1037->1045 1038->1037 1041 402a66-402a6c call 4027a7 1038->1041 1041->1037 1051 402aa5-402aab call 404908 1044->1051 1052 402a9e-402aa3 call 4049af 1044->1052 1053 402ae8-402aea 1045->1053 1059 402ab0-402ac9 call 403a63 * 2 1051->1059 1052->1059 1056 402af0-402afa call 404c29 1053->1056 1057 402b73-402b76 1053->1057 1056->1057 1070 402afc-402b2e call 401d50 call 403a63 * 3 1056->1070 1062 402c6c-402cbd call 401daf call 403a63 * 3 call 404349 call 404320 call 405cd6 1057->1062 1063 402b7c-402b86 call 403a3d 1057->1063 1059->1030 1062->979 1072 402b88-402b97 1063->1072 1073 402b99 1063->1073 1070->1028 1077 402b9b-402ba3 1072->1077 1073->1077 1080 402ba5-402ba7 1077->1080 1081 402bab-402bc8 call 405ae5 1077->1081 1080->1081 1090 402c55-402c67 call 4062e7 1081->1090 1091 402bce-402be5 call 401d50 1081->1091 1090->1062 1102 402be7-402be9 1091->1102 1103 402bed-402c50 call 403a63 * 3 call 404349 call 404320 call 405cd6 call 403a63 call 405cd6 1091->1103 1102->1103 1103->953
              APIs
              • __EH_prolog.LIBCMT ref: 00402813
                • Part of subcall function 00402D81: EnterCriticalSection.KERNEL32(?,?,?,00409336), ref: 00402D86
                • Part of subcall function 00402D81: LeaveCriticalSection.KERNEL32(?,?,?,?,00409336), ref: 00402D90
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: CriticalSection$EnterH_prologLeave
              • String ID: .@
              • API String ID: 367238759-2582305824
              • Opcode ID: 3b0c262020fa8c5d66274e13d91f9b52cf44cd00a24d550689d116195309a35c
              • Instruction ID: fb4838387da9abac6519c3a0e173b295c4de01f89ec6b6ed0d4ee3fc8d60aaac
              • Opcode Fuzzy Hash: 3b0c262020fa8c5d66274e13d91f9b52cf44cd00a24d550689d116195309a35c
              • Instruction Fuzzy Hash: F3F1DF70900248DFCF14EFA5C985ADEBBB4AF54308F10807EE446B72E1DB785A85DB19
              Function 004030FC Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 134COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1125 4030fc-403128 call 413724 call 401c9d call 405620 1132 403141-403146 1125->1132 1133 40312a-40313f call 401d50 1125->1133 1134 403150 1132->1134 1135 403148-40314e 1132->1135 1139 4031a2-4031aa call 403a63 1133->1139 1137 403153-403192 call 403291 call 408d5e call 404320 1134->1137 1135->1137 1150 403194-40319d call 401d50 1137->1150 1151 4031af-4031d1 call 401d16 call 405bad call 404a3e 1137->1151 1146 403281 1139->1146 1148 403282-403290 1146->1148 1150->1139 1159 403213-403268 call 401cb5 call 402686 call 403a63 1151->1159 1160 4031d3-403211 call 4092e6 call 401daf call 403a63 * 3 1151->1160 1182 40326a call 40bff7 1159->1182 1183 40326a call 40b98f 1159->1183 1160->1148 1174 40326d-403280 call 403a63 * 2 1174->1146 1182->1174 1183->1174
              APIs
              • __EH_prolog.LIBCMT ref: 00403101
                • Part of subcall function 00405620: __EH_prolog.LIBCMT ref: 00405625
                • Part of subcall function 00404A3E: __EH_prolog.LIBCMT ref: 00404A43
                • Part of subcall function 004092E6: __EH_prolog.LIBCMT ref: 004092EB
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: H_prolog
              • String ID: Default
              • API String ID: 3519838083-753088835
              • Opcode ID: 0fc91ddac6c1b16fe72a6cc7b41e2781a7216c9bd00a9ca8bd5645336c638fb0
              • Instruction ID: 203c82e13c85383a660d5cb73dbb10af46e9aa8c77eacbcc0267a4e11568a844
              • Opcode Fuzzy Hash: 0fc91ddac6c1b16fe72a6cc7b41e2781a7216c9bd00a9ca8bd5645336c638fb0
              • Instruction Fuzzy Hash: E4514E75900209EFDB14EFA5D8819EEBBB8FF18308F00456EE556772D1DB38AA06CB14
              Function 00404A3E Relevance: 3.2, APIs: 2, Instructions: 166COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1184 404a3e-404a5f call 413724 call 401cb5 1189 404a61-404a64 1184->1189 1190 404aa8-404ab7 call 401d16 1184->1190 1192 404a68-404a6c 1189->1192 1196 404abb-404ac5 call 4049f4 1190->1196 1194 404a76-404a7a 1192->1194 1195 404a6e-404a70 1192->1195 1199 404a7f-404a81 1194->1199 1197 404a72-404a74 1195->1197 1198 404a7c 1195->1198 1206 404acb-404ad6 GetLastError 1196->1206 1207 404b9f-404ba6 call 401daf 1196->1207 1197->1192 1198->1199 1199->1190 1200 404a83-404a88 1199->1200 1200->1190 1202 404a8a-404a8d 1200->1202 1204 404a9d-404aa3 call 40240b 1202->1204 1205 404a8f-404a94 1202->1205 1204->1190 1205->1204 1209 404a96-404a98 1205->1209 1211 404b47-404b59 call 401c9d call 405620 1206->1211 1212 404ad8-404add 1206->1212 1213 404bab-404bae 1207->1213 1214 404c0e-404c14 call 403a63 1209->1214 1233 404b5e-404b60 1211->1233 1215 404c00 1212->1215 1216 404ae3-404ae6 1212->1216 1220 404bb0-404bc2 call 403a6e 1213->1220 1221 404c25-404c27 1213->1221 1236 404c15-404c24 1214->1236 1218 404c02-404c0d call 403a63 1215->1218 1223 404aea-404aee 1216->1223 1218->1214 1240 404bc4-404bca 1220->1240 1241 404bcc 1220->1241 1221->1218 1224 404af0-404af2 1223->1224 1225 404af8-404afc 1223->1225 1230 404af4-404af6 1224->1230 1231 404afe 1224->1231 1234 404b01-404b03 1225->1234 1230->1223 1231->1234 1237 404b62-404b64 1233->1237 1238 404b66-404b6e 1233->1238 1234->1215 1239 404b09 1234->1239 1242 404b72-404b8d call 403a63 * 3 1237->1242 1243 404b70 1238->1243 1244 404b92-404b9e call 403a63 1238->1244 1239->1215 1245 404b0f-404b15 1239->1245 1240->1241 1246 404bcf-404bfe call 401e6f call 4049f4 call 403a63 1240->1246 1241->1246 1242->1236 1243->1242 1244->1207 1245->1215 1248 404b1b-404b42 call 401e6f call 401daf call 403a63 1245->1248 1246->1213 1246->1215 1248->1196
              APIs
              • __EH_prolog.LIBCMT ref: 00404A43
              • GetLastError.KERNEL32(?,?,?,00000000), ref: 00404ACB
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: ErrorH_prologLast
              • String ID:
              • API String ID: 1057991267-0
              • Opcode ID: cf2054507fd1ee53753d2eae408e5b803be4a538542d8802e2091fe77905cd97
              • Instruction ID: 397979b183d08822f23b565ee303c4952bc02ec102e27be1c48eee89bea9c2ad
              • Opcode Fuzzy Hash: cf2054507fd1ee53753d2eae408e5b803be4a538542d8802e2091fe77905cd97
              • Instruction Fuzzy Hash: 1E5105719441099ACF10EBA5C942AFEBB75AF91308F11017FE602731E1DB3DAE46CB99
              Function 00408755 Relevance: 3.1, APIs: 2, Instructions: 85COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1268 408755-408778 call 413724 1271 40877a-408784 call 403a3d 1268->1271 1272 40879e-4087a1 1268->1272 1280 408791 1271->1280 1281 408786-40878f 1271->1281 1274 4087a3-4087ad call 403a3d 1272->1274 1275 4087f6-408807 call 4083ab 1272->1275 1283 4087ce 1274->1283 1284 4087af-4087cc 1274->1284 1282 40880c-408816 1275->1282 1285 408793-40879c call 4062e7 1280->1285 1281->1285 1286 408818-40881a 1282->1286 1287 40881e-408827 1282->1287 1290 4087d0-4087e6 call 4062e7 call 405a0f 1283->1290 1284->1290 1285->1275 1286->1287 1288 408829-40882b 1287->1288 1289 40882f-40883f 1287->1289 1288->1289 1297 4087f0-4087f3 1290->1297 1298 4087e8-4087ee GetLastError 1290->1298 1297->1275 1298->1282
              APIs
              • __EH_prolog.LIBCMT ref: 0040875A
              • GetLastError.KERNEL32(?,00000000,?,?,00000000,?,?,0040893F,?,?,00000000,004149B4,?,?,?,00000000), ref: 004087E8
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: ErrorH_prologLast
              • String ID:
              • API String ID: 1057991267-0
              • Opcode ID: 92c7889bff91ff3fffbde8b7c15bb877d45af5ababe25e906364ca0638d9baec
              • Instruction ID: 0128b321cd566d1ceb50e896689a501b942dab3b414a73cd3b5e456030195100
              • Opcode Fuzzy Hash: 92c7889bff91ff3fffbde8b7c15bb877d45af5ababe25e906364ca0638d9baec
              • Instruction Fuzzy Hash: EE317C719012499FCB10DF95CE849AEBBB0FF44314B24817FE496B7292CB388D40DB69
              Function 0041468E Relevance: 3.0, APIs: 2, Instructions: 45threadCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1311 41468e-4146a4 call 416ccc 1314 4146e1-4146ea call 413d6f 1311->1314 1315 4146a6-4146d7 call 4152e0 CreateThread 1311->1315 1320 4146f3 1314->1320 1321 4146ec-4146f2 call 416c47 1314->1321 1322 4146f5-4146f8 1315->1322 1323 4146d9-4146df GetLastError 1315->1323 1320->1322 1321->1320 1323->1314
              APIs
                • Part of subcall function 00416CCC: HeapAlloc.KERNEL32(00000008,?,00000000,00000000,00000001,00415318,00000001,00000074,?,?,00000000,00000001), ref: 00416DC2
              • CreateThread.KERNELBASE(00000000,00000003,004146F9,00000000,00000000,?), ref: 004146CF
              • GetLastError.KERNEL32(?,?,?,00413009,00000000,00000000,004032CA,?,00000000,00000000,?,00402FAB,?,00000000,?), ref: 004146D9
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: AllocCreateErrorHeapLastThread
              • String ID:
              • API String ID: 3580101977-0
              • Opcode ID: 0374611688ca75c4551dea276e5d424cbadff3ac534dbe24837146ca9d20d13e
              • Instruction ID: 928dc59a5e1d7113ba94efa25a55b36d47ae035f635b84aed830f8a2a3c61c12
              • Opcode Fuzzy Hash: 0374611688ca75c4551dea276e5d424cbadff3ac534dbe24837146ca9d20d13e
              • Instruction Fuzzy Hash: D6F02D362006156BCB209F66EC019DB3BA5EF81375F10402EF958C2290DF3DC8914BAC
              Function 00405892 Relevance: 3.0, APIs: 2, Instructions: 45fileCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1299 405892-4058a2 call 405905 1302 405900-405902 1299->1302 1303 4058a4-4058ad 1299->1303 1304 4058de-4058f5 CreateFileW 1303->1304 1305 4058af-4058dc call 403b85 CreateFileA call 403a63 1303->1305 1307 4058f7-4058fd 1304->1307 1305->1307 1307->1302
              APIs
                • Part of subcall function 00405905: FindCloseChangeNotification.KERNELBASE(00000000,000000FF,004058A0,?,?,00000000), ref: 00405910
              • CreateFileW.KERNELBASE(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 004058EF
                • Part of subcall function 00403B85: __EH_prolog.LIBCMT ref: 00403B8A
              • CreateFileA.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 004058CB
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: CreateFile$ChangeCloseFindH_prologNotification
              • String ID:
              • API String ID: 3273702577-0
              • Opcode ID: 34b674e9a04a5ff3e8c8923f5916708bcc46c4f31befc859c171c75614de22e6
              • Instruction ID: 7cb04d8d1853a58e30318ad4c29bda14cf4b58fee7e46fc4002fe1391b6e6e2b
              • Opcode Fuzzy Hash: 34b674e9a04a5ff3e8c8923f5916708bcc46c4f31befc859c171c75614de22e6
              • Instruction Fuzzy Hash: 4F01287240020AFFCF11AFA4DC45C9B7F6AEF08364B10853AF991661A1D73699A1EF94
              Function 00404965 Relevance: 3.0, APIs: 2, Instructions: 31COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1344 404965-404975 1345 404977-404998 call 403b85 SetFileAttributesA call 403a63 1344->1345 1346 40499a-4049a2 SetFileAttributesW 1344->1346 1348 4049a4 1345->1348 1346->1348 1350 4049a6-4049a8 1348->1350 1351 4049aa 1348->1351 1353 4049ac-4049ae 1350->1353 1351->1353
              APIs
              • SetFileAttributesW.KERNELBASE(?,00000000,?,00000003,?,00000000), ref: 0040499C
                • Part of subcall function 00403B85: __EH_prolog.LIBCMT ref: 00403B8A
              • SetFileAttributesA.KERNEL32(?,00000000,?,00000003,?,00000000), ref: 00404985
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: AttributesFile$H_prolog
              • String ID:
              • API String ID: 3790360811-0
              • Opcode ID: 5366c93646a32060bc4a1fe11ea500c12b8b92d1211a98e2b8e7846322785de3
              • Instruction ID: f078d443d6654451da1bdd33dee3a4941b810ca2709c1c0422ffd448cadfd8b3
              • Opcode Fuzzy Hash: 5366c93646a32060bc4a1fe11ea500c12b8b92d1211a98e2b8e7846322785de3
              • Instruction Fuzzy Hash: 12E0E5B19002106BCB302B749C08AD73F6CCB82314B108177E816B72D0DA388E06C6D9
              Function 004049F4 Relevance: 3.0, APIs: 2, Instructions: 31COMMON
              Download Yara Rule
              APIs
              • CreateDirectoryW.KERNELBASE(00000000,00000000,00000000,?,00000000,?,?,00405334,?,00000000,?,00000003), ref: 00404A2C
                • Part of subcall function 00403B85: __EH_prolog.LIBCMT ref: 00403B8A
              • CreateDirectoryA.KERNEL32(?,00000000,00000000,00000000,?,00000000,?,?,00405334,?,00000000,?,00000003), ref: 00404A13
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: CreateDirectory$H_prolog
              • String ID:
              • API String ID: 2325068607-0
              • Opcode ID: a1e0d02f5bfc64bfc09281de4819c2c8931d1b3daee1640bd6a36795e0d5f738
              • Instruction ID: e8b418caba4fa0c83fd0f6cce2293bab18ef6c4fa53c548cc4c0ebfda5fe1645
              • Opcode Fuzzy Hash: a1e0d02f5bfc64bfc09281de4819c2c8931d1b3daee1640bd6a36795e0d5f738
              • Instruction Fuzzy Hash: 3CE0E570B002006BDB206B64AC05B977B68CB41709F104176E902F71D0DA78DE01DA9C
              Function 004157C8 Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
              Download Yara Rule
              APIs
              • HeapCreate.KERNELBASE(00000000,00001000,00000000,00414932,00000001), ref: 004157D9
                • Part of subcall function 00415680: GetVersionExA.KERNEL32 ref: 0041569F
              • HeapDestroy.KERNEL32 ref: 00415818
                • Part of subcall function 00415825: HeapAlloc.KERNEL32(00000000,00000140,00415801,000003F8), ref: 00415832
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: Heap$AllocCreateDestroyVersion
              • String ID:
              • API String ID: 2507506473-0
              • Opcode ID: 0d18dfc85a1640e6673d81f03e6c6359104a03ea7de3319d0e450716895a192f
              • Instruction ID: ed3d0d0d9fb025b00032fbfed5580f0a7fafafb3549905f7ec75d8b7e0a93aa3
              • Opcode Fuzzy Hash: 0d18dfc85a1640e6673d81f03e6c6359104a03ea7de3319d0e450716895a192f
              • Instruction Fuzzy Hash: 6CF06530A54B01EEDF207B706C867EA2B90EB84795F60483BF401D81A0EB7884D1D659
              Function 00405970 Relevance: 3.0, APIs: 2, Instructions: 30COMMON
              Download Yara Rule
              APIs
              • SetFilePointer.KERNELBASE(?,?,?,?), ref: 0040598B
              • GetLastError.KERNEL32(?,?,?,?), ref: 00405999
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: ErrorFileLastPointer
              • String ID:
              • API String ID: 2976181284-0
              • Opcode ID: 4eb004f5f0e538f15da8fb4a4b1192dc0e26d9ca4b62000b247bbe798b79ae76
              • Instruction ID: b27308c8a3af6e3091502473baf333c9532b4c6e1f366657fcb3ad1a7c3590d9
              • Opcode Fuzzy Hash: 4eb004f5f0e538f15da8fb4a4b1192dc0e26d9ca4b62000b247bbe798b79ae76
              • Instruction Fuzzy Hash: 93F0B7B4500208EFDF04CF94D9458AE7BB5EF49364B208169F815E7390D7359E00DFA9
              Function 00404F2C Relevance: 3.0, APIs: 2, Instructions: 27COMMON
              Download Yara Rule
              APIs
              • SetCurrentDirectoryW.KERNELBASE(?,?,00000000), ref: 00404F62
                • Part of subcall function 00403B85: __EH_prolog.LIBCMT ref: 00403B8A
              • SetCurrentDirectoryA.KERNEL32(00000000,00000000,?,00000000), ref: 00404F48
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: CurrentDirectory$H_prolog
              • String ID:
              • API String ID: 3531555294-0
              • Opcode ID: 37bd0973ac103fd303293487a19168a5ccebfcf95a8c4f288a103cb7951a30b5
              • Instruction ID: 9edf083e53dd0555a3085cbe496080ff7240eda39e21aa363a26468641b3ea5b
              • Opcode Fuzzy Hash: 37bd0973ac103fd303293487a19168a5ccebfcf95a8c4f288a103cb7951a30b5
              • Instruction Fuzzy Hash: 75E02630B400093FDF112F78EC4A9AA3BB89B40309F10427AB403E20E1EF38CA48CA48
              Function 0040B98F Relevance: 2.0, APIs: 1, Instructions: 515COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: b371859bdd47b9dc3252955b0f45c47297e54a09621846059a226dfbca1782fe
              • Instruction ID: 4fbed39282daa38b1d3be95d0829f5567439209fdd6a1d56e89862dfcbe45c3a
              • Opcode Fuzzy Hash: b371859bdd47b9dc3252955b0f45c47297e54a09621846059a226dfbca1782fe
              • Instruction Fuzzy Hash: 05324B70904249DFDB10DFA8C584BDEBBB0AF58304F1441AEE845B7382DB78AE45CB99
              Function 0040EB99 Relevance: 2.0, APIs: 1, Instructions: 500COMMON
              Download Yara Rule
              APIs
              • __EH_prolog.LIBCMT ref: 0040EB9E
                • Part of subcall function 0040E770: __EH_prolog.LIBCMT ref: 0040E775
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: b61e6169d789784d882b4d94bfca9076e64146f95774f8686a2a7bcfac6d9976
              • Instruction ID: 765616d13d330a71392781af4293cea344630bd2be9376268a28767dce44cac6
              • Opcode Fuzzy Hash: b61e6169d789784d882b4d94bfca9076e64146f95774f8686a2a7bcfac6d9976
              • Instruction Fuzzy Hash: F6325C70900249DFCB24DFA5C880BEEBBB5BF55308F14847ED549B7282DB386A89CB55
              Function 0040888F Relevance: 1.9, APIs: 1, Instructions: 374COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: f8f61f009d3daf8c2db6a732b574bcd6eafb3dea196858b7c2c201f5376d76a6
              • Instruction ID: dff2ad87a4df39db6f8fa6ff6a697358cee08fb6a23258ae47e5232e80a59da3
              • Opcode Fuzzy Hash: f8f61f009d3daf8c2db6a732b574bcd6eafb3dea196858b7c2c201f5376d76a6
              • Instruction Fuzzy Hash: FFE16E70904249DFDF10DFA4C988AAEBBB4AF48314F2444AEE556F7391CB389E45CB25
              Function 0040E7F4 Relevance: 1.8, APIs: 1, Instructions: 255COMMON
              Download Yara Rule
              APIs
              • __EH_prolog.LIBCMT ref: 0040E7F9
                • Part of subcall function 0040F836: __EH_prolog.LIBCMT ref: 0040F83B
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: 03c270db0f3c4766e3f2bb44398a9ea08101d9e2fc2bf07c44f122d46ab48265
              • Instruction ID: 639e188e3e769c4c76ba7ddc7be71c767d86a570cac8f7036ff280b2304c1e48
              • Opcode Fuzzy Hash: 03c270db0f3c4766e3f2bb44398a9ea08101d9e2fc2bf07c44f122d46ab48265
              • Instruction Fuzzy Hash: 5DC13670900259DFDB14DFA5C985BDEBBB4BF14308F1480AEE945B7282CB786A48CF65
              Function 0040F449 Relevance: 1.7, APIs: 1, Instructions: 207COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: 7053a18d867c794380ddb73d5154a26bfb4cc56ca4d452b1cbce9de2fd1904e6
              • Instruction ID: 37dc011919f3b1358f9a833e213d0996983958fb9ee029613f358e4c9ba25a45
              • Opcode Fuzzy Hash: 7053a18d867c794380ddb73d5154a26bfb4cc56ca4d452b1cbce9de2fd1904e6
              • Instruction Fuzzy Hash: 3C815C70E00605ABCB24DFA5C881AEEFBB1BF48304F14453EE445B3791D739A949CB99
              Function 00408D5E Relevance: 1.7, APIs: 1, Instructions: 151COMMON
              Download Yara Rule
              APIs
              • __EH_prolog.LIBCMT ref: 00408D63
                • Part of subcall function 00408F0B: __EH_prolog.LIBCMT ref: 00408F10
                • Part of subcall function 00402635: __EH_prolog.LIBCMT ref: 0040263A
                • Part of subcall function 00403981: __EH_prolog.LIBCMT ref: 00403986
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: a7d89c665eca1327a3d631eb112decaf10f5b2416ec706b2aa5d4ac54510d8b8
              • Instruction ID: 2e5fef73c4a961ecd91826de13bda49669b7ee5ae1afd1ab178ba291f64b6413
              • Opcode Fuzzy Hash: a7d89c665eca1327a3d631eb112decaf10f5b2416ec706b2aa5d4ac54510d8b8
              • Instruction Fuzzy Hash: E5516D7190060AEFCF11DFA5C984A9EBBB4BF08314F10462EE556B72D1CB789A45CFA4
              Function 0040DB62 Relevance: 1.6, APIs: 1, Instructions: 146COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: 6102bc3ab49ae424949eee4761875b821dd30f392df23a536a372274e60046df
              • Instruction ID: 67e57bbcfb5e62c28ba97e2c762051c7e2fb602a8ee489b014dcb5d1e96c76cd
              • Opcode Fuzzy Hash: 6102bc3ab49ae424949eee4761875b821dd30f392df23a536a372274e60046df
              • Instruction Fuzzy Hash: DA419EB1E042059BEB14DF99C985ABEB7B5FF48304F14453EE402B7381D7B8A945CBA8
              Function 0040CD84 Relevance: 1.6, APIs: 1, Instructions: 143COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: 305c79b04e93cb02db0d94eb430663c97d837b050eba01e1428f85ec3b32050d
              • Instruction ID: 716710645470f9cf712b82a1641bf3e3a23618a4fc30be00c3c641d866b01c52
              • Opcode Fuzzy Hash: 305c79b04e93cb02db0d94eb430663c97d837b050eba01e1428f85ec3b32050d
              • Instruction Fuzzy Hash: 3151C531804146DFCB15CB68C4D4AEE7771EF48348F14827BE8167B2D2D6399A06DBEA
              Function 00401B11 Relevance: 1.6, APIs: 1, Instructions: 132COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: 4a7b8dc75b00dab3078b6f2c0b685c16519ae0cc3006f02a661cb725d39e4b70
              • Instruction ID: dc66995ee082b2e59fd72de07b50a9d1ecefa8465c91578acc64d6d85ae5b981
              • Opcode Fuzzy Hash: 4a7b8dc75b00dab3078b6f2c0b685c16519ae0cc3006f02a661cb725d39e4b70
              • Instruction Fuzzy Hash: 7A51D071C042499FDF21DFA4C940BEEBBB4AF05394F14416AE851732E2E7789A41CB68
              Function 00402EFE Relevance: 1.6, APIs: 1, Instructions: 116COMMON
              Download Yara Rule
              APIs
              • __EH_prolog.LIBCMT ref: 00402F03
                • Part of subcall function 0040335F: __EH_prolog.LIBCMT ref: 00403364
                • Part of subcall function 004034CC: __EH_prolog.LIBCMT ref: 004034D1
                • Part of subcall function 00403086: __EH_prolog.LIBCMT ref: 0040308B
                • Part of subcall function 00403086: ShowWindow.USER32(004149B4,00000001,000001F4,00000000,?,?,00000000,00000003,00000000,00000000), ref: 004030E4
                • Part of subcall function 00412FB0: CloseHandle.KERNEL32(00000000,00000000,0040301E,?,?,00000000,00000003,?,00000000,?,?,00000003,00000000,00000000), ref: 00412FBA
                • Part of subcall function 00412FB0: GetLastError.KERNEL32(?,00000003,00000000,00000000), ref: 00412FC4
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: H_prolog$CloseErrorHandleLastShowWindow
              • String ID:
              • API String ID: 2740091781-0
              • Opcode ID: 2891590d06e03bd7b47f4713cace147921840869fa1a592da2049970ab10a62c
              • Instruction ID: 576321bfec054c9ee934bf83a6d4a944d332aa9064831fab6676e01313dc7821
              • Opcode Fuzzy Hash: 2891590d06e03bd7b47f4713cace147921840869fa1a592da2049970ab10a62c
              • Instruction Fuzzy Hash: FF419C71900248DBCB11EFA5C991AEDBBB4AF04304F1080BFE90AB72D2DA785B45CB59
              Function 0040C557 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: 039900a8d840d8f65cf18cf377fd5bff5d9e595a8fad608146d0eb9be483e555
              • Instruction ID: 41554ca9dc53ee1e5d6d797d633c48513fe02739bc2a4d97afccdd4c6a3ff44e
              • Opcode Fuzzy Hash: 039900a8d840d8f65cf18cf377fd5bff5d9e595a8fad608146d0eb9be483e555
              • Instruction Fuzzy Hash: 89416C71A00645DFCB24CF68C48486ABBF1FF48314B244AAED096AB791C731ED46CF91
              Function 0040CF82 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
              Download Yara Rule
              APIs
              • __EH_prolog.LIBCMT ref: 0040CF87
                • Part of subcall function 0040F6E0: __EH_prolog.LIBCMT ref: 0040F6E5
                • Part of subcall function 0040D0A6: __EH_prolog.LIBCMT ref: 0040D0AB
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: 247e6e783af1532b670e604df5ee4666ee67329ca8b2db34e45a1f618534d241
              • Instruction ID: 59bb91874275df73172cd70bf395014d1b371f9bee4586dc4e729df687399cc5
              • Opcode Fuzzy Hash: 247e6e783af1532b670e604df5ee4666ee67329ca8b2db34e45a1f618534d241
              • Instruction Fuzzy Hash: 87319630D01248DFCB11DFA9C548BEDBBB5AF15308F14406EE8457B381C7789A49DB66
              Function 004061BF Relevance: 1.6, APIs: 1, Instructions: 83COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: 04bfb4e6687a3d80e002f7d17c42c29bcd668ab7ffb01b2ce04c518ed3074d59
              • Instruction ID: a24cbab5944e5cd80d4d0b45cab95027a2511e7323fd1c0fe5e5f9bfcab47c11
              • Opcode Fuzzy Hash: 04bfb4e6687a3d80e002f7d17c42c29bcd668ab7ffb01b2ce04c518ed3074d59
              • Instruction Fuzzy Hash: 97218F71A05246DBCB24FFA5C44046FB7A1AB4130472285BFE053772C1C738AE61CB6A
              Function 00413C73 Relevance: 1.6, APIs: 1, Instructions: 80memoryCOMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • RtlAllocateHeap.NTDLL(00000000,-0000000F,00000000,?,00000000,00000000,00000000), ref: 00413D5A
                • Part of subcall function 004154DA: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,00416D82,00000009,00000000,00000000,00000001,00415318,00000001,00000074,?,?,00000000,00000001), ref: 00415517
                • Part of subcall function 004154DA: EnterCriticalSection.KERNEL32(?,?,?,00416D82,00000009,00000000,00000000,00000001,00415318,00000001,00000074,?,?,00000000,00000001), ref: 00415532
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: CriticalSection$AllocateEnterHeapInitialize
              • String ID:
              • API String ID: 1616793339-0
              • Opcode ID: cdeed90e400f99c9328ec8b59033d7a90e074e0a5ab5361bfbc3574a04fde8a1
              • Instruction ID: 026ee179866774db734838c78619ddc809868a86b22b68076f663e2312d1f49b
              • Opcode Fuzzy Hash: cdeed90e400f99c9328ec8b59033d7a90e074e0a5ab5361bfbc3574a04fde8a1
              • Instruction Fuzzy Hash: D4219772A00605EBDB10DF69EC42BDA7764FB00765F20411BF421EB6D0D77CAAC28A9C
              Function 00413D6F Relevance: 1.6, APIs: 1, Instructions: 75memoryCOMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • RtlFreeHeap.NTDLL(00000000,00000000,00000000,?,00000000,?,00416D82,00000009,00000000,00000000,00000001,00415318,00000001,00000074), ref: 00413E43
                • Part of subcall function 004154DA: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,00416D82,00000009,00000000,00000000,00000001,00415318,00000001,00000074,?,?,00000000,00000001), ref: 00415517
                • Part of subcall function 004154DA: EnterCriticalSection.KERNEL32(?,?,?,00416D82,00000009,00000000,00000000,00000001,00415318,00000001,00000074,?,?,00000000,00000001), ref: 00415532
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: CriticalSection$EnterFreeHeapInitialize
              • String ID:
              • API String ID: 641406236-0
              • Opcode ID: 841176424f551508ca039d1f5d574a0052902f767b8dc575c65ddda1a9f22b4e
              • Instruction ID: 5a14261a50f2f4ae8fe925cd7ff68077a924e970bbdc1eb83d0c2eed9fb11c58
              • Opcode Fuzzy Hash: 841176424f551508ca039d1f5d574a0052902f767b8dc575c65ddda1a9f22b4e
              • Instruction Fuzzy Hash: 2421C272901705FADB10AF96DC02BDE7BB8EB04725F24012BF414B21C0D77C9AC08AA9
              Function 004052CF Relevance: 1.6, APIs: 1, Instructions: 58COMMON
              Download Yara Rule
              APIs
              • __EH_prolog.LIBCMT ref: 004052D4
                • Part of subcall function 004050EE: __EH_prolog.LIBCMT ref: 004050F3
                • Part of subcall function 004050EE: GetTempPathA.KERNEL32(00000105,?,00000000,?,00000000), ref: 00405127
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: H_prolog$PathTemp
              • String ID:
              • API String ID: 3652545363-0
              • Opcode ID: 1ef5fa40e20091595c8a07c7add8e04f0ea87ba7b14c6b9ab7bd2a47fc7370d7
              • Instruction ID: 884fa5787797a708672a5e156f09df22a5f972d3b51e26f7068c24b8b673b68a
              • Opcode Fuzzy Hash: 1ef5fa40e20091595c8a07c7add8e04f0ea87ba7b14c6b9ab7bd2a47fc7370d7
              • Instruction Fuzzy Hash: 5211A3759401059ACF00EFA5C552AEFBBB8EF95348F14402FE841732D1C7B90A49DE54
              Function 00409DFC Relevance: 1.6, APIs: 1, Instructions: 51COMMON
              Download Yara Rule
              APIs
              • __EH_prolog.LIBCMT ref: 00409E01
                • Part of subcall function 004099F1: __EH_prolog.LIBCMT ref: 004099F6
                • Part of subcall function 00409A39: __EH_prolog.LIBCMT ref: 00409A3E
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: e2be988a2ed4eac1d18d94ffb3dcbee280352d40f72ce7d9b7b55f505c73744e
              • Instruction ID: 728224cdcdeea9a50de84ff331f734dd83e0a6071a74e90d77f9a4778d081c57
              • Opcode Fuzzy Hash: e2be988a2ed4eac1d18d94ffb3dcbee280352d40f72ce7d9b7b55f505c73744e
              • Instruction Fuzzy Hash: 931182B0A01254DADB09EBAAC1153DDFBF59FA1318F54415F9552732C2CBF82B0487A6
              Function 00409070 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
              Download Yara Rule
              APIs
              • __EH_prolog.LIBCMT ref: 00409075
                • Part of subcall function 00402635: __EH_prolog.LIBCMT ref: 0040263A
                • Part of subcall function 00405620: __EH_prolog.LIBCMT ref: 00405625
                • Part of subcall function 00413B0D: RaiseException.KERNEL32(00000003,00000000,00000003,?,00000003,?,00000003,00000000,00000000,00401055,00000003,?,00000000), ref: 00413B3B
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: H_prolog$ExceptionRaise
              • String ID:
              • API String ID: 2062786585-0
              • Opcode ID: 17dae63e629c91cb1e915b62325b494edd8ae92648c1e9e6482c4593510b450f
              • Instruction ID: c87fc69b1ce411278b5c4cd36917e57d7785db396d8ca4da128de4c157d2198f
              • Opcode Fuzzy Hash: 17dae63e629c91cb1e915b62325b494edd8ae92648c1e9e6482c4593510b450f
              • Instruction Fuzzy Hash: 1601D2B5A402049ECB10EF26C451ADEBBB1FF84314F10852FE896A32E1CB796649CB54
              Function 004027A7 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
              Download Yara Rule
              APIs
              • __EH_prolog.LIBCMT ref: 004027AC
                • Part of subcall function 004049F4: CreateDirectoryA.KERNEL32(?,00000000,00000000,00000000,?,00000000,?,?,00405334,?,00000000,?,00000003), ref: 00404A13
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: CreateDirectoryH_prolog
              • String ID:
              • API String ID: 3554458247-0
              • Opcode ID: 1d6ed87279fcce4dfaa36ce39d8da3d177537eb6a1ece7d61f11b0fb4062048b
              • Instruction ID: aa96bd448e9fa33173a2259148c0e22656dcd3e9b7c7d25cba760d9f6e75f00f
              • Opcode Fuzzy Hash: 1d6ed87279fcce4dfaa36ce39d8da3d177537eb6a1ece7d61f11b0fb4062048b
              • Instruction Fuzzy Hash: 55F03C729005069BCB05EB5AC8429EEBBB5EF94308F10403FE152775E2DA786986DB94
              Function 00406297 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
              Download Yara Rule
              APIs
              • __EH_prolog.LIBCMT ref: 0040629C
                • Part of subcall function 004061BF: __EH_prolog.LIBCMT ref: 004061C4
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: 6c2e6a82ad44a3596cf000a5615c5b739901b0aaac1cec813de11ba17f646bcd
              • Instruction ID: d002f29cd99a7d9c36b9a014c837f136803fcb54798139eb5382dd41199f51d8
              • Opcode Fuzzy Hash: 6c2e6a82ad44a3596cf000a5615c5b739901b0aaac1cec813de11ba17f646bcd
              • Instruction Fuzzy Hash: 2BF03A72A00218EFDB15DF94CC01BEEB779FB48315F10816AB422E72D0C7798A10CB14
              Function 0040C96C Relevance: 1.5, APIs: 1, Instructions: 29COMMON
              Download Yara Rule
              APIs
              • __EH_prolog.LIBCMT ref: 0040C971
                • Part of subcall function 0040C9E3: __EH_prolog.LIBCMT ref: 0040C9E8
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: 97d13476a1578dbbb8b7321e23e8bd518515a52fd3c7649a69e8943f484a5e8b
              • Instruction ID: 180fbe891bab88941c19a906eef3a01802dada044b7360aafa1ebd8752043cfb
              • Opcode Fuzzy Hash: 97d13476a1578dbbb8b7321e23e8bd518515a52fd3c7649a69e8943f484a5e8b
              • Instruction Fuzzy Hash: 66F0FCB0911640DEC719EB74D1153DDFBB4AF55308F50419E9956736C2CFB81708C765
              Function 00405BFB Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
              Download Yara Rule
              APIs
              • SysAllocString.OLEAUT32(?), ref: 00405C13
                • Part of subcall function 00413B0D: RaiseException.KERNEL32(00000003,00000000,00000003,?,00000003,?,00000003,00000000,00000000,00401055,00000003,?,00000000), ref: 00413B3B
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: AllocExceptionRaiseString
              • String ID:
              • API String ID: 1415472724-0
              • Opcode ID: 585828f0663470c28d012fa7c31560623ec32af21cf032640c5ea50ac41654d0
              • Instruction ID: bf266c775eafc0cd132ea201270a7534faa964ceb55315cc87c56e89072e7831
              • Opcode Fuzzy Hash: 585828f0663470c28d012fa7c31560623ec32af21cf032640c5ea50ac41654d0
              • Instruction Fuzzy Hash: B7E06D32200708A7CB20AF65D84198B7BE8FF00385B10C43FF949DA240E779E9808BD8
              Function 00405800 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
              Download Yara Rule
              APIs
              • __EH_prolog.LIBCMT ref: 00405805
                • Part of subcall function 00405620: __EH_prolog.LIBCMT ref: 00405625
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: d031f65d966fd76414b5e485b8cf5b0e5999cd66b44c505832369a9b765ef076
              • Instruction ID: a0f610f1b5e032532ed1cec3649959bf66a41b4e8af70f58d5593db508bcf515
              • Opcode Fuzzy Hash: d031f65d966fd76414b5e485b8cf5b0e5999cd66b44c505832369a9b765ef076
              • Instruction Fuzzy Hash: 46E04FB3D410049ACB05EB65E9527EDB378EF61319F50407FE412735D18B381F09CA58
              Function 00405B29 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
              Download Yara Rule
              APIs
              • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00405B4C
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: FileWrite
              • String ID:
              • API String ID: 3934441357-0
              • Opcode ID: f685ec6030a7cae57bc9182c2f64f11e19c4f82e6ad9756b6e5eb0af141a467c
              • Instruction ID: fda623b9c22c7fd134ddab0a411968f0e63156441233f4ee367e8c40c556ab77
              • Opcode Fuzzy Hash: f685ec6030a7cae57bc9182c2f64f11e19c4f82e6ad9756b6e5eb0af141a467c
              • Instruction Fuzzy Hash: 17E0E575640208FBCB11CFA5C801B8E7BF9EB08354F20C169F914AA260D739EA11DF54
              Function 0040C931 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
              Download Yara Rule
              APIs
              • __EH_prolog.LIBCMT ref: 0040C936
                • Part of subcall function 0040C96C: __EH_prolog.LIBCMT ref: 0040C971
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: 2f93a48584fc243b76bceec8380402125645ced17a7c1bf7a60211c0ce45116c
              • Instruction ID: 8adf79bcf0a25fb823e60414124b99f072840e3085735b9c49c9779a3d641231
              • Opcode Fuzzy Hash: 2f93a48584fc243b76bceec8380402125645ced17a7c1bf7a60211c0ce45116c
              • Instruction Fuzzy Hash: 6EE01A71811620EBC724EF58C4456DEB7B4EF08725F00875EA4E6B36D1C7B8AE40CB94
              Function 004147B4 Relevance: 1.5, APIs: 1, Instructions: 20threadCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: ExitThread
              • String ID:
              • API String ID: 2158977761-0
              • Opcode ID: 6c939c18724e7789034020813005a1b29b75e21fb5f5d6c1b381c2503cc8d902
              • Instruction ID: 835638d51d7e690d80ddf8f11569568d1c7a5f433119f1d0283a2071334468ba
              • Opcode Fuzzy Hash: 6c939c18724e7789034020813005a1b29b75e21fb5f5d6c1b381c2503cc8d902
              • Instruction Fuzzy Hash: CDE08C32900925AADB223BA1DC06AEE3620AF81394F00002BF8146A5A0DBA88CD186D9
              Function 0040F6E0 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
              Download Yara Rule
              APIs
              • __EH_prolog.LIBCMT ref: 0040F6E5
                • Part of subcall function 0040F449: __EH_prolog.LIBCMT ref: 0040F44E
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: 0c00a6b9b995e6d122d0d1e5645fdc19a4d57d2469026a55dc4bfd6035115874
              • Instruction ID: 32d4a89d334c2aba7f1f5d27adfa0c04a02a885b7174eb98eed18e47b0b867f7
              • Opcode Fuzzy Hash: 0c00a6b9b995e6d122d0d1e5645fdc19a4d57d2469026a55dc4bfd6035115874
              • Instruction Fuzzy Hash: 1DD012B2515104FBD7109F45D842BDEBBB8EB51369F10813BF00171540D37D5644966A
              Function 00405A1D Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
              Download Yara Rule
              APIs
              • ReadFile.KERNELBASE(000000FF,00000000,?,?,00000000,000000FF,?,00405A68,00000000,?,00000000,?,00405A8E,00000000,?,00000000), ref: 00405A33
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: FileRead
              • String ID:
              • API String ID: 2738559852-0
              • Opcode ID: 7899785fd51540d5028ce756fcdedcbfaef9db2fe3ec3db1f53401f618f66a8a
              • Instruction ID: 33e006b7c7266c94de2827aaddd493f3c8d551b448fa911b85e4ce9a1db514e9
              • Opcode Fuzzy Hash: 7899785fd51540d5028ce756fcdedcbfaef9db2fe3ec3db1f53401f618f66a8a
              • Instruction Fuzzy Hash: A4E0EC75200208FBCB01CF91CC05FCE7BB9FB49754F208058E90596160C375AA14EB54
              Function 004147BF Relevance: 1.5, APIs: 1, Instructions: 17threadCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: ExitThread
              • String ID:
              • API String ID: 2158977761-0
              • Opcode ID: 24773d02a99502e401f88b35345ffc50176b794b148236fecf9e645f2ac90187
              • Instruction ID: b4e95b568d212fcbc8e7df7edbfd3446e029e3f46d4ca6baaecf21535c38ed65
              • Opcode Fuzzy Hash: 24773d02a99502e401f88b35345ffc50176b794b148236fecf9e645f2ac90187
              • Instruction Fuzzy Hash: 2AD0A732600E25AAD6223771DC467EF2244AF81795B04012BF818895A0DFA8CDC145DD
              Function 00405414 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
              Download Yara Rule
              APIs
              • FindClose.KERNELBASE(?,000000FF,00405445,000000FF), ref: 0040541F
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: CloseFind
              • String ID:
              • API String ID: 1863332320-0
              • Opcode ID: f0ce2bef5821c107b9489e8e4dd061de71a9af92eaf728c2451e2811c290832d
              • Instruction ID: ad963fc5273d8b9d86916b47fb17bcd605870b12c06d71a74b716dd917e87850
              • Opcode Fuzzy Hash: f0ce2bef5821c107b9489e8e4dd061de71a9af92eaf728c2451e2811c290832d
              • Instruction Fuzzy Hash: D4D0123151453157CA641E7C7848AD333D99A1637537157AAF4B4D32E0D3749CC34A98
              Function 00405905 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
              Download Yara Rule
              APIs
              • FindCloseChangeNotification.KERNELBASE(00000000,000000FF,004058A0,?,?,00000000), ref: 00405910
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: ChangeCloseFindNotification
              • String ID:
              • API String ID: 2591292051-0
              • Opcode ID: 9cbe10086181c6cf337a739c26a2519d1510d6718cc7d35307e3d92904545fb4
              • Instruction ID: c924a9121967eb2c43d42ee71539138ee39fbcc7c8c6d5ba34c486a20a6e0004
              • Opcode Fuzzy Hash: 9cbe10086181c6cf337a739c26a2519d1510d6718cc7d35307e3d92904545fb4
              • Instruction Fuzzy Hash: 93D0127151456197CE742E7C78445C337D8DA463303311B6BF4B0D32E0D3748D835A98
              Function 00405AFC Relevance: 1.5, APIs: 1, Instructions: 9timeCOMMON
              Download Yara Rule
              APIs
              • SetFileTime.KERNELBASE(?,?,?,?,00405B26,00000000,00000000,?,00402E13,?), ref: 00405B0A
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: FileTime
              • String ID:
              • API String ID: 1425588814-0
              • Opcode ID: 2b6a10e293fa4a8bd52839064a41e39e160aca85d3804aec240939be71bd967c
              • Instruction ID: 4beff7ba357006865f39a04876becaa9faf69e640e246345c6c1d8862761ec95
              • Opcode Fuzzy Hash: 2b6a10e293fa4a8bd52839064a41e39e160aca85d3804aec240939be71bd967c
              • Instruction Fuzzy Hash: 29C04C36159106FF8F120F70CC04D1ABFA2EF99311F10C958B165C5070C7328024EB52
              Function 00406F81 Relevance: 1.3, APIs: 1, Instructions: 31COMMON
              Download Yara Rule
              APIs
              • LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 00406FB2
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: CriticalLeaveSection
              • String ID:
              • API String ID: 3988221542-0
              • Opcode ID: f2ff9836336f67d9ff12deaf62cc92e2eac5b33916cf9d308384194b51d8e0a8
              • Instruction ID: f67714d9ecc1d8948c13ee62ab2841b601ff43f092b08abc37504173b9cf6405
              • Opcode Fuzzy Hash: f2ff9836336f67d9ff12deaf62cc92e2eac5b33916cf9d308384194b51d8e0a8
              • Instruction Fuzzy Hash: B7F0BE32A001459FCF119FA0D80898ABF65EF55314B0184ABF9169B251C338C820DF60
              Function 00412FF0 Relevance: 1.3, APIs: 1, Instructions: 23COMMON
              Download Yara Rule
              APIs
                • Part of subcall function 0041468E: CreateThread.KERNELBASE(00000000,00000003,004146F9,00000000,00000000,?), ref: 004146CF
                • Part of subcall function 0041468E: GetLastError.KERNEL32(?,?,?,00413009,00000000,00000000,004032CA,?,00000000,00000000,?,00402FAB,?,00000000,?), ref: 004146D9
              • GetLastError.KERNEL32(?,?,00000003,00000000,00000000), ref: 00413018
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: ErrorLast$CreateThread
              • String ID:
              • API String ID: 665435222-0
              • Opcode ID: fdfffcc17890bcc66e85f81167f5a4f4e376ab203a2f001e3d39f9f51099ce04
              • Instruction ID: 8241f09584fde1b7b47d6c8a5a56a0c389c2bf5d01a37efb599b640c9bda9e89
              • Opcode Fuzzy Hash: fdfffcc17890bcc66e85f81167f5a4f4e376ab203a2f001e3d39f9f51099ce04
              • Instruction Fuzzy Hash: 4EE086B22042126AE310DF509C05FE76ADCDB94B05F00443EB944C6184EB64CA40C3A9
              Function 00410F40 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON
              Download Yara Rule
              APIs
              • VirtualAlloc.KERNELBASE(00000000,00020000,00001000,00000004,004103C8), ref: 00410F51
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: AllocVirtual
              • String ID:
              • API String ID: 4275171209-0
              • Opcode ID: 91e70fcb83806e64083a323eb2e3944731c0f93bc5a264736d7e7e867113384b
              • Instruction ID: 07720a170ef6d50c918e2da5ca2fe5f7ddfb2e687cae5d42b3df39ad5892c3a5
              • Opcode Fuzzy Hash: 91e70fcb83806e64083a323eb2e3944731c0f93bc5a264736d7e7e867113384b
              • Instruction Fuzzy Hash: DDB012B039138075FF7843208C1FFE71200A340B87F0080A8BB05D81C4E7D064C0501C
              Function 00410F60 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
              Download Yara Rule
              APIs
              • VirtualFree.KERNELBASE(?,00000000,00008000,0040664A,?,00406624), ref: 00410F6C
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: FreeVirtual
              • String ID:
              • API String ID: 1263568516-0
              • Opcode ID: 1327e01bd96d07ee7a5a75ed87afd8ac78764046635013dfe708143c48cadece
              • Instruction ID: a132bef15ba7b425f1065e5a097c2bb543b957559febc4b94616fea76008790a
              • Opcode Fuzzy Hash: 1327e01bd96d07ee7a5a75ed87afd8ac78764046635013dfe708143c48cadece
              • Instruction Fuzzy Hash: 3BB0123424120031ED7807200C1AB5711005701701F10C1183102642C087D4B440450C

              Non-executed Functions

              Function 004180F0 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • LoadLibraryA.KERNEL32(user32.dll,?,00000000,00000000,0041772A,?,Microsoft Visual C++ Runtime Library,00012010,?,0041BD34,?,0041BD84,?,?,?,Runtime Error!Program: ), ref: 00418102
              • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 0041811A
              • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 0041812B
              • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 00418138
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: AddressProc$LibraryLoad
              • String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
              • API String ID: 2238633743-4044615076
              • Opcode ID: 595171f737e70550edc5abd38f068ead7bf618b78638dd3ba3c6e0fb0d2712e4
              • Instruction ID: 415fa372477fd235fe75ca2ef0ffa9dc0df8c28a9075a0eab2fce08d3bc4b09a
              • Opcode Fuzzy Hash: 595171f737e70550edc5abd38f068ead7bf618b78638dd3ba3c6e0fb0d2712e4
              • Instruction Fuzzy Hash: F5012572700241BF87219FB5AD849DBBAE9EB49751354443FB504C2220DB7CC9C39B69
              Function 0040E38E Relevance: 1.7, APIs: 1, Instructions: 246COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: 4fe2dfd3f2f90912c626976c162dcca217cb89ebb322f82910bc95d0de1bfbd8
              • Instruction ID: 6f1b27b05ce828494dcdc0ca2a3df983f9883c238a6bb878f092976797e95433
              • Opcode Fuzzy Hash: 4fe2dfd3f2f90912c626976c162dcca217cb89ebb322f82910bc95d0de1bfbd8
              • Instruction Fuzzy Hash: 68A1EB70E002099BCB18DF96C8919AEB7B2FF94318F14883FE915A7391D738AD52CB55
              Function 0041561A Relevance: 1.5, APIs: 1, Instructions: 4COMMON
              Download Yara Rule
              APIs
              • SetUnhandledExceptionFilter.KERNEL32(Function_000155D4), ref: 0041561F
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: ExceptionFilterUnhandled
              • String ID:
              • API String ID: 3192549508-0
              • Opcode ID: c73d5215fbd9f9fa44ce3c8db65af6300706d886bcb472667e49ab47f89b2735
              • Instruction ID: 5929198a1c1d143ebb6d47ac1dc9c369120d6613942f0ebcbf50c4dd8c3cbf29
              • Opcode Fuzzy Hash: c73d5215fbd9f9fa44ce3c8db65af6300706d886bcb472667e49ab47f89b2735
              • Instruction Fuzzy Hash: 57A001B5A41605DA8A209F60A8095C5BE62A689B42B608166A811E5268DFB812419A69
              Function 0041562C Relevance: 1.5, APIs: 1, Instructions: 3COMMON
              Download Yara Rule
              APIs
              • SetUnhandledExceptionFilter.KERNEL32 ref: 00415631
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: ExceptionFilterUnhandled
              • String ID:
              • API String ID: 3192549508-0
              • Opcode ID: 80fdf592cfe35f6ca0a49e156fc06359dfcc477da488757324292bdf2a3d88f1
              • Instruction ID: 3aa75b883a8314cf8793ebdd48d7cbf343a2d53b1036c531b3b3a2656884bc9f
              • Opcode Fuzzy Hash: 80fdf592cfe35f6ca0a49e156fc06359dfcc477da488757324292bdf2a3d88f1
              • Instruction Fuzzy Hash:
              Function 00412480 Relevance: .5, Instructions: 481COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 27156ca4970ad7a14cafdd4d0f561c0251ce2efe8b7cb58f4bb8e0a1a151ff8a
              • Instruction ID: f7c307c9948f0502eef9bcc932476d7ce99f20ff48e31f419bd1d6f291c9dace
              • Opcode Fuzzy Hash: 27156ca4970ad7a14cafdd4d0f561c0251ce2efe8b7cb58f4bb8e0a1a151ff8a
              • Instruction Fuzzy Hash: BD023A72A042114BC71DCE18C6902B9BBE2FBD5350F110A3FE496D7A84D7B8D8E5CB99
              Function 00416076 Relevance: .3, Instructions: 259COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fc60ecf50bd115ca0c6ea2745a91e2bccda0b72c85d336beea95e2ba67d1c3a9
              • Instruction ID: 6f6e9ae2f3605818a2c8e7767e34e4a9399a597c595f09bc79f2493b2d2310b3
              • Opcode Fuzzy Hash: fc60ecf50bd115ca0c6ea2745a91e2bccda0b72c85d336beea95e2ba67d1c3a9
              • Instruction Fuzzy Hash: 3EB17C7590120ADFDB15CF04C5D0AE9BBA1FF58318F25C1AEC85A4B382C735EA86CB94
              Function 004039C8 Relevance: .1, Instructions: 82COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8b1b8b3e4e9aa519cc0883e8f2e9399227ae21cf5f78173f93e12a8e0ced7762
              • Instruction ID: 7f21fa5966f3e8744179bfb474c2758024c7c669c00a9d4920a80f5d7b425c19
              • Opcode Fuzzy Hash: 8b1b8b3e4e9aa519cc0883e8f2e9399227ae21cf5f78173f93e12a8e0ced7762
              • Instruction Fuzzy Hash: D621427E370D0607A71C8B6AAD336B921D1E38430A7C8A03DE64BC53C1EE6DD595C60D
              Function 00418CC1 Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a91e830b051fd3563903b3b4c558af91fd9d6843125d3e1887e1db665648e344
              • Instruction ID: 99a347de7b16eca0cbeab8721e5afb4e5ad46217b84f2e64c48f172e38bf97ef
              • Opcode Fuzzy Hash: a91e830b051fd3563903b3b4c558af91fd9d6843125d3e1887e1db665648e344
              • Instruction Fuzzy Hash: 2B21C83290062547C702DE6DF4845A7F391FBD4369F134727ED8467291C629A854D6E0
              Function 00418D9B Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d88b4545622fc2f48369f3988b55fed1d0241348448e0d26e09a3dd7181b3030
              • Instruction ID: 71e75c779d64757812c6fa0593de5e91038406040dd0a6985e9d44633d38c26d
              • Opcode Fuzzy Hash: d88b4545622fc2f48369f3988b55fed1d0241348448e0d26e09a3dd7181b3030
              • Instruction Fuzzy Hash: BC2137725105258BC701DF2DF4886B7B3E1FFD4319F638A3BD8818B1C1CA29D881D694
              Function 004185ED Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 177COMMON
              Download Yara Rule
              APIs
              • LCMapStringW.KERNEL32(00000000,00000100,0041BE00,00000001,00000000,00000000,74DEE860,004256E4,?,?,?,0041848E,?,?,?,00000000), ref: 0041862F
              • LCMapStringA.KERNEL32(00000000,00000100,0041BDFC,00000001,00000000,00000000,?,?,0041848E,?,?,?,00000000,00000001), ref: 0041864B
              • LCMapStringA.KERNEL32(?,?,?,0041848E,?,?,74DEE860,004256E4,?,?,?,0041848E,?,?,?,00000000), ref: 00418694
              • MultiByteToWideChar.KERNEL32(?,VB,?,0041848E,00000000,00000000,74DEE860,004256E4,?,?,?,0041848E,?,?,?,00000000), ref: 004186CC
              • MultiByteToWideChar.KERNEL32(00000000,00000001,?,0041848E,?,00000000,?,?,0041848E,?), ref: 00418724
              • LCMapStringW.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,?,0041848E,?), ref: 0041873A
              • LCMapStringW.KERNEL32(?,?,?,00000000,?,?,?,?,0041848E,?), ref: 0041876D
              • LCMapStringW.KERNEL32(?,?,?,?,?,00000000,?,?,0041848E,?), ref: 004187D5
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: String$ByteCharMultiWide
              • String ID: VB
              • API String ID: 352835431-2416070386
              • Opcode ID: 003663a998c404720e509784b904756e9dc21287fecc91c3ae78f0538cf30181
              • Instruction ID: 75fdc42d4ca3b2d5695a32d80f34dcfea13c9c9e1b2be43f5f9a41df7731755a
              • Opcode Fuzzy Hash: 003663a998c404720e509784b904756e9dc21287fecc91c3ae78f0538cf30181
              • Instruction Fuzzy Hash: A6515F31900609EFCF218F65CC45EEF7FB5FB48754F20412AF925A12A0D7398991DBA9
              Function 004172DF Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 132COMMON
              Download Yara Rule
              APIs
              • GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,0041496A), ref: 004172FA
              • GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,0041496A), ref: 0041730E
              • GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,0041496A), ref: 0041733A
              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,0041496A), ref: 00417372
              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,0041496A), ref: 00417394
              • FreeEnvironmentStringsW.KERNEL32(00000000,?,00000000,?,?,?,?,0041496A), ref: 004173AD
              • GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,0041496A), ref: 004173C0
              • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 004173FE
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: EnvironmentStrings$ByteCharFreeMultiWide
              • String ID: jIA
              • API String ID: 1823725401-2590053038
              • Opcode ID: dcd9eacb03994a91aa73d6441958e3731b9086dbddb026e1bfa459d91ea586b1
              • Instruction ID: 8edd1d2af646b02ed721f394ba4169bf36ee68eca66066dd640126c456dfff16
              • Opcode Fuzzy Hash: dcd9eacb03994a91aa73d6441958e3731b9086dbddb026e1bfa459d91ea586b1
              • Instruction Fuzzy Hash: 7631D47250C219AFD7317F689C888FB7ABCE649354715053BFD66C3201E6288CC1E2AD
              Function 00417606 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 100fileCOMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?), ref: 00417673
              • GetStdHandle.KERNEL32(000000F4,0041BD34,00000000,00000000,00000000,?), ref: 00417749
              • WriteFile.KERNEL32(00000000), ref: 00417750
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: File$HandleModuleNameWrite
              • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program: $x*B
              • API String ID: 3784150691-2083536112
              • Opcode ID: 9f3ee68eedca8c04870b7c4ba6519361572a149120d3a6d5458ca0bba870cf42
              • Instruction ID: d3223577c50248063a34d8f4d7298abe086d5d3d0ee639c6b3bd3f24b9ad2996
              • Opcode Fuzzy Hash: 9f3ee68eedca8c04870b7c4ba6519361572a149120d3a6d5458ca0bba870cf42
              • Instruction Fuzzy Hash: 5931D2726002186FDF20DA60DD46FDA377DEF89304F5005ABF544D6181EB78AAC48B5D
              Function 0041883C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 117COMMON
              Download Yara Rule
              APIs
              • GetStringTypeW.KERNEL32(00000001,0041BE00,00000001,?,74DEE860,004256E4,?,?,0041848E,?,?,?,00000000,00000001), ref: 0041887B
              • GetStringTypeA.KERNEL32(00000000,00000001,0041BDFC,00000001,?,?,0041848E,?,?,?,00000000,00000001), ref: 00418895
              • GetStringTypeA.KERNEL32(?,?,?,?,0041848E,74DEE860,004256E4,?,?,0041848E,?,?,?,00000000,00000001), ref: 004188C9
              • MultiByteToWideChar.KERNEL32(?,VB,?,?,00000000,00000000,74DEE860,004256E4,?,?,0041848E,?,?,?,00000000,00000001), ref: 00418901
              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,?,?,?,?,?,0041848E,?), ref: 00418957
              • GetStringTypeW.KERNEL32(?,?,00000000,0041848E,?,?,?,?,?,?,0041848E,?), ref: 00418969
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: StringType$ByteCharMultiWide
              • String ID: VB
              • API String ID: 3852931651-2416070386
              • Opcode ID: f366ae1a1c4feb3856e7e49d67d86268e533ee02966d98845c911f14f75699a6
              • Instruction ID: 0deb4df31157d4fbbd2276260d368b45192e758527c12e7bc8b96f729eb23429
              • Opcode Fuzzy Hash: f366ae1a1c4feb3856e7e49d67d86268e533ee02966d98845c911f14f75699a6
              • Instruction Fuzzy Hash: 85418FB2A00209BFCF209F94DC86EEF7F79EB08754F10452AF915D2250C7389991DB99
              Function 00417411 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 150COMMON
              Download Yara Rule
              APIs
              • GetStartupInfoA.KERNEL32(?), ref: 0041746F
              • GetFileType.KERNEL32(?,?,00000000), ref: 0041751A
              • GetStdHandle.KERNEL32(-000000F6,?,00000000), ref: 0041757D
              • GetFileType.KERNEL32(00000000,?,00000000), ref: 0041758B
              • SetHandleCount.KERNEL32 ref: 004175C2
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: FileHandleType$CountInfoStartup
              • String ID: $YB
              • API String ID: 1710529072-867103119
              • Opcode ID: 0f20f78b1d243ceb825b791af9b59c2038ed572102f9f62c4ccf998fd163e942
              • Instruction ID: 9157860cf2e7af3a35f89051d0ae9de0bf945cd889ae2d4a6076f2c4651d7c80
              • Opcode Fuzzy Hash: 0f20f78b1d243ceb825b791af9b59c2038ed572102f9f62c4ccf998fd163e942
              • Instruction Fuzzy Hash: B75135716086019FC720CF28D8897B63BB1EB05338F64466EC566CB6E0DB38C986C75D
              Function 00415680 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115COMMON
              Download Yara Rule
              APIs
              • GetVersionExA.KERNEL32 ref: 0041569F
              • GetEnvironmentVariableA.KERNEL32(__MSVCRT_HEAP_SELECT,?,00001090), ref: 004156D4
              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00415734
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: EnvironmentFileModuleNameVariableVersion
              • String ID: __GLOBAL_HEAP_SELECTED$__MSVCRT_HEAP_SELECT
              • API String ID: 1385375860-4131005785
              • Opcode ID: 352f7edc9f3896d13c070371f2d33d0b51665e116eb32c5a0d287e401f1eefe3
              • Instruction ID: 6eb182bd46f731c3af8b1d07a07b8df2d0194a1b299ff80343aa6f034c3c884c
              • Opcode Fuzzy Hash: 352f7edc9f3896d13c070371f2d33d0b51665e116eb32c5a0d287e401f1eefe3
              • Instruction Fuzzy Hash: 56312671945648EDEB3186706C87BDF3B788B46704F6400DBD199D52C2E6398ECA8B2D
              Function 00403A90 Relevance: 7.6, APIs: 5, Instructions: 57COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • CharUpperW.USER32(00000000,00000000,?,00000000,00000000,?,00403B58), ref: 00403AAB
              • GetLastError.KERNEL32(?,00000000,00000000,?,00403B58), ref: 00403AB7
              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,?,00000004,00000000,00000000,?,00000000,00000000,?,00403B58), ref: 00403AD2
              • CharUpperA.USER32(?,?,00000000,00000000,?,00403B58), ref: 00403AEB
              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,?,00000001,?,00000000,00000000,?,00403B58), ref: 00403AFE
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: Char$ByteMultiUpperWide$ErrorLast
              • String ID:
              • API String ID: 3939315453-0
              • Opcode ID: 7c2300f256f82e2aee6372cd28c35fbf20af8ddddc15953858da8d33bcd8cfd2
              • Instruction ID: dd72d820dddc2be4d64e736f5eaa813d5c8cd4bb6d440344005d5656a272e87c
              • Opcode Fuzzy Hash: 7c2300f256f82e2aee6372cd28c35fbf20af8ddddc15953858da8d33bcd8cfd2
              • Instruction Fuzzy Hash: D60144B64002187ADB10ABE49C89DEBBE7CEB04259F014472F952E2281E2796E4487A8
              Function 004152F3 Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMON
              Download Yara Rule
              APIs
              • GetLastError.KERNEL32(00000103,7FFFFFFF,00416CBF,0041798E,00000000,?,?,00000000,00000001), ref: 004152F5
              • TlsGetValue.KERNEL32(?,?,00000000,00000001), ref: 00415303
              • SetLastError.KERNEL32(00000000,?,?,00000000,00000001), ref: 0041534F
                • Part of subcall function 00416CCC: HeapAlloc.KERNEL32(00000008,?,00000000,00000000,00000001,00415318,00000001,00000074,?,?,00000000,00000001), ref: 00416DC2
              • TlsSetValue.KERNEL32(00000000,?,?,00000000,00000001), ref: 00415327
              • GetCurrentThreadId.KERNEL32 ref: 00415338
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: ErrorLastValue$AllocCurrentHeapThread
              • String ID:
              • API String ID: 2020098873-0
              • Opcode ID: 9020ed6c5573c52789434ca8060b3935b73b18465b1892a80f2ba475462c6b54
              • Instruction ID: c348f308811c55cc6791f5f2c72cac7d5a6c02788d8c3db17f30136ca92006f7
              • Opcode Fuzzy Hash: 9020ed6c5573c52789434ca8060b3935b73b18465b1892a80f2ba475462c6b54
              • Instruction Fuzzy Hash: B4F09632600615ABC6312B70AC096DB3A51EB857E1B15413AF951972A0DB78888197DD
              Function 0041843D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON
              Download Yara Rule
              APIs
              • InterlockedIncrement.KERNEL32(004256E4), ref: 00418463
              • InterlockedDecrement.KERNEL32(004256E4), ref: 00418478
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: Interlocked$DecrementIncrement
              • String ID: VB
              • API String ID: 2172605799-2416070386
              • Opcode ID: 3f0e7dfc381ab69d5717ddb5ba06b4fa70db5411652d110c580bb33579a080f3
              • Instruction ID: b2465ecea32c92352f716010131fb348419f683e9d2febfe3e70f5b1b578e6df
              • Opcode Fuzzy Hash: 3f0e7dfc381ab69d5717ddb5ba06b4fa70db5411652d110c580bb33579a080f3
              • Instruction Fuzzy Hash: 35F0C232201612EBD720AF56ECC19CF6755EB81326F50843FF00989190DF7899C2995E
              Function 0041435F Relevance: 6.5, APIs: 5, Instructions: 278COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d56ffb8a6685455f091880630799685eddd8ac587d3428563be9e88dd716d36c
              • Instruction ID: 1ac5c9ddcf095474d6e2a383ff06e8771fc838f6ee07df02b13506851481717d
              • Opcode Fuzzy Hash: d56ffb8a6685455f091880630799685eddd8ac587d3428563be9e88dd716d36c
              • Instruction Fuzzy Hash: C891F671D01618ABCF21AB69CC41ADE7BB9EB857A4F240127F814B6290D73D8DC18A6C
              Function 0041636C Relevance: 6.4, APIs: 5, Instructions: 102memoryCOMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • HeapAlloc.KERNEL32(00000000,00002020,00420838,00420838,?,?,00416838,00000000,00000010,00000000,00000009,00000009,?,00413D1F,00000010,00000000), ref: 0041638D
              • VirtualAlloc.KERNEL32(00000000,00400000,00002000,00000004,?,?,00416838,00000000,00000010,00000000,00000009,00000009,?,00413D1F,00000010,00000000), ref: 004163B1
              • VirtualAlloc.KERNEL32(00000000,00010000,00001000,00000004,?,?,00416838,00000000,00000010,00000000,00000009,00000009,?,00413D1F,00000010,00000000), ref: 004163CB
              • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,00416838,00000000,00000010,00000000,00000009,00000009,?,00413D1F,00000010,00000000,?), ref: 0041648C
              • HeapFree.KERNEL32(00000000,00000000,?,?,00416838,00000000,00000010,00000000,00000009,00000009,?,00413D1F,00000010,00000000,?,00000000), ref: 004164A3
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: AllocVirtual$FreeHeap
              • String ID:
              • API String ID: 714016831-0
              • Opcode ID: 61edb7c5b2a57b73fa0373c8b0061bfd64d3e4def081ef99dbe098b98f3bc666
              • Instruction ID: 1d273cd761051d77879f543994291e2c1f364a84a1ace75b4c6a1ba38ea4645d
              • Opcode Fuzzy Hash: 61edb7c5b2a57b73fa0373c8b0061bfd64d3e4def081ef99dbe098b98f3bc666
              • Instruction Fuzzy Hash: 1D310370640711EFD3309F24DC85BA6B7E4EB84764F12823AE56997791E778E881CB8C
              Function 00409504 Relevance: 6.1, APIs: 4, Instructions: 98COMMON
              Download Yara Rule
              APIs
              • __EH_prolog.LIBCMT ref: 00409509
                • Part of subcall function 0040935A: EnterCriticalSection.KERNEL32(?,?,?,00409680), ref: 0040935F
                • Part of subcall function 0040935A: LeaveCriticalSection.KERNEL32(?,?,?,00409680), ref: 00409369
              • EnterCriticalSection.KERNEL32(?), ref: 00409536
              • LeaveCriticalSection.KERNEL32(?), ref: 00409552
              • __aulldiv.LIBCMT ref: 004095A1
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: CriticalSection$EnterLeave$H_prolog__aulldiv
              • String ID:
              • API String ID: 3848147900-0
              • Opcode ID: a31f7f313dfc0da48c948196a335c5e8fea939b4dae7cffcd2385e59b1d35c73
              • Instruction ID: 81a485ad15cb22f282f6c018201ee4179c2b1d1cd2674c5f201a60282c37c453
              • Opcode Fuzzy Hash: a31f7f313dfc0da48c948196a335c5e8fea939b4dae7cffcd2385e59b1d35c73
              • Instruction Fuzzy Hash: C6315076A00215AFCB11EF65C8819EFBBB5FF88704F00442AE51673692D779AD41CB64
              Function 004047A8 Relevance: 6.1, APIs: 4, Instructions: 55windowCOMMON
              Download Yara Rule
              APIs
              • __EH_prolog.LIBCMT ref: 004047AD
              • FormatMessageA.KERNEL32(00001300,00000000,?,00000000,?,00000000,00000000,?,00000000), ref: 004047D1
              • FormatMessageW.KERNEL32(00001300,00000000,?,00000000,?,00000000,00000000,?,00000000), ref: 00404814
              • LocalFree.KERNEL32(?,?,?,00000000,?,00000000,00000000,?,00000000), ref: 0040482F
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: FormatMessage$FreeH_prologLocal
              • String ID:
              • API String ID: 3392428314-0
              • Opcode ID: d8114c00c851820dfd69355ab4a5a7d10c3f97c7ff5c1a94d174072509a20bce
              • Instruction ID: b23ee79e455563f0a2b187c1bc8aea4849c6785c5b1f5abfa42b55bee9ed31b8
              • Opcode Fuzzy Hash: d8114c00c851820dfd69355ab4a5a7d10c3f97c7ff5c1a94d174072509a20bce
              • Instruction Fuzzy Hash: 451170B5A00159AFDF01BFA59C419FFBB7DEF44349F00847AE112721E2DB391A01DA68
              Function 00409374 Relevance: 6.0, APIs: 4, Instructions: 37windowtimeCOMMON
              Download Yara Rule
              APIs
                • Part of subcall function 00413030: SetEvent.KERNEL32(00000000,0040756D), ref: 00413033
              • GetDlgItem.USER32(?,000003E8), ref: 00409397
              • LoadIconA.USER32(00000000), ref: 004093B1
              • SendMessageA.USER32(?,00000080,00000001,00000000), ref: 004093C2
              • SetTimer.USER32(?,00000003,00000064,00000000), ref: 004093D1
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: EventIconItemLoadMessageSendTimer
              • String ID:
              • API String ID: 2758541657-0
              • Opcode ID: 426d8240eb7a06a459b3f470407d996c0274358d2b71b1374ad8138c79f04d47
              • Instruction ID: 34d2fc59b34559bed7d893ef409eb69d6d7528a9cba69d030baf66432b50efa3
              • Opcode Fuzzy Hash: 426d8240eb7a06a459b3f470407d996c0274358d2b71b1374ad8138c79f04d47
              • Instruction Fuzzy Hash: 4D015A30100B00AFD3319F21DD5AB66BBA1FB04721F008A2DF5A7959F0CB75B942CB48
              Function 0040D5A3 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 185COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: H_prolog
              • String ID: $
              • API String ID: 3519838083-227171996
              • Opcode ID: 74feb26567ea79c8fd9d5f3f589634721b0a9a4a518abdc39c0b6b7ccedab932
              • Instruction ID: 116f94ee193b6a60a58d4aec76a07daa8eefdeb27c95ac76265691768f75313a
              • Opcode Fuzzy Hash: 74feb26567ea79c8fd9d5f3f589634721b0a9a4a518abdc39c0b6b7ccedab932
              • Instruction Fuzzy Hash: CB712431D0020A9FCB24DF99D981AAEB7B1FF48314F20467ED416B7691D734AA8ACF54
              Function 00417E5D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON
              Download Yara Rule
              APIs
              • GetCPInfo.KERNEL32(?,00000000), ref: 00417E71
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: Info
              • String ID: $
              • API String ID: 1807457897-3032137957
              • Opcode ID: be8999de8ad5c30073bbd0379d60ad0f54c653f5d04d814f41e486670cb2e0db
              • Instruction ID: 669041dcfce0968cbe3c51124f50cac4b21f3f9a56807733dc4743f672ff05a2
              • Opcode Fuzzy Hash: be8999de8ad5c30073bbd0379d60ad0f54c653f5d04d814f41e486670cb2e0db
              • Instruction Fuzzy Hash: 65417C312482585AEB219714CC49FFB7FF9DB02714F5404E6D149C7153C2794AC6C7BA
              Function 00415ECA Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • HeapReAlloc.KERNEL32(00000000,00000050,00000000,00000000,00415C92,00000000,00000000,00000000,00413CC1,00000000,00000000,?,00000000,00000000,00000000), ref: 00415EF2
              • HeapAlloc.KERNEL32(00000008,000041C4,00000000,00000000,00415C92,00000000,00000000,00000000,00413CC1,00000000,00000000,?,00000000,00000000,00000000), ref: 00415F26
              • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 00415F40
              • HeapFree.KERNEL32(00000000,?), ref: 00415F57
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: AllocHeap$FreeVirtual
              • String ID:
              • API String ID: 3499195154-0
              • Opcode ID: 712f9e2f9eec85a92a3a672498402ffd9fd7e765c5a6c8233a1a124cbc29739c
              • Instruction ID: 8f6381cf99308f7e34b2c2e49534b1224184cafd179dea44f4322364d011a6a4
              • Opcode Fuzzy Hash: 712f9e2f9eec85a92a3a672498402ffd9fd7e765c5a6c8233a1a124cbc29739c
              • Instruction Fuzzy Hash: A6114C31300A01EFC7308F59EC86DA6BBB5FB85760791462AF156D69B0D3719887CF58
              Function 004154B1 Relevance: 5.0, APIs: 4, Instructions: 12COMMON
              Download Yara Rule
              APIs
              • InitializeCriticalSection.KERNEL32(?,00415292,?,00414944), ref: 004154BE
              • InitializeCriticalSection.KERNEL32(?,00415292,?,00414944), ref: 004154C6
              • InitializeCriticalSection.KERNEL32(?,00415292,?,00414944), ref: 004154CE
              • InitializeCriticalSection.KERNEL32(?,00415292,?,00414944), ref: 004154D6
              Memory Dump Source
              • Source File: 00000000.00000002.4139208589.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.4139191787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139235239.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139256189.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139272404.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139291834.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.4139312815.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_WebCompanionInstaller-12.jbxd
              Similarity
              • API ID: CriticalInitializeSection
              • String ID:
              • API String ID: 32694325-0
              • Opcode ID: ec7037d00a0fc94f488d53f3a91d2e26ae03bdd42e29aafad6c46e686e3ec5a2
              • Instruction ID: a8e831e61b8b61633fe4a4176da74b0e9d16ee726bcd83620c475df078586321
              • Opcode Fuzzy Hash: ec7037d00a0fc94f488d53f3a91d2e26ae03bdd42e29aafad6c46e686e3ec5a2
              • Instruction Fuzzy Hash: 0AC00231A11138ABCF312B55FC048463FA6EB852A03518072A1045203186612C12EFD8

              Executed Functions

              Function 06C96DEB Relevance: 3.0, Strings: 2, Instructions: 464COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (bq$\;^q
              • API String ID: 0-165070031
              • Opcode ID: aa76fdbec1f7095108372626bc5037cb9a5d21a8ba9f3fd4e58191cbffb948d7
              • Instruction ID: 45e8f13cda34362c9f0dfdac5cb4d40d36c67883b75aa50dc925777929a48828
              • Opcode Fuzzy Hash: aa76fdbec1f7095108372626bc5037cb9a5d21a8ba9f3fd4e58191cbffb948d7
              • Instruction Fuzzy Hash: 87222730D2061ACFDF60DF64C848798B7B2FF95300F118699D9497B251EB74AA89CFA1
              Function 06D37C40 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: \V_i
              • API String ID: 0-3252921699
              • Opcode ID: 4b3d6ef5de2536eadb39268f742ce6ccf440672e075b89a83dbab9c95ba4c165
              • Instruction ID: cf7598513b8c7ea9b6a4f3c4e1bc379711d2c8f6f01a9154fae3d9d8be428d72
              • Opcode Fuzzy Hash: 4b3d6ef5de2536eadb39268f742ce6ccf440672e075b89a83dbab9c95ba4c165
              • Instruction Fuzzy Hash: 83B14DB0E00619CFDB50CFA9D8857EEBBF2BF88314F148129D819E7254EB749845CB95
              Function 02C0F0D0 Relevance: .8, Instructions: 753COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 037de61c7f176585daf8139a7b3745d0e30bd57c833d95506e6299a7bd74049f
              • Instruction ID: 9ab31266809e8e866accd7d60639c1e21c27f0003d2d7cd2620c1063f6ca421f
              • Opcode Fuzzy Hash: 037de61c7f176585daf8139a7b3745d0e30bd57c833d95506e6299a7bd74049f
              • Instruction Fuzzy Hash: 9962EB74A002198FCB14DF64D899BADBBB6FF88301F1085A9E54A9B395DF349D81CF50
              Function 02C00DE0 Relevance: .6, Instructions: 607COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d5b6c2f3dae8761ac6a120fc1036e45a63df9157ce76f8ec63db2ab825b40ccf
              • Instruction ID: 0621c1ea862ba3734f3a4f92f45c59e8d04ce385f93ac87385ff3a962844045c
              • Opcode Fuzzy Hash: d5b6c2f3dae8761ac6a120fc1036e45a63df9157ce76f8ec63db2ab825b40ccf
              • Instruction Fuzzy Hash: 5A423734A002148FCB54EB74D898B6D77B6FB88305F248569E44AEB398DF35AD82CF51
              Function 06D390F8 Relevance: .3, Instructions: 320COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c18c98974c52af5b6dc710a1fb4bdd060160fc5a319633fe56b31a981caed427
              • Instruction ID: e017e3177b62b10b707c6a5c841abb1508806ac1e8f1015687568540bf8f12b1
              • Opcode Fuzzy Hash: c18c98974c52af5b6dc710a1fb4bdd060160fc5a319633fe56b31a981caed427
              • Instruction Fuzzy Hash: EBB18270B002199FD758DB7A88647BAB6EBBFC8251F188429D44ADB394DF74DC82C760
              Function 06D38510 Relevance: .3, Instructions: 266COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 67dea85b87cfa3ae7a06e4643a430e0a4279a8784ae56d753b177b458476b5e7
              • Instruction ID: 1e85272d1f9a9414e022c2eb8e8c0aebe5c1d32c3e6de05e4fc7de808da3dc45
              • Opcode Fuzzy Hash: 67dea85b87cfa3ae7a06e4643a430e0a4279a8784ae56d753b177b458476b5e7
              • Instruction Fuzzy Hash: 26B19DB0E10219CFDF50CFA9D8857AEBBF2BF88314F148529E419E7294EB749845DB81
              Function 06C90439 Relevance: 21.0, Strings: 16, Instructions: 1007COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: `q$$&_q$(_^q$4'^q$4'^q$4'^q$4'^q$4c^q$4c^q$@b^q$|-_q$$^q$$^q$c^q$c^q$`q
              • API String ID: 0-3238858861
              • Opcode ID: 35f74e50b6ee559d6125f32613136a8a91ca9a24ea168b4fa49d558b08b62dcf
              • Instruction ID: fe799c6391d0523039403a656ddfa1b029b7fb2cf161ac97538d9bc401295559
              • Opcode Fuzzy Hash: 35f74e50b6ee559d6125f32613136a8a91ca9a24ea168b4fa49d558b08b62dcf
              • Instruction Fuzzy Hash: C4B2D174A01218DFCB65AF60D854ADDBBB2FF89301F1045E9D50AAB291DF329E85CF90
              Function 06C90448 Relevance: 21.0, Strings: 16, Instructions: 1000COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: `q$$&_q$(_^q$4'^q$4'^q$4'^q$4'^q$4c^q$4c^q$@b^q$|-_q$$^q$$^q$c^q$c^q$`q
              • API String ID: 0-3238858861
              • Opcode ID: bf2fc2830c2e8b1b442eacab42b6c157fb7c30964f7b6a92746d3c3db95f953a
              • Instruction ID: 06725a32a47ab0364a635a81e9d483c009927e98113b97f70433c78142b9f8eb
              • Opcode Fuzzy Hash: bf2fc2830c2e8b1b442eacab42b6c157fb7c30964f7b6a92746d3c3db95f953a
              • Instruction Fuzzy Hash: D5B2D174A01218DFCB65AF60D854ADDBBB2FF89301F1045E9D50AAB291DF329E85CF90
              Function 06C99B40 Relevance: 7.7, Strings: 6, Instructions: 213COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: 4'^q$$^q$$^q$$^q$$^q$$^q
              • API String ID: 0-3616224387
              • Opcode ID: b0fc11875b3133785900adcb13faa0b56bf1f275b601152bb0b77a8e2b5e6ba7
              • Instruction ID: 972b8c5b1ab9ed787d3c5c57e82fbf0863e8b860c840bdc98614266e3c6bd7ea
              • Opcode Fuzzy Hash: b0fc11875b3133785900adcb13faa0b56bf1f275b601152bb0b77a8e2b5e6ba7
              • Instruction Fuzzy Hash: 53718C71B04119AFDF589F69C898A6E3BFABF88600B19445DE506CB3A5CB34DC41CBB1
              Function 06D3C600 Relevance: 6.8, Strings: 5, Instructions: 542COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: 0$c^q$c^q$c^q$c^q
              • API String ID: 0-1818738661
              • Opcode ID: 830a78fa6d15715e08c41113af1586fca390b8d3e7c36b4a7cff2c7e2bfa9d4c
              • Instruction ID: f2fc2b5d5b9cd6cfca6fc76a5e61f70d4e8fa0cc6f282ced308539d6fd282900
              • Opcode Fuzzy Hash: 830a78fa6d15715e08c41113af1586fca390b8d3e7c36b4a7cff2c7e2bfa9d4c
              • Instruction Fuzzy Hash: 00227031E202258FCB54DF78D854669B7F6BF89300F2585AAD54AEB350EB30ED85CB90
              Function 06C9C278 Relevance: 5.4, Strings: 4, Instructions: 424COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (bq$(bq$(bq$(bq
              • API String ID: 0-2632976689
              • Opcode ID: f8e6dd70e2e65e952ebbe5c96317c446f457a7c7e3520f9fdb7c76978d180934
              • Instruction ID: 726e22766fa9cb2650399cf25a135f13e27e0c08efc3b02005af428adf3ffd8c
              • Opcode Fuzzy Hash: f8e6dd70e2e65e952ebbe5c96317c446f457a7c7e3520f9fdb7c76978d180934
              • Instruction Fuzzy Hash: A3024934A102199FCF54DF68D898AAE7BF2FF88311F148559E906AB364CB31DD11DBA0
              Function 05A2A068 Relevance: 5.1, Strings: 4, Instructions: 111COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: $^q$$^q$$^q$$^q
              • API String ID: 0-2125118731
              • Opcode ID: 80f7da435f8144dd64584fe6920b97d698bc602f42fc70f8e1419ddb3cf506b7
              • Instruction ID: 78eb09dab5e23f4c7776d10a59f919cef81a44337dcf30a9ae235f756283752d
              • Opcode Fuzzy Hash: 80f7da435f8144dd64584fe6920b97d698bc602f42fc70f8e1419ddb3cf506b7
              • Instruction Fuzzy Hash: 8D414D30A00219CFDB18DFAAC945FAEB7F2BF88711F548429D405AB295DBB59C81CF61
              Function 02C0B098 Relevance: 4.1, Strings: 3, Instructions: 327COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: Hbq$PH^q$PH^q
              • API String ID: 0-1943764995
              • Opcode ID: 3c8bdd79a5b3916fa8571fd441b1046b59ce3a6a9ab5ee701ea13d5f0d679811
              • Instruction ID: 65bc65f1c4bbc28b7f8e70a81cde75d51cbb6b9266811879db0afa7a9923645c
              • Opcode Fuzzy Hash: 3c8bdd79a5b3916fa8571fd441b1046b59ce3a6a9ab5ee701ea13d5f0d679811
              • Instruction Fuzzy Hash: 2BC13C34B002159FCB04DB78D894AAEBBF6FF88305F148569E909DB395DF34AD428B91
              Function 06D39E70 Relevance: 3.9, Strings: 3, Instructions: 165COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (bq$Hbq$Hbq
              • API String ID: 0-2817990774
              • Opcode ID: a4115c8d880cbb40bd4d1a54d92147c9ef4de9597b001093705831738b3a69ca
              • Instruction ID: 9b828188ca6332cae8905ae9feb95ae76f671587f729b6700ac31229331e28b1
              • Opcode Fuzzy Hash: a4115c8d880cbb40bd4d1a54d92147c9ef4de9597b001093705831738b3a69ca
              • Instruction Fuzzy Hash: A351D170B112299FCB94DF68D8509AE7BB6FFC4351B108429E546DB380DB71ED42CBA0
              Function 06D30040 Relevance: 3.0, Strings: 2, Instructions: 484COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: $Hbq
              • API String ID: 0-642797644
              • Opcode ID: e23ed805e35fe83c4deddd6ae3f6b62e5631870e35872af80d4c048fe15c6ef5
              • Instruction ID: 392f7e484d501df3e826a0e871c33acc05d651fa0c66a3e81daf3acb3729fd53
              • Opcode Fuzzy Hash: e23ed805e35fe83c4deddd6ae3f6b62e5631870e35872af80d4c048fe15c6ef5
              • Instruction Fuzzy Hash: 5B3293B4D01214CFD754CF84C58DBA9BBF2BB0534AF168099D0266F2A2D776D989CF90
              Function 06D32160 Relevance: 2.9, Strings: 2, Instructions: 434COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (bq$(bq
              • API String ID: 0-4224401849
              • Opcode ID: f5f40af79e02af7bbf676716630821657e3a2f3b395fe8a14a7f73eb1e0364b2
              • Instruction ID: ea2e30b232becdf0417075b86e67ef5a175dec6281f9dc719c5caa9c32fcf6a0
              • Opcode Fuzzy Hash: f5f40af79e02af7bbf676716630821657e3a2f3b395fe8a14a7f73eb1e0364b2
              • Instruction Fuzzy Hash: 48F1D134B002149FDB14DF68D854AAEBBB2FF88310F108469E84ADB351CB35ED45CBA0
              Function 06C917F0 Relevance: 2.9, Strings: 2, Instructions: 433COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (bq$d
              • API String ID: 0-3334038649
              • Opcode ID: 04a599853e1d50db0e3b425cb02700e46314c8bbf64e2633028400dd25d42591
              • Instruction ID: 09c8991e8e8a26aeeff85f4a625df498fea149455c81710e469de21b6b9e48c3
              • Opcode Fuzzy Hash: 04a599853e1d50db0e3b425cb02700e46314c8bbf64e2633028400dd25d42591
              • Instruction Fuzzy Hash: 2E029074A006068FCB54CF19C48496ABBF2FF89314B19C669D46ADB761DB30FD45CBA0
              Function 06D32FE8 Relevance: 2.9, Strings: 2, Instructions: 358COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: Xbq$$^q
              • API String ID: 0-1593437937
              • Opcode ID: ed76ec440c5c49284b1013f496acc9bba8ec6c09b0d59d279c9b261c8826f755
              • Instruction ID: bd11df2916d04169aa5c408961c9e0a5b582d9639b34f66ce5b7d224d003a355
              • Opcode Fuzzy Hash: ed76ec440c5c49284b1013f496acc9bba8ec6c09b0d59d279c9b261c8826f755
              • Instruction Fuzzy Hash: 9CE18134A00669CFCB64CF59C5888A9BBF5BF89700F5584EAD4469B324DB34AE85CF90
              Function 02C0B05D Relevance: 2.7, Strings: 2, Instructions: 204COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: PH^q$PH^q
              • API String ID: 0-1598597984
              • Opcode ID: b77b229220c0ee43da8fd36e9fe6462bc2618373232fe54d23c4f7410901c53d
              • Instruction ID: ac80b586c22ae0b74a2f94f3521a2e209a74ec3d1aae85f87b7b84a843c4aab9
              • Opcode Fuzzy Hash: b77b229220c0ee43da8fd36e9fe6462bc2618373232fe54d23c4f7410901c53d
              • Instruction Fuzzy Hash: 55811F74A002098FDB04DF68C994BAEBBF2FF89305F158569D809EB395DB349D41CBA1
              Function 06D3827C Relevance: 2.7, Strings: 2, Instructions: 185COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: \V_i$\V_i
              • API String ID: 0-3483789562
              • Opcode ID: 0fa1e05cc8ac38bb2837eb9167026bf23cc5e7ca7fbc2a9c49975677745192a6
              • Instruction ID: 3639e51c576f16c079af71252f12fe9fb2eba8ca527dceb7d0a42dc774e687c8
              • Opcode Fuzzy Hash: 0fa1e05cc8ac38bb2837eb9167026bf23cc5e7ca7fbc2a9c49975677745192a6
              • Instruction Fuzzy Hash: 6C7168B0E00219CFDB50DFA9C8847DEBBF6EF88314F148529E419E7290EB749846DB91
              Function 02C0B047 Relevance: 2.7, Strings: 2, Instructions: 182COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: PH^q$PH^q
              • API String ID: 0-1598597984
              • Opcode ID: 63e620574bd7d3d9b549756792d82ee841d3fa371cf72a2c41c6dbc4fe8d0de2
              • Instruction ID: 659fc76b05f60d056cdd166f150131fca48b9489d398fc8243482b32a631e83d
              • Opcode Fuzzy Hash: 63e620574bd7d3d9b549756792d82ee841d3fa371cf72a2c41c6dbc4fe8d0de2
              • Instruction Fuzzy Hash: 3471EE74B0021A8FDB04DF68C994AAEB7F2FF88305F158569D809EB355DB34AD41CBA1
              Function 06D38288 Relevance: 2.7, Strings: 2, Instructions: 180COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: \V_i$\V_i
              • API String ID: 0-3483789562
              • Opcode ID: f3bbba50f8b6d4950d4af887c735494b0589be17052d5bbd551f5e3304f50bbb
              • Instruction ID: a0e75cd581ed81c71bcb69c15314a36b6227490e7d6443fbc4d479786adb2e6a
              • Opcode Fuzzy Hash: f3bbba50f8b6d4950d4af887c735494b0589be17052d5bbd551f5e3304f50bbb
              • Instruction Fuzzy Hash: 687159B0E002198FDF50CFA9C88479EBBF6BF88314F148529E419E7394EB749846DB91
              Function 06D326C0 Relevance: 2.7, Strings: 2, Instructions: 178COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: ,bq$4'^q
              • API String ID: 0-1386295989
              • Opcode ID: d8550f105936836685092eaf8925bfd86b8b1568a666633ab641cedecf01797d
              • Instruction ID: afeaee8648566b0b4ee8c58c5180fd4fbf578c8e65a3eaaf4d0985c9c3e12af4
              • Opcode Fuzzy Hash: d8550f105936836685092eaf8925bfd86b8b1568a666633ab641cedecf01797d
              • Instruction Fuzzy Hash: F551B071F002158FCB58DB6DC854AAEBBF6AFC9310724806AD549EB395DE30DD0287E1
              Function 02C0A180 Relevance: 2.7, Strings: 2, Instructions: 172COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (bq$Hbq
              • API String ID: 0-4081012451
              • Opcode ID: 8a1eef0f080ffaa6092ffd57ec270c9f6b38a58098be56645526f9241ab45afe
              • Instruction ID: 8675ec2af50f663e6b8825357622b36148a83dead9365be14c8054eaf3343520
              • Opcode Fuzzy Hash: 8a1eef0f080ffaa6092ffd57ec270c9f6b38a58098be56645526f9241ab45afe
              • Instruction Fuzzy Hash: 2451F235B003049BDB249B79D854BAE7BB6AFC8310F14446AEA0ADB381DF359D42CB90
              Function 05A2D278 Relevance: 2.6, Strings: 2, Instructions: 104COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (bq$4'^q
              • API String ID: 0-3799531831
              • Opcode ID: 164a004acab1be04761234f9d1e273ee5403cd9d4af32262007296d97c25651f
              • Instruction ID: 6ccbc6975f148d164906f33deec7d31df14fe487defad060efa0ed05181f5836
              • Opcode Fuzzy Hash: 164a004acab1be04761234f9d1e273ee5403cd9d4af32262007296d97c25651f
              • Instruction Fuzzy Hash: C53122313007614FC714AB39D454EAEBBA7FFD52217248A29E50A8B341DF34EC0687A0
              Function 05A2FC03 Relevance: 2.6, Strings: 2, Instructions: 87COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (bq$4'^q
              • API String ID: 0-3799531831
              • Opcode ID: 58c7cc4fa45acd976a57626aa1d9d5c95de9cda4c3d63916d0012661189700f2
              • Instruction ID: 37e035950b26747872bfb19b2aef61b8df3ad21773230f055e9df48e1113c0c2
              • Opcode Fuzzy Hash: 58c7cc4fa45acd976a57626aa1d9d5c95de9cda4c3d63916d0012661189700f2
              • Instruction Fuzzy Hash: 632125313043505FC3099B3DA855DBE7BE7AFC922031945AAF44ACB291DF209C068761
              Function 06C91D01 Relevance: 2.6, Strings: 2, Instructions: 78COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (bq$4'^q
              • API String ID: 0-3799531831
              • Opcode ID: 4e2c1177e820af03397612325fb727b8c5e41ef78810fbfbba7c0594b8575128
              • Instruction ID: 27be2498b1d5215f663ac943c93c0d1a0afc29d55c0ee20b479158faabca3800
              • Opcode Fuzzy Hash: 4e2c1177e820af03397612325fb727b8c5e41ef78810fbfbba7c0594b8575128
              • Instruction Fuzzy Hash: B12124352093915FD3175B399C249AA3FA2EFD320171D89DAE085CF6A6CE249D0AC772
              Function 05A2A195 Relevance: 2.6, Strings: 2, Instructions: 61COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: $^q$$^q
              • API String ID: 0-355816377
              • Opcode ID: beeb398b3d112abf8afc2f9bda123646f423c7499e68183e6f0dbc9591860c22
              • Instruction ID: c4bf4a0c4c5190653b3b5e2545fdd97db277b5d9a28b7f6ad1204202b11f899e
              • Opcode Fuzzy Hash: beeb398b3d112abf8afc2f9bda123646f423c7499e68183e6f0dbc9591860c22
              • Instruction Fuzzy Hash: 83213C30A04229CFDB24DF59C985EEEB7F2BB48721F648515C416A7285C7B59C81CF61
              Function 05A2FEE0 Relevance: 2.6, Strings: 2, Instructions: 58COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (bq$,bq
              • API String ID: 0-1616511919
              • Opcode ID: ab29fae49616e4fb7dd85020af2aa34eb02dee5437ea54d5ac8fbfdad3241c62
              • Instruction ID: a1b65bb6f03c604002b10b2a210d01e342a0a90af12320452a9a05810296d3eb
              • Opcode Fuzzy Hash: ab29fae49616e4fb7dd85020af2aa34eb02dee5437ea54d5ac8fbfdad3241c62
              • Instruction Fuzzy Hash: DE01283571D2A04FC7145B7D94159AD3BE5AF4666171E00EBE406CB3A2DE18DC0087E2
              Function 06C949B8 Relevance: 2.5, Strings: 2, Instructions: 44COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: pbq$pbq
              • API String ID: 0-1218391871
              • Opcode ID: 1d4bc7a5f9f9a87b4b0a9581051f605673f57dbfc401844fd2e00504fd798ecd
              • Instruction ID: cc9408ef0a5f5a0cae0ee7634b54c06310440ffd7b3231ebdfb0369aee8f943e
              • Opcode Fuzzy Hash: 1d4bc7a5f9f9a87b4b0a9581051f605673f57dbfc401844fd2e00504fd798ecd
              • Instruction Fuzzy Hash: 99F0AF35301104BFDB045E6A9C909AA7B9AFFC9264B508039F9498F3A4CA72EC02C7A0
              Function 06D33D34 Relevance: 2.5, Strings: 2, Instructions: 21COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: $^q$$^q
              • API String ID: 0-355816377
              • Opcode ID: e0cd60658a5513cac66da0c026eeaa3db0ee2ec982945cf261a28e79360bd475
              • Instruction ID: 68d42f1ffd3ed8ba18eee0a22ff63aa98e475166662933982ed83ee5eb666221
              • Opcode Fuzzy Hash: e0cd60658a5513cac66da0c026eeaa3db0ee2ec982945cf261a28e79360bd475
              • Instruction Fuzzy Hash: 69E08C32F100388FAB688A19B54446AB7F0ABC8A11322046BC5058F224CB358C0487C0
              Function 02C04A58 Relevance: 2.0, Instructions: 1979COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e0f2096962ca67c1aaab0a71474510e2ee2e36e38a3ac3da58233bd0a4d7eb8e
              • Instruction ID: b7e67168f0034bf747aad7b69c1b40320712d9bdf808620ad7985ddb7c86fbea
              • Opcode Fuzzy Hash: e0f2096962ca67c1aaab0a71474510e2ee2e36e38a3ac3da58233bd0a4d7eb8e
              • Instruction Fuzzy Hash: 5A23217A912204DFCF667F61D628759B772FB4A346B20846BDD02A3764CB7A8D42DF00
              Function 02C04A68 Relevance: 2.0, Instructions: 1978COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4b3db2c450e3a85314c9e1cb7e35ced13e0429f2ba0388e628b00d3c3201d1a2
              • Instruction ID: 4231b16eb9800997dd3011b7c4d0fb32685ab4eb53343142d2786dad5ed1c506
              • Opcode Fuzzy Hash: 4b3db2c450e3a85314c9e1cb7e35ced13e0429f2ba0388e628b00d3c3201d1a2
              • Instruction Fuzzy Hash: B423217A912204DFCF667F61C628759B772FB4A346B20846BDD12A3764CB7A8D42DF00
              Function 06D30027 Relevance: 1.7, Strings: 1, Instructions: 408COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID: 0-1485758832
              • Opcode ID: 3e1879d0cc158145a49f5ceffde9e0bf22811c10913cbe02e3eb57ab48722a4d
              • Instruction ID: b4f049e05ab3284a4ce6fef018bf261559c60d3a93aaf26c074f8a7de8918e59
              • Opcode Fuzzy Hash: 3e1879d0cc158145a49f5ceffde9e0bf22811c10913cbe02e3eb57ab48722a4d
              • Instruction Fuzzy Hash: D71291B4D01614CFD754CF84C68DEA9BBF2AB0534AF16C099D0266F2A2D376D989CF90
              Function 06D30EC0 Relevance: 1.6, Strings: 1, Instructions: 394COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (bq
              • API String ID: 0-149360118
              • Opcode ID: 70fdf526379d467f344ab14a4baacc9626fcdc8d96b44d4e63eb66d25ef53661
              • Instruction ID: 587ad7aa5f966fefe0f0520bb78c6401c64e2d4b7d73eedae46e9bf21a262448
              • Opcode Fuzzy Hash: 70fdf526379d467f344ab14a4baacc9626fcdc8d96b44d4e63eb66d25ef53661
              • Instruction Fuzzy Hash: D8025B34E003698FDB55CFA8C988B9DBBF2BF4A300F148195D449AB295DB74ED85CB90
              Function 05A2E5C0 Relevance: 1.6, Strings: 1, Instructions: 321COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (bq
              • API String ID: 0-149360118
              • Opcode ID: 74fe565e66210f4ed2214b0bcf43a14c17ec68556da544bcacc3468f3b0533db
              • Instruction ID: 605babde3de6b4e630c101b9bbc7587cce0abe310dc504adbf2af737b6eb6401
              • Opcode Fuzzy Hash: 74fe565e66210f4ed2214b0bcf43a14c17ec68556da544bcacc3468f3b0533db
              • Instruction Fuzzy Hash: 4BD17934E002698FDB14CFA9C884AADBBF6FF49300F1481A9E855AB355DB74ED85CB50
              Function 02C0178E Relevance: 1.6, Strings: 1, Instructions: 306COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: fcq
              • API String ID: 0-2768158334
              • Opcode ID: d35968734369c617556d4e077042f0b3f9d15bed04f53d65c796e61b4fcdefad
              • Instruction ID: 40ccaba8b087dcd87dc67fb3322b74764ef81252fcb6e22b26e8f1188ff73a4d
              • Opcode Fuzzy Hash: d35968734369c617556d4e077042f0b3f9d15bed04f53d65c796e61b4fcdefad
              • Instruction Fuzzy Hash: CFB1F170F012519FDF059F74849436EBBE2AFC6708F1884AAC4899B386DB71DC86C792
              Function 06C95980 Relevance: 1.5, Strings: 1, Instructions: 293COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (Acq
              • API String ID: 0-1548273396
              • Opcode ID: af93c6283d17742ed34ce45e04d58ceb5cc87bfe4f601efb7cec0f1012f8065b
              • Instruction ID: 7790d48148bc3c37c07eb4d70d6c7ed71960ef7adf143d692eb85e340bccdc32
              • Opcode Fuzzy Hash: af93c6283d17742ed34ce45e04d58ceb5cc87bfe4f601efb7cec0f1012f8065b
              • Instruction Fuzzy Hash: 9CB16C31F103199FDF55DFA9C49869EBBF2BF88204F648529D806AB350DF709946CBA0
              Function 06D37C35 Relevance: 1.5, Strings: 1, Instructions: 278COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: \V_i
              • API String ID: 0-3252921699
              • Opcode ID: 3382088e08ae49a79bc2fd05b153797955267e4d82dd2f3c869435d1d5c37cc4
              • Instruction ID: ea6cfa2ffb3f68705593a0f4b8d1377083a5af42c783f332de0ea5547cc4f5ba
              • Opcode Fuzzy Hash: 3382088e08ae49a79bc2fd05b153797955267e4d82dd2f3c869435d1d5c37cc4
              • Instruction Fuzzy Hash: 58B14CB0E00619CFDB50CFA9D8857EDBBF2BF88314F148129E819E7254EB749845CB95
              Function 06C9D600 Relevance: 1.5, Strings: 1, Instructions: 228COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (bq
              • API String ID: 0-149360118
              • Opcode ID: 43a7dd4be9567c75b673d792f37529a189a31d6c7d2fe43b733a76334f66244d
              • Instruction ID: 0c33d7fd2598e022d53bbf7bef29edddd30d427dab633f255e16df81bbb57fdd
              • Opcode Fuzzy Hash: 43a7dd4be9567c75b673d792f37529a189a31d6c7d2fe43b733a76334f66244d
              • Instruction Fuzzy Hash: 7C81B235A002099FDF55CF69D884AAEBBF6FF88310F14842AE949E7350D734A945CBB1
              Function 02C09F30 Relevance: 1.4, Strings: 1, Instructions: 164COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (bq
              • API String ID: 0-149360118
              • Opcode ID: a2ce226e29aeceb756ff1957db26668f0c15c56b7ad308c89edc09fe9ec84551
              • Instruction ID: bd01bafae31f23633f7db367809b61de59e06707622e95de4cd77f6acbdcaaa6
              • Opcode Fuzzy Hash: a2ce226e29aeceb756ff1957db26668f0c15c56b7ad308c89edc09fe9ec84551
              • Instruction Fuzzy Hash: 6D516C34B002099FDB14CF69C484AAEBBF6AF89714F158069E506EB391CB71ED41CB90
              Function 06C93EE0 Relevance: 1.4, Strings: 1, Instructions: 162COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (bq
              • API String ID: 0-149360118
              • Opcode ID: a514d88069b613648688bf23cdfb1b224fa352cbc9871543cea85ca718965609
              • Instruction ID: 69b9c9a7b02d0727636679b1356c9fabd21f5f95108c532e8dc9b8697ee22503
              • Opcode Fuzzy Hash: a514d88069b613648688bf23cdfb1b224fa352cbc9871543cea85ca718965609
              • Instruction Fuzzy Hash: 0751F6317047818FCB15CB39D858A66BBF6BF8530470885ADE44ECB362DA31ED06CBA0
              Function 02C0CD58 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: 4'^q
              • API String ID: 0-1614139903
              • Opcode ID: 491072cc05b66296bb714cb076bd9278cafd67b0b75bab09c80dba0436a37c8e
              • Instruction ID: 0078560103fa94561516f362c15b0dcf289767357127cb108dea98fb8941e1f4
              • Opcode Fuzzy Hash: 491072cc05b66296bb714cb076bd9278cafd67b0b75bab09c80dba0436a37c8e
              • Instruction Fuzzy Hash: 7841F035B002114BD318AB79D46576E7BAAEFC1650F15856EE909CB380DF35DD028790
              Function 02C087A0 Relevance: 1.4, Strings: 1, Instructions: 145COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (bq
              • API String ID: 0-149360118
              • Opcode ID: 97e042b29407fbce338e80edde2d645bed4d1a8592ac013f2d06f65964ffcfbd
              • Instruction ID: 298a3ca4f8df0d70a6d63ff3455ccd386c63c9a50464e39020de935d97bcb1c6
              • Opcode Fuzzy Hash: 97e042b29407fbce338e80edde2d645bed4d1a8592ac013f2d06f65964ffcfbd
              • Instruction Fuzzy Hash: 2B4123357043504FC3119B7DD895A5A3FEAAFCA350B5485BAE54ACB381EE34ED02CB51
              Function 06C95B10 Relevance: 1.4, Strings: 1, Instructions: 138COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (Acq
              • API String ID: 0-1548273396
              • Opcode ID: ea7dab63bf6c0e56e4b46b75dd03bfb2c5bdaf24c52aeca1d0e0e932867ef946
              • Instruction ID: 7e28edf6a644c62096cc093426888347be0fc9e50f2d8c23bf1d9daee2eb6928
              • Opcode Fuzzy Hash: ea7dab63bf6c0e56e4b46b75dd03bfb2c5bdaf24c52aeca1d0e0e932867ef946
              • Instruction Fuzzy Hash: 46517D31E103189FDB49DFA9C45869EBBF2BF88304F608529D406AF341DB719D46CBA0
              Function 06D3B737 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: 4c^q
              • API String ID: 0-396817635
              • Opcode ID: 79c66f13dc9bdcbc1411066b6fe893cbe533417964cae5ef3c2c26c6b891f19c
              • Instruction ID: 7c97f1e62934bc6e22b078c57a3cb15df40a400995703ef9226dcf42cb412bb4
              • Opcode Fuzzy Hash: 79c66f13dc9bdcbc1411066b6fe893cbe533417964cae5ef3c2c26c6b891f19c
              • Instruction Fuzzy Hash: 94411C74B003619FEB959F249CA1B7A77E2EB94300F14401AE582DF3D5DE6ACC42CB61
              Function 06C935C0 Relevance: 1.4, Strings: 1, Instructions: 125COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: #k^
              • API String ID: 0-1334037357
              • Opcode ID: c55c7038404dc076519d5a49ee082fd4c6e87636ac8bb411b72553c462884aae
              • Instruction ID: 1d57f585e8eb85a5721a934b85e1c62deadc281c2344b5674f330eb83485be30
              • Opcode Fuzzy Hash: c55c7038404dc076519d5a49ee082fd4c6e87636ac8bb411b72553c462884aae
              • Instruction Fuzzy Hash: C0418B747007418FCB659F69C98896ABBF2FF89201714892DE94ACB760DB30ED05CFA0
              Function 06C917C3 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (bq
              • API String ID: 0-149360118
              • Opcode ID: 0573cc430f8151814699ac5d10f13d347bbc3dea406f72bd2c3ea0acec4b2149
              • Instruction ID: 1f6c373d07d96327c22eb8211b3ac6f86d67465a464a872ceb55bbfd0a2a2a05
              • Opcode Fuzzy Hash: 0573cc430f8151814699ac5d10f13d347bbc3dea406f72bd2c3ea0acec4b2149
              • Instruction Fuzzy Hash: 3B418F34A006068FCB54CF59C48896AF7F2FF89314B1A8559E45AEB751DB30ED41CFA4
              Function 06C917E0 Relevance: 1.4, Strings: 1, Instructions: 118COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (bq
              • API String ID: 0-149360118
              • Opcode ID: 92a3c9b4b61d75a751a315455a01c2f13c0d69824237af1ab86f6a011db11cdc
              • Instruction ID: b94c9296f261fe2a60ae1e264dcb6696aa4849ef93721044f49273aabf30536d
              • Opcode Fuzzy Hash: 92a3c9b4b61d75a751a315455a01c2f13c0d69824237af1ab86f6a011db11cdc
              • Instruction Fuzzy Hash: 85417F34A006068FCB54DF19C4889AAFBF2FF89310B1A855AD45AEB751DB30ED41CFA4
              Function 05A2F058 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (bq
              • API String ID: 0-149360118
              • Opcode ID: b0c2540b7968884fb86fd3ada5b02fc7321cd5b7fa21a5b9e435848f547cf4e2
              • Instruction ID: 04768154e7eefd5bed6f90c537ebc41f3268daa8993e6c67f7c4d17ac45e3514
              • Opcode Fuzzy Hash: b0c2540b7968884fb86fd3ada5b02fc7321cd5b7fa21a5b9e435848f547cf4e2
              • Instruction Fuzzy Hash: 1F419B71B082249FDB15DB6DD856AAE7BF2FB88600F448419D616AB280DB31AC05CF61
              Function 06C96058 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (bq
              • API String ID: 0-149360118
              • Opcode ID: 8b4bead22a3df8f5c085664daf9850fa0f3da2bfe2419e1d3ac41fd23dda0635
              • Instruction ID: ea3913282b7d6bc0b30fafc370eef8bcac61974e8c6b5849c7d95af802f91297
              • Opcode Fuzzy Hash: 8b4bead22a3df8f5c085664daf9850fa0f3da2bfe2419e1d3ac41fd23dda0635
              • Instruction Fuzzy Hash: D131C5717002119FEB589B2ED89866EB7E7FFC5254764852DE406DB391EE31DC0287A0
              Function 06D31391 Relevance: 1.4, Strings: 1, Instructions: 110COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (bq
              • API String ID: 0-149360118
              • Opcode ID: f75ae412487248955a19006625c96a077d7d4053938aa60416b6c8c89f316fc1
              • Instruction ID: e32ee996d22c241c8f8bd9a837c84e452f20d09c2083bbf3b84f4e18ac1c80f2
              • Opcode Fuzzy Hash: f75ae412487248955a19006625c96a077d7d4053938aa60416b6c8c89f316fc1
              • Instruction Fuzzy Hash: 4B419C70B002169FDB54CF69CC84BAEBBF5EF88310F248469E409A7250DB30AD05CBA0
              Function 02C03CD0 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (bq
              • API String ID: 0-149360118
              • Opcode ID: c1e1fecd46d879b038c847f9aab94c5c774e93050b093acc7519e2b603c5e097
              • Instruction ID: 0e36ade4069b48181df35a85c4e23f0520e9f7b4e0f76da38b9195d4e32e045c
              • Opcode Fuzzy Hash: c1e1fecd46d879b038c847f9aab94c5c774e93050b093acc7519e2b603c5e097
              • Instruction Fuzzy Hash: E2318A38B143448FD7089B79C4996AE7BEAEB89301F144469F40AEB391DF34AC028B51
              Function 06D3B744 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: 4c^q
              • API String ID: 0-396817635
              • Opcode ID: 1192f4794d062b0ec9bf185e9ebe178797baea1fa23ccc922115be01d122a83f
              • Instruction ID: 633122ce44caf60d130c55e9ec0eb1e48fdce9d05faea8269a0b4fb3bf92be5a
              • Opcode Fuzzy Hash: 1192f4794d062b0ec9bf185e9ebe178797baea1fa23ccc922115be01d122a83f
              • Instruction Fuzzy Hash: 7B311170B003159FEB94DF348895BBEBBE5EF98200F04402EE485DB281EB79C901CBA0
              Function 06C99038 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (bq
              • API String ID: 0-149360118
              • Opcode ID: 04fda57a1ef3ba899927a3f634793fe9b3ba8a123bda45e911cbc41b702c78c9
              • Instruction ID: f1fdecc175af30a438bbba972288e8195ea0c432c9afe2f8c3ee8413ab1ec5ee
              • Opcode Fuzzy Hash: 04fda57a1ef3ba899927a3f634793fe9b3ba8a123bda45e911cbc41b702c78c9
              • Instruction Fuzzy Hash: 7A41A934B142449FDBA49B65D45872EBBF2EF88300F0984ADE516CB384DB34ED81CBA5
              Function 06D350B0 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: 4c^q
              • API String ID: 0-396817635
              • Opcode ID: 9193634c8dbc6557d551b9d68a52be4f9eacf6095f89d67d841a70b171d9832c
              • Instruction ID: d0a97e901d371a722244e8720b3d3c2953f76adade8663308190c8138fed5bb7
              • Opcode Fuzzy Hash: 9193634c8dbc6557d551b9d68a52be4f9eacf6095f89d67d841a70b171d9832c
              • Instruction Fuzzy Hash: C531AF74700215AFD7649F64E955B7E3AF6EB88740F100018F546CB394EE7ADD42CBA1
              Function 05A2CB88 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (bq
              • API String ID: 0-149360118
              • Opcode ID: f9a1dd95b937015c7a933b7ec89de537796deb6c72d73a2c9e1c518a87d5cf18
              • Instruction ID: 000509c64bfa2f94b29bec937edef72947701274a566adb2e08846a9cead58d7
              • Opcode Fuzzy Hash: f9a1dd95b937015c7a933b7ec89de537796deb6c72d73a2c9e1c518a87d5cf18
              • Instruction Fuzzy Hash: 9831F830B042545FC7159B7DC4286AEBFF6AF8A610F58406AD906EB391CE359C05CBA1
              Function 02C04381 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: 4'^q
              • API String ID: 0-1614139903
              • Opcode ID: e5554e6539e799f92bd60a0898c9d804cad8f9095c4ea25b2e33de19b366b5ef
              • Instruction ID: f4657b549423a262320bcd396f82dff18b7fefa3a2d920696e0ee187a3610423
              • Opcode Fuzzy Hash: e5554e6539e799f92bd60a0898c9d804cad8f9095c4ea25b2e33de19b366b5ef
              • Instruction Fuzzy Hash: 2031B0352107129FC715AB39D49469EBBE7FFD4311B608A18E04A8B654DF71BC868B80
              Function 06D327C0 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: 4'^q
              • API String ID: 0-1614139903
              • Opcode ID: 47535e846abbf5ac8841156515519928c95d64c8f9d194e8d164d289af8eaea5
              • Instruction ID: ac50bed4d97de4a602786894f6b308fdc66e5236ed123e5ea63f2b2b52dc1e4a
              • Opcode Fuzzy Hash: 47535e846abbf5ac8841156515519928c95d64c8f9d194e8d164d289af8eaea5
              • Instruction Fuzzy Hash: 3D315C71F011258FCB49DB6DC494AAEBBFAAF8D310B114469D549EB365DA30DD018BE0
              Function 02C096F8 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: 4'^q
              • API String ID: 0-1614139903
              • Opcode ID: e8fe48d9fa0293b5d964e2dd1c1b18d2c89a89bf9d34ad21866e735b6d35ff51
              • Instruction ID: 5732e6f0e0a633ae16fcdebc70da661226c4074337dd759be25eac57add0dd8e
              • Opcode Fuzzy Hash: e8fe48d9fa0293b5d964e2dd1c1b18d2c89a89bf9d34ad21866e735b6d35ff51
              • Instruction Fuzzy Hash: 402100367003128BCB149F7CD881A5E7BEAEB89311B148A69E409CB385DF30EC428B91
              Function 06D3974F Relevance: 1.3, Strings: 1, Instructions: 82COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (bq
              • API String ID: 0-149360118
              • Opcode ID: d62ef067dde41eadcb97676eda5aae5389b9d4526bc6bbb17d2722cce81b821b
              • Instruction ID: 79451f57318cb48aea61d4e8c6b0e6dbcc29101246967bd3c111453f29a04532
              • Opcode Fuzzy Hash: d62ef067dde41eadcb97676eda5aae5389b9d4526bc6bbb17d2722cce81b821b
              • Instruction Fuzzy Hash: 01213430A09251AFD7959F7898647AE7FB2EF86310FA0495CD4829F3C1DEB46C05C7A1
              Function 06D399C0 Relevance: 1.3, Strings: 1, Instructions: 73COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: PH^q
              • API String ID: 0-2549759414
              • Opcode ID: 30f1f9060d4f38df22abb011bcee963ce5a588a8578e7d4fb255b692cd215185
              • Instruction ID: bb7dcaf69cb80a86d5acb8298a13b46e5ec637026db0b0e0a3baf3ca73393f01
              • Opcode Fuzzy Hash: 30f1f9060d4f38df22abb011bcee963ce5a588a8578e7d4fb255b692cd215185
              • Instruction Fuzzy Hash: CB217431B002099BCB14DB65E858AAEBBFAEF88311F104165E905D7354DEB5DD01CBA0
              Function 06C9F951 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: LR^q
              • API String ID: 0-2625958711
              • Opcode ID: 56df103945e72143721bb9f595411b69e91f21037b8470fc7b4c9860ad11f395
              • Instruction ID: df8e7fbbd6d8b2e8326a427c10592ec4593e8d49bb6d6c388de7388aade065f7
              • Opcode Fuzzy Hash: 56df103945e72143721bb9f595411b69e91f21037b8470fc7b4c9860ad11f395
              • Instruction Fuzzy Hash: 46216034B10104AFDB149F69D459AAEBBF6EF88710F25805DE802EB390DE715D45CBA1
              Function 06C92A68 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: \;^q
              • API String ID: 0-2342212615
              • Opcode ID: 014042b0c5709472f344fa615da997e195ef5b8467ee93b6c8a1d0ef7150d103
              • Instruction ID: 3ce25c6e60378cc5ef92509f64673137e7c00d29d6f4849f3fce00e8a49d3a46
              • Opcode Fuzzy Hash: 014042b0c5709472f344fa615da997e195ef5b8467ee93b6c8a1d0ef7150d103
              • Instruction Fuzzy Hash: 7711C2327142044F9F649AAEA498A5FF7DBEFC4664324843EE50EC7754EEA5ED0143A0
              Function 06D350A0 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: 4c^q
              • API String ID: 0-396817635
              • Opcode ID: 7fdc32191ae5dc15e803542abcaf9399e474c5d99a023ee283c9750db5b67856
              • Instruction ID: 8c10557668e50db80a1fac886d2148af1525616ae9e44d3ecd0a7c1fb1027093
              • Opcode Fuzzy Hash: 7fdc32191ae5dc15e803542abcaf9399e474c5d99a023ee283c9750db5b67856
              • Instruction Fuzzy Hash: 6621CD70B00215AFDB64EF78A855BBE7BE9AB84240F040069F589D7280EE759D42CBA1
              Function 05A2DF80 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (bq
              • API String ID: 0-149360118
              • Opcode ID: 2aafd852ceb2c2fccf71f13ed8ea4696c477717f77d3148e6deeaf6628e9ea14
              • Instruction ID: e31044071da0a183df9e217e001a4fd68faa7062c03673fd3eeed18e59204510
              • Opcode Fuzzy Hash: 2aafd852ceb2c2fccf71f13ed8ea4696c477717f77d3148e6deeaf6628e9ea14
              • Instruction Fuzzy Hash: 6311BA3120D2700FC325473C98229FB3FAAEFE3310B54859AE1478B682DA294C0383B6
              Function 06C9FA48 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (bq
              • API String ID: 0-149360118
              • Opcode ID: 9787a22340a03b8928d51a1cee4610759ed1564a2ea8718980c25914b02b17e0
              • Instruction ID: e2b692ff5a2f2484060ce71f4a695397c00c51c2c8fb0b4ead94319a1858da7d
              • Opcode Fuzzy Hash: 9787a22340a03b8928d51a1cee4610759ed1564a2ea8718980c25914b02b17e0
              • Instruction Fuzzy Hash: C111E16160D7D05FC3175B34A82924A7FF1AF93315F09449FC082CFA93DAA8584AC7A6
              Function 06D398D9 Relevance: 1.3, Strings: 1, Instructions: 66COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (bq
              • API String ID: 0-149360118
              • Opcode ID: 6e031745de93797cdc482ba50bdfdffb257de8fb1fd2d2dda2d6e1243c1cc5aa
              • Instruction ID: 3d82c73954515e61d6cc9e8aab2b69e98050d6376692f3a40b9e4e5ea0f941dd
              • Opcode Fuzzy Hash: 6e031745de93797cdc482ba50bdfdffb257de8fb1fd2d2dda2d6e1243c1cc5aa
              • Instruction Fuzzy Hash: 3B11E93430D7905FC316A738A81445D7FA1AFC720175949AAE489CB7A2DD655C06C7A1
              Function 06C9F960 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: LR^q
              • API String ID: 0-2625958711
              • Opcode ID: 436838c28189e6658982ac7d7c8d6531a022e63fe055a06b7a660132d042efa8
              • Instruction ID: 2112aefef44eddb006f5c5d94a390a59100c5065a937a2f13ced09682d04cad1
              • Opcode Fuzzy Hash: 436838c28189e6658982ac7d7c8d6531a022e63fe055a06b7a660132d042efa8
              • Instruction Fuzzy Hash: 81216F34B101059FDB549F69D458AAEBBF6EF88710F25805DE802EB390DFB19D41CBA1
              Function 02C08D30 Relevance: 1.3, Strings: 1, Instructions: 60COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: 4'^q
              • API String ID: 0-1614139903
              • Opcode ID: 7afac1dc1fcff9fa68d3f8beda43f1de28d95c562fd588d175b9036521e17a5e
              • Instruction ID: 79708e1d63408ffe227f8402f67e387cdbd54815405f825255f36d9a23d765d9
              • Opcode Fuzzy Hash: 7afac1dc1fcff9fa68d3f8beda43f1de28d95c562fd588d175b9036521e17a5e
              • Instruction Fuzzy Hash: 7A11C4396107218BC3159B78D44A24A7FAAEB95701F104A69E44ACF740EF34E842CF82
              Function 06C945A0 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: {
              • API String ID: 0-1361480709
              • Opcode ID: 8d8ff098f210d655c931f010c632c1d289035201644fff3d475e173d2d07b947
              • Instruction ID: 71455fdd43190ca2091e157488196f308289625854c2fa822302ae5d030e65ad
              • Opcode Fuzzy Hash: 8d8ff098f210d655c931f010c632c1d289035201644fff3d475e173d2d07b947
              • Instruction Fuzzy Hash: 5001F9707053209FD759D716E854B973BD1EF42251B10466AE408CF291DB719D46CBE0
              Function 05A2D272 Relevance: 1.3, Strings: 1, Instructions: 38COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: 4'^q
              • API String ID: 0-1614139903
              • Opcode ID: cbe2a04ac39122d3a3363ea3f7b8a9de9b52b19d65d98e7da6b8ba94fe37723e
              • Instruction ID: ba2e2dcc37305de4fcfcd3f0fd00027276a985d780f790f660086356dc250f16
              • Opcode Fuzzy Hash: cbe2a04ac39122d3a3363ea3f7b8a9de9b52b19d65d98e7da6b8ba94fe37723e
              • Instruction Fuzzy Hash: 29F0C2302003115BC314DB2AD890EAEB7D6EFD4215B248E6CE4498F225EE31EC478790
              Function 02C08D20 Relevance: 1.3, Strings: 1, Instructions: 34COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: 4'^q
              • API String ID: 0-1614139903
              • Opcode ID: 2e4f2fae5b5932db12883aa78e581f03994745732344259b7565fc1338404db9
              • Instruction ID: d2b5dd9c8f37350e675b65e927007f1604fa526178d4c6c88b1f67026ad86c8f
              • Opcode Fuzzy Hash: 2e4f2fae5b5932db12883aa78e581f03994745732344259b7565fc1338404db9
              • Instruction Fuzzy Hash: ADF05939210B204BC3159628D8457CB7BA6EFD4701F244719F8898F344DF70784A8FD2
              Function 06C945B0 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: {
              • API String ID: 0-1361480709
              • Opcode ID: 3cd707fbc3b9afdcdeac88329d367dab626e6c69f5929c8054ee4846c3154a08
              • Instruction ID: 841c0ebbe281f73ea32f88381ff1c08fc3f15fdda9125ce45801734bffae2a2b
              • Opcode Fuzzy Hash: 3cd707fbc3b9afdcdeac88329d367dab626e6c69f5929c8054ee4846c3154a08
              • Instruction Fuzzy Hash: 2AF09070B052249BDB98EB1AD444B9A37D2EF41325B208679E009CF255DBB19C47CBD0
              Function 02C07240 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: k9Y!0
              • API String ID: 0-1825060378
              • Opcode ID: 0a5f7f55061f4ab70756893f343f45cc37d91d816883499994a357e297bbd3e7
              • Instruction ID: bfe2e7b85d2a48c8dcce4d3c1a8b194bd9112a075973d3686a0f58ba2f408fc8
              • Opcode Fuzzy Hash: 0a5f7f55061f4ab70756893f343f45cc37d91d816883499994a357e297bbd3e7
              • Instruction Fuzzy Hash: B5D02B3650931817CB04997D84417C97FE9C744070F414079D04CC7301DC706D4106E6
              Function 02C07250 Relevance: 1.3, Strings: 1, Instructions: 16COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: k9Y!0
              • API String ID: 0-1825060378
              • Opcode ID: 3c39c301b257fd5ba87c82b7e56e85e1900e447eb4cec56082e1f553daf21e64
              • Instruction ID: 3dac5ac4fef89f461158db7df385ef11dcc02c0f84f989bfea5875cac489e48c
              • Opcode Fuzzy Hash: 3c39c301b257fd5ba87c82b7e56e85e1900e447eb4cec56082e1f553daf21e64
              • Instruction Fuzzy Hash: 18D012726043182B4B05DAAD54504DE7FEDCA84170F01407AD50DD7241ED716E4046E9
              Function 02C0E7F8 Relevance: .4, Instructions: 408COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 50f278dd034600f232f2991024945da35575c6a2645fe817194c4b7801c7a311
              • Instruction ID: f39eea9cfccb6a06407301564be003ca0dc8034ff08dc568478545d55965874a
              • Opcode Fuzzy Hash: 50f278dd034600f232f2991024945da35575c6a2645fe817194c4b7801c7a311
              • Instruction Fuzzy Hash: F6E15A74B402158FDB14DF78C894A6A7BB6BF89301F1588A9E54ACB3A2DF34ED41CB50
              Function 06D30EAF Relevance: .4, Instructions: 350COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6c5d3855a2ca4b8759979fcbf2bd8181e0958d3861190a542286c7c5077517bf
              • Instruction ID: b1c3751f744c11c9485835687b06f79062102fd11c05c4ade9f0baf7a34a5a2b
              • Opcode Fuzzy Hash: 6c5d3855a2ca4b8759979fcbf2bd8181e0958d3861190a542286c7c5077517bf
              • Instruction Fuzzy Hash: 67F15B34E0036A8FDB55CFA8C988B9DBBF2BF4A300F158195D848AB255D774ED85CB90
              Function 02C0D9E0 Relevance: .3, Instructions: 348COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0c8dd23b40a8b422ef3b1e70b50078f6c372852ab32a6a9d63340a4ab84c787a
              • Instruction ID: 63e38f35069d82e82ad2bcc87054a4ffff4e596a48554285f04d3ebad0f4babe
              • Opcode Fuzzy Hash: 0c8dd23b40a8b422ef3b1e70b50078f6c372852ab32a6a9d63340a4ab84c787a
              • Instruction Fuzzy Hash: 28E12834A00205DFCB14DFA5D498A9EBBB2FF88311F148568F85A9B3A5DB34ED41CB90
              Function 06D3E628 Relevance: .3, Instructions: 309COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 93148ccabf3aa57a2b69dc8e83e6a9c44cf1fb3009bfad197dc590bf860a7fbf
              • Instruction ID: 6c11500be058d8b409bf9e459f4721f3f87499577b4c79ad2a7bbc3175008818
              • Opcode Fuzzy Hash: 93148ccabf3aa57a2b69dc8e83e6a9c44cf1fb3009bfad197dc590bf860a7fbf
              • Instruction Fuzzy Hash: 33B1E031B01311AFDB59AB34D45872E37E2EFC5605B244869E54ADB391EF34EC42CB92
              Function 02C0F6F9 Relevance: .3, Instructions: 299COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9acc12386e32bbf30e190f790922b654b8393ca7cd8e771567a88f9417687def
              • Instruction ID: eae52ea844e8ca7651343adae1a5cdcdd081143add22b2a1c4e15235066aab4e
              • Opcode Fuzzy Hash: 9acc12386e32bbf30e190f790922b654b8393ca7cd8e771567a88f9417687def
              • Instruction Fuzzy Hash: 3AD12834A102198FCB25DF64D899B9D7BB6FF88305F1084A9E90AAB390DF319D81CF50
              Function 05A2E5AF Relevance: .3, Instructions: 299COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5ce1c632a6be3f0cf836a167272e83c9df373bb34d05fb75e5fca40f34211c47
              • Instruction ID: 9251148287baea7e7a0271884d17b5443abe2ebafb6d383ba45030ac62fe4bbf
              • Opcode Fuzzy Hash: 5ce1c632a6be3f0cf836a167272e83c9df373bb34d05fb75e5fca40f34211c47
              • Instruction Fuzzy Hash: 0FD18A34E002698FDB15CFA9C984AADBBF6FF49300F1480A9E855AB355DB30E985CB50
              Function 06C95100 Relevance: .3, Instructions: 276COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4f57645137ba45de49a32bb7280fc424a28a433c2170026c99ed65f9d592db64
              • Instruction ID: b6412a579cd7a41aee7cdc2a66d5890d0e650fe2a0b024b579fe4796e23ab211
              • Opcode Fuzzy Hash: 4f57645137ba45de49a32bb7280fc424a28a433c2170026c99ed65f9d592db64
              • Instruction Fuzzy Hash: 6BB1E674B0060A9FCF45DFA9C59499EBBF6FF89300B608469E506EB350EB31AD05CB61
              Function 06C99FEA Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a73296765cd2d5a747a343cc5bb554b6e78eed4c607fbbf8423dc91eabaf4704
              • Instruction ID: 7c374915b48832d8200fbe6d895126eac42e2e9af93c30ef046b94c352b3a979
              • Opcode Fuzzy Hash: a73296765cd2d5a747a343cc5bb554b6e78eed4c607fbbf8423dc91eabaf4704
              • Instruction Fuzzy Hash: 6DA16934B002199FDF449FA5D898BAE7BB6FF88311F144468E9069B394DB34DC41CBA0
              Function 06D38505 Relevance: .3, Instructions: 266COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c463ac61802b426104e72671562623f47ebadcb329a857fc5853abc6ac1c3b71
              • Instruction ID: 336b27092a9543fa91b72d7dbb56b5040e0bdec26814a498df88c703c66157ac
              • Opcode Fuzzy Hash: c463ac61802b426104e72671562623f47ebadcb329a857fc5853abc6ac1c3b71
              • Instruction Fuzzy Hash: B6B18EB0E10219CFDB50CFA9D8857EEBBF2BF88314F148529E459E7290EB749845DB81
              Function 02C08FD8 Relevance: .3, Instructions: 256COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 71a5ea64dd0517662b5a4b150fa7950c247a761c33e22ab290314f35d535aa75
              • Instruction ID: 3a054729893acc7b907e194242ce650fb22f439b67b4878b698a37db8995e244
              • Opcode Fuzzy Hash: 71a5ea64dd0517662b5a4b150fa7950c247a761c33e22ab290314f35d535aa75
              • Instruction Fuzzy Hash: 1491BE39B002149FCB069BB8D858A9D7FF6EF89310F0481A8E506DB2A2DF359D41CB91
              Function 05A2B3F2 Relevance: .2, Instructions: 237COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0b2a2a6a53b9bd2bc82b8b96eaa06a46a71e0682f5e08b699c3be183377d0183
              • Instruction ID: bd74cf6e313a012ae903bb95276739a56f9e92de7ef725deeac85d17597daa91
              • Opcode Fuzzy Hash: 0b2a2a6a53b9bd2bc82b8b96eaa06a46a71e0682f5e08b699c3be183377d0183
              • Instruction Fuzzy Hash: 3191BB71B043668FDB05EF38D540AA97BF2EF44305B148869D44ADB356EB35EC86CB60
              Function 06D314E8 Relevance: .2, Instructions: 235COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b5f4fd589f011f4c928568a728507ee4f0826e0be2aebcae27a3eae1040834be
              • Instruction ID: da95d6414e0db82e3d4f8b75ddea76c793120268eef11ef75c807555f385ea93
              • Opcode Fuzzy Hash: b5f4fd589f011f4c928568a728507ee4f0826e0be2aebcae27a3eae1040834be
              • Instruction Fuzzy Hash: BF814974A1022ADFDF948FA5CC4497B7BF6FF88391B148829E9569B350DB30D845CBA0
              Function 06D317C3 Relevance: .2, Instructions: 225COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2b175529168549d776c4a175c8b8f9bb1a21936377e762b4a77032b7f9529d6d
              • Instruction ID: 326cbdc262bdd7848c9a5d5fe2eaecf84f91567d4f63ae6fc573e26c6f35b314
              • Opcode Fuzzy Hash: 2b175529168549d776c4a175c8b8f9bb1a21936377e762b4a77032b7f9529d6d
              • Instruction Fuzzy Hash: 07A1E335A01119EFCB54DFA4E984EAEBBB2FF88301F158059E905A7364CB31EC12CB50
              Function 02C098A0 Relevance: .2, Instructions: 209COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2850f783698cee763dde10a885d96d3b34c0bbc1cb5ebf0bd6de613b2d0df922
              • Instruction ID: 30251354eb2bb9edf19f72dff816e7354c080ef37f28befd1235b214b7bb02d3
              • Opcode Fuzzy Hash: 2850f783698cee763dde10a885d96d3b34c0bbc1cb5ebf0bd6de613b2d0df922
              • Instruction Fuzzy Hash: 2161B038B013118BDB146B7A945932E7BDAAFC9785B144479E906CB3C1EF38DD42CB91
              Function 06C99F3C Relevance: .2, Instructions: 201COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a11203e8aab151844c8bbdcd0ec0b8c86e7c635df4c0d97b2164bffbb9607dcb
              • Instruction ID: f2c921e24372a0c24c4685f258260dd2d5bd9b60fbcdafdffa87060e718abee4
              • Opcode Fuzzy Hash: a11203e8aab151844c8bbdcd0ec0b8c86e7c635df4c0d97b2164bffbb9607dcb
              • Instruction Fuzzy Hash: 20616834B002059FDB449F74D858A6E7BA7EF98710F154469EA02CB3A1CF74DD42CBA0
              Function 06D3C1F8 Relevance: .2, Instructions: 198COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 57d21987925a69174dffe02b7be3894188926a506f565ae6c675301959220044
              • Instruction ID: 5421b768e5eca5280b76fc4712e239e8ad302e656c5a622750e28db2cdd43ef0
              • Opcode Fuzzy Hash: 57d21987925a69174dffe02b7be3894188926a506f565ae6c675301959220044
              • Instruction Fuzzy Hash: CF718D34B102159FDB54DF79D994BAEB7F6AF88200F148429E44AE7394EB35EC41CBA0
              Function 06D3C1E7 Relevance: .2, Instructions: 198COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b8283bc25d0de55384240a851c389e1ceaed2df8e866473c8dbf49016834d919
              • Instruction ID: 919f5d6571c1d590a0e8fed6db4b7d2c1481ec463a9571609da569cc5115961c
              • Opcode Fuzzy Hash: b8283bc25d0de55384240a851c389e1ceaed2df8e866473c8dbf49016834d919
              • Instruction Fuzzy Hash: 0971B034B10215AFDB54DF79D994ABEB7F6AF88200F148429E44AE7354EB34EC41CB90
              Function 06D3BE3E Relevance: .2, Instructions: 191COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c90ae840bfc77b0be9c50352ac81661a0dc7ef8f109964b218b361a090f0c7f7
              • Instruction ID: b7e2797148ed146c331b48d32b6f2531771ea1adfb621207abea3e4951c918d7
              • Opcode Fuzzy Hash: c90ae840bfc77b0be9c50352ac81661a0dc7ef8f109964b218b361a090f0c7f7
              • Instruction Fuzzy Hash: 0B717E71A043528FCB05EF39C84055A7BF2FF95305B1488AAD849DB35AEB31ED46CB91
              Function 02C0D9D0 Relevance: .2, Instructions: 187COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 94c211558ed29b90043a8a3b78364142729be62e6e3ef2fa7922ba64e459e05f
              • Instruction ID: d3d3abeadbd81f96f9cb9f8c36d4d4c90a21b255391e629f7eaeded098f28250
              • Opcode Fuzzy Hash: 94c211558ed29b90043a8a3b78364142729be62e6e3ef2fa7922ba64e459e05f
              • Instruction Fuzzy Hash: A381B474A002099FCB14DF64D598A9DBBB2FF88311F158568F81AAB3A5DB34ED41CF90
              Function 06D3A860 Relevance: .2, Instructions: 185COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1d9c3e2b0ecb32204b1857c9dddf829b52c1de9faff34329199b06d5815b166c
              • Instruction ID: 11c9b32348c8121f9afe5f5e75dc028d4db790b377bce81cfd39580f25308540
              • Opcode Fuzzy Hash: 1d9c3e2b0ecb32204b1857c9dddf829b52c1de9faff34329199b06d5815b166c
              • Instruction Fuzzy Hash: 9E51BF30B10254AFDB54DF69D854AAEBBF5EF8A210B1840A9E889EB361DB31DD05CB50
              Function 06C9C268 Relevance: .2, Instructions: 183COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a7c0629d4abb11e5d443eaf68d5ca775df0b7d15f8e86e9bba3b0fb0a2d464e2
              • Instruction ID: e53941bd732ad1ad5b983d3d1d033030b1ea23a7f643371caacbe8d07bcc534d
              • Opcode Fuzzy Hash: a7c0629d4abb11e5d443eaf68d5ca775df0b7d15f8e86e9bba3b0fb0a2d464e2
              • Instruction Fuzzy Hash: 5081F375A10209DFCB54DFA8E988A9EBBB2FF48311F118169E905A7360CB31EC51DF60
              Function 06C9A569 Relevance: .2, Instructions: 171COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7833f002396b9c0e20e400139905a8cf1ffa02f0a0d477f9a36fa82343de6d6a
              • Instruction ID: e0bf43c575cf0f4ad86e66479fb6b3ff4f998ac730d74fcb20bdb2db4b19d35c
              • Opcode Fuzzy Hash: 7833f002396b9c0e20e400139905a8cf1ffa02f0a0d477f9a36fa82343de6d6a
              • Instruction Fuzzy Hash: 8D516C347107109FCB549B6AD49862ABBF7EF88300715845ED54ACB764DB74EC82CBA4
              Function 05A2FCA8 Relevance: .2, Instructions: 161COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c936316ed3c55381c63a48b0a10aedcce953bcb72b28c3a7d34c1ea183dfcd59
              • Instruction ID: 7be552b2c4891ebce3a39bd3a1c2e88fb83b5fc690f4c11bad563592ffa35495
              • Opcode Fuzzy Hash: c936316ed3c55381c63a48b0a10aedcce953bcb72b28c3a7d34c1ea183dfcd59
              • Instruction Fuzzy Hash: C351EF347142258FCB589B2DC89AD2A77F7BF89A0532980A9E516CB376CE31DC45CB60
              Function 05A2EE5C Relevance: .2, Instructions: 157COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4f82ef3acd8026b53851d53ee5fb076785b057d6f4f5470f472bc600a73fe4c6
              • Instruction ID: f3bf765993cfbbce30d5d491714ac2d09c91b40d3fff0ff047fbabd6029036b4
              • Opcode Fuzzy Hash: 4f82ef3acd8026b53851d53ee5fb076785b057d6f4f5470f472bc600a73fe4c6
              • Instruction Fuzzy Hash: 79517D35B042249FEB109F69D855F7EB7F6FF88720F154169E906AB2A0CA319C41DB60
              Function 02C0D320 Relevance: .1, Instructions: 143COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 535bee345266ecdb2786f9050b7b55bb30df981d55784c5765e5c72193f6ad94
              • Instruction ID: d3446e7047cc15187b547fd198558e3cf1682692a614f19070407bc01da65a5b
              • Opcode Fuzzy Hash: 535bee345266ecdb2786f9050b7b55bb30df981d55784c5765e5c72193f6ad94
              • Instruction Fuzzy Hash: AB51FC78A11219EFCB18DFA4E8949ADBBB6FF88314F108019F906A7394DF75A941CB50
              Function 02C0DDA7 Relevance: .1, Instructions: 140COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b10a641adaa912c3cfd81d7f55f109dbbb587c8c834baed3548a7b0b266bd124
              • Instruction ID: 3a53da4ec66352143b826399b4e70bdddc39dc9af451b0561c6929ff013d6a89
              • Opcode Fuzzy Hash: b10a641adaa912c3cfd81d7f55f109dbbb587c8c834baed3548a7b0b266bd124
              • Instruction Fuzzy Hash: CC51C634A00209DFCB14DFA4E594AADBBB2FF88315F158558E906AB3A5CB35ED42CF50
              Function 06C95E49 Relevance: .1, Instructions: 139COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 860dbf82c11940815c1d800d541a089628623530f99e422d6c2ddf7210be142e
              • Instruction ID: 06149519293904372bf8b0d941dd5ec6b8b4a4554ba25ed1f4dcec994c4234da
              • Opcode Fuzzy Hash: 860dbf82c11940815c1d800d541a089628623530f99e422d6c2ddf7210be142e
              • Instruction Fuzzy Hash: 33518170B10214AFDB45AF69D4986AEBAF3FFC4204F24952DE406AB344DF319C06CBA5
              Function 05A2B7D0 Relevance: .1, Instructions: 137COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f35ce6f26fba91ebd104665c9a65b7a7b72ca7d77cd9984253f842f71054ee96
              • Instruction ID: 53873d2dd295119456272ac824743a1d1acf4e88f8677d8e60f80da9f39cf32c
              • Opcode Fuzzy Hash: f35ce6f26fba91ebd104665c9a65b7a7b72ca7d77cd9984253f842f71054ee96
              • Instruction Fuzzy Hash: A8513A30A14219DFCB54DF68D499EADBBF2BF48300F208459E40AEB7A0DB709C44CBA1
              Function 02C032A8 Relevance: .1, Instructions: 126COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bee8e58d3365e884ea9bd54febcfb7525f4806681ef3df27c9373c4e7894a632
              • Instruction ID: 34c2c5e9e522ffe998fcf7798ae19f00a5aa109809e233ca0f14d8b4676b690e
              • Opcode Fuzzy Hash: bee8e58d3365e884ea9bd54febcfb7525f4806681ef3df27c9373c4e7894a632
              • Instruction Fuzzy Hash: 1F41AF34B01205AFC714EF74E4956AEBAF2EF88201F50486CF9469B394DF35AD058B91
              Function 06C97487 Relevance: .1, Instructions: 125COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8a988230c283fd47dbd658e7bb16ad25764c5db8f867fe1ee3864eac7a14a7f6
              • Instruction ID: 6d47e077f2e0dc0e87d66e4526de864fefd1a9a9b95ba5af192ef61a44968187
              • Opcode Fuzzy Hash: 8a988230c283fd47dbd658e7bb16ad25764c5db8f867fe1ee3864eac7a14a7f6
              • Instruction Fuzzy Hash: 9D412A79B111058FCB94DFA9D988AAEF7F5EF88620F108069D909D7351DB30E941CBB0
              Function 06C9A3B8 Relevance: .1, Instructions: 123COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2abbe577e52268d96b8a4f4db3114f23f55d43e0bd3826d4b94f8aa45700bfcc
              • Instruction ID: 89b5ce4d6c61f7ed9c4248bc006fe295acd8a7b6cec4541ab6fed8180965810c
              • Opcode Fuzzy Hash: 2abbe577e52268d96b8a4f4db3114f23f55d43e0bd3826d4b94f8aa45700bfcc
              • Instruction Fuzzy Hash: 8E3135303047908FDFA556BA981C67A77B6DF41614F0454AFE507CBAA1CE24DC418BB2
              Function 05A2B25A Relevance: .1, Instructions: 123COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3fae4adf6c002d4f71f035b79e0fe0faa81352be69cf23ea956d840877cb1079
              • Instruction ID: 0b967582e655b885cee56054988e00a008e14736cbd9f9f7c7bbd8cb020c6c1b
              • Opcode Fuzzy Hash: 3fae4adf6c002d4f71f035b79e0fe0faa81352be69cf23ea956d840877cb1079
              • Instruction Fuzzy Hash: E6419F75B003249FDB44EF79E845A7F77E6FBC82417548629E40ADB245EE30DC0A8BA0
              Function 06C9B928 Relevance: .1, Instructions: 122COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 20dbcd7c32f1c5f6275e16c1f645adb02cf7326298f2ceb451622a8a1dcf45f1
              • Instruction ID: 07f347197de7944e46ef7441c50ed58d0344d7ef611ff6c500f5c9be61f5496b
              • Opcode Fuzzy Hash: 20dbcd7c32f1c5f6275e16c1f645adb02cf7326298f2ceb451622a8a1dcf45f1
              • Instruction Fuzzy Hash: 9241C435710200AFDB658F25E8487677BE2EF94310F05846EE6468B3A1CB31DC45CB60
              Function 06C94B90 Relevance: .1, Instructions: 111COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6fa9a4cf2fed3ba72ed4b65bcd6aaaac876af2055949d850004aea818bff3da7
              • Instruction ID: a4ea72ce2b74f51be651fd2c2d721f25fdf877342104fb4fbba11fb194fb7c5d
              • Opcode Fuzzy Hash: 6fa9a4cf2fed3ba72ed4b65bcd6aaaac876af2055949d850004aea818bff3da7
              • Instruction Fuzzy Hash: 104194715002199FCB78EB94D854BEF73FAEF80305F508A2DD15697140CF70AA8ACBA1
              Function 05A2B268 Relevance: .1, Instructions: 111COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1c19d5f5386542fca0a77ed63b4c08bc57b1c78c0c3a83527072d1f818b7c9bf
              • Instruction ID: 15023115f28a8cb836d1f046effe80d27b375487dd08264e37548ed8d49477cc
              • Opcode Fuzzy Hash: 1c19d5f5386542fca0a77ed63b4c08bc57b1c78c0c3a83527072d1f818b7c9bf
              • Instruction Fuzzy Hash: EB319171B003159FDB44EF79D845B6E7BE6FB88241B148629E40AD7345EE30DC0A8BA0
              Function 06C928F0 Relevance: .1, Instructions: 108COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c13a5fe70524e691ee524aeed7c4e17580c551e6da991aef15cbce5b52814a0a
              • Instruction ID: 53270e32b100d651c61a44c717aa79da06eafe09b1cad049d5512bfe3301817b
              • Opcode Fuzzy Hash: c13a5fe70524e691ee524aeed7c4e17580c551e6da991aef15cbce5b52814a0a
              • Instruction Fuzzy Hash: 83415C70B102099FCB14CFA9C494E9EBBF2AF8C710F148469E845AB361DB75ED42CB90
              Function 02C07060 Relevance: .1, Instructions: 105COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5d847248fcb0fc8c16f4c6cd2984a496ee679a8e63d3b0680a1e6dcfa4064742
              • Instruction ID: 8741212bae30e02bc21de3d3c7528f3aaa4741fc81c74937f5341d9fda3cd2ba
              • Opcode Fuzzy Hash: 5d847248fcb0fc8c16f4c6cd2984a496ee679a8e63d3b0680a1e6dcfa4064742
              • Instruction Fuzzy Hash: 7B31ED74B04359AFDB04EB78DC557AE7BB2AB85300F1080A4E505EB3D5DF34AE068BA1
              Function 06C94BA0 Relevance: .1, Instructions: 104COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bee871a4aa0eb5a36c8ef86ae0070462bad80b1cb0e7799832481e2a18a2aea1
              • Instruction ID: ff249870b7b77dde5ea22ae617ce77731a94f128241bbab15aa6d07ece4a314d
              • Opcode Fuzzy Hash: bee871a4aa0eb5a36c8ef86ae0070462bad80b1cb0e7799832481e2a18a2aea1
              • Instruction Fuzzy Hash: 5D4163719102199FCB78EB94D444BEE73FAEB80305F508A2DD11657540CF70A98ACBA1
              Function 06C98EC0 Relevance: .1, Instructions: 102COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f0d073dcaf9e679b3bc9411df891abbacad9af7eb5b351f1d73a314f669a097c
              • Instruction ID: 87667954ad44aaf648b9c22994863069c8ac091127353902d9f58bc095e02244
              • Opcode Fuzzy Hash: f0d073dcaf9e679b3bc9411df891abbacad9af7eb5b351f1d73a314f669a097c
              • Instruction Fuzzy Hash: 16314635721014CFCB84DF28D4988A877B6FF4A61475585DAE506DB272DB31EE14CBA0
              Function 06C935B3 Relevance: .1, Instructions: 101COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eb17fb68d242174210a8a60caeab2566f709a0f537f3937b26ed2fe25ba70c06
              • Instruction ID: fc0b6f382501d55feef9318e0620a6826b38efed6c4a797013f7e9554ca3a428
              • Opcode Fuzzy Hash: eb17fb68d242174210a8a60caeab2566f709a0f537f3937b26ed2fe25ba70c06
              • Instruction Fuzzy Hash: 4531EE357007819FCB549F29D99882ABBF7FF89201705856EE94ACB351DB30ED05CBA1
              Function 06C92BC8 Relevance: .1, Instructions: 101COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5ae9c7488c4f7dd5a05bb09fc84866093eb0dfca82992e5a0e1549384f253f6d
              • Instruction ID: 34a647c8fc85bde32af0128c02a9d20d2a56e33b470bce6760ff5e0bffa564ce
              • Opcode Fuzzy Hash: 5ae9c7488c4f7dd5a05bb09fc84866093eb0dfca82992e5a0e1549384f253f6d
              • Instruction Fuzzy Hash: 5031E531B102159FDF60EF69D8487AAFBE9EFC4210B14806AD549CB605D774EA01C7B1
              Function 06D3BD27 Relevance: .1, Instructions: 99COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fad963bc9469e68c109c9f5ae3a7c82d9930f6eed749d4558bb4d7efdd17613a
              • Instruction ID: ce8e0f93b90abf04aa219b304c51703fa75a36aa457aa9b846413b70df9dcc00
              • Opcode Fuzzy Hash: fad963bc9469e68c109c9f5ae3a7c82d9930f6eed749d4558bb4d7efdd17613a
              • Instruction Fuzzy Hash: 47310831A042199FC714EF68D480A6EBBB2FF95310F24C55AD449DB345DA31EC86CB91
              Function 06D32150 Relevance: .1, Instructions: 97COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 313fc155e2bff6c91bfa0a636bda09d3a1cad2b345d1682e89d6abd73398ea19
              • Instruction ID: a78adb9e10434eaddaa2912f493764c3168bdb023d0cf23ee5262fe02c940fc1
              • Opcode Fuzzy Hash: 313fc155e2bff6c91bfa0a636bda09d3a1cad2b345d1682e89d6abd73398ea19
              • Instruction Fuzzy Hash: 1D31A434B04215AFDB24CF25DC84AAB7BEAEF89310B148529F846C7365CB30ED45CBA0
              Function 06D36154 Relevance: .1, Instructions: 97COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e147c3ad92d6a4fa9183ed631f0a3a7c00570373a417945fac59f8b5c463dae6
              • Instruction ID: f79b042be40f100f8ae622bd8f1ca5365d65c232be507da80965a2351b5392ac
              • Opcode Fuzzy Hash: e147c3ad92d6a4fa9183ed631f0a3a7c00570373a417945fac59f8b5c463dae6
              • Instruction Fuzzy Hash: 274102B0D00349AFDB50DFA9C984ADEBFF5EF48310F248429E819AB250DB75A945CB90
              Function 06D39BC1 Relevance: .1, Instructions: 94COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fc44965cae4d00e0d6a0caa21a367029efc6de537e098425f0f556a956b21b9b
              • Instruction ID: f63dc0582e7a1df7c6759ad68bd0834516bea30f290a6a04468146a1bc2d7202
              • Opcode Fuzzy Hash: fc44965cae4d00e0d6a0caa21a367029efc6de537e098425f0f556a956b21b9b
              • Instruction Fuzzy Hash: 49313830B012128FCB45DF68C898A69BBF1FF88301B5485A9E055CF3A5EBB1DD41CB80
              Function 06D3C0C8 Relevance: .1, Instructions: 92COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 289c21d034aa8a4074096f38314d7cbdf0c03b1409e99d6eba3b80e6dc7829fd
              • Instruction ID: db6cbb5321740221ab104231f5cc8bd7723fd08f5ce55d08c476565e5c01eb4e
              • Opcode Fuzzy Hash: 289c21d034aa8a4074096f38314d7cbdf0c03b1409e99d6eba3b80e6dc7829fd
              • Instruction Fuzzy Hash: 9E31FD31F053919FDB08AB35D98412EB7F2AFD6204724082AC949DB305EF31EC06DB91
              Function 02C077D8 Relevance: .1, Instructions: 91COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f7f59800288e31a6f8e5fc3fda318424c193a1de61306b5b80943e2c52f075df
              • Instruction ID: 930def28e04ef999a84ad609069cb0c2c4c36ab677992269fa6aa36301b3a1da
              • Opcode Fuzzy Hash: f7f59800288e31a6f8e5fc3fda318424c193a1de61306b5b80943e2c52f075df
              • Instruction Fuzzy Hash: 65316832D107068ACB10AFB9D840799B7B1FF99324F248729E559B7240EB30B9E4CB90
              Function 06D34ED8 Relevance: .1, Instructions: 90COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 05edb8eac200e79c8a123019d839d8d51bf737a2c474a7c3e1db8b4bac61cb3e
              • Instruction ID: 6208bfdbffc38e0ecf76e5d6cc699ed176c3887d1bf7679049ce89c4596e83a1
              • Opcode Fuzzy Hash: 05edb8eac200e79c8a123019d839d8d51bf737a2c474a7c3e1db8b4bac61cb3e
              • Instruction Fuzzy Hash: 2F313738A00204DFD754DF69C988EA9BBF5EF49755B254098E842AB365CB31EC41CFA0
              Function 06D36160 Relevance: .1, Instructions: 90COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8bb4e7b365f4ced9550d650ad3a986c85998f28360489c27dd8382326da46584
              • Instruction ID: e07330d17f24eb13d5ce4109fa79060cd5d3003ccbc4313b84e97647749355c9
              • Opcode Fuzzy Hash: 8bb4e7b365f4ced9550d650ad3a986c85998f28360489c27dd8382326da46584
              • Instruction Fuzzy Hash: 0841E1B0D00349AFDB10DFA9C984ADEBFF5FF48314F108429E419AB250DB75A945CB90
              Function 02C0B8B8 Relevance: .1, Instructions: 87COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fb5118b1df9e682326e073ea83c099aba98d4e3979e0fa53f283548121ce46ad
              • Instruction ID: 81c52cc4e2b2498cb5259d0623f404bb191ab6affbf520b17f5f8f25c9f41f86
              • Opcode Fuzzy Hash: fb5118b1df9e682326e073ea83c099aba98d4e3979e0fa53f283548121ce46ad
              • Instruction Fuzzy Hash: 48318D74A002159FCB04DF29D888B69BBF5FF84319F548668E4098F395CB70ED46CB90
              Function 06D32F39 Relevance: .1, Instructions: 86COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 965d450e3cca0280cc4a332d579b78552d133c0005658a75c8b1e484d390369e
              • Instruction ID: 7377aec7de2146e29b06303fa5ae4fdd9867dda6257697e229e61fa3db5c0493
              • Opcode Fuzzy Hash: 965d450e3cca0280cc4a332d579b78552d133c0005658a75c8b1e484d390369e
              • Instruction Fuzzy Hash: 7D315E367002109FC745DF59D884D5ABBB6FF89721B15809AFA058B772CB71EC11CBA0
              Function 05A2F04A Relevance: .1, Instructions: 86COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0474eb4d4c0e55399e121b3e11ec9e48eb80e43f84fe8fd0043fe8b18c9baea3
              • Instruction ID: 66a063d15e03cd90c2baedd619a63a777294f9dfa5d1f60e1a44ea4690ee59f2
              • Opcode Fuzzy Hash: 0474eb4d4c0e55399e121b3e11ec9e48eb80e43f84fe8fd0043fe8b18c9baea3
              • Instruction Fuzzy Hash: A4318E71A082159FEB18DB6ED857FBE7BF7AB88310F548019E912A7280DB715C41CF60
              Function 06C96B6F Relevance: .1, Instructions: 85COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b30cbc5c1067344306cfac5ba58b7bf124811965350795cfad86f4e658a3db12
              • Instruction ID: 099d3cc160c921efbb7259ac936417889ac958b13b1c369366b036ba200a1ecd
              • Opcode Fuzzy Hash: b30cbc5c1067344306cfac5ba58b7bf124811965350795cfad86f4e658a3db12
              • Instruction Fuzzy Hash: EB319F713042659FCB559F2AD89486EBBFAFF99205348456DF14AC7261CA30AC05DB60
              Function 02C077E8 Relevance: .1, Instructions: 85COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9267411ef6b11abfa65b0dbc6e92c2989b3a26f41408fb01c05af5ca81d6cc63
              • Instruction ID: 7f407ba2cd1eb7f1c8fa81cba656f83355c03d5d889f07f28420776ae214d8e9
              • Opcode Fuzzy Hash: 9267411ef6b11abfa65b0dbc6e92c2989b3a26f41408fb01c05af5ca81d6cc63
              • Instruction Fuzzy Hash: 97315B32D107068ACB10AFB9D8407D9B7B1FF99320F248719E559B7240EB70B9E5CB91
              Function 02C04929 Relevance: .1, Instructions: 84COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2f94d5a1cf1c3b61f5f23490876de277154fa9c33c381ca0ee3ce49d4dca7308
              • Instruction ID: 89a4621f20a67f41e0e8188241453cb90ec658e50906fb51fd5c2a352a7635d2
              • Opcode Fuzzy Hash: 2f94d5a1cf1c3b61f5f23490876de277154fa9c33c381ca0ee3ce49d4dca7308
              • Instruction Fuzzy Hash: 1131C235E1071A8BCB15AF79D4502EAF7B9FF85300F10862AD549BB280EF34B985CB90
              Function 010CF10C Relevance: .1, Instructions: 83COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139530619.00000000010CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010CD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_10cd000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a53bc039edea4f2fa48628c119abb2b44d3d210e40597e37fe72a25294677bbd
              • Instruction ID: cba6a386f3d0f31dd0e219a8d046137f92919fb63aa1defe19d63d9cae32f8f6
              • Opcode Fuzzy Hash: a53bc039edea4f2fa48628c119abb2b44d3d210e40597e37fe72a25294677bbd
              • Instruction Fuzzy Hash: F231BFB2500241EFCF469F54C9C4B1ABFA6FB88720F24859DED490A256C336D466DB62
              Function 010CE638 Relevance: .1, Instructions: 83COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139530619.00000000010CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010CD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_10cd000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a64e6655eac480c7884e6020bdf5e76b877c7d1bed11a473169e24b054abf39c
              • Instruction ID: 3955866b4d09619c598a8b6e73df428b15c1434050172795ac5dd10961f9ae11
              • Opcode Fuzzy Hash: a64e6655eac480c7884e6020bdf5e76b877c7d1bed11a473169e24b054abf39c
              • Instruction Fuzzy Hash: 0031E376500240EFCF469F54C9C0F1ABFA6FB48714F24869CEA4A0E266C336D866DF61
              Function 06C96B80 Relevance: .1, Instructions: 82COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 742c7477f65e081a9bdb464bd7a0d87a6ef3e94c4c495e4d1862e0d28a5467a6
              • Instruction ID: 371b17dfec5391fb9bf0ea5e78241e838fd9bf9d6d8cbac416450ef5c7719a54
              • Opcode Fuzzy Hash: 742c7477f65e081a9bdb464bd7a0d87a6ef3e94c4c495e4d1862e0d28a5467a6
              • Instruction Fuzzy Hash: 5A21BF713042608FCB54DB2AD88896EBBFAFF99205748446DF14AC7361CA70EC09DB60
              Function 05A2F02C Relevance: .1, Instructions: 82COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 72bf95d289d842dd52f98580e4ca0a6c613a3e02d2d012f0e244a79a5f454d97
              • Instruction ID: e491df78b88b2784c8a00d0fd9ba2748127d9f88b5326f0b76aeea0c4fa685a8
              • Opcode Fuzzy Hash: 72bf95d289d842dd52f98580e4ca0a6c613a3e02d2d012f0e244a79a5f454d97
              • Instruction Fuzzy Hash: 6431E171A042149FEB14DB69D896FBE7BF2FF88310F544049EA02AB280CB315C00CF61
              Function 06C93EDB Relevance: .1, Instructions: 81COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 50c1da08d07e2c456b6987e1e79582aa78c7d2f6a56cfec34e2fb0b2b436a16c
              • Instruction ID: 9e1d3797374471cd030b5b87e1a3585ed17a5838e57e042746310e9fea2aa9d7
              • Opcode Fuzzy Hash: 50c1da08d07e2c456b6987e1e79582aa78c7d2f6a56cfec34e2fb0b2b436a16c
              • Instruction Fuzzy Hash: 83317F352006518FC724DF29D888922BBF6FF8830570586ACE44E8B766DB31EC05CBA0
              Function 06D3BD38 Relevance: .1, Instructions: 81COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e7e74d80cf90ee43ffc020a77ad0fda3c50a1929469df816f29e5eb0f48d4cf2
              • Instruction ID: 297b080fd55019025787ab82e87bba393da88dbf02be5d8ba1a73e5035058b5e
              • Opcode Fuzzy Hash: e7e74d80cf90ee43ffc020a77ad0fda3c50a1929469df816f29e5eb0f48d4cf2
              • Instruction Fuzzy Hash: A431C531A0060A9FC704EF59D5809AEB7B6FF88300F24C559D409EB344DA31EC46CBD1
              Function 05A2B7C0 Relevance: .1, Instructions: 81COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3005cd8c1ccded325a1a105ffa48090febe1052ada1ef0d7e9d4382ed80bf00f
              • Instruction ID: 7fbb15a0c17d9c5dd01a513790efadf12be5a496a8bf80a158a36ee7ceb884ec
              • Opcode Fuzzy Hash: 3005cd8c1ccded325a1a105ffa48090febe1052ada1ef0d7e9d4382ed80bf00f
              • Instruction Fuzzy Hash: 5A314674A00228EFCB54DF68D599EAD7BB2FF48300F204469E406EBB61DB309C40CBA0
              Function 02C04938 Relevance: .1, Instructions: 80COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a6b30a88b32788d70715c9cb87156f0a92027bd302e5fc6630a19a960f4810aa
              • Instruction ID: e7d604cec840156905045cd379939b32261c6ab7ce8c66b93b73d61ad4e5b0e2
              • Opcode Fuzzy Hash: a6b30a88b32788d70715c9cb87156f0a92027bd302e5fc6630a19a960f4810aa
              • Instruction Fuzzy Hash: 8E31B435E1070A8BCF15AFB9D4542AEF7B9FF85300F108629D559AB280EF35B985CB90
              Function 02C0BA41 Relevance: .1, Instructions: 80COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e7667047825935c1b1eca994771e836a9c6d686795c92c31fa58cb6f3a33ca46
              • Instruction ID: 77f2fdd4c309e4599b72b11f8b134b2e9d6e3a09cb251ba22755df18aac11385
              • Opcode Fuzzy Hash: e7667047825935c1b1eca994771e836a9c6d686795c92c31fa58cb6f3a33ca46
              • Instruction Fuzzy Hash: 9A218E357002069BDB14DA3AC8C0BAEB3A6EFC4258B54883ED809DB384EB31DD02C751
              Function 02C07B81 Relevance: .1, Instructions: 80COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d8578a86d468239ed5fcd1d47b99616b0772e322eadf8bba772bb12ec216ae7e
              • Instruction ID: 646054df173b3cf896e72fa96efbe480ad8345289c4cced5fec0b06661e6c50a
              • Opcode Fuzzy Hash: d8578a86d468239ed5fcd1d47b99616b0772e322eadf8bba772bb12ec216ae7e
              • Instruction Fuzzy Hash: 6D21A038B26A908FDB1D5B71A49A3697FA9D741746F004068F407CE2C0DF39B985CF51
              Function 010CF010 Relevance: .1, Instructions: 80COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139530619.00000000010CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010CD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_10cd000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 22124738ff4cce2bd2ed080b48a516ceefbcf0eeb250fb9d72506e02cc25a806
              • Instruction ID: f07781c6b2eb69609f8348d2a9b6e2d2e6e384a58c33ba52fa157d933aed6e48
              • Opcode Fuzzy Hash: 22124738ff4cce2bd2ed080b48a516ceefbcf0eeb250fb9d72506e02cc25a806
              • Instruction Fuzzy Hash: 4621C3B2504201DFCB168F54C8C0B1ABFA6FB88B10F34869DE9490A256C336D416CF62
              Function 02C01272 Relevance: .1, Instructions: 79COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dc4505519fd6669bfac50a49a4e9099fc5f22ef5dae0a4519361f660a178130b
              • Instruction ID: 24ad3df197457d9657cb185f76c5c2ec3dd9e31c2aec710c6349a1b00e64a2bd
              • Opcode Fuzzy Hash: dc4505519fd6669bfac50a49a4e9099fc5f22ef5dae0a4519361f660a178130b
              • Instruction Fuzzy Hash: A6312D34A00205DFCB14EF78D898A9CBBF2FF84305B504969E44AE72A5EF35AD85CB51
              Function 06C95970 Relevance: .1, Instructions: 78COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8ac306ed6ef6a2646a3777da82bdbed23f1a3741b515e346cc07d50b9b09c53c
              • Instruction ID: df6d6ae19a6fbf213f3a96bf6c93fe96971b872d4ae426a310656ddd45607144
              • Opcode Fuzzy Hash: 8ac306ed6ef6a2646a3777da82bdbed23f1a3741b515e346cc07d50b9b09c53c
              • Instruction Fuzzy Hash: CC312F71E1021A9FCF55DFA5C89499EBBF2FF88200F544529E505AB350EF70A946CB60
              Function 010BD7EC Relevance: .1, Instructions: 77COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139483438.00000000010BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010BD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_10bd000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4e6a247dd5554bada73a4a64654f2294b58c2eaedb92053cb689bd480fc01cb2
              • Instruction ID: fd3a00ecf02f96942554af5db493b441c9e2fbc614e0be59ff2424a2d2c2ecef
              • Opcode Fuzzy Hash: 4e6a247dd5554bada73a4a64654f2294b58c2eaedb92053cb689bd480fc01cb2
              • Instruction Fuzzy Hash: 5F210871504244EFCF059F58D9C4B56FFA6FB88319F24C6A9E94D0A246C33AD416CB61
              Function 02C0BA50 Relevance: .1, Instructions: 77COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1de8cb276d2d5d44d0edb179d251209fa030f3cc1a4d7e83327d13ede6576e32
              • Instruction ID: fc2978731f87c240e919b6a699fe81a22730e041ead1705d0aced89f1da06710
              • Opcode Fuzzy Hash: 1de8cb276d2d5d44d0edb179d251209fa030f3cc1a4d7e83327d13ede6576e32
              • Instruction Fuzzy Hash: 73216F347002069BCB14DA7AC8D0A6EB3E6EFC5258B54842ED809DB394EB71DE03C7A1
              Function 02C03CC0 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e021966db1aee326da4b60e2fd2890ef3ff18f59483587b1a0ab9aff9c4afa57
              • Instruction ID: 2df3b7ba5a1bccea13fefcc51504653877ff346a2ea636b10a4a1fb67547a5ef
              • Opcode Fuzzy Hash: e021966db1aee326da4b60e2fd2890ef3ff18f59483587b1a0ab9aff9c4afa57
              • Instruction Fuzzy Hash: 2A214F79B202058BD7089B75C4997AE7BFAEFC8311F148468F40AEB394DF759C428B50
              Function 06D34EE8 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2ecf6971e77b63548b5b49da25f2de3ba12a166c33f11c53b84a88ce544afe26
              • Instruction ID: 9968411c782458e60eb72c54b1023f2689b6574cdd50ce71395afc45d0143b26
              • Opcode Fuzzy Hash: 2ecf6971e77b63548b5b49da25f2de3ba12a166c33f11c53b84a88ce544afe26
              • Instruction Fuzzy Hash: F831C378A00214DFD754DF69C588E9A7BF5EF88715F254098E906AB7A1CB31EC40CFA0
              Function 06C937AB Relevance: .1, Instructions: 73COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f69f896f243a79fa129b6f0d4773a2a16efc8b43a66c25753a7771278410b55d
              • Instruction ID: 5f2f4c3717655333f368ff4db05a389f1e9370e6ab8b3d660372a7ca848c2905
              • Opcode Fuzzy Hash: f69f896f243a79fa129b6f0d4773a2a16efc8b43a66c25753a7771278410b55d
              • Instruction Fuzzy Hash: A621F5712053929FC7159B24D4904A6FFA6FFC5511318CA9AE44A4B302CA70E986CBF0
              Function 02C0E880 Relevance: .1, Instructions: 73COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cf677e30a44f46dc8a9ade0196fcd279e82de18123a00c4227c6655e3a29aab6
              • Instruction ID: 03f6d0c12eceaf158068513a7c801838003935c3c8d8d8eebd74fd7d38208e1c
              • Opcode Fuzzy Hash: cf677e30a44f46dc8a9ade0196fcd279e82de18123a00c4227c6655e3a29aab6
              • Instruction Fuzzy Hash: 5B21AF35F0021ADFDB10CFA8C884AAE7BB1FF88310F158469E9059B3A1DB31DA41CB90
              Function 010CD610 Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139530619.00000000010CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010CD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_10cd000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 75f89db8f9933f85aed054a3792475ad6459ba57178bc872437e51a957de5698
              • Instruction ID: 7db0452a6e35669035533bcabe01cb285722c3ead936db82827d9682c4f23dd0
              • Opcode Fuzzy Hash: 75f89db8f9933f85aed054a3792475ad6459ba57178bc872437e51a957de5698
              • Instruction Fuzzy Hash: 8D21D3B5604204EFDB05DF58D9C4B2ABBA5EB88714F24C5BDE88E4B256C336D406CFA1
              Function 06C9C868 Relevance: .1, Instructions: 71COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 83f49a1d22b9f47d40f6dbdf9d2854f6b62979a31b29764f418df41d2a310b3e
              • Instruction ID: 814642805a343a1af7d6f1c23afd671d4516a96f28e022cd91578658b55f9580
              • Opcode Fuzzy Hash: 83f49a1d22b9f47d40f6dbdf9d2854f6b62979a31b29764f418df41d2a310b3e
              • Instruction Fuzzy Hash: B321A174A002099FCB04DF68D484BAEBBF6FF4C320F11852AE9459B354D735AC41CBA0
              Function 06D3B938 Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a15698c9b906a39b1d53e12b6b540a8ccd3951b485f9273f29c5c15d777d85f7
              • Instruction ID: 814c4054ccdb15692c810348ba7cb0c18e0881c18659a93bc39af2b98a577306
              • Opcode Fuzzy Hash: a15698c9b906a39b1d53e12b6b540a8ccd3951b485f9273f29c5c15d777d85f7
              • Instruction Fuzzy Hash: D0216DB1600B269FC750DF29E980946BBF1FF943167009F29E0498BA18E770F8458BC0
              Function 02C0BB21 Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 59ca7c1cbe6a92671973c1e8ff82abde9a54c3967254fe4f46d7c717a4b7898f
              • Instruction ID: f7eb4f7e9011e01c78cbe99b57140c3c77b0787b43659fe955e33caba76d9e37
              • Opcode Fuzzy Hash: 59ca7c1cbe6a92671973c1e8ff82abde9a54c3967254fe4f46d7c717a4b7898f
              • Instruction Fuzzy Hash: B511D076E0421A9FC714CBA998816AEBBF4EB89350F10817AE808D7344D6358D02CB91
              Function 06D31C99 Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 465d1ca7371e52045b94d7214a4a6cbbcdc53db8711115f33eace9d104fcdaf5
              • Instruction ID: 718615d54113a34e52f406c4248aae6b0ec16b8450304b0e17a0fe12964d99a3
              • Opcode Fuzzy Hash: 465d1ca7371e52045b94d7214a4a6cbbcdc53db8711115f33eace9d104fcdaf5
              • Instruction Fuzzy Hash: A011AF32714166AFDF059F64EC449BB7FA6EF89360B08446AF915C7261C735C821E760
              Function 06D3ED48 Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d1f1910943ecc0138245b16806765a865ff67c9ef104433080f83f4992780c00
              • Instruction ID: fd61941993637e892fe6626aa0d68e9183e3a3d2ff9f9fcdb7815ee6d56b82cf
              • Opcode Fuzzy Hash: d1f1910943ecc0138245b16806765a865ff67c9ef104433080f83f4992780c00
              • Instruction Fuzzy Hash: 8521FD317097A1AFCB06AB38E4486AEBFFAEFC9201714014AE546CB381DB745D42C786
              Function 06D3B948 Relevance: .1, Instructions: 67COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7d058f9f0c6a7b2dfb1cc72f70fb1cee369d7dadd95149720de3ac2846041f2d
              • Instruction ID: ec1db6369c477a485ecdbf011399a23433295c4220cfdedd9642ad5cb2c18cf8
              • Opcode Fuzzy Hash: 7d058f9f0c6a7b2dfb1cc72f70fb1cee369d7dadd95149720de3ac2846041f2d
              • Instruction Fuzzy Hash: 05213C70200B269FC751DF29E98094ABBF1FF543167009F29E0598BA19E770F9958BD0
              Function 06D34FBF Relevance: .1, Instructions: 65COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5f40f30a66cd502ec6aa8f0d9b7b4aa640543d15339292345f82c54cb58e9f30
              • Instruction ID: 2028389454c19a8f9f731d71b89fcb12400ef2ffe44a6587875e7dee08c2c945
              • Opcode Fuzzy Hash: 5f40f30a66cd502ec6aa8f0d9b7b4aa640543d15339292345f82c54cb58e9f30
              • Instruction Fuzzy Hash: 38116A35B100108FCB94DB2DE59496DB7F2EF8861532A84AAE50ADB371DF32DC01CB81
              Function 010CF107 Relevance: .1, Instructions: 64COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139530619.00000000010CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010CD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_10cd000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e6238b9b0f021b19c456f668d1d9b97fb5dc473314950a21f6fd835f5d488ef7
              • Instruction ID: 354b619ea302646d398f76d2983c67e42e9220e719d9fe87186acb4f38e92cba
              • Opcode Fuzzy Hash: e6238b9b0f021b19c456f668d1d9b97fb5dc473314950a21f6fd835f5d488ef7
              • Instruction Fuzzy Hash: 42219D76500240DFCF46CF44C9C4B55BFB2FB88320F248299ED490A26AC336D466DF52
              Function 05A2CB7E Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bace665dc1f481fd34cb4f75a0e5217720502a8f8add055d0faae605eaf7fb10
              • Instruction ID: 2068ef82d2382e7b7244d8170acb9a87ee2c533b2a127c12b06079cd8894fcf6
              • Opcode Fuzzy Hash: bace665dc1f481fd34cb4f75a0e5217720502a8f8add055d0faae605eaf7fb10
              • Instruction Fuzzy Hash: B8117F34A041149FDB149B68C468AEE7FF2AF8D710F14406AE80AEB3A1CA719C45CBA0
              Function 06D35340 Relevance: .1, Instructions: 62COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0d6d8dbb3bc8d2f620cf8068a9ffd12dc92f79ba65b03d69a59020cb6f999567
              • Instruction ID: ed5f972c85417193e3dc88ca1516f9fbf4a8cab3bf782c7b422e61ad5505e021
              • Opcode Fuzzy Hash: 0d6d8dbb3bc8d2f620cf8068a9ffd12dc92f79ba65b03d69a59020cb6f999567
              • Instruction Fuzzy Hash: 62118F75704260AFDB84EF78E454B9E7BE2EB84250B1099AAD00ADF354DF719D82CBD0
              Function 010CE637 Relevance: .1, Instructions: 62COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139530619.00000000010CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010CD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_10cd000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b724f14dda3859e7a07010126a3ecb0eed702ac06c002bb40f0b0940e847ef2a
              • Instruction ID: 1f2d8618a6ee9b690c9fb3359b7810c1db3cdc609724f669237176f327b5a474
              • Opcode Fuzzy Hash: b724f14dda3859e7a07010126a3ecb0eed702ac06c002bb40f0b0940e847ef2a
              • Instruction Fuzzy Hash: 8C215976500240EFCF56CF54D9C4B15BFA2FB48324F24869DEE4A0A26AC336D466DF51
              Function 06D3D07B Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3e2e6fd1308d60af37cc036aeff55deeda87f579f5f93469585d1f24d7715852
              • Instruction ID: 333eefdd06619d5505da981cc78880b85380731b8cba0a6a2c2a9f427420993c
              • Opcode Fuzzy Hash: 3e2e6fd1308d60af37cc036aeff55deeda87f579f5f93469585d1f24d7715852
              • Instruction Fuzzy Hash: B611A970E012549FCB18EF68C958BEEB7F6AF88301F284529D406F7289DB718D41CBA1
              Function 010CF00B Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139530619.00000000010CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010CD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_10cd000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e0e969b801ef377ab038facd922e72ebd973ab157ff32c545a218f7ba5d2a2bc
              • Instruction ID: 83ef624c4460c2acdf64b21311eabcd028900e8eaa3918fd200ac1b83c65e61a
              • Opcode Fuzzy Hash: e0e969b801ef377ab038facd922e72ebd973ab157ff32c545a218f7ba5d2a2bc
              • Instruction Fuzzy Hash: E321BE76504240DFCF12CF54C9C4B5ABFB2FB88714F24C699E9490A656C336D426CF52
              Function 06D31CA8 Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 107b6e8eb1a24f083f6f260e37c5284051b3b85149b063946780497b7f604be9
              • Instruction ID: d1086585622a22831052ce0d17f7c1a2059ec09ea250f9709f2658395b454131
              • Opcode Fuzzy Hash: 107b6e8eb1a24f083f6f260e37c5284051b3b85149b063946780497b7f604be9
              • Instruction Fuzzy Hash: 3A116D36710125AFDF058F54DC4497E7BAAEF88260B04842AF915C7261C635C921EB60
              Function 010BD7E7 Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139483438.00000000010BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010BD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_10bd000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 85e589ff89d53fefa928555ed391731ad88d74b974b24a20ba51987b010bfd2c
              • Instruction ID: da3b127690bb024730fc5b6be679b79181b9adb6d2475edca562d66c24f248e4
              • Opcode Fuzzy Hash: 85e589ff89d53fefa928555ed391731ad88d74b974b24a20ba51987b010bfd2c
              • Instruction Fuzzy Hash: BD219076504284DFDF06CF54D9C4B56BFB2FB88318F24C6A9D9490A256C33AD416CB91
              Function 06D35209 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 92d3070726b7b447e1f19da37bd89fc7cc29aaf38827cf5dc87537631d5171bb
              • Instruction ID: 7971d29b6936288433341ca70c592640905d669def53691981f7c5380ba6d68d
              • Opcode Fuzzy Hash: 92d3070726b7b447e1f19da37bd89fc7cc29aaf38827cf5dc87537631d5171bb
              • Instruction Fuzzy Hash: 5421CE70201B679FCB21DB29E980D86BBF5FF513167009F15E0898B929D770B99ACBD0
              Function 05A2FB43 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: de61c856b84ace4e0b17fde8168885fca930cba04b4f410182472fa1f3ddb673
              • Instruction ID: b3f3efe6f325bd3182eea405a43a98713f75c260a4ef6a0e1552ad680fa784cc
              • Opcode Fuzzy Hash: de61c856b84ace4e0b17fde8168885fca930cba04b4f410182472fa1f3ddb673
              • Instruction Fuzzy Hash: 7E21BAB4E00219DFCB44DFA8D595AAEBBF2FF88310F504599D545AB354DA30AA80CF91
              Function 06C9373F Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7d0be8c67178443114757d98276c921f5639ddc3449d97deac58eb2264422344
              • Instruction ID: 1b3a957e9cf1c2171780f2ac4807a8c475c14aef9f5c1f0ad388701c4f2de7c8
              • Opcode Fuzzy Hash: 7d0be8c67178443114757d98276c921f5639ddc3449d97deac58eb2264422344
              • Instruction Fuzzy Hash: 8A11E5713002514FCB656B64E4481AEBBEAEFC5611714451DE94BC7341CA31AC0AC7A1
              Function 06C99028 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 56bb937110a653e8bce192a0cff2a23f84d7a25489ebb5f363e20f19cf367777
              • Instruction ID: c94f12f97b8ed1aa11d0deb19c936551f8739a734df5dc3ed92865b12a898e6f
              • Opcode Fuzzy Hash: 56bb937110a653e8bce192a0cff2a23f84d7a25489ebb5f363e20f19cf367777
              • Instruction Fuzzy Hash: 840122306093909FEFA45621A80C7BA7B6AAB49610F0D102EE06BC61C0DB79DE05D7B2
              Function 06D3ACEF Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8c56e8492ecf2c118f141b338975ed9bea0ebedcc72cb9c65529a5e6b9b58ea8
              • Instruction ID: 5648989bd46405627a12cc1308da59a9a066b1801dbc10fe2cea397b001f75b1
              • Opcode Fuzzy Hash: 8c56e8492ecf2c118f141b338975ed9bea0ebedcc72cb9c65529a5e6b9b58ea8
              • Instruction Fuzzy Hash: C311BB70B00654DFCB54EF68D064AADBBF5EF8C210F144429E841EB3A0CA759C41CBA0
              Function 06D35330 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5c81970ade8511010a42257bb3327f44728d4631fa322f09e94fe8d615fe1d60
              • Instruction ID: 04f1e41f8547e6ac059798c043c585f49434b6bdd8861274d237e2de010a0b06
              • Opcode Fuzzy Hash: 5c81970ade8511010a42257bb3327f44728d4631fa322f09e94fe8d615fe1d60
              • Instruction Fuzzy Hash: AC11A3707043A09FDB85EB34E4547AD3BE2EB81250B14996ED44ACF381DB758D8687D1
              Function 05A2FB48 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5729c14bbd52976e5654cd718e94a3b8b4ed1a5bb0deefb95c12c839e3cc887b
              • Instruction ID: 9e8d52b114480e49712ac326bc00ef85d6ffa2eefc15c1feee6996825601dee1
              • Opcode Fuzzy Hash: 5729c14bbd52976e5654cd718e94a3b8b4ed1a5bb0deefb95c12c839e3cc887b
              • Instruction Fuzzy Hash: 0221B6B4E00219DFCB44DFA8C5959AEBBF2FF88310F504599E445AB354DB30AA80CF91
              Function 06C9F468 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 990c1a145e1c1fdb62c8c08bb05362c3c9c319b41557311693b0f8867b7ffd98
              • Instruction ID: 9eb1123424d1de27fadb744d9b90467e0c421b9b86818d7081e9386c4ae6585e
              • Opcode Fuzzy Hash: 990c1a145e1c1fdb62c8c08bb05362c3c9c319b41557311693b0f8867b7ffd98
              • Instruction Fuzzy Hash: A01106349097905FD725DF29D844A527FF4AF46304B08C0EFD088CB2A3D670E945C7A1
              Function 06C928E0 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e28ca42ef028d10ac1cc1d68ad51f630918a10bd16fa6b078cc599da46a29fbb
              • Instruction ID: 522cc4f396d9ee6fae55a44b463e537cea230869de2d12491ee5fd07f2d42973
              • Opcode Fuzzy Hash: e28ca42ef028d10ac1cc1d68ad51f630918a10bd16fa6b078cc599da46a29fbb
              • Instruction Fuzzy Hash: 45115B70A103059FCB50CFA8D494A9DBBF1AF48720F154459E885AB361DB34ED40DF90
              Function 02C0B9C0 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ee68ff4287451ad7f91bbba4bded222eaaa5b0306d439ff9cee222cacf97f833
              • Instruction ID: 3fbea0faac8ea28b2f4c028811c9e741331c47ed666a3d0e23dea56bdc146ba2
              • Opcode Fuzzy Hash: ee68ff4287451ad7f91bbba4bded222eaaa5b0306d439ff9cee222cacf97f833
              • Instruction Fuzzy Hash: F80188767002155FD714CA6AD880A9ABBAAFFC4664754C526E808C7751DB70ED428790
              Function 05A2C700 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 01420042c01c241d7d85b2135f4d48787a0de8d1cd514d8a4249aae6bedd757c
              • Instruction ID: dd6c3f89edeff2c0d73f4b9860214dd0dc326f66c2572b87eddb24e133da98aa
              • Opcode Fuzzy Hash: 01420042c01c241d7d85b2135f4d48787a0de8d1cd514d8a4249aae6bedd757c
              • Instruction Fuzzy Hash: 2001843520A3906FD306C72DD864ABA7FAADF8633071940ABE849CB252DB219C45C7A5
              Function 010CD60B Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139530619.00000000010CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010CD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_10cd000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
              • Instruction ID: cdb01f0e5442acdb4455d438a203052f181514e5eafce368fdd06f3ddf5a5d70
              • Opcode Fuzzy Hash: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
              • Instruction Fuzzy Hash: 1111AC75504240DFDB02CF54D584B19BBA2FB88614F24C6AED88A4B656C33AD40ACF91
              Function 06D3AD00 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3e3ff93698fa4fcf15affb32c478e665e8e4f0f0716d6e4261521a1071484681
              • Instruction ID: 922efae0ea57b284d0d71e9528d1fce3657ec19cd8bccdd47ae84685a1f53012
              • Opcode Fuzzy Hash: 3e3ff93698fa4fcf15affb32c478e665e8e4f0f0716d6e4261521a1071484681
              • Instruction Fuzzy Hash: CA112A74B101189FCB44EF69D454AAEBBF6AF8C210F14402AE806EB360DB759D45CBA1
              Function 06C92D98 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e14cb3a5f891597c1bb222b4274ef224fd1033643777ff9f6b2a64425780e034
              • Instruction ID: 3dc26a02f1330c2ebcbf5f38332d8d673806b8d83b9bc5f56bfa20cd460ba92b
              • Opcode Fuzzy Hash: e14cb3a5f891597c1bb222b4274ef224fd1033643777ff9f6b2a64425780e034
              • Instruction Fuzzy Hash: 0CF0AF733142145F9F54DA5EE844E6FBBEAEFD92B1314802BE949C7700EA34ED0183A4
              Function 02C097F2 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eb4fbec3fe12e83b0663a271d873591aca18c9565236c42b947f05a33b6f1fb2
              • Instruction ID: 1d6d19aec53e6b56b7cbaa32298a494018ff9561f15552c9c05c7ad66b28dc3e
              • Opcode Fuzzy Hash: eb4fbec3fe12e83b0663a271d873591aca18c9565236c42b947f05a33b6f1fb2
              • Instruction Fuzzy Hash: A9118E35E042188FDB14CBA9C884ADDBBF5AF4C710F048164E405B7392CB30AD00CBA4
              Function 06C99EC4 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 00728c37078ec1b102b00edd6f61697946b079225b0f104b91e316eeae885309
              • Instruction ID: 0bd98d1f853ca9795f875c0f6803f6e1df9a23bda20d05c0852e1040837d3a6e
              • Opcode Fuzzy Hash: 00728c37078ec1b102b00edd6f61697946b079225b0f104b91e316eeae885309
              • Instruction Fuzzy Hash: C8015B30A0410ADFEF45CF86D889AAE7BB6FB98341F084019F90686151D73189A1DBF0
              Function 06C937B8 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e4f21a2ec9f089b70012e6cf91f4775bc4a01bbdaa04a573f5d4fd089adae01e
              • Instruction ID: cd7e2194eb68d137c416d97b68eec17f80cc30126f63e49b7707843db93da6e5
              • Opcode Fuzzy Hash: e4f21a2ec9f089b70012e6cf91f4775bc4a01bbdaa04a573f5d4fd089adae01e
              • Instruction Fuzzy Hash: 671187716067928BC3068F29D090462FFB6BFC6211309CA9AD4994B306CA70E989CBE0
              Function 02C0B9D0 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 011a6d9c7b19ecdd5fb6f6cce1e7e97fce394eb43cdd88661c373159fe7f67fb
              • Instruction ID: 20e077bd2d6c36323ab3e6f588b14e6e4a98dc6b43eb8449c1c92b5863eeba4e
              • Opcode Fuzzy Hash: 011a6d9c7b19ecdd5fb6f6cce1e7e97fce394eb43cdd88661c373159fe7f67fb
              • Instruction Fuzzy Hash: FF01D175700205AF9708CE2FC88096ABBEAFFC8664758C12AE808CB350DB70EC02C790
              Function 02C0DE45 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7dee92ffeb5586c93b931516bc4dc64621a7be7928ca83319f8a42ffcdcce8ce
              • Instruction ID: 6456b185823c91b9e14d3fdd6585a14473f3c52cbb8b195363bab8066c865c24
              • Opcode Fuzzy Hash: 7dee92ffeb5586c93b931516bc4dc64621a7be7928ca83319f8a42ffcdcce8ce
              • Instruction Fuzzy Hash: 670128711043425FC3119729C8D474BBFA6FFE1211F88947EE18ACB651DB24BC40C7A0
              Function 010BDBF9 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139483438.00000000010BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010BD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_10bd000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7d3ffe0d460acd24756b3f238c6816cca18f03730b15af90e0c68f5ed7d54ded
              • Instruction ID: fb1ad2bb6d3ebbc64162519dd564ec0cb5d4a601513386f7efa8604e272ef587
              • Opcode Fuzzy Hash: 7d3ffe0d460acd24756b3f238c6816cca18f03730b15af90e0c68f5ed7d54ded
              • Instruction Fuzzy Hash: E301F7310043499AE7108A99DCC47A6FFD8DF51329F18C85AED4D0B286C6B99840CB71
              Function 06C94140 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 64a74f5bbc2f794ca7399deee43fdae42f997df8eb489316afbb357716775d59
              • Instruction ID: 1805bf1bc773cacbe27f39ee3fa5e46e3c6c5e30e9ad627ebcae99ed4e69fd3e
              • Opcode Fuzzy Hash: 64a74f5bbc2f794ca7399deee43fdae42f997df8eb489316afbb357716775d59
              • Instruction Fuzzy Hash: EDF096327042144F5B585A6DBC8856FB7EAEBC6565314413FE809C3324DB62DC0287E0
              Function 06C92CD0 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ee83daf097ac2bd099f7c398097b52d50ecd18efa2d285a828dabd8ce6c7fc20
              • Instruction ID: b7e34493f079586b1fdb5fa0bd28a407eadc9c7ddd1b2b335a414e542cc52fc6
              • Opcode Fuzzy Hash: ee83daf097ac2bd099f7c398097b52d50ecd18efa2d285a828dabd8ce6c7fc20
              • Instruction Fuzzy Hash: B0F0FC327201115FDB607778A40C6B977D6EF881553414466ED0BC7304DE75DD0083E0
              Function 02C09800 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ae570fddc2c56ab615c30ca98836e72fcb61c44a93754e6ef627310acf625b93
              • Instruction ID: 9b5d210957b855338e06c9d54f6815369c68faf3acbdf2225665cec86ee10f2f
              • Opcode Fuzzy Hash: ae570fddc2c56ab615c30ca98836e72fcb61c44a93754e6ef627310acf625b93
              • Instruction Fuzzy Hash: FF016975A042188FDB04CB99C884ADEBBF5AF8C710F1481A9E405BB3A1CB70AD40CBA4
              Function 06C94130 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 31b10b2b7212db135bc737e9835580859327b65d4a45f6e3b6a8f527e63acca7
              • Instruction ID: 65d4943e9da26bb67d73bac489d16d1195eefd8337fff9f3d54595b968060dca
              • Opcode Fuzzy Hash: 31b10b2b7212db135bc737e9835580859327b65d4a45f6e3b6a8f527e63acca7
              • Instruction Fuzzy Hash: 32F0FC31B043541FDB258A299C48A6FBFEAEF97514B0541AEF805C3362DA65DD11C3A1
              Function 02C08F58 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ad33702f0f642c37efe01831e4aca8148f9d48a082d6d9642072948db1b62c88
              • Instruction ID: ba11258682c23fe77cb037f2cfbb5ba03460bbc47f70a5158fa65169e2c9fde1
              • Opcode Fuzzy Hash: ad33702f0f642c37efe01831e4aca8148f9d48a082d6d9642072948db1b62c88
              • Instruction Fuzzy Hash: 00018C793006109FCB159B29D849A297BBBEBC8316F144169F406CB361CF34EC42CF91
              Function 06D3D160 Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 77669982ea5616f960410d3f35814e42d6faee955088d38d8c8277123306a864
              • Instruction ID: fdb27697921daf6acc11454f702ab55e62efa5d6543525374d8ac303f576d6ca
              • Opcode Fuzzy Hash: 77669982ea5616f960410d3f35814e42d6faee955088d38d8c8277123306a864
              • Instruction Fuzzy Hash: DAF02B31B005212BC71AA37EA4187AEBBC7FFD1261B14412EF909CB750CFA4AC0287D5
              Function 06C9DCE0 Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7eb6e556a4145959811474119369a1a6749d793d1baf71db0fc5fe10c1cd5006
              • Instruction ID: 11ab2b974688a0bc99a49ab95bfd096389157d8bf1073f72633150758c18ff51
              • Opcode Fuzzy Hash: 7eb6e556a4145959811474119369a1a6749d793d1baf71db0fc5fe10c1cd5006
              • Instruction Fuzzy Hash: 4D011A75D01219DFCB90DFA9D844AAEBBB1FF48314B10896DD45AA7600D335AA42CFA0
              Function 06C940D3 Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b47576fe6338a5e519a7631cad237d8317d891497026dc70312f0f0ce8baa9ef
              • Instruction ID: 7818be004b219e266861baa78a19d36592191ee14c8943cd34c3ab264afe8965
              • Opcode Fuzzy Hash: b47576fe6338a5e519a7631cad237d8317d891497026dc70312f0f0ce8baa9ef
              • Instruction Fuzzy Hash: 08F0B4327093048FCB589B78BC5856A7BE6EF8A215314846EE009C7361DA31DC02C7A4
              Function 06C96044 Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ac620bf95a3b1e7e4c53937c7cf292a5e20846a7d9473903bc73254c23b61c10
              • Instruction ID: 0e8d1317320f864fd53d9cec995f30833f63697eea99bd6ee8b408c33c476063
              • Opcode Fuzzy Hash: ac620bf95a3b1e7e4c53937c7cf292a5e20846a7d9473903bc73254c23b61c10
              • Instruction Fuzzy Hash: 86F0B4313082951FD706532D986486ABFBBAFCA45036A40FEE409CB393DE669C0283B5
              Function 06D3ADC0 Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e5b3a229c87965da55a26d89334abe7da728f7690fbb0dd515b608aed277f6dc
              • Instruction ID: 149795145463682196fec3811c2f0701869ab6a37f028acedbe6d4da7847c6fc
              • Opcode Fuzzy Hash: e5b3a229c87965da55a26d89334abe7da728f7690fbb0dd515b608aed277f6dc
              • Instruction Fuzzy Hash: D2F0B6353115109F83449B29D998C5ABBA6FF8D6213558069E949CB722DA71EC118B80
              Function 06C92A59 Relevance: .0, Instructions: 37COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bf80851c644863ad5741c5297eb526a900e1aa0b46bd2ad7e13daa370ea5ba12
              • Instruction ID: 695c11b64d3197d44736c7942387ac86ab99c554ecef4d2a2607fa400b3e348c
              • Opcode Fuzzy Hash: bf80851c644863ad5741c5297eb526a900e1aa0b46bd2ad7e13daa370ea5ba12
              • Instruction Fuzzy Hash: AAF0E2327043441FCB648BAA684885BBBEAEFC6260324846FE049DB315EE60DD0083B1
              Function 02C00DD3 Relevance: .0, Instructions: 37COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 10698da77c1ccabb815649c912f5d38d69d3fedae210f7938438e02ea2761abd
              • Instruction ID: fc8c25242449b27743b13ba41879423e79498eaae525fd6c75c4a5ff139755a0
              • Opcode Fuzzy Hash: 10698da77c1ccabb815649c912f5d38d69d3fedae210f7938438e02ea2761abd
              • Instruction Fuzzy Hash: 97F08B30B046146BDB102BB6E8543DD7BA9FF85720F400068E58AE7380DF3158028F92
              Function 02C07F18 Relevance: .0, Instructions: 37COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7838944c016679344f0f5715d16272c8b18c19087f437e71573f884b4fc0f134
              • Instruction ID: ec36a724e180cd30971224d71485bfd714a1c9201f893cef95ab9ade1919a590
              • Opcode Fuzzy Hash: 7838944c016679344f0f5715d16272c8b18c19087f437e71573f884b4fc0f134
              • Instruction Fuzzy Hash: 87014675A003298FCB50DF69D84559EBBF4FF88726F00452AE449E7200EB30AA058FD0
              Function 06D3A851 Relevance: .0, Instructions: 37COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e36c9a510304ca40d06c1a319355d5e6de63ac0923c382146ced8d656df59527
              • Instruction ID: 72b9b8f9595875bf3894853dea0add4225045db37ffae9e282e40c1782a393fe
              • Opcode Fuzzy Hash: e36c9a510304ca40d06c1a319355d5e6de63ac0923c382146ced8d656df59527
              • Instruction Fuzzy Hash: 99F0F630709248AFC740DF69EC01968BFB9EF4610075441DDE489CB761DA319D41C791
              Function 010BDBF8 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139483438.00000000010BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010BD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_10bd000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d8b39a4562fb0696605cab3b407a8a68861d77cc440f52af98bc50205a689188
              • Instruction ID: 6f008a872efcd40a4194948ad630a17da2fbce1d35a88229ff22b0b785818fba
              • Opcode Fuzzy Hash: d8b39a4562fb0696605cab3b407a8a68861d77cc440f52af98bc50205a689188
              • Instruction Fuzzy Hash: B5F0C2310043449AE7208A1ADCC4B62FFD8EB50738F18C05AED4C4B286C379A840CBB1
              Function 02C08791 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: df7faff65cafddaff5c48d3b126a97ea545ceb978ad4de952331b29fb1188878
              • Instruction ID: 89791c298964275a9407b3935fc62fb815a7db63d6571416eb417bd7fb08ab96
              • Opcode Fuzzy Hash: df7faff65cafddaff5c48d3b126a97ea545ceb978ad4de952331b29fb1188878
              • Instruction Fuzzy Hash: D3F08C393003115BC220966EE8C1F9A7BDAEBD8225B548A39F54D9B314EB61F80287A5
              Function 02C0BB30 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3701d1ff0e8cf3b00f250b1305afbc1849e85c8dcd0280b3945759eddc333280
              • Instruction ID: 0050c638f267d26476343377db5971503f594d41e6994982464a8c4eb30c9655
              • Opcode Fuzzy Hash: 3701d1ff0e8cf3b00f250b1305afbc1849e85c8dcd0280b3945759eddc333280
              • Instruction Fuzzy Hash: 2EF027367006219BC3149AAD988092BB7EDEBC83A4B10453EE80DC7348DF71DC4287D5
              Function 06C94698 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 718ee802aa106812f968430d3f560d4729dc710a98085f320866c810287e190d
              • Instruction ID: 5cb3ad4b0aa995041774565d543384d095bc74601cbd4bd5766b49c05f12fb05
              • Opcode Fuzzy Hash: 718ee802aa106812f968430d3f560d4729dc710a98085f320866c810287e190d
              • Instruction Fuzzy Hash: CCF0B47060625CDFCB41DBB4EE509BD7BB2EB85246B2043E5E809D7201EB311F00CBA1
              Function 06D39880 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f22dc2c8b7ee6e185868b1cf3c52474a80fe37e417d76dd43c069e4f8b06233f
              • Instruction ID: 9d968bea4bc9885d148058b20dce8f40e7fbbcefbe67b339a099673e9f539120
              • Opcode Fuzzy Hash: f22dc2c8b7ee6e185868b1cf3c52474a80fe37e417d76dd43c069e4f8b06233f
              • Instruction Fuzzy Hash: 4EF0A7223053512FC35526697C544EA7F9BDFC71107A8446ED19ACB392CD645C0683A5
              Function 05A2CC58 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3bc9c8b1c395014a8522d4089a3029487e42ed2d7279a8592d96b1cee260b266
              • Instruction ID: 7fc7cd3aa4c008ab4f6566a0b3f607adb82c7bb8eccdffe26758442e72c64801
              • Opcode Fuzzy Hash: 3bc9c8b1c395014a8522d4089a3029487e42ed2d7279a8592d96b1cee260b266
              • Instruction Fuzzy Hash: 25F0822570D6E10FC3171B795425059BF6A9EC392138981E7E946CB387CD298D0B87B1
              Function 05A2C774 Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 738cbb87cfd0afa9d87c47bb03fb81a0b2e17251387590789d2c3bf500d09a52
              • Instruction ID: 1a70dbb39c50eb2164517c866f3692ab8f675c755a0b17bb70418ca2eec04bc5
              • Opcode Fuzzy Hash: 738cbb87cfd0afa9d87c47bb03fb81a0b2e17251387590789d2c3bf500d09a52
              • Instruction Fuzzy Hash: BCF02E7670D2909BD316831C947573D7BE1EF99321B0840EEC55ADF152DB16DC01C390
              Function 05A2B758 Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 30dfe81e7c3c5bcb8f81a1f5f2b603f7fb306e007cbd390e87ce99274f429150
              • Instruction ID: 1a58b841aaf9eae62ef9c2975d99f6a24104d010690959ebc07e9beb566fb75d
              • Opcode Fuzzy Hash: 30dfe81e7c3c5bcb8f81a1f5f2b603f7fb306e007cbd390e87ce99274f429150
              • Instruction Fuzzy Hash: 4AF0E034306326CBDB05E77DE8A0569BBA2FF452053088569E50FCB202DE31DC0D87E1
              Function 05A2CE08 Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fad0ddd3cb9afcd4d025f3b72dd08598618336316af8887834eb8a50835c7b09
              • Instruction ID: d5a900dd76ba5edf3ba45a84aa041e8c25ac16dc06f0e37cdb02f26b8b7138f7
              • Opcode Fuzzy Hash: fad0ddd3cb9afcd4d025f3b72dd08598618336316af8887834eb8a50835c7b09
              • Instruction Fuzzy Hash: 21F027312093506F87119B386851CCF7FE6EFD52213458A9FF14ADF241CA209E4587F5
              Function 02C09891 Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 343d77e0d159efaadc059aec1da9dc1e087315b0dc93e392cbf0e62abc821e8a
              • Instruction ID: 4585bff793f3118fe63e2ecc2a5dc9457c85573f297d84bbe1ddd8d61f854d24
              • Opcode Fuzzy Hash: 343d77e0d159efaadc059aec1da9dc1e087315b0dc93e392cbf0e62abc821e8a
              • Instruction Fuzzy Hash: BFF0A03A3002005BC7051A3AE85666BBFAEEBD9666B18403AF50AC7341DF71A802CA90
              Function 06D3AE28 Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 64df3ed307fef14a5694fc49b2031b9233bab85e2026b26808bd609aa189c82d
              • Instruction ID: 7bc54b0cae98a67787901929f07c1c45af18ff209c9f4a0b103780893abc4508
              • Opcode Fuzzy Hash: 64df3ed307fef14a5694fc49b2031b9233bab85e2026b26808bd609aa189c82d
              • Instruction Fuzzy Hash: FCF01C763505148F8748DB2EE554C5AB7EAEFD962131540BAF605CB731CA71EC01CBA4
              Function 05A2CE64 Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7831523d52f2c43a7f68720e657b0b5a99146447fc70e3f7b6d02de44212e016
              • Instruction ID: b7340570c4e8d1c790d65fc5ea0c04301438476cc83fedd19fcfb82d02af2ad6
              • Opcode Fuzzy Hash: 7831523d52f2c43a7f68720e657b0b5a99146447fc70e3f7b6d02de44212e016
              • Instruction Fuzzy Hash: 3EF0E972518360AFC7119B3C94725997FE1FE751A13448A9AD08ACF254EB20DD06C795
              Function 06C9DCF0 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b5da4524c310fc114d686ee4303a88dec7725be8ff4775cc75e6cd6a0290c0f2
              • Instruction ID: c3e9392212e076b5d1d95ee977fd3e097c3c77c18fc7917590dfc6444866c01e
              • Opcode Fuzzy Hash: b5da4524c310fc114d686ee4303a88dec7725be8ff4775cc75e6cd6a0290c0f2
              • Instruction Fuzzy Hash: 3F01F271E00219DFCB50DFA9D844AAEBBB1FF48310F10C969D56AA7240D335AA42CFA0
              Function 02C07EB8 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dd299eabf160e55bbd36f1873e61028344cf9d4c0f0153a63078b483a6304dde
              • Instruction ID: 781de8739b5be3730c42240c97a20829453f6503e46e978ec5120e63de4f0b78
              • Opcode Fuzzy Hash: dd299eabf160e55bbd36f1873e61028344cf9d4c0f0153a63078b483a6304dde
              • Instruction Fuzzy Hash: 76F0E53A62429527C310666AE899BDABFADEBC6211F944029F509CB241DEB56C008A61
              Function 06D39B78 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7e3dc07d3df60644bf6262e777ed877b9b4b65355197e56ac4f81332f8c26166
              • Instruction ID: 95ddeb3087e36d210ac94bec3be5ec0efc73660f9a108e975f07c9efe7063b5b
              • Opcode Fuzzy Hash: 7e3dc07d3df60644bf6262e777ed877b9b4b65355197e56ac4f81332f8c26166
              • Instruction Fuzzy Hash: 24E06D333001246B47149A5EE8C4CAABBADFBD92723544036F208CB260CA619C4587A0
              Function 06C9F4C1 Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2afe744e55d680cc37dba2777205d0c0afbf14182c1b060bfbb070ca6b2a26c2
              • Instruction ID: 4ebd870d5c36637136aee3f63dabdd268ef12e7b280a354193d627341a99ad02
              • Opcode Fuzzy Hash: 2afe744e55d680cc37dba2777205d0c0afbf14182c1b060bfbb070ca6b2a26c2
              • Instruction Fuzzy Hash: 29F0E53010A6545FD719C675ED489B53FAAAF8110271801E9F048CB677DA349E01CBF1
              Function 06C928A0 Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 900b2381cc592ed172aafc206d951386558434834d311272909d1de251af7bc9
              • Instruction ID: 10598150331fc1b3094c89fe9bd0b00c961bfec51fec65641e1f71fdc99510df
              • Opcode Fuzzy Hash: 900b2381cc592ed172aafc206d951386558434834d311272909d1de251af7bc9
              • Instruction Fuzzy Hash: 9AE01233F1421AAB4B14DAAAE4048DEB7EEDBC8175715807BE11CC3600EA31D9068764
              Function 02C0D4F5 Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 678a01d3d4fa73e45660839f3237b822ada32ba434825d9a3cf54f3b4554109a
              • Instruction ID: aa5d618fae590244175bb5c6b2ac17fc65161b99fa9720e097ec79fb2bb54a5a
              • Opcode Fuzzy Hash: 678a01d3d4fa73e45660839f3237b822ada32ba434825d9a3cf54f3b4554109a
              • Instruction Fuzzy Hash: 7B01F678A11259ABDB14CBD4D885FAEBB72FF48304F104015F802BA2A0CB70A940DF60
              Function 06D396CC Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6cf78ab15587de41be78d36493aaf0a95488e0e628ebd050c216d3db08d9f2ad
              • Instruction ID: ac301f057760f76260b81be8dfdcbbcf8a1d51959547688d699133df1f4a6059
              • Opcode Fuzzy Hash: 6cf78ab15587de41be78d36493aaf0a95488e0e628ebd050c216d3db08d9f2ad
              • Instruction Fuzzy Hash: 67F03770A00254DFDBA0DF14D0A8B9EBFF0EB08714F284458E082AB290E7B5A844CB94
              Function 06D33F08 Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 40d77d56a84f1784d31f31d0d584e19a1795211e52a447d28c5106583390a9ce
              • Instruction ID: 496b2b92c6b3aeff1131b764a478f15591fa2192f66abbcfa976453f2b710cc9
              • Opcode Fuzzy Hash: 40d77d56a84f1784d31f31d0d584e19a1795211e52a447d28c5106583390a9ce
              • Instruction Fuzzy Hash: 2FF0A7711006206FD224571ADC80DB7BBFEFBC4311B108529F68687600C675A841C7A0
              Function 06C9A390 Relevance: .0, Instructions: 30COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4126bdf4bc24e085db33b10f31c2058d1c34b785bebb4c29f4617b0f813323de
              • Instruction ID: 2634105faa2b54d1e4408143b4004efc3563e8646499da1be5b08ef37a32a053
              • Opcode Fuzzy Hash: 4126bdf4bc24e085db33b10f31c2058d1c34b785bebb4c29f4617b0f813323de
              • Instruction Fuzzy Hash: 76E0DF312056296FD7508E7CDC45ACABBEDAF5466CB250419E589C7222EF71C846C7A0
              Function 02C01EAD Relevance: .0, Instructions: 30COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 379dd31277a13e61b4fc38200c02a380480a990993845538bfe8ac34414cf3b3
              • Instruction ID: ac6d68f98499c8941d222787dc2e4a48be12e7fb7ecc03038d3e6dd920d98277
              • Opcode Fuzzy Hash: 379dd31277a13e61b4fc38200c02a380480a990993845538bfe8ac34414cf3b3
              • Instruction Fuzzy Hash: F3F027346083889FCB024765C4543DDBBB65F46200F1000A2C141A72C1CA760958C373
              Function 06D3AE18 Relevance: .0, Instructions: 30COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fef965c42a45ba905f355c520a96639e16483580e8e40c876e2b13b94e589cb2
              • Instruction ID: 7a78d0e729bfe2b727a09e1e4cc39382757da4309a69a3852674d604359018be
              • Opcode Fuzzy Hash: fef965c42a45ba905f355c520a96639e16483580e8e40c876e2b13b94e589cb2
              • Instruction Fuzzy Hash: DEF0A7393456504FC7459F2DE814CAABBF6DF8962031940AAE585CB372CA70DC06CB64
              Function 05A2B050 Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a70f468b54e9f8805b316d6c9efb0e157104e2a6b2641719b24b1ba91dec7f5b
              • Instruction ID: 4358cb47ae703bebdfd1ed469397f6fc1c3875ba56ce93602e5c03943e222641
              • Opcode Fuzzy Hash: a70f468b54e9f8805b316d6c9efb0e157104e2a6b2641719b24b1ba91dec7f5b
              • Instruction Fuzzy Hash: 14E0DF223091946FC70192A9A860CAE3FAA9FC761036910EBE044CF3A6CE149C0283A3
              Function 06C94658 Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 56d8962531cb401bed614b1033d99617012964a0a098dabdb9ad24efffcc3d52
              • Instruction ID: 1410b5557201ca2d86a1dfc951d1249caf4d7cd5cde825c2f437c73a44b30318
              • Opcode Fuzzy Hash: 56d8962531cb401bed614b1033d99617012964a0a098dabdb9ad24efffcc3d52
              • Instruction Fuzzy Hash: F2D0C2253441256FD62865986C01BBB7BCECBC6961B14802AE90583240DDB48C01A3F0
              Function 02C034B4 Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 41fd998ca73e8b1a02fee11df56aba245bfeb201f7e8e030d7a331f27bce06ad
              • Instruction ID: c94aa41c18750bfc3326c3c6567e6dce6cfd0e8a5d655d350809155f7ce121fc
              • Opcode Fuzzy Hash: 41fd998ca73e8b1a02fee11df56aba245bfeb201f7e8e030d7a331f27bce06ad
              • Instruction Fuzzy Hash: 45E02272D082C08FC3124BA9A8D90F87F70DAA725078141C6D0859F0A1E325464ACB10
              Function 02C01ECD Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 35b161db60b1ba6ebbd9d0164ef1dc90c18093bfbc10a1db552f41013cf1d2bc
              • Instruction ID: 02a3746da9aaad3f3818301e215f599ba600ea3ff63b6a542affe6348bf0e866
              • Opcode Fuzzy Hash: 35b161db60b1ba6ebbd9d0164ef1dc90c18093bfbc10a1db552f41013cf1d2bc
              • Instruction Fuzzy Hash: 35E02B53A0D3C28FD713836898A52CC7F725F73150B0812DBC08AC72A7EA990619C323
              Function 02C0A361 Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bf18fdab917a8751e92d44428da9662135e17549983ad77ad540b97dd2bdefd9
              • Instruction ID: d70e7d7c201f386202e0e3371dee7a6bc2296e609d997088329d383b4a7e32f7
              • Opcode Fuzzy Hash: bf18fdab917a8751e92d44428da9662135e17549983ad77ad540b97dd2bdefd9
              • Instruction Fuzzy Hash: 25F09D38A002188FCB45CF99D8809CCB7F1FF88315B2185A5E505AB325D772AE45CFA0
              Function 02C07EC8 Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 869d80b628fca9326a8832328ebf3fb205b3e219ce1262fe798e46e2e83b1c25
              • Instruction ID: d6a2e170e606aa8a8211e51db70c4513f35c0da5cc46ec19adee7df033a33508
              • Opcode Fuzzy Hash: 869d80b628fca9326a8832328ebf3fb205b3e219ce1262fe798e46e2e83b1c25
              • Instruction Fuzzy Hash: 72E048393151586BC3147A6AA89499A7F9DFBC57517504429F50DCB245DE726C004A60
              Function 02C01F18 Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5f118fdd33157e73cfee2e3e4cbdf84cb991acd96be915a2bcf919a8b134def0
              • Instruction ID: fd5df6190b9de4dd75dccd9a148655fdd4580121617a9974a2e21d4ac7154fd1
              • Opcode Fuzzy Hash: 5f118fdd33157e73cfee2e3e4cbdf84cb991acd96be915a2bcf919a8b134def0
              • Instruction Fuzzy Hash: DDE02B30A08309DFDF009B65CC483DEBBB6AF49310F100164C1026B2C0DFB54659C7A7
              Function 06D3FA38 Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 58a82eabacfc667a1cea8e66602b9a9f4edb7d5b543fd02e4bc5998e21d3575c
              • Instruction ID: 8d2b7f35a6552d4c3d1d10f10998e0c79f1db0bffcd7d0c23844ea20c15759c4
              • Opcode Fuzzy Hash: 58a82eabacfc667a1cea8e66602b9a9f4edb7d5b543fd02e4bc5998e21d3575c
              • Instruction Fuzzy Hash: 6BE04F2270029416D216A27AB405BFE6A8ACBC6635E18406AE9498B381C9A56C4687E1
              Function 06D39890 Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0a4c1baacce07eef853f6f301185ee86aa5c60961b53305ac2ed12c379f50939
              • Instruction ID: 8da79602f532ee3a38fc5b1add6e261441acd276362833aaaf477129620bb464
              • Opcode Fuzzy Hash: 0a4c1baacce07eef853f6f301185ee86aa5c60961b53305ac2ed12c379f50939
              • Instruction Fuzzy Hash: 40E08C723002252B864432AEBC944AFBA8FDFC91607A4453AE20BCB340DCB4AC0643E0
              Function 06C98FE3 Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0fbb6280caaccb3677ba307ecd0b4d4b453bca9b0372a98fb3f65131f3b84a57
              • Instruction ID: 133a45ca7c3c093f830a06f49764adee728a88791aaee7599b009e04a0d825bf
              • Opcode Fuzzy Hash: 0fbb6280caaccb3677ba307ecd0b4d4b453bca9b0372a98fb3f65131f3b84a57
              • Instruction Fuzzy Hash: CFE0DF307183104FD7148F3ACC44A13BBEAAF8A60070A80AEE086CB262E9758C048BE0
              Function 05A2CD80 Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eb188f68d6a5bf6df6ac8ba89ef20c31e8e22e30e595bb141443cf34f0de5290
              • Instruction ID: 97f5c83e9d1638281286dd4a5e70bab1f989f5856f6c3ec9c5953f3771663010
              • Opcode Fuzzy Hash: eb188f68d6a5bf6df6ac8ba89ef20c31e8e22e30e595bb141443cf34f0de5290
              • Instruction Fuzzy Hash: B6E07D3A3081502B9615235C78294BD7F7FDBC6921325016FF90AC7346ED518C0C43F2
              Function 06C98FF0 Relevance: .0, Instructions: 24COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 12b1cfab5b715f63a70971ad32d08c967ed9b9e72da24d2b1abbcced9cec6ca8
              • Instruction ID: 6bdee2eb9847334a1a213a7e5919bcc816f37bf0b1a04a4cb9f547ccf13c1b31
              • Opcode Fuzzy Hash: 12b1cfab5b715f63a70971ad32d08c967ed9b9e72da24d2b1abbcced9cec6ca8
              • Instruction Fuzzy Hash: F0E086317101144BD714DF6AD844B5673DAAF88611F09407AE109C7661D961D84057C0
              Function 06C92D40 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 84778c683db9a83396f303d1e7e0b789d85c4d68b3dd51dfa7978dfd2152a259
              • Instruction ID: c4931a43b13db9446cdf65d1a8d913644ea695d18b9534e20aea7bb044a4b9cd
              • Opcode Fuzzy Hash: 84778c683db9a83396f303d1e7e0b789d85c4d68b3dd51dfa7978dfd2152a259
              • Instruction Fuzzy Hash: F3E026B20187169EDB10DB26EA0475033ECEB44205F04252AD088C2214E7385A00C6D1
              Function 05A2CD48 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 211fe4856a057bb59aadfc89ff3df51f8a0371b35822eb43d313446cacdc8d92
              • Instruction ID: 1bbe7bcf8d614e02ff751efa76b8a20896631a956900e56be7e954fd3b4ae5e0
              • Opcode Fuzzy Hash: 211fe4856a057bb59aadfc89ff3df51f8a0371b35822eb43d313446cacdc8d92
              • Instruction Fuzzy Hash: 1FE0863421D3816FCB06C775E822868FFA5AA4A521348C6DDD44ACB283DA21EC45C3B1
              Function 06C9F490 Relevance: .0, Instructions: 22COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e9743b86919513e4a8253ca4b33d575d6fa1e73943c4fe0e64103a6288fba249
              • Instruction ID: 26e6b732ca9e4bc88b069b1c2287c572e52f906fa33a89e9154fc7e2708c1bba
              • Opcode Fuzzy Hash: e9743b86919513e4a8253ca4b33d575d6fa1e73943c4fe0e64103a6288fba249
              • Instruction Fuzzy Hash: 33E0C231446600AFC7154A64EE088B23FAD9F4110275800EAF004CA633D968DE10CBB2
              Function 02C01EBD Relevance: .0, Instructions: 22COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1453e1e5768f6dab25b457ba18485947325503955a006176b5aad8fb275b44f9
              • Instruction ID: 4c512ebe38e5a8e9c3fbc1408c77245a963849380f529313ffe4b493bfcf9a4f
              • Opcode Fuzzy Hash: 1453e1e5768f6dab25b457ba18485947325503955a006176b5aad8fb275b44f9
              • Instruction Fuzzy Hash: F6E09220A0D3C59FD7024774C4242DCBFB19F86208F1600E7C145DB192DB7509588373
              Function 06D35034 Relevance: .0, Instructions: 22COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7874aa97ce7d97249bf6f6875cfb983f8781954455297a0097184f5e5f951889
              • Instruction ID: 27e386228778766d503bd426eecbaaef2f182c8943374ff529f8943a9db35d4e
              • Opcode Fuzzy Hash: 7874aa97ce7d97249bf6f6875cfb983f8781954455297a0097184f5e5f951889
              • Instruction Fuzzy Hash: B8E08C35B14110CFCB44EB39E9905ADBBE1EF8811435498BBE54ADB322DA32EC028781
              Function 06D35066 Relevance: .0, Instructions: 21COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 121d295da9b64a45c0daddb8b63d47cfeb62b2eef1b89bcce4360d1e17c98eb1
              • Instruction ID: 724e09846b41ecc8e944843fdd9d5d3498bc788f3a9b640d0695992fad3525cb
              • Opcode Fuzzy Hash: 121d295da9b64a45c0daddb8b63d47cfeb62b2eef1b89bcce4360d1e17c98eb1
              • Instruction Fuzzy Hash: 5FD05E73B041246BDF18E6B9AC049BFB3DBEBC8215304853AF509D7104E9719C1283E1
              Function 06D39828 Relevance: .0, Instructions: 21COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eb9f605e9593870dab8f500e3b6a222aeb9214fa94987dcd1da5d17e826b31c0
              • Instruction ID: cb28bb9f069687e0fb7514402b2ab59d4fd4824ff91e5b4eed0ab3e48af9cfae
              • Opcode Fuzzy Hash: eb9f605e9593870dab8f500e3b6a222aeb9214fa94987dcd1da5d17e826b31c0
              • Instruction Fuzzy Hash: 62E0C2312003209BC724962AE40086A7BBAFED4356300483EE50A8B610EAB2E9878780
              Function 05A2B060 Relevance: .0, Instructions: 21COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7951d0b69cb6dd393c1e0096b0906b6324426d902c3c9385cd35ae91f10da637
              • Instruction ID: 731a2c234a2d800137393d726288a10b5a5196dc5d10f0c113e477f4aad65afb
              • Opcode Fuzzy Hash: 7951d0b69cb6dd393c1e0096b0906b6324426d902c3c9385cd35ae91f10da637
              • Instruction Fuzzy Hash: C3D0A7323000146FC200A6AEE454CAF37DEEFCA6617A410B9E109CF364CE21EC0347D5
              Function 05A2B702 Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 623eee40a3a087ba0601d05878273b90b4e78629dade47cea60085284537c91b
              • Instruction ID: 4b2233bea4a9a5ce42dab2a02a72e567943504a26e25ccbf09e5dfd071d1c975
              • Opcode Fuzzy Hash: 623eee40a3a087ba0601d05878273b90b4e78629dade47cea60085284537c91b
              • Instruction Fuzzy Hash: 09E0E674D0620C9F9B50EFB899065AE7BF4FA04701B1141A5D909D7201E731D5098BB1
              Function 05A2B708 Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b3fcaad6849275deae13580bb7590a4cf2ec3f6a6f7d1cf3a515779a7cc38241
              • Instruction ID: 6b12d62269615b29756d364ac3e0082dc2376e6daee2c1dc9352037b289f4835
              • Opcode Fuzzy Hash: b3fcaad6849275deae13580bb7590a4cf2ec3f6a6f7d1cf3a515779a7cc38241
              • Instruction Fuzzy Hash: BCE0EC74E0520C8F8B50EFBD980666ABBF8FB04211B0541A9DC0DD3201FB31D9149BA1
              Function 05A2A291 Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 50104f7c7aea668bda2b27b05f12231bcf7003f3d1c025274af12c85a13ece7c
              • Instruction ID: ac22d8414e8ffb49231d7f113409600e577f05f2548b408f96fda3a2f2f99299
              • Opcode Fuzzy Hash: 50104f7c7aea668bda2b27b05f12231bcf7003f3d1c025274af12c85a13ece7c
              • Instruction Fuzzy Hash: D4E017352487848FCB059B68D8988A93BA5BF8A20471224D6F60ACB662DA25DE048762
              Function 05A2CD90 Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cfa2e335ffe28b730293f3d1995d8eb28af1c8db2c4733dd2825c05bebf15efa
              • Instruction ID: a009921b8379bd615759d4a0e2fc648a2090c7cdeb1ea7ef3946f9957146e944
              • Opcode Fuzzy Hash: cfa2e335ffe28b730293f3d1995d8eb28af1c8db2c4733dd2825c05bebf15efa
              • Instruction Fuzzy Hash: 73D0A736304024631915279D74244AE7AAFDBC9961365002FF60EC3345CD62DC0D47F5
              Function 02C0BB98 Relevance: .0, Instructions: 19COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e6f9e03344d8faca10ad644c9387b5e1f7ad9e58ab3c02caefb1613d15c8ccbc
              • Instruction ID: 87ec952c9598025f05b9923c530c1aa732ea706dc0d69f05a6bd79c2e0d78ca8
              • Opcode Fuzzy Hash: e6f9e03344d8faca10ad644c9387b5e1f7ad9e58ab3c02caefb1613d15c8ccbc
              • Instruction Fuzzy Hash: 15E092B4D0420E9F8B94DFA9D4416BEBFF4AB48200F10816AE958E3344E7395A51CFD5
              Function 05A2A760 Relevance: .0, Instructions: 19COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b489318e5fb8dff4e4e67b00e1f274644e71a755005e0ca2694769e2e8dfdf15
              • Instruction ID: ab015f9d7518766c2a304ae71eb2a0d7ec2e6f027907e87351b025c52ec714a1
              • Opcode Fuzzy Hash: b489318e5fb8dff4e4e67b00e1f274644e71a755005e0ca2694769e2e8dfdf15
              • Instruction Fuzzy Hash: 4DD0A73631A3705FDF210754BC059E23B68EA5626030A50E3F440FB1A6C1149D83CBF4
              Function 06C94668 Relevance: .0, Instructions: 18COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ba0fc1a3305c3d0c721edee5d34e562202a3572d3745d7acfac4dac413ccd4d3
              • Instruction ID: ae699d54b37c5f08b92eb775eb7213d999b4360f2f428531a2e158339b3759f3
              • Opcode Fuzzy Hash: ba0fc1a3305c3d0c721edee5d34e562202a3572d3745d7acfac4dac413ccd4d3
              • Instruction Fuzzy Hash: 62D0C9267145291B4A6821AD680497E679FCAC59763158066A916C3300DDB48C06A3E5
              Function 02C03460 Relevance: .0, Instructions: 18COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 496ccdecb0c80eafb7b0eda5cbf1b9f368a159f06c91a6c1ccf579a76de003a1
              • Instruction ID: 5e07a0c38a6ccd722626fc544a8552b0cc8ab88157a067089a720ed27a7a65a4
              • Opcode Fuzzy Hash: 496ccdecb0c80eafb7b0eda5cbf1b9f368a159f06c91a6c1ccf579a76de003a1
              • Instruction Fuzzy Hash: 03E09A36950508CFCB04DBA8E4848DCBB70EF89325B004156D5157B220EB306999CF50
              Function 02C07E72 Relevance: .0, Instructions: 18COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8872fd9fa2f635cb1c77c7140617b07b596990686dd18ada5d4fda87592b4559
              • Instruction ID: 2b51dbeccc42655a0c023d0f6e9f11de55c89f6db0e50f3fd8555f08c629523c
              • Opcode Fuzzy Hash: 8872fd9fa2f635cb1c77c7140617b07b596990686dd18ada5d4fda87592b4559
              • Instruction Fuzzy Hash: 85E08C79A096848BD70AEF35D08678A7FE6EB86300F488456D042CF6C9CF34AE81CB00
              Function 06D3ACC3 Relevance: .0, Instructions: 17COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 83f4a7ea14648f21fdf8a426f14e0816d0659f292e87cc117b2e6d7f5638d113
              • Instruction ID: f2dd6b045fb0c23936b4eea373310786ba227970d63082d028582bfa93eeab98
              • Opcode Fuzzy Hash: 83f4a7ea14648f21fdf8a426f14e0816d0659f292e87cc117b2e6d7f5638d113
              • Instruction Fuzzy Hash: 83D05E3120E3A04FC38692A868106E6BEAA9F8A21071A80DBA485DB593C966884647A5
              Function 06C946A8 Relevance: .0, Instructions: 16COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 70ac84b7f242d4df1e29037b878ddbe8eb27bae27cf5d65e4d423faebdf627c4
              • Instruction ID: 8c77a2bd0aac46c8e910173258deff2d3d67c7c93308cb607e45175b345a1109
              • Opcode Fuzzy Hash: 70ac84b7f242d4df1e29037b878ddbe8eb27bae27cf5d65e4d423faebdf627c4
              • Instruction Fuzzy Hash: 21D05B70A1510DEFCB40EFACE94159D7BF5EF45205B2045D8D409D7200EA312F009B50
              Function 06C92CC1 Relevance: .0, Instructions: 16COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 453bab9e623c11bbc3e1a6dd69136cf4adcf5112cfef22fab58a986fc705dbf0
              • Instruction ID: b30e33fb19c418fb9f5d5f74a483e5e8691904fa9f387bf963dad28700582250
              • Opcode Fuzzy Hash: 453bab9e623c11bbc3e1a6dd69136cf4adcf5112cfef22fab58a986fc705dbf0
              • Instruction Fuzzy Hash: 56D01232A247565BD7601F69A804242BAFAFF82115F20457FD98483200FA75C90056B0
              Function 06D39861 Relevance: .0, Instructions: 16COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f4d97bed45770b766720ca16eaf629e81b1e476840d5b1cf7cdd6e37002373db
              • Instruction ID: 71585a253d93cf6db7de706b13498c47a40a64959f37264042f7439bb83db13d
              • Opcode Fuzzy Hash: f4d97bed45770b766720ca16eaf629e81b1e476840d5b1cf7cdd6e37002373db
              • Instruction Fuzzy Hash: CDD0A93515E3C48FC3028B38BC41CA6BFBC9E5720035980EAF480CB223C210AC19C3B2
              Function 06D3B338 Relevance: .0, Instructions: 15COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 42ef2bd8983bede75bab06af25cdb1f8a08239fb337cb30c5a626aa39c94b7f1
              • Instruction ID: c83316306aca2de91df07ecf0440a7f9c441a24865ed095273bf85cdbb3dcf73
              • Opcode Fuzzy Hash: 42ef2bd8983bede75bab06af25cdb1f8a08239fb337cb30c5a626aa39c94b7f1
              • Instruction Fuzzy Hash: 6DD05E302093C19FDF1297248C20B507F609B43B08FE448C9D4C0CB0C3C55258C7EB41
              Function 06C92289 Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 11c1e2cdba9fa489132b29ef609d9f6926770628aea60ddc9744b96d7d37f451
              • Instruction ID: 642ea2db3862f6d0f98b6d27e5d4fce30aa3c6e3fae3e702bed9d34fef446438
              • Opcode Fuzzy Hash: 11c1e2cdba9fa489132b29ef609d9f6926770628aea60ddc9744b96d7d37f451
              • Instruction Fuzzy Hash: 20D0223000A3D83FC7130334A84C5F23F26C94230130103C2F4889602782291BF38390
              Function 06C92261 Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0024b7ffdfa2744ff7a1051873515bf73635ab8341b3aa57fc2b0e569dc3049f
              • Instruction ID: 801e4a648443c54bb56e9e60d9ac61cae585bf90ccac9a0e828a98ad051dd56d
              • Opcode Fuzzy Hash: 0024b7ffdfa2744ff7a1051873515bf73635ab8341b3aa57fc2b0e569dc3049f
              • Instruction Fuzzy Hash: D2D0122111A7C43FCB0252249C55BB72F98DB83311B4601CFA481DB157D4149C6683B2
              Function 02C01F55 Relevance: .0, Instructions: 13COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 04520995c7d7962ffe9b28329f812b7c6fb688c5b9e2e62ca30feda0e63d887d
              • Instruction ID: 705d21ddd939cd419aef4e6720857d5273b272f29190d0a21f5d26ee612544f0
              • Opcode Fuzzy Hash: 04520995c7d7962ffe9b28329f812b7c6fb688c5b9e2e62ca30feda0e63d887d
              • Instruction Fuzzy Hash: 39D0A734A00209DADB40D7D4D4423DCB7F2FB84300F501156C10B63180CF7016A4C773
              Function 02C01F68 Relevance: .0, Instructions: 13COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2e77300e8b14de1b6c623840f5d424c7510575a58bcb896734e2d552de098f0e
              • Instruction ID: 4650d6068b86e8560cd616d38415ef8f3a99ca0b0fe90ca00c37d7a0e60f8d47
              • Opcode Fuzzy Hash: 2e77300e8b14de1b6c623840f5d424c7510575a58bcb896734e2d552de098f0e
              • Instruction Fuzzy Hash: 03D0A720600309DADB80A7E894013DCBBE2EBC4301F541165C10A961418F7002A4C773
              Function 05A2D3AA Relevance: .0, Instructions: 13COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 684f76fa1b246140f0890c3d7339895af9926bce2ad026718e8c8c95d1a10fbe
              • Instruction ID: b4b10d5daba006618d4820de33b654e4666524abb70b8f8dd6b37b7c60770c62
              • Opcode Fuzzy Hash: 684f76fa1b246140f0890c3d7339895af9926bce2ad026718e8c8c95d1a10fbe
              • Instruction Fuzzy Hash: A5D0121060E3C02EEB03D23889A45B73FAA49D321031BC4EBE480CF047D42988EAC361
              Function 05A2D3DA Relevance: .0, Instructions: 13COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7764c2c728fe4640dee9683ade54e3c6139bb903a2fe2fea1a824dda12f6fe9f
              • Instruction ID: f925c5bd053ffac14e84610161917e85acfd5d564fca10b3f1f383d122c7d331
              • Opcode Fuzzy Hash: 7764c2c728fe4640dee9683ade54e3c6139bb903a2fe2fea1a824dda12f6fe9f
              • Instruction Fuzzy Hash: B7C02B3000131D1EA2032B10FC09DFDB76CF2802167205236F00C47045EE502CC906F1
              Function 05A2FF50 Relevance: .0, Instructions: 13COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c0721b336906bcb4aba4bc4a767f1583840849e141408b262af5bf15903974c3
              • Instruction ID: c202448a37e93014272dd32ffbc4e83d71b40c34b4207b70ef77cb8cfd4243d2
              • Opcode Fuzzy Hash: c0721b336906bcb4aba4bc4a767f1583840849e141408b262af5bf15903974c3
              • Instruction Fuzzy Hash: 4BC08C310082829EEA100F2A851A7B97BAAE7012E6F290449E0C1C5182E766D281EB71
              Function 02C01F78 Relevance: .0, Instructions: 12COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6c07133c6ee1f90da11ce23308e36fb659a383cbb08ca06bd7a18332cfaea3dd
              • Instruction ID: a16ab1727213c5f4b0698a6590ff349408e5acc865e94012a53ff4bd0972714d
              • Opcode Fuzzy Hash: 6c07133c6ee1f90da11ce23308e36fb659a383cbb08ca06bd7a18332cfaea3dd
              • Instruction Fuzzy Hash: 27C01265700719DADBC1A7FCA80438CBAD2DFD5302F500579D10D8A2428EA406748BB3
              Function 05A2A2A0 Relevance: .0, Instructions: 12COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2ebb552fa9754c5618be07486fcb4d12c2c9fadd37a13526a5c5947c35012c1a
              • Instruction ID: e0c24a325a12769bfdfffad54f02d53cfe8208dafc8fb0f484f429f8c6cbe3a7
              • Opcode Fuzzy Hash: 2ebb552fa9754c5618be07486fcb4d12c2c9fadd37a13526a5c5947c35012c1a
              • Instruction Fuzzy Hash: DAD0CA352442048FCB08EB68C48891877E8BF4820430214E4F50ACB362EA21E8008B40
              Function 06C98748 Relevance: .0, Instructions: 11COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4daf2ef10780b799bf46c810a5c0899896324a0e7c426670a9ed547ae71df936
              • Instruction ID: 1139170d0f46aacb88ddbd8a3c26c6c049b6a37835a87ac6d7032c124fa04ef3
              • Opcode Fuzzy Hash: 4daf2ef10780b799bf46c810a5c0899896324a0e7c426670a9ed547ae71df936
              • Instruction Fuzzy Hash: 08C012B004831A8FC6202F50E8457487BA8EB00306F600808E0881A22AEBF82D818BA1
              Function 06C9F4A0 Relevance: .0, Instructions: 11COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 492cccb23d7a460b0c5b9cab68c2f02c7e5df2d21aaa4f3bb9b299a9f92f7fa2
              • Instruction ID: c08ce330aca55a6df55f41fc9a2d7e3e1d89aeb353f7ba3ddf8824432d8777d6
              • Opcode Fuzzy Hash: 492cccb23d7a460b0c5b9cab68c2f02c7e5df2d21aaa4f3bb9b299a9f92f7fa2
              • Instruction Fuzzy Hash: A1C01232451904CFCB588A69E60CA3937A8AF0060AB5400FCE1088BA33C229E912CBA1
              Function 02C08DF8 Relevance: .0, Instructions: 11COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f57b1da66c71ffc398bb98cd4920e2728980d13201f4bd66ecd9544b4513ef53
              • Instruction ID: df8fc9ed185b263d4481e4aa7196dc6642274b8c909b908c19632b9322e99e0f
              • Opcode Fuzzy Hash: f57b1da66c71ffc398bb98cd4920e2728980d13201f4bd66ecd9544b4513ef53
              • Instruction Fuzzy Hash: 05C04C492144D502D646237984EA799AB66AFC2648FF844D552988A2C1EA6A94205711
              Function 06C916E0 Relevance: .0, Instructions: 10COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7f6a3edd1a365c048ead6eeab230c695e352f5bdf1afe2c09e05853a5360bf54
              • Instruction ID: 8ec496f641ec32fcbb291d4503459ee7c55f9cbf3ea0c2f2a075df93123f7f18
              • Opcode Fuzzy Hash: 7f6a3edd1a365c048ead6eeab230c695e352f5bdf1afe2c09e05853a5360bf54
              • Instruction Fuzzy Hash: 8DC09B7651110256FF544F30FA5BB917B51D780310F158415F15085081EFB851C75751
              Function 06C98720 Relevance: .0, Instructions: 10COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 70a0ed6b7888b7f9000c9128ac79705906c78f78cf6e3a3a616f49b31ca1ca4a
              • Instruction ID: b58c9956d3176d763dd9221853873ff0fd2e4dc6a3f91e2ddd79c67b96165a07
              • Opcode Fuzzy Hash: 70a0ed6b7888b7f9000c9128ac79705906c78f78cf6e3a3a616f49b31ca1ca4a
              • Instruction Fuzzy Hash: C6C08C600083014BEB01AA28C291302BBA08B80344F5484CAC8841B365D3B68D42C782
              Function 02C07220 Relevance: .0, Instructions: 9COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4139960247.0000000002C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_2c00000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dcf6a8ea61af889b372f5762330d9294d5b2307157b33a02e0d61c67d1bc2554
              • Instruction ID: 0e9896bc1830c48ddb01c8c07c4600350a83fa010c1c95f7e2c800037e18cc12
              • Opcode Fuzzy Hash: dcf6a8ea61af889b372f5762330d9294d5b2307157b33a02e0d61c67d1bc2554
              • Instruction Fuzzy Hash: 90B09279D1B6584BCF05022998565AA3F329B99202B8967A6D042CAA92CC2AAD038E11
              Function 06C9F478 Relevance: .0, Instructions: 8COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 94a9bb855b66031527ad60d43b9bbe596700b8874c009695b8fe6633e9f835db
              • Instruction ID: 74d73ab9e6f381ab5f9d9b95b6852324e2f71f11f687843942c945560dc2aa6d
              • Opcode Fuzzy Hash: 94a9bb855b66031527ad60d43b9bbe596700b8874c009695b8fe6633e9f835db
              • Instruction Fuzzy Hash: 85B092302602088FC300DA59D444E4173ACFF48B08F5100E0E5088BB32C662FC008A40
              Function 06D39A98 Relevance: .0, Instructions: 8COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 462f806103f530d795e63e7cd30240698a3559f3884ee21002b46cc62c982ebf
              • Instruction ID: d8100a90c36c6afb46e3665ffca73ba4e4f7bdeecf5ab3a8d609dff14662edf3
              • Opcode Fuzzy Hash: 462f806103f530d795e63e7cd30240698a3559f3884ee21002b46cc62c982ebf
              • Instruction Fuzzy Hash: FBB09237E08018C9EB40AA84B4417EDFB30F790225F204127C25066000D272016887D2
              Function 06C98758 Relevance: .0, Instructions: 7COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 861a41908dde665dff06597fe6d98f641d9081cd9c436f75f6193198648d8d36
              • Instruction ID: c631b5fdc0af642c5ce20b01134418c848db72ce2366160267db34af5c985763
              • Opcode Fuzzy Hash: 861a41908dde665dff06597fe6d98f641d9081cd9c436f75f6193198648d8d36
              • Instruction Fuzzy Hash: EEB0127004032D4FC6007754F804708375DE640206B404510F10C5612A5DE43CC047D4
              Function 06C92298 Relevance: .0, Instructions: 7COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 16297470693db9e13014b28647b49d7bccb7c6b3e3721836beff365a26db20fe
              • Instruction ID: 2fb9561553331298e1834af7785e2a255b7c772b1abb4b148d9db2985cc298a9
              • Opcode Fuzzy Hash: 16297470693db9e13014b28647b49d7bccb7c6b3e3721836beff365a26db20fe
              • Instruction Fuzzy Hash: 48B0123101031D4FC5007754F40CB14376DDA842267404510B50C45109596C3DC247C4
              Function 06D34841 Relevance: .0, Instructions: 7COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 66213739f21843147c55011ff9ed3e193d0477633d260862da8b0251e9c86322
              • Instruction ID: 26251c0132430f41cbd850a2547055d85fb9b0e9498c76170e6cf14d4244899e
              • Opcode Fuzzy Hash: 66213739f21843147c55011ff9ed3e193d0477633d260862da8b0251e9c86322
              • Instruction Fuzzy Hash: 9BC092349093808FFB325F20E41C3063E22AB92320F7684AED4C1EF2C7CB654491C792
              Function 06D39870 Relevance: .0, Instructions: 7COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4145346491.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6d30000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 99c5e80e5d161c6cd17717d7e90366d7df6c86bdedef1d8d57fbaaa881c347e6
              • Instruction ID: 1485e72821faeb6dd9078d765896f2924cff3babc4a0a417e0ffd36dedc08b16
              • Opcode Fuzzy Hash: 99c5e80e5d161c6cd17717d7e90366d7df6c86bdedef1d8d57fbaaa881c347e6
              • Instruction Fuzzy Hash: 69B092721502088F8300DB68E548C0277A8AB18A1031140A1E2048B232C621F8108A65
              Function 05A2D3E0 Relevance: .0, Instructions: 7COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c06c38999f97953b797565c1a7266981106cc31a230de4203a703ed707c8c846
              • Instruction ID: 17b971019eaeb38d88055bd0537a97ed9690bde0ce99c81b009b8783e24e5176
              • Opcode Fuzzy Hash: c06c38999f97953b797565c1a7266981106cc31a230de4203a703ed707c8c846
              • Instruction Fuzzy Hash: 23B0123000031D4FC6037B54F808A9C77ADF7402167405611F10C46119AA642CC84BA5
              Function 05A2FDAF Relevance: .0, Instructions: 7COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4144484753.0000000005A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5a20000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7e6b12f5a2fd8ae30ed915e4c1de33036ab652ac255699f538a25d679268d149
              • Instruction ID: 09017e1f7f402b83bde4cd19b931f6f6f5d3f17692b58a69559a915f36c2ac08
              • Opcode Fuzzy Hash: 7e6b12f5a2fd8ae30ed915e4c1de33036ab652ac255699f538a25d679268d149
              • Instruction Fuzzy Hash: B8A0023738902C8E5B09599DB94ECAABB39E9C057B35211F3E21EC94124612C6558A61

              Non-executed Functions

              Function 06C92E18 Relevance: 6.6, Strings: 5, Instructions: 316COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (bq$(bq$\;^q$\;^q$\;^q
              • API String ID: 0-308958514
              • Opcode ID: 311e4ca68b61fc8aa6dc369d4fd0850a1e5f659694d749c9dd736de900a38fb4
              • Instruction ID: 9128670d327af005dd1ca8266057473255b56808d5bba6c75cb0928aac246b7c
              • Opcode Fuzzy Hash: 311e4ca68b61fc8aa6dc369d4fd0850a1e5f659694d749c9dd736de900a38fb4
              • Instruction Fuzzy Hash: B2B1BF70B102159FCF54DB7EC45866EF7EAAF88701B148429E84ADB394DF75ED018BA0
              Function 06C966F0 Relevance: 5.3, Strings: 4, Instructions: 287COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (bq$(bq$,bq$,bq
              • API String ID: 0-3352830385
              • Opcode ID: e60a7563b433f5b65f3b4ec51ece20a69bf66bda53e0c523604a244d5b07e131
              • Instruction ID: 4a5fab350510596b24ba030c0ab965634d4d67b53cef6709eeefdb50b549d3e6
              • Opcode Fuzzy Hash: e60a7563b433f5b65f3b4ec51ece20a69bf66bda53e0c523604a244d5b07e131
              • Instruction Fuzzy Hash: EDA1B130B042148FDB54DF6AD89896EBBB2FF85311B21856DE54A9B391DB31EC01CBA1
              Function 06C931D8 Relevance: 5.2, Strings: 4, Instructions: 202COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (bq$(bq$(bq$$^q
              • API String ID: 0-2201410301
              • Opcode ID: a779c48a007dbf5c91151641bc466169aae94438db45c57eae069c3473d6adbd
              • Instruction ID: a01f981c789c46d52ef65f843c0e47075918b6321f6fffb7ee77e77ce58ac51b
              • Opcode Fuzzy Hash: a779c48a007dbf5c91151641bc466169aae94438db45c57eae069c3473d6adbd
              • Instruction Fuzzy Hash: 3351BA35B001558FCB54AB7DD458A6E77E6FFC4611B1140AAE50ACB361EF30DE028BA1
              Function 06C93848 Relevance: 5.1, Strings: 4, Instructions: 125COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (bq$4c^q$$^q$c^q
              • API String ID: 0-3082160503
              • Opcode ID: 3a1c9f0be0da2c1dd40dabb0ae9cb5fd74d194c7c58c1f4afdcc143c93394d31
              • Instruction ID: 4614b50bfdf70115fd9e43f3bc08d02f54712e0ec3e166aad2c82d52d0135c40
              • Opcode Fuzzy Hash: 3a1c9f0be0da2c1dd40dabb0ae9cb5fd74d194c7c58c1f4afdcc143c93394d31
              • Instruction Fuzzy Hash: FC41B6757047808FDBA99F3A848832EBBD7BFC4250B16485EC48B8B791DF30E94587A1
              Function 06C96C70 Relevance: 5.1, Strings: 4, Instructions: 66COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4145143640.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6c90000_WebCompanion-Installer.jbxd
              Similarity
              • API ID:
              • String ID: (bq$,bq$,bq$Hbq
              • API String ID: 0-441485220
              • Opcode ID: 3151363188ecb76d15492263a7784e67b1e060dc85104382f2d1b240167368c9
              • Instruction ID: bdbefbf88859d0e50301ec221a2fbe68d59d7ffee922cc3bf585c1aaaedecd46
              • Opcode Fuzzy Hash: 3151363188ecb76d15492263a7784e67b1e060dc85104382f2d1b240167368c9
              • Instruction Fuzzy Hash: D411EF34B200688FDB98AF3D88284AE3BD6EF8665176044AAD006DB380CE209D0287A5