Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Setup.exe

Overview

General Information

Sample name:Setup.exe
Analysis ID:1486946
MD5:13f5fecf34a18af19e500f24f21434d4
SHA1:57d96e264fcb813bbd37dc677ca6717585802d22
SHA256:849ec4445694a35b8a28f448b173473df747923e9809a24823bc978260926cab
Infos:

Detection

Score:45
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64_ra
  • Setup.exe (PID: 604 cmdline: "C:\Users\user\Desktop\Setup.exe" MD5: 13F5FECF34A18AF19E500F24F21434D4)
    • WebCompanion-Installer.exe (PID: 2788 cmdline: .\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN230901 --nonadmin --direct --tych --campaign=16075236377 --version=13.900.0.1080 MD5: A27F9713DB1688D03D2082BFA1827803)
  • Setup.exe (PID: 3636 cmdline: "C:\Users\user\Desktop\Setup.exe" MD5: 13F5FECF34A18AF19E500F24F21434D4)
    • WebCompanion-Installer.exe (PID: 6580 cmdline: .\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN230901 --nonadmin --direct --tych --campaign=16075236377 --version=13.900.0.1080 MD5: A27F9713DB1688D03D2082BFA1827803)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
    C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      1.0.WebCompanion-Installer.exe.10000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
        0.3.Setup.exe.20658b8.0.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
          0.3.Setup.exe.2066eb8.4.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
            0.3.Setup.exe.20684b8.5.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

              Sigma Signatures

              No Sigma rule has matched

              Snort Signatures

              No Snort rule has matched

              Suricata Signatures

              Timestamp:2024-08-02T18:58:42.018517+0200
              SID:2803305
              Source Port:49706
              Destination Port:80
              Protocol:TCP
              Classtype:Unknown Traffic
              Timestamp:2024-08-02T19:00:12.242072+0200
              SID:2803305
              Source Port:49772
              Destination Port:443
              Protocol:TCP
              Classtype:Unknown Traffic
              Timestamp:2024-08-02T18:58:53.098383+0200
              SID:2803305
              Source Port:49740
              Destination Port:443
              Protocol:TCP
              Classtype:Unknown Traffic
              Timestamp:2024-08-02T18:59:59.504280+0200
              SID:2803305
              Source Port:49748
              Destination Port:80
              Protocol:TCP
              Classtype:Unknown Traffic

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Multi AV Scanner detection for dropped file
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeReversingLabs: Detection: 20%
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeReversingLabs: Detection: 20%
              Multi AV Scanner detection for submitted file
              Source: Setup.exeReversingLabs: Detection: 13%
              Source: Setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\WcInstaller.logJump to behavior
              Source: Setup.exeStatic PE information: certificate valid
              Source: unknownHTTPS traffic detected: 104.16.149.130:443 -> 192.168.2.17:49707 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.18.26.149:443 -> 192.168.2.17:49708 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.16.148.130:443 -> 192.168.2.17:49733 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.18.26.149:443 -> 192.168.2.17:49746 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.16.149.130:443 -> 192.168.2.17:49749 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.16.149.130:443 -> 192.168.2.17:49749 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.18.26.149:443 -> 192.168.2.17:49750 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.16.148.130:443 -> 192.168.2.17:49771 version: TLS 1.2
              Source: Binary string: tem.pdbpdbte.`K source: WebCompanion-Installer.exe, 00000001.00000002.1782951539.0000000004EA5000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: bly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: WebCompanion-Installer.exe, 00000001.00000002.1782951539.0000000004EA5000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: c:\Temp\Release\Working\Newtonsoft.Json\Src\Newtonsoft.Json\obj\Release\Newtonsoft.Json.pdb source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, WebCompanion-Installer.exe, 00000001.00000002.1783919884.0000000005F72000.00000002.00000001.01000000.00000007.sdmp, Newtonsoft.Json.dll.14.dr, Newtonsoft.Json.dll.0.dr
              Source: Binary string: eApplication/WebCompanion-Installer.pdbPK source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.000000000285C000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002868000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002864000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002860000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000028EA000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B61000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002D0E000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B65000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B69000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: Application/WebCompanion-Installer.pdbPK source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.000000000285C000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002868000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002864000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002860000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000028EA000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B61000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002D0E000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B65000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B69000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: Windows\dll\System.pdb source: WebCompanion-Installer.exe, 00000001.00000002.1783232065.0000000004F14000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: c:\Windows\Temp\drone-ME4saUyIgSY9rSgY\drone\src\WebCompanion\Installer\WebCompanionInstaller\obj\Release\WebCompanion-Installer.pdb source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.dr

              Networking

              barindex
              Yara detected Generic Downloader
              Source: Yara matchFile source: 1.0.WebCompanion-Installer.exe.10000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.3.Setup.exe.20658b8.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.3.Setup.exe.2066eb8.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.3.Setup.exe.20684b8.5.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe, type: DROPPED
              Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe, type: DROPPED
              Source: global trafficHTTP traffic detected: POST /api/feature/WC HTTP/1.1Content-Type: application/jsonHost: featureflags.lavasoft.comContent-Length: 194Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /v1/event-stat?Type=Start&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 447Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Start&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 398
              Source: global trafficHTTP traffic detected: POST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 508
              Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 646
              Source: global trafficHTTP traffic detected: POST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 515
              Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 482
              Source: global trafficHTTP traffic detected: POST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 515
              Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 488
              Source: global trafficHTTP traffic detected: POST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 527
              Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 466
              Source: global trafficHTTP traffic detected: POST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 527
              Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 458
              Source: global trafficHTTP traffic detected: POST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 520
              Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 460
              Source: global trafficHTTP traffic detected: POST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 520
              Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 475
              Source: global trafficHTTP traffic detected: POST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 520
              Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 491
              Source: global trafficHTTP traffic detected: POST /api/Update/WC HTTP/1.1Content-Type: application/jsonHost: featureflags.lavasoft.comContent-Length: 194
              Source: global trafficHTTP traffic detected: POST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 517Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 485
              Source: global trafficHTTP traffic detected: GET /13.900.0.1080/WebCompanion-13.900.0.1080-prod.zip HTTP/1.1Host: wcdownloadercdn.lavasoft.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /13.900.0.1080/WebCompanion-13.900.0.1080-prod.zip HTTP/1.1Host: wcdownloadercdn.lavasoft.com
              Source: global trafficHTTP traffic detected: GET /13.900.0.1080/WebCompanion-13.900.0.1080-prod.zip HTTP/1.1Host: wcdownloadercdn.lavasoft.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /13.900.0.1080/WebCompanion-13.900.0.1080-prod.zip HTTP/1.1Host: wcdownloadercdn.lavasoft.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /v1/event-stat?Type=ErrorInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 728Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ErrorInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 674
              Source: global trafficHTTP traffic detected: POST /v1/event-stat?Type=Complete&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 447
              Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Complete&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 398Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /api/feature/WC HTTP/1.1Content-Type: application/jsonHost: featureflags.lavasoft.comContent-Length: 194Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /v1/event-stat?Type=Start&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 447Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Start&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 398
              Source: global trafficHTTP traffic detected: POST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 508
              Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 647
              Source: global trafficHTTP traffic detected: POST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 515
              Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 482
              Source: global trafficHTTP traffic detected: POST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 515
              Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 488
              Source: global trafficHTTP traffic detected: POST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 527
              Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 466
              Source: global trafficHTTP traffic detected: POST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 527
              Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 458
              Source: global trafficHTTP traffic detected: POST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 520
              Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 460
              Source: global trafficHTTP traffic detected: POST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 520
              Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 475
              Source: global trafficHTTP traffic detected: POST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 520
              Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 491
              Source: global trafficHTTP traffic detected: POST /api/Update/WC HTTP/1.1Content-Type: application/jsonHost: featureflags.lavasoft.comContent-Length: 194
              Source: global trafficHTTP traffic detected: POST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 517Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flwadw.comContent-Length: 485
              Source: global trafficHTTP traffic detected: GET /13.900.0.1080/WebCompanion-13.900.0.1080-prod.zip HTTP/1.1Host: wcdownloadercdn.lavasoft.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /13.900.0.1080/WebCompanion-13.900.0.1080-prod.zip HTTP/1.1Host: wcdownloadercdn.lavasoft.com
              Source: global trafficHTTP traffic detected: GET /13.900.0.1080/WebCompanion-13.900.0.1080-prod.zip HTTP/1.1Host: wcdownloadercdn.lavasoft.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /13.900.0.1080/WebCompanion-13.900.0.1080-prod.zip HTTP/1.1Host: wcdownloadercdn.lavasoft.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: geo.lavasoft.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: geo.lavasoft.com
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: geo.lavasoft.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: geo.lavasoft.com
              Source: Joe Sandbox ViewIP Address: 104.16.149.130 104.16.149.130
              Source: Joe Sandbox ViewIP Address: 104.16.148.130 104.16.148.130
              Source: Joe Sandbox ViewIP Address: 104.16.148.130 104.16.148.130
              Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /13.900.0.1080/WebCompanion-13.900.0.1080-prod.zip HTTP/1.1Host: wcdownloadercdn.lavasoft.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /13.900.0.1080/WebCompanion-13.900.0.1080-prod.zip HTTP/1.1Host: wcdownloadercdn.lavasoft.com
              Source: global trafficHTTP traffic detected: GET /13.900.0.1080/WebCompanion-13.900.0.1080-prod.zip HTTP/1.1Host: wcdownloadercdn.lavasoft.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /13.900.0.1080/WebCompanion-13.900.0.1080-prod.zip HTTP/1.1Host: wcdownloadercdn.lavasoft.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /13.900.0.1080/WebCompanion-13.900.0.1080-prod.zip HTTP/1.1Host: wcdownloadercdn.lavasoft.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /13.900.0.1080/WebCompanion-13.900.0.1080-prod.zip HTTP/1.1Host: wcdownloadercdn.lavasoft.com
              Source: global trafficHTTP traffic detected: GET /13.900.0.1080/WebCompanion-13.900.0.1080-prod.zip HTTP/1.1Host: wcdownloadercdn.lavasoft.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /13.900.0.1080/WebCompanion-13.900.0.1080-prod.zip HTTP/1.1Host: wcdownloadercdn.lavasoft.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: geo.lavasoft.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: geo.lavasoft.com
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: geo.lavasoft.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: geo.lavasoft.com
              Source: global trafficDNS traffic detected: DNS query: geo.lavasoft.com
              Source: global trafficDNS traffic detected: DNS query: featureflags.lavasoft.com
              Source: global trafficDNS traffic detected: DNS query: flwadw.com
              Source: global trafficDNS traffic detected: DNS query: wcdownloadercdn.lavasoft.com
              Source: unknownHTTP traffic detected: POST /api/feature/WC HTTP/1.1Content-Type: application/jsonHost: featureflags.lavasoft.comContent-Length: 194Connection: Keep-Alive
              Source: Setup.exe, Newtonsoft.Json.dll.14.dr, ICSharpCode.SharpZipLib.dll.14.dr, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: http://aia.entrust.net/evcs2-chain.p7c01
              Source: Setup.exe, Newtonsoft.Json.dll.14.dr, ICSharpCode.SharpZipLib.dll.14.dr, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
              Source: Setup.exe, Newtonsoft.Json.dll.14.dr, ICSharpCode.SharpZipLib.dll.14.dr, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
              Source: Setup.exe, Newtonsoft.Json.dll.14.dr, ICSharpCode.SharpZipLib.dll.14.dr, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
              Source: Setup.exe, Newtonsoft.Json.dll.14.dr, ICSharpCode.SharpZipLib.dll.14.dr, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: http://crl.entrust.net/csbr1.crl0
              Source: Setup.exe, Newtonsoft.Json.dll.14.dr, ICSharpCode.SharpZipLib.dll.14.dr, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: http://crl.entrust.net/evcs2.crl0
              Source: Setup.exe, Newtonsoft.Json.dll.14.dr, ICSharpCode.SharpZipLib.dll.14.dr, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: http://crl.entrust.net/g2ca.crl0
              Source: Setup.exe, Newtonsoft.Json.dll.14.dr, ICSharpCode.SharpZipLib.dll.14.dr, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
              Source: Setup.exe, Newtonsoft.Json.dll.14.dr, ICSharpCode.SharpZipLib.dll.14.dr, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
              Source: Setup.exe, Newtonsoft.Json.dll.14.dr, ICSharpCode.SharpZipLib.dll.14.dr, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/UI/ResourceDictionary/icon-failed.pngl
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/WebCompanion-Installer;component/ui/customerrorview.xamll
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/WebCompanion-Installer;component/ui/installerfooter.xamll
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/WebCompanion-Installer;component/ui/installerheader.xamll
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/WebCompanion-Installer;component/ui/installerheaderextension.xamll
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002880000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://featureflags.lavasoft.com
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002B44000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002880000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002B3A000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000028EA000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://flwadw.com
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/UI/ResourceDictionary/icon-failed.png
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/ui/customerrorview.baml
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/ui/customerrorview.bamll
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/ui/installerfooter.baml
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/ui/installerfooter.bamll
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/ui/resourcedictionary/icon-failed.png
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/ui/resourcedictionary/icon-failed.pngl
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/ui/customerrorview.xaml
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/ui/installerfooter.xaml
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002880000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002545000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002838000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://geo.lavasoft.com
              Source: WebCompanion-Installer.exe.14.drString found in binary or memory: http://geo.lavasoft.com/
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002880000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://geo.lavasoft.com/l
              Source: Newtonsoft.Json.dll.0.drString found in binary or memory: http://james.newtonking.com/projects/json
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: http://localhost:9008Fhttp://localhost:9008/webcompanion/4http://rt.webcompanion.com
              Source: Setup.exe, Newtonsoft.Json.dll.14.dr, ICSharpCode.SharpZipLib.dll.14.dr, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: http://ocsp.digicert.com0A
              Source: Setup.exe, Newtonsoft.Json.dll.14.dr, ICSharpCode.SharpZipLib.dll.14.dr, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: http://ocsp.digicert.com0C
              Source: Setup.exe, Newtonsoft.Json.dll.14.dr, ICSharpCode.SharpZipLib.dll.14.dr, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: http://ocsp.digicert.com0X
              Source: Setup.exe, Newtonsoft.Json.dll.14.dr, ICSharpCode.SharpZipLib.dll.14.dr, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: http://ocsp.entrust.net00
              Source: Setup.exe, Newtonsoft.Json.dll.14.dr, ICSharpCode.SharpZipLib.dll.14.dr, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: http://ocsp.entrust.net01
              Source: Setup.exe, Newtonsoft.Json.dll.14.dr, ICSharpCode.SharpZipLib.dll.14.dr, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: http://ocsp.entrust.net02
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: http://rt.webcompanion.com/notifications/download/rt/typolist.txt.http://www.lavasoft.com6http://www
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: http://rt.webcompanion.com/notifications/download/rt/typolist.txt5Creating
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000024D1000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.00000000027ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000024D1000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.00000000027ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000024D1000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.00000000027ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000024D1000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.00000000027ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000024D1000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.00000000027ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000024D1000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.00000000027ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002545000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002838000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000025A0000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002894000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: http://staging-cloudflow.lavasoft.net/v1/event-stat-wc
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000024D1000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.00000000027ED000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: http://tempuri.org/
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: http://tempuri.org/$
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000024D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/:WebHttpBinding$
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: http://tempuri.org/GetComponentsInfoByProductT
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: http://tempuri.org/GetComponentsInfoT
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: http://tempuri.org/GetComponentsVersionInfoT
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: http://tempuri.org/GetProductInfoT
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000024D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/ILocalyHostedServiceInstaller/ChangeScreen
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000024D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/ILocalyHostedServiceInstaller/ChangeScreenResponse
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000024D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/ILocalyHostedServiceInstaller/GetDropDownValues
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000024D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/ILocalyHostedServiceInstaller/GetDropDownValuesResponse
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: http://tempuri.org/SignZipInstallerByProductT
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: http://tempuri.org/SignZipInstallerT
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: http://tempuri.org/T
              Source: WebCompanion-Installer.exe, 00000001.00000002.1777093071.0000000000746000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wc-update-service.lavas
              Source: Setup.exe, 00000000.00000003.1039904583.0000000002026000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002880000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 0000000E.00000003.1814179985.0000000002115000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2309787089.0000000004F10000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.dr, WebCompanion-Installer.exe.config.14.drString found in binary or memory: http://wc-update-service.lavasoft.com/components.asmx
              Source: Setup.exe, 00000000.00000003.1039904583.0000000002026000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002880000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 0000000E.00000003.1814179985.0000000002115000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2309787089.0000000004F10000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.dr, WebCompanion-Installer.exe.config.14.drString found in binary or memory: http://wc-update-service.lavasoft.com/update.asmx
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000028EA000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002D0E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wcdownloadercdn.lavasoft.com
              Source: WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2309787089.0000000004F10000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.dr, WebCompanion-Installer.exe.config.14.drString found in binary or memory: http://wcdownloadercdn.lavasoft.com/13.0.0.1080/WebCompanion-13.0.0.1080-prod.zip
              Source: WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2309787089.0000000004F10000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.dr, WebCompanion-Installer.exe.config.14.drString found in binary or memory: http://wcdownloadercdn.lavasoft.com/13.0.0.1080/webinstaller-13.0.0.1080-prod.zip
              Source: Setup.exe, Newtonsoft.Json.dll.14.dr, ICSharpCode.SharpZipLib.dll.14.dr, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: http://www.entrust.net/rpa0
              Source: Setup.exe, Newtonsoft.Json.dll.14.dr, ICSharpCode.SharpZipLib.dll.14.dr, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: http://www.entrust.net/rpa03
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: http://www.lavasoft.com
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: http://www.webcompanion.com
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.000000000259C000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.000000000253C000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002542000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002545000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002831000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002838000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002890000.00000004.00000800.00020000.00000000.sdmp, WcInstaller.log.1.dr, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: https://acs.lavasoft.com/api/v2/url/blacklist
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.000000000259C000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.000000000253C000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002542000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002545000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002831000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002838000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002890000.00000004.00000800.00020000.00000000.sdmp, WcInstaller.log.1.dr, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: https://acs.lavasoft.com/api/v2/url/permanentwhitelist
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: https://acs.lavasoft.comZhttps://acs.lavasoft.com/api/v2/url/blacklistlhttps://acs.lavasoft.com/api/
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: https://acscdn.lavasoft.com/urlnotificationlist.json
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: https://acscdn.lavasoft.comhhttps://acscdn.lavasoft.com/urlnotificationlist.json0https://webcompanio
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002880000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002567000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002859000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://featureflags.lavasoft.com
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002880000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: https://featureflags.lavasoft.com/api/Update/WC
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: https://featureflags.lavasoft.com/api/Update/WCyhttps://sandbox-featureflags-api.lavasoft.net/api/fe
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002567000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002859000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: https://featureflags.lavasoft.com/api/feature/WC
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: https://featureflags.lavasoft.com/api/feature/WC$https://flwadw.comFhttps://flwadw.com/v1/event-stat
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: https://flow.lavasoft.com/v1/event-stat/v1/event-stat
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002B44000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002880000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002B3A000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002781000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002617000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000025BA000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000028EA000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002729000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002894000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002A00000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002A81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002A16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://flwadw.com
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000025A0000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002894000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: https://flwadw.com/v1/event-stat
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000025A0000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002894000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: https://flwadw.com/v1/event-stat-wc
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002B44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://flwadw.com/v1/event-stat-wc?Type=Complete&ProductID=wc&EventVersion=1
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000028EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://flwadw.com/v1/event-stat-wc?Type=ErrorInstall&ProductID=wc&EventVer
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000028EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://flwadw.com/v1/event-stat-wc?Type=ErrorInstall&ProductID=wc&EventVersion=1P
              Source: WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002A16000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.00000000028FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://flwadw.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002617000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.00000000028FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://flwadw.com/v1/event-stat-wc?Type=Start&ProductID=wc&EventVersion=1
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002B3A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://flwadw.com/v1/event-stat?Type=Complete&ProductID=wc&EventVersion=1
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000028EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://flwadw.com/v1/event-stat?Type=ErrorInstall&ProductID=wc&EventVersion=1
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002617000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002729000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002A00000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002A81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002A16000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.00000000028FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://flwadw.com/v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000025BA000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002894000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://flwadw.com/v1/event-stat?Type=Start&ProductID=wc&EventVersion=1
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: https://flwadw.com/v1/event-statJhttp://staging-cloudflow.lavasoft.netlhttp://staging-cloudflow.lava
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: https://partner-tracking.lavasoft.com/api/Tracking/Decrypt
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002880000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rt.webcompanion.com/notifications/download/rt/dci/latest/Webprote
              Source: WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2309787089.0000000004F10000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.dr, WebCompanion-Installer.exe.config.14.dr, WcInstaller.log.1.drString found in binary or memory: https://rt.webcompanion.com/notifications/download/rt/dci/latest/Webprotection.zip
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002880000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: https://sandbox-featureflags-api.lavasoft.net/api/Update/WC
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002567000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002859000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sandbox-featureflags-api.lavasoft.net/api/feature/WC
              Source: Setup.exe, 00000000.00000003.1039904583.0000000002026000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002880000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 0000000E.00000003.1814179985.0000000002115000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2309787089.0000000004F10000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.dr, WebCompanion-Installer.exe.config.14.drString found in binary or memory: https://staging-webcompanion.lavasoft.net/dci/4.0.0.14/Webprotection.zip
              Source: Setup.exe, 00000000.00000003.1039904583.0000000002026000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002880000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 0000000E.00000003.1814179985.0000000002115000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2309787089.0000000004F10000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.dr, WebCompanion-Installer.exe.config.14.drString found in binary or memory: https://wcdownloader-qa.lavasoft.com/13.0.0.1080/WebCompanion-13.0.0.1080-internal.zip
              Source: Setup.exe, 00000000.00000003.1039904583.0000000002026000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002880000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 0000000E.00000003.1814179985.0000000002115000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2309787089.0000000004F10000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.dr, WebCompanion-Installer.exe.config.14.drString found in binary or memory: https://wcdownloader-qa.lavasoft.com/13.0.0.1080/WebCompanionInstaller-13.0.0.1080-internal.exe
              Source: Setup.exe, 00000000.00000003.1039904583.0000000002026000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002880000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 0000000E.00000003.1814179985.0000000002115000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2309787089.0000000004F10000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.dr, WebCompanion-Installer.exe.config.14.drString found in binary or memory: https://wcdownloader-qa.lavasoft.com/13.0.0.1080/webinstaller-13.0.0.1080-internal.zip
              Source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000028EA000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002D0E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wcdownloadercdn.lavasoft.com
              Source: WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WcInstaller.log.1.drString found in binary or memory: https://wcdownloadercdn.lavasoft.com/13.0.0.1080/WCInstaller_NonAdmin.exe
              Source: WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.dr, WebCompanion-Installer.exe.config.14.drString found in binary or memory: https://wcdownloadercdn.lavasoft.com/13.0.0.1080/WebCompanionInstaller-13.0.0.1080-prod.exe
              Source: WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WcInstaller.log.1.drString found in binary or memory: https://wcdownloadercdn.lavasoft.com/13.900.0.1080/WebCompanion-13.900.0.1080-prod.zip
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: https://webcompanion.com/en/help.php
              Source: WebCompanion-Installer.exe.14.drString found in binary or memory: https://webcompanion.com/en/install.php?partner=
              Source: WcInstaller.log.1.drString found in binary or memory: https://webcompanion.com/images/favicon.ico
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: https://webcompanion.com/uninstall.php?utm_source=wc&utm_medium=
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: https://webcompanion.com/unsafe.php?utm_source=WCHhttps://webcompanion.com/en/help.php.https://www.a
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: https://webcompanion.com/unsafe.php?utm_source=WCghttp://pp.webcompanion.com/unsafe.php?utm_source=W
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: https://www.adaware.com/privacy-policy
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drString found in binary or memory: https://www.adaware.com/terms-of-use
              Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
              Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
              Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
              Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
              Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
              Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
              Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
              Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
              Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
              Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
              Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
              Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
              Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
              Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
              Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
              Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
              Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
              Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
              Source: unknownHTTPS traffic detected: 104.16.149.130:443 -> 192.168.2.17:49707 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.18.26.149:443 -> 192.168.2.17:49708 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.16.148.130:443 -> 192.168.2.17:49733 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.18.26.149:443 -> 192.168.2.17:49746 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.16.149.130:443 -> 192.168.2.17:49749 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.16.149.130:443 -> 192.168.2.17:49749 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.18.26.149:443 -> 192.168.2.17:49750 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.16.148.130:443 -> 192.168.2.17:49771 version: TLS 1.2
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeCode function: 1_2_02310DE01_2_02310DE0
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeCode function: 1_2_0231F0D01_2_0231F0D0
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeCode function: 1_2_0231E3901_2_0231E390
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeCode function: 1_2_063888B71_2_063888B7
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeCode function: 1_2_0638C5B81_2_0638C5B8
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeCode function: 1_2_067964081_2_06796408
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeCode function: 1_2_069015281_2_06901528
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeCode function: 1_2_069052D81_2_069052D8
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeCode function: 1_2_06900C581_2_06900C58
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeCode function: 1_2_06902BD81_2_06902BD8
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeCode function: 1_2_069009101_2_06900910
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeCode function: 15_2_00BD0DE015_2_00BD0DE0
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeCode function: 15_2_00BDF0D015_2_00BDF0D0
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeCode function: 15_2_00BDE39015_2_00BDE390
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeCode function: 15_2_060988E915_2_060988E9
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeCode function: 15_2_0609C5F015_2_0609C5F0
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeCode function: 15_2_0693575815_2_06935758
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeCode function: 15_2_069310D815_2_069310D8
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeCode function: 15_2_0693305815_2_06933058
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeCode function: 15_2_069319A815_2_069319A8
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeCode function: 15_2_06930D9015_2_06930D90
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeCode function: 15_2_0693A9DD15_2_0693A9DD
              Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe 2F86EB0D3902A11DA1F534D9734DABAE37D33E2C57B03F968198A1CFC2E652A9
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWebCompanion-Installer.resources.dllL vs Setup.exe
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll4 vs Setup.exe
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: get_OriginalFilename vs Setup.exe
              Source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWebCompanion.exe> vs Setup.exe
              Source: Setup.exe, 00000000.00000003.1039722311.0000000001ED1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameInstaller.exeR vs Setup.exe
              Source: Setup.exe, 00000000.00000003.1041543443.0000000000559000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWebCompanion-Installer.resources.dllL vs Setup.exe
              Source: Setup.exe, 00000000.00000000.1039155607.0000000000427000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameInstaller.exeR vs Setup.exe
              Source: Setup.exe, 00000000.00000003.1041374621.000000000202B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWebCompanion-Installer.resources.dllL vs Setup.exe
              Source: Setup.exe, 00000000.00000003.1041374621.000000000202B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameICSharpCode.SharpZipLib.dll8 vs Setup.exe
              Source: Setup.exeBinary or memory string: OriginalFilenameInstaller.exeR vs Setup.exe
              Source: Setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
              Source: classification engineClassification label: mal45.troj.winEXE@6/31@4/3
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeFile created: C:\Users\user\AppData\Roaming\LavasoftJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeMutant created: NULL
              Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zSC52CA132Jump to behavior
              Source: Setup.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\Setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: Setup.exeReversingLabs: Detection: 13%
              Source: WebCompanion-Installer.exeString found in binary or memory: WebCompanion-Installer.resources
              Source: WebCompanion-Installer.exeString found in binary or memory: WebCompanion-Installer.resources.dll
              Source: Setup.exeString found in binary or memory: RunProgram="WebCompanion-Installer.exe --savename=Setup.exe --partner=IN230901 --nonadmin --direct --tych --campaign=16075236377 --version=13.900.0.1080"
              Source: C:\Users\user\Desktop\Setup.exeFile read: C:\Users\user\Desktop\Setup.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\Setup.exe "C:\Users\user\Desktop\Setup.exe"
              Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe .\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN230901 --nonadmin --direct --tych --campaign=16075236377 --version=13.900.0.1080
              Source: unknownProcess created: C:\Users\user\Desktop\Setup.exe "C:\Users\user\Desktop\Setup.exe"
              Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe .\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN230901 --nonadmin --direct --tych --campaign=16075236377 --version=13.900.0.1080
              Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe .\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN230901 --nonadmin --direct --tych --campaign=16075236377 --version=13.900.0.1080Jump to behavior
              Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe .\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN230901 --nonadmin --direct --tych --campaign=16075236377 --version=13.900.0.1080Jump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: acgenral.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: samcli.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: msacm32.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: dwmapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmmbase.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmmbase.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: dwrite.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: msvcp140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: httpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: dwmapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: d3d9.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: d3d10warp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: wtsapi32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: winsta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: powrprof.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: umpdc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: textshaping.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: dataexchange.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: d3d11.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: dcomp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: dxgi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: twinapi.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: windowscodecs.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: resourcepolicyclient.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: dxcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: textinputframework.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: msctfui.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: uiautomationcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeSection loaded: d3dcompiler_47.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: acgenral.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: samcli.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: msacm32.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: dwmapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmmbase.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmmbase.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: dwrite.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: msvcp140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: httpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: dwmapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: d3d9.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: d3d10warp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: wtsapi32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: winsta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: powrprof.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: umpdc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: textshaping.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: dataexchange.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: d3d11.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: dcomp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: dxgi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: twinapi.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: windowscodecs.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: resourcepolicyclient.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: dxcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: textinputframework.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: msctfui.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: uiautomationcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSection loaded: d3dcompiler_47.dllJump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: Setup.exeStatic PE information: certificate valid
              Source: Binary string: tem.pdbpdbte.`K source: WebCompanion-Installer.exe, 00000001.00000002.1782951539.0000000004EA5000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: bly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: WebCompanion-Installer.exe, 00000001.00000002.1782951539.0000000004EA5000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: c:\Temp\Release\Working\Newtonsoft.Json\Src\Newtonsoft.Json\obj\Release\Newtonsoft.Json.pdb source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, WebCompanion-Installer.exe, 00000001.00000002.1783919884.0000000005F72000.00000002.00000001.01000000.00000007.sdmp, Newtonsoft.Json.dll.14.dr, Newtonsoft.Json.dll.0.dr
              Source: Binary string: eApplication/WebCompanion-Installer.pdbPK source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.000000000285C000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002868000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002864000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002860000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000028EA000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B61000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002D0E000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B65000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B69000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: Application/WebCompanion-Installer.pdbPK source: WebCompanion-Installer.exe, 00000001.00000002.1778534901.000000000285C000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002868000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002864000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002860000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000028EA000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B61000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002D0E000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B65000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B69000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: Windows\dll\System.pdb source: WebCompanion-Installer.exe, 00000001.00000002.1783232065.0000000004F14000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: c:\Windows\Temp\drone-ME4saUyIgSY9rSgY\drone\src\WebCompanion\Installer\WebCompanionInstaller\obj\Release\WebCompanion-Installer.pdb source: Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.dr
              Source: Setup.exeStatic PE information: real checksum: 0x92e68 should be: 0x8c5c8
              Source: WebCompanion-Installer.resources.dll8.0.drStatic PE information: real checksum: 0x0 should be: 0xa6a7
              Source: WebCompanion-Installer.resources.dll5.0.drStatic PE information: real checksum: 0x0 should be: 0xc6c2
              Source: WebCompanion-Installer.resources.dll1.0.drStatic PE information: real checksum: 0x0 should be: 0x3e3f
              Source: WebCompanion-Installer.resources.dll7.0.drStatic PE information: real checksum: 0x0 should be: 0xcb69
              Source: WebCompanion-Installer.resources.dll2.0.drStatic PE information: real checksum: 0x0 should be: 0x4885
              Source: WebCompanion-Installer.resources.dll4.0.drStatic PE information: real checksum: 0x0 should be: 0x5659
              Source: WebCompanion-Installer.resources.dll6.0.drStatic PE information: real checksum: 0x0 should be: 0xd8a3
              Source: WebCompanion-Installer.resources.dll0.0.drStatic PE information: real checksum: 0x0 should be: 0xe72f
              Source: WebCompanion-Installer.resources.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x2ab0
              Source: WebCompanion-Installer.resources.dll3.0.drStatic PE information: real checksum: 0x0 should be: 0x842b
              Source: Setup.exeStatic PE information: section name: .sxdata
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeCode function: 1_2_0A562050 push ss; retf 1_2_0A562073
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeCode function: 1_2_063865C2 push es; ret 1_2_063865D0
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeCode function: 1_2_0638BF6A push cs; ret 1_2_0638BF88
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeCode function: 1_2_06798E4F push es; ret 1_2_06798E60
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeCode function: 1_2_067906C8 push cs; ret 1_2_067906CA
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeCode function: 1_2_067926B2 pushfd ; retf 1_2_067926B5
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeCode function: 1_2_06793D48 push es; retf 1_2_06793D54
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeCode function: 1_2_0690E020 push es; ret 1_2_0690E030
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeCode function: 1_2_0690ECC0 push es; ret 1_2_0690ECD0
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeCode function: 1_2_0690BB7D push esp; iretd 1_2_0690BB81
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeCode function: 1_2_069068B1 push es; ret 1_2_069068C0
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeCode function: 15_2_00BDB098 push ebx; retf 15_2_00BDB376
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeCode function: 15_2_00BDB377 push ebx; retf 15_2_00BDB446
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeCode function: 15_2_00BDC258 push ebx; retf 15_2_00BDC2BE
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeCode function: 15_2_00BDC3B7 push ebx; retf 15_2_00BDC3C6
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeCode function: 15_2_00BDC4A8 push ebx; retf 15_2_00BDC4B6
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeCode function: 15_2_00BDC42F push ebx; retf 15_2_00BDC446
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeCode function: 15_2_00BDBB1F push ebx; retf 15_2_00BDBB2E
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeCode function: 15_2_06096621 push es; ret 15_2_06096630
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeCode function: 15_2_06095400 push es; ret 15_2_06095418
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeCode function: 15_2_060965C2 push es; ret 15_2_060965D0
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeCode function: 15_2_0609F060 push es; ret 15_2_0609F1C0
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeCode function: 15_2_0609F1AF push es; ret 15_2_0609F1C0
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeCode function: 15_2_06091BEF push dword ptr [esp+ecx*2-75h]; ret 15_2_06091BF3
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeCode function: 15_2_064B3578 push eax; retf 15_2_064B3579
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeCode function: 15_2_0693F540 push es; ret 15_2_0693F550
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeCode function: 15_2_06936F50 push es; ret 15_2_06936F60
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeCode function: 15_2_0693CC08 push eax; ret 15_2_0693CC15
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeCode function: 15_2_0693E8A0 push es; ret 15_2_0693E8B0
              Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zSC52CA132\ICSharpCode.SharpZipLib.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zSC52CA132\es-ES\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zSC52CA132\Newtonsoft.Json.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\en-US\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zSC52CA132\fr-CA\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\it-IT\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zSC52CA132\zh-CHS\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zSC52CA132\it-IT\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\Newtonsoft.Json.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zSC52CA132\ru-RU\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\ru-RU\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\de-DE\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\ja-JP\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zSC52CA132\ja-JP\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zSC52CA132\de-DE\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\ICSharpCode.SharpZipLib.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\es-ES\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zSC52CA132\en-US\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\fr-CA\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\zh-CHS\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\pt-BR\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zSC52CA132\pt-BR\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zSC52CA132\tr-TR\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\tr-TR\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\WcInstaller.logJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeMemory allocated: 22D0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeMemory allocated: 24D0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeMemory allocated: 44D0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeMemory allocated: BD0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeMemory allocated: 27E0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeMemory allocated: 26F0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 600000Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 599872Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 599760Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 599647Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 599536Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 599409Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 599281Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 599169Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 599057Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 598946Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 598834Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 598706Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 598578Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 598467Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 598355Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 598243Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 598131Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 598003Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 597875Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 597764Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 597652Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 597540Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 597427Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 597300Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 597172Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 597046Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 596934Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 596822Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 596710Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 596598Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 596470Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 596358Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 596248Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 596136Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 596025Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 595913Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 595802Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 595675Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 595548Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 595437Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 595325Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 595215Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 595105Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 594993Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 594882Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 594771Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 594644Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 594517Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 594405Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 600000Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 599888Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 599776Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 599664Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 599552Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 599424Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 599312Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 599200Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 599088Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 598976Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 598864Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 598736Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 598608Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 598496Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 598385Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 598273Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 598161Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 598017Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 597889Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 597777Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 597665Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 597553Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 597425Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 597313Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 597201Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 597089Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 596977Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 596865Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 596737Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 596625Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 596513Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 596401Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 596290Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 596178Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 596063Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 595954Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 595827Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 595716Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 595604Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 595493Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 595382Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 595272Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 595160Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 595048Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 594920Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 594809Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 594698Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 594587Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 594475Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeWindow / User API: threadDelayed 9726Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeWindow / User API: threadDelayed 9826Jump to behavior
              Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC52CA132\ICSharpCode.SharpZipLib.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC52CA132\es-ES\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC52CA132\Newtonsoft.Json.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\en-US\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC52CA132\fr-CA\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\it-IT\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC52CA132\zh-CHS\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC52CA132\it-IT\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\Newtonsoft.Json.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC52CA132\ru-RU\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\ru-RU\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\de-DE\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\ja-JP\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC52CA132\ja-JP\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC52CA132\de-DE\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\ICSharpCode.SharpZipLib.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\es-ES\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC52CA132\en-US\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\zh-CHS\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\fr-CA\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\pt-BR\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC52CA132\pt-BR\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC52CA132\tr-TR\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\tr-TR\WebCompanion-Installer.resources.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -1844674407370954s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -600000s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -599872s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -599760s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -599647s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -599536s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -599409s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -599281s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -599169s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -599057s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -598946s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -598834s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -598706s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -598578s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -598467s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -598355s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -598243s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -598131s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -598003s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -597875s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -597764s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -597652s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -597540s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -597427s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -597300s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -597172s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -597046s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -596934s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -596822s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -596710s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -596598s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -596470s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -596358s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -596248s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -596136s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -596025s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -595913s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -595802s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -595675s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -595548s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -595437s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -595325s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -595215s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -595105s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -594993s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -594882s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -594771s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -594644s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -594517s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe TID: 5776Thread sleep time: -594405s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -600000s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -599888s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -599776s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -599664s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -599552s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -599424s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -599312s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -599200s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -599088s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -598976s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -598864s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -598736s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -598608s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -598496s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -598385s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -598273s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -598161s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -598017s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -597889s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -597777s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -597665s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -597553s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -597425s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -597313s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -597201s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -597089s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -596977s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -596865s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -596737s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -596625s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -596513s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -596401s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -596290s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -596178s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -596063s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -595954s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -595827s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -595716s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -595604s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -595493s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -595382s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -595272s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -595160s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -595048s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -594920s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -594809s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -594698s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -594587s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe TID: 512Thread sleep time: -594475s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 600000Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 599872Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 599760Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 599647Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 599536Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 599409Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 599281Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 599169Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 599057Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 598946Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 598834Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 598706Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 598578Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 598467Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 598355Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 598243Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 598131Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 598003Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 597875Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 597764Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 597652Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 597540Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 597427Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 597300Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 597172Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 597046Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 596934Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 596822Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 596710Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 596598Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 596470Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 596358Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 596248Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 596136Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 596025Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 595913Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 595802Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 595675Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 595548Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 595437Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 595325Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 595215Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 595105Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 594993Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 594882Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 594771Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 594644Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 594517Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeThread delayed: delay time: 594405Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 600000Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 599888Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 599776Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 599664Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 599552Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 599424Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 599312Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 599200Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 599088Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 598976Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 598864Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 598736Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 598608Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 598496Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 598385Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 598273Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 598161Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 598017Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 597889Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 597777Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 597665Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 597553Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 597425Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 597313Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 597201Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 597089Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 596977Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 596865Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 596737Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 596625Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 596513Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 596401Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 596290Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 596178Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 596063Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 595954Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 595827Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 595716Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 595604Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 595493Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 595382Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 595272Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 595160Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 595048Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 594920Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 594809Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 594698Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 594587Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeThread delayed: delay time: 594475Jump to behavior
              Source: WebCompanion-Installer.exe.14.drBinary or memory string: vmware
              Source: WebCompanion-Installer.exe, 0000000F.00000002.2310181039.0000000004F6A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllh
              Source: WebCompanion-Installer.exe, 00000001.00000002.1777449828.0000000000760000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeMemory allocated: page read and write | page guardJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zSC52CA132\Newtonsoft.Json.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zSC52CA132\en-US\WebCompanion-Installer.resources.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXmlLinq\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXmlLinq.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zSC52CA132\ICSharpCode.SharpZipLib.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\Newtonsoft.Json.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\en-US\WebCompanion-Installer.resources.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXmlLinq\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXmlLinq.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\ICSharpCode.SharpZipLib.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
              Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
              Windows Management Instrumentation              		1
              DLL Side-Loading              		1
              Process Injection              		1
              Masquerading              		OS Credential Dumping121
              Security Software Discovery              		Remote Services1
              Archive Collected Data              		11
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts2
              Command and Scripting Interpreter              		Boot or Logon Initialization Scripts1
              DLL Side-Loading              		1
              Disable or Modify Tools              		LSASS Memory1
              Process Discovery              		Remote Desktop ProtocolData from Removable Media1
              Ingress Tool Transfer              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)41
              Virtualization/Sandbox Evasion              		Security Account Manager41
              Virtualization/Sandbox Evasion              		SMB/Windows Admin SharesData from Network Shared Drive3
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              Process Injection              		NTDS1
              Application Window Discovery              		Distributed Component Object ModelInput Capture4
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              Obfuscated Files or Information              		LSA Secrets22
              System Information Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              DLL Side-Loading              		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              Setup.exe13%ReversingLabs

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Local\Temp\7zS43EAAD03\ICSharpCode.SharpZipLib.dll4%ReversingLabs
              C:\Users\user\AppData\Local\Temp\7zS43EAAD03\Newtonsoft.Json.dll3%ReversingLabs
              C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe21%ReversingLabsWin32.PUA.Generic
              C:\Users\user\AppData\Local\Temp\7zS43EAAD03\de-DE\WebCompanion-Installer.resources.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\7zS43EAAD03\en-US\WebCompanion-Installer.resources.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\7zS43EAAD03\es-ES\WebCompanion-Installer.resources.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\7zS43EAAD03\fr-CA\WebCompanion-Installer.resources.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\7zS43EAAD03\it-IT\WebCompanion-Installer.resources.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\7zS43EAAD03\ja-JP\WebCompanion-Installer.resources.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\7zS43EAAD03\pt-BR\WebCompanion-Installer.resources.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\7zS43EAAD03\ru-RU\WebCompanion-Installer.resources.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\7zS43EAAD03\tr-TR\WebCompanion-Installer.resources.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\7zS43EAAD03\zh-CHS\WebCompanion-Installer.resources.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\7zSC52CA132\ICSharpCode.SharpZipLib.dll4%ReversingLabs
              C:\Users\user\AppData\Local\Temp\7zSC52CA132\Newtonsoft.Json.dll3%ReversingLabs
              C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe21%ReversingLabsWin32.PUA.Generic
              C:\Users\user\AppData\Local\Temp\7zSC52CA132\de-DE\WebCompanion-Installer.resources.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\7zSC52CA132\en-US\WebCompanion-Installer.resources.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\7zSC52CA132\es-ES\WebCompanion-Installer.resources.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\7zSC52CA132\fr-CA\WebCompanion-Installer.resources.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\7zSC52CA132\it-IT\WebCompanion-Installer.resources.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\7zSC52CA132\ja-JP\WebCompanion-Installer.resources.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\7zSC52CA132\pt-BR\WebCompanion-Installer.resources.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\7zSC52CA132\ru-RU\WebCompanion-Installer.resources.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\7zSC52CA132\tr-TR\WebCompanion-Installer.resources.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\7zSC52CA132\zh-CHS\WebCompanion-Installer.resources.dll0%ReversingLabs

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://tempuri.org/0%URL Reputationsafe
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
              http://schemas.xmlsoap.org/soap/encoding/0%URL Reputationsafe
              http://www.entrust.net/rpa030%URL Reputationsafe
              http://schemas.xmlsoap.org/ws/2004/08/addressing0%URL Reputationsafe
              https://featureflags.lavasoft.com/api/Update/WCyhttps://sandbox-featureflags-api.lavasoft.net/api/fe0%Avira URL Cloudsafe
              http://ocsp.entrust.net020%URL Reputationsafe
              http://schemas.xmlsoap.org/soap/envelope/0%URL Reputationsafe
              https://flwadw.com/v1/event-stat0%Avira URL Cloudsafe
              https://featureflags.lavasoft.com/api/Update/WC0%Avira URL Cloudsafe
              https://flwadw.com/v1/event-stat-wc?Type=ErrorInstall&ProductID=wc&EventVersion=10%Avira URL Cloudsafe
              http://schemas.xmlsoap.org/ws/2004/08/addressing/fault0%URL Reputationsafe
              https://wcdownloader-qa.lavasoft.com/13.0.0.1080/WebCompanion-13.0.0.1080-internal.zip0%Avira URL Cloudsafe
              https://flwadw.com/v1/event-stat-wc?Type=Complete&ProductID=wc&EventVersion=10%Avira URL Cloudsafe
              http://defaultcontainer/WebCompanion-Installer;component/ui/customerrorview.xamll0%Avira URL Cloudsafe
              http://featureflags.lavasoft.com0%Avira URL Cloudsafe
              https://flwadw.com/v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=10%Avira URL Cloudsafe
              http://tempuri.org/GetComponentsVersionInfoT0%Avira URL Cloudsafe
              http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous0%URL Reputationsafe
              http://james.newtonking.com/projects/json0%URL Reputationsafe
              http://tempuri.org/ILocalyHostedServiceInstaller/GetDropDownValues0%Avira URL Cloudsafe
              http://aia.entrust.net/evcs2-chain.p7c010%Avira URL Cloudsafe
              https://acscdn.lavasoft.com/urlnotificationlist.json0%Avira URL Cloudsafe
              http://www.entrust.net/rpa00%Avira URL Cloudsafe
              http://rt.webcompanion.com/notifications/download/rt/typolist.txt.http://www.lavasoft.com6http://www0%Avira URL Cloudsafe
              https://flwadw.com/v1/event-stat-wc?Type=ErrorInstall&ProductID=wc&EventVer0%Avira URL Cloudsafe
              http://foo/UI/ResourceDictionary/icon-failed.png0%Avira URL Cloudsafe
              http://foo/bar/ui/installerfooter.bamll0%Avira URL Cloudsafe
              http://wcdownloadercdn.lavasoft.com/13.0.0.1080/webinstaller-13.0.0.1080-prod.zip0%Avira URL Cloudsafe
              https://featureflags.lavasoft.com0%Avira URL Cloudsafe
              https://flow.lavasoft.com/v1/event-stat/v1/event-stat0%Avira URL Cloudsafe
              https://wcdownloadercdn.lavasoft.com/13.900.0.1080/WebCompanion-13.900.0.1080-prod.zip0%Avira URL Cloudsafe
              https://wcdownloader-qa.lavasoft.com/13.0.0.1080/WebCompanionInstaller-13.0.0.1080-internal.exe0%Avira URL Cloudsafe
              https://flwadw.com/v1/event-stat?Type=ErrorInstall&ProductID=wc&EventVersion=10%Avira URL Cloudsafe
              http://foo/bar/ui/customerrorview.bamll0%Avira URL Cloudsafe
              https://webcompanion.com/uninstall.php?utm_source=wc&utm_medium=0%Avira URL Cloudsafe
              https://acs.lavasoft.comZhttps://acs.lavasoft.com/api/v2/url/blacklistlhttps://acs.lavasoft.com/api/0%Avira URL Cloudsafe
              http://geo.lavasoft.com/0%Avira URL Cloudsafe
              https://wcdownloadercdn.lavasoft.com/13.0.0.1080/WCInstaller_NonAdmin.exe0%Avira URL Cloudsafe
              https://flwadw.com0%Avira URL Cloudsafe
              http://tempuri.org/GetComponentsInfoByProductT0%Avira URL Cloudsafe
              http://flwadw.com0%Avira URL Cloudsafe
              http://defaultcontainer/WebCompanion-Installer;component/ui/installerheader.xamll0%Avira URL Cloudsafe
              http://geo.lavasoft.com0%Avira URL Cloudsafe
              http://foo/bar/ui/resourcedictionary/icon-failed.pngl0%Avira URL Cloudsafe
              http://www.lavasoft.com0%Avira URL Cloudsafe
              http://wc-update-service.lavas0%Avira URL Cloudsafe
              https://webcompanion.com/unsafe.php?utm_source=WCghttp://pp.webcompanion.com/unsafe.php?utm_source=W0%Avira URL Cloudsafe
              https://webcompanion.com/unsafe.php?utm_source=WCHhttps://webcompanion.com/en/help.php.https://www.a0%Avira URL Cloudsafe
              http://tempuri.org/:WebHttpBinding$0%Avira URL Cloudsafe
              http://wc-update-service.lavasoft.com/update.asmx0%Avira URL Cloudsafe
              https://sandbox-featureflags-api.lavasoft.net/api/Update/WC0%Avira URL Cloudsafe
              http://wc-update-service.lavasoft.com/components.asmx0%Avira URL Cloudsafe
              http://crl.entrust.net/g2ca.crl00%Avira URL Cloudsafe
              http://tempuri.org/ILocalyHostedServiceInstaller/GetDropDownValuesResponse0%Avira URL Cloudsafe
              http://foo/ui/customerrorview.xaml0%Avira URL Cloudsafe
              http://tempuri.org/GetComponentsInfoT0%Avira URL Cloudsafe
              https://featureflags.lavasoft.com/api/feature/WC0%Avira URL Cloudsafe
              http://tempuri.org/SignZipInstallerT0%Avira URL Cloudsafe
              https://wcdownloadercdn.lavasoft.com/13.0.0.1080/WebCompanionInstaller-13.0.0.1080-prod.exe0%Avira URL Cloudsafe
              https://flwadw.com/v1/event-stat-wc0%Avira URL Cloudsafe
              http://ocsp.entrust.net010%Avira URL Cloudsafe
              http://ocsp.entrust.net000%Avira URL Cloudsafe
              https://wcdownloadercdn.lavasoft.com0%Avira URL Cloudsafe
              https://acs.lavasoft.com/api/v2/url/permanentwhitelist0%Avira URL Cloudsafe
              https://webcompanion.com/images/favicon.ico0%Avira URL Cloudsafe
              https://www.adaware.com/privacy-policy0%Avira URL Cloudsafe
              https://rt.webcompanion.com/notifications/download/rt/dci/latest/Webprote0%Avira URL Cloudsafe
              https://rt.webcompanion.com/notifications/download/rt/dci/latest/Webprotection.zip0%Avira URL Cloudsafe
              http://www.webcompanion.com0%Avira URL Cloudsafe
              http://defaultcontainer/UI/ResourceDictionary/icon-failed.pngl0%Avira URL Cloudsafe
              http://tempuri.org/ILocalyHostedServiceInstaller/ChangeScreenResponse0%Avira URL Cloudsafe
              http://crl.entrust.net/csbr1.crl00%Avira URL Cloudsafe
              http://wcdownloadercdn.lavasoft.com0%Avira URL Cloudsafe
              https://sandbox-featureflags-api.lavasoft.net/api/feature/WC0%Avira URL Cloudsafe
              http://defaultcontainer/WebCompanion-Installer;component/ui/installerheaderextension.xamll0%Avira URL Cloudsafe
              https://featureflags.lavasoft.com/api/feature/WC$https://flwadw.comFhttps://flwadw.com/v1/event-stat0%Avira URL Cloudsafe
              https://flwadw.com/v1/event-stat?Type=Complete&ProductID=wc&EventVersion=10%Avira URL Cloudsafe
              https://staging-webcompanion.lavasoft.net/dci/4.0.0.14/Webprotection.zip0%Avira URL Cloudsafe
              http://rt.webcompanion.com/notifications/download/rt/typolist.txt5Creating0%Avira URL Cloudsafe
              http://geo.lavasoft.com/l0%Avira URL Cloudsafe
              https://flwadw.com/v1/event-stat-wc?Type=ErrorInstall&ProductID=wc&EventVersion=1P0%Avira URL Cloudsafe
              http://tempuri.org/GetProductInfoT0%Avira URL Cloudsafe
              http://foo/bar/ui/installerfooter.baml0%Avira URL Cloudsafe
              https://wcdownloader-qa.lavasoft.com/13.0.0.1080/webinstaller-13.0.0.1080-internal.zip0%Avira URL Cloudsafe
              http://tempuri.org/$0%Avira URL Cloudsafe
              https://webcompanion.com/en/install.php?partner=0%Avira URL Cloudsafe
              https://webcompanion.com/en/help.php0%Avira URL Cloudsafe
              https://partner-tracking.lavasoft.com/api/Tracking/Decrypt0%Avira URL Cloudsafe
              https://www.adaware.com/terms-of-use0%Avira URL Cloudsafe
              https://flwadw.com/v1/event-stat?Type=Start&ProductID=wc&EventVersion=10%Avira URL Cloudsafe
              http://foo/ui/installerfooter.xaml0%Avira URL Cloudsafe
              https://flwadw.com/v1/event-statJhttp://staging-cloudflow.lavasoft.netlhttp://staging-cloudflow.lava0%Avira URL Cloudsafe
              http://tempuri.org/ILocalyHostedServiceInstaller/ChangeScreen0%Avira URL Cloudsafe
              https://flwadw.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=10%Avira URL Cloudsafe
              http://localhost:9008Fhttp://localhost:9008/webcompanion/4http://rt.webcompanion.com0%Avira URL Cloudsafe
              http://staging-cloudflow.lavasoft.net/v1/event-stat-wc0%Avira URL Cloudsafe
              http://foo/bar/ui/customerrorview.baml0%Avira URL Cloudsafe
              http://defaultcontainer/WebCompanion-Installer;component/ui/installerfooter.xamll0%Avira URL Cloudsafe
              https://acs.lavasoft.com/api/v2/url/blacklist0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              geo.lavasoft.com
              		104.16.148.130
              		truefalse
                		unknown
                wcdownloadercdn.lavasoft.com
                		104.16.148.130
                		truefalse
                  		unknown
                  featureflags.lavasoft.com
                  		104.16.149.130
                  		truefalse
                    		unknown
                    flwadw.com
                    		104.18.26.149
                    		truefalse
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://flwadw.com/v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1false
                      • Avira URL Cloud: safe
                      		unknown
                      https://featureflags.lavasoft.com/api/Update/WCfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://flwadw.com/v1/event-stat-wc?Type=ErrorInstall&ProductID=wc&EventVersion=1false
                      • Avira URL Cloud: safe
                      		unknown
                      https://flwadw.com/v1/event-stat-wc?Type=Complete&ProductID=wc&EventVersion=1false
                      • Avira URL Cloud: safe
                      		unknown
                      https://wcdownloadercdn.lavasoft.com/13.900.0.1080/WebCompanion-13.900.0.1080-prod.zipfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://flwadw.com/v1/event-stat?Type=ErrorInstall&ProductID=wc&EventVersion=1false
                      • Avira URL Cloud: safe
                      		unknown
                      http://geo.lavasoft.com/false
                      • Avira URL Cloud: safe
                      		unknown
                      https://featureflags.lavasoft.com/api/feature/WCfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://flwadw.com/v1/event-stat?Type=Complete&ProductID=wc&EventVersion=1false
                      • Avira URL Cloud: safe
                      		unknown
                      https://flwadw.com/v1/event-stat?Type=Start&ProductID=wc&EventVersion=1false
                      • Avira URL Cloud: safe
                      		unknown
                      https://flwadw.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1false
                      • Avira URL Cloud: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://tempuri.org/GetComponentsVersionInfoTSetup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://featureflags.lavasoft.com/api/Update/WCyhttps://sandbox-featureflags-api.lavasoft.net/api/feSetup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://featureflags.lavasoft.comWebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002880000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://flwadw.com/v1/event-statSetup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000025A0000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002894000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000024D1000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.00000000027ED000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://wcdownloader-qa.lavasoft.com/13.0.0.1080/WebCompanion-13.0.0.1080-internal.zipSetup.exe, 00000000.00000003.1039904583.0000000002026000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002880000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 0000000E.00000003.1814179985.0000000002115000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2309787089.0000000004F10000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.dr, WebCompanion-Installer.exe.config.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://defaultcontainer/WebCompanion-Installer;component/ui/customerrorview.xamllWebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/ILocalyHostedServiceInstaller/GetDropDownValuesWebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000024D1000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://rt.webcompanion.com/notifications/download/rt/typolist.txt.http://www.lavasoft.com6http://wwwSetup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://aia.entrust.net/evcs2-chain.p7c01Setup.exe, Newtonsoft.Json.dll.14.dr, ICSharpCode.SharpZipLib.dll.14.dr, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://acscdn.lavasoft.com/urlnotificationlist.jsonSetup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameWebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002545000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002838000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.entrust.net/rpa0Setup.exe, Newtonsoft.Json.dll.14.dr, ICSharpCode.SharpZipLib.dll.14.dr, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://foo/UI/ResourceDictionary/icon-failed.pngWebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://flwadw.com/v1/event-stat-wc?Type=ErrorInstall&ProductID=wc&EventVerWebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000028EA000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://wcdownloadercdn.lavasoft.com/13.0.0.1080/webinstaller-13.0.0.1080-prod.zipWebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2309787089.0000000004F10000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.dr, WebCompanion-Installer.exe.config.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://foo/bar/ui/installerfooter.bamllWebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/soap/encoding/WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000024D1000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.00000000027ED000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.entrust.net/rpa03Setup.exe, Newtonsoft.Json.dll.14.dr, ICSharpCode.SharpZipLib.dll.14.dr, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://featureflags.lavasoft.comWebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002880000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002567000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002859000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://flow.lavasoft.com/v1/event-stat/v1/event-statSetup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://wcdownloader-qa.lavasoft.com/13.0.0.1080/WebCompanionInstaller-13.0.0.1080-internal.exeSetup.exe, 00000000.00000003.1039904583.0000000002026000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002880000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 0000000E.00000003.1814179985.0000000002115000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2309787089.0000000004F10000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.dr, WebCompanion-Installer.exe.config.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://foo/bar/ui/customerrorview.bamllWebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://webcompanion.com/uninstall.php?utm_source=wc&utm_medium=Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://flwadw.comWebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002B44000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002880000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002B3A000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002781000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002617000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000025BA000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000028EA000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002729000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002894000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002A00000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002A81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002A16000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://acs.lavasoft.comZhttps://acs.lavasoft.com/api/v2/url/blacklistlhttps://acs.lavasoft.com/api/Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://wcdownloadercdn.lavasoft.com/13.0.0.1080/WCInstaller_NonAdmin.exeWebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WcInstaller.log.1.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/GetComponentsInfoByProductTSetup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://flwadw.comWebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002B44000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002880000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002B3A000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000028EA000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://defaultcontainer/WebCompanion-Installer;component/ui/installerheader.xamllWebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://geo.lavasoft.comWebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002880000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002545000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002838000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.lavasoft.comSetup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://foo/bar/ui/resourcedictionary/icon-failed.pnglWebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/:WebHttpBinding$WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000024D1000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2004/08/addressingWebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000024D1000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.00000000027ED000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://webcompanion.com/unsafe.php?utm_source=WCHhttps://webcompanion.com/en/help.php.https://www.aSetup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://sandbox-featureflags-api.lavasoft.net/api/Update/WCSetup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002880000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://webcompanion.com/unsafe.php?utm_source=WCghttp://pp.webcompanion.com/unsafe.php?utm_source=WSetup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://wc-update-service.lavasWebCompanion-Installer.exe, 00000001.00000002.1777093071.0000000000746000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://wc-update-service.lavasoft.com/update.asmxSetup.exe, 00000000.00000003.1039904583.0000000002026000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002880000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 0000000E.00000003.1814179985.0000000002115000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2309787089.0000000004F10000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.dr, WebCompanion-Installer.exe.config.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://wc-update-service.lavasoft.com/components.asmxSetup.exe, 00000000.00000003.1039904583.0000000002026000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002880000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 0000000E.00000003.1814179985.0000000002115000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2309787089.0000000004F10000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.dr, WebCompanion-Installer.exe.config.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/SignZipInstallerTSetup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://foo/ui/customerrorview.xamlWebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/GetComponentsInfoTSetup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://crl.entrust.net/g2ca.crl0Setup.exe, Newtonsoft.Json.dll.14.dr, ICSharpCode.SharpZipLib.dll.14.dr, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://wcdownloadercdn.lavasoft.com/13.0.0.1080/WebCompanionInstaller-13.0.0.1080-prod.exeWebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.dr, WebCompanion-Installer.exe.config.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://flwadw.com/v1/event-stat-wcSetup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000025A0000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002894000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/ILocalyHostedServiceInstaller/GetDropDownValuesResponseWebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000024D1000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://ocsp.entrust.net02Setup.exe, Newtonsoft.Json.dll.14.dr, ICSharpCode.SharpZipLib.dll.14.dr, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • URL Reputation: safe
                      		unknown
                      http://ocsp.entrust.net01Setup.exe, Newtonsoft.Json.dll.14.dr, ICSharpCode.SharpZipLib.dll.14.dr, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://ocsp.entrust.net00Setup.exe, Newtonsoft.Json.dll.14.dr, ICSharpCode.SharpZipLib.dll.14.dr, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://wcdownloadercdn.lavasoft.comWebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000028EA000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002D0E000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://acs.lavasoft.com/api/v2/url/permanentwhitelistSetup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.000000000259C000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.000000000253C000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002542000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002545000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002831000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002838000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002890000.00000004.00000800.00020000.00000000.sdmp, WcInstaller.log.1.dr, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/soap/envelope/WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000024D1000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.00000000027ED000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://www.adaware.com/privacy-policySetup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://webcompanion.com/images/favicon.icoWcInstaller.log.1.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.webcompanion.comSetup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://rt.webcompanion.com/notifications/download/rt/dci/latest/Webprotection.zipWebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2309787089.0000000004F10000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.dr, WebCompanion-Installer.exe.config.14.dr, WcInstaller.log.1.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/ILocalyHostedServiceInstaller/ChangeScreenResponseWebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000024D1000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://defaultcontainer/UI/ResourceDictionary/icon-failed.pnglWebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://crl.entrust.net/csbr1.crl0Setup.exe, Newtonsoft.Json.dll.14.dr, ICSharpCode.SharpZipLib.dll.14.dr, ICSharpCode.SharpZipLib.dll.0.dr, Newtonsoft.Json.dll.0.dr, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://rt.webcompanion.com/notifications/download/rt/dci/latest/WebproteWebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002880000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2004/08/addressing/faultWebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000024D1000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.00000000027ED000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://wcdownloadercdn.lavasoft.comWebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000028EA000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002D0E000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://sandbox-featureflags-api.lavasoft.net/api/feature/WCWebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002567000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002859000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://defaultcontainer/WebCompanion-Installer;component/ui/installerheaderextension.xamllWebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://featureflags.lavasoft.com/api/feature/WC$https://flwadw.comFhttps://flwadw.com/v1/event-statSetup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://staging-webcompanion.lavasoft.net/dci/4.0.0.14/Webprotection.zipSetup.exe, 00000000.00000003.1039904583.0000000002026000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002880000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 0000000E.00000003.1814179985.0000000002115000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2309787089.0000000004F10000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.dr, WebCompanion-Installer.exe.config.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://rt.webcompanion.com/notifications/download/rt/typolist.txt5CreatingSetup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://flwadw.com/v1/event-stat-wc?Type=ErrorInstall&ProductID=wc&EventVersion=1PWebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000028EA000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://geo.lavasoft.com/lWebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002880000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://wcdownloader-qa.lavasoft.com/13.0.0.1080/webinstaller-13.0.0.1080-internal.zipSetup.exe, 00000000.00000003.1039904583.0000000002026000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002880000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 0000000E.00000003.1814179985.0000000002115000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2309787089.0000000004F10000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe.config.0.dr, WebCompanion-Installer.exe.config.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/GetProductInfoTSetup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://foo/bar/ui/installerfooter.bamlWebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/$Setup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://webcompanion.com/en/install.php?partner=WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://webcompanion.com/en/help.phpSetup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://www.adaware.com/terms-of-useSetup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymousWebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000024D1000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.00000000027ED000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://tempuri.org/ILocalyHostedServiceInstaller/ChangeScreenWebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000024D1000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://flwadw.com/v1/event-statJhttp://staging-cloudflow.lavasoft.netlhttp://staging-cloudflow.lavaSetup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://foo/ui/installerfooter.xamlWebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://partner-tracking.lavasoft.com/api/Tracking/DecryptSetup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://localhost:9008Fhttp://localhost:9008/webcompanion/4http://rt.webcompanion.comSetup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://staging-cloudflow.lavasoft.net/v1/event-stat-wcSetup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.00000000025A0000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002894000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://james.newtonking.com/projects/jsonNewtonsoft.Json.dll.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      http://defaultcontainer/WebCompanion-Installer;component/ui/installerfooter.xamllWebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://foo/bar/ui/customerrorview.bamlWebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://acs.lavasoft.com/api/v2/url/blacklistSetup.exe, 00000000.00000003.1041374621.0000000002062000.00000004.00000020.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.000000000259C000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.000000000253C000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000000.1041752174.0000000000012000.00000002.00000001.01000000.00000004.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002542000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 00000001.00000002.1778534901.0000000002545000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002831000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002838000.00000004.00000800.00020000.00000000.sdmp, WebCompanion-Installer.exe, 0000000F.00000002.2302136731.0000000002890000.00000004.00000800.00020000.00000000.sdmp, WcInstaller.log.1.dr, WebCompanion-Installer.exe.0.dr, WebCompanion-Installer.exe.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      104.16.149.130
                      		featureflags.lavasoft.comUnited States
                      		13335CLOUDFLARENETUSfalse
                      104.16.148.130
                      		geo.lavasoft.comUnited States
                      		13335CLOUDFLARENETUSfalse
                      104.18.26.149
                      		flwadw.comUnited States
                      		13335CLOUDFLARENETUSfalse

                      General Information

                      Joe Sandbox version:40.0.0 Tourmaline
                      Analysis ID:1486946
                      Start date and time:2024-08-02 18:57:55 +02:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 8m 17s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:defaultwindowsinteractivecookbook.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:18
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample name:Setup.exe
                      Detection:MAL
                      Classification:mal45.troj.winEXE@6/31@4/3
                      EGA Information:
                      • Successful, ratio: 100%
                      HCA Information:
                      • Successful, ratio: 98%
                      • Number of executed functions: 415
                      • Number of non-executed functions: 8
                      Cookbook Comments:
                      • Found application associated with file extension: .exe

                      Warnings

                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, backgroundTaskHost.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
                      • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, evoke-windowsservices-tas.msedge.net, fe3cr.delivery.mp.microsoft.com
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size exceeded maximum capacity and may have missing behavior information.
                      • Report size exceeded maximum capacity and may have missing network information.
                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                      • Report size getting too big, too many NtOpenKeyEx calls found.
                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                      • VT rate limit hit for: Setup.exe

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      12:58:40API Interceptor10335x Sleep call for process: WebCompanion-Installer.exe modified

                      Joe Sandbox View / Context

                      IPs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      104.16.149.130WebCompanionInstaller-12.901.5.1061-prod.exeGet hashmaliciousUnknownBrowse
                      • geo.lavasoft.com/
                      FileZilla_3.67.1_win64_sponsored-setup.exeGet hashmaliciousUnknownBrowse
                      • flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
                      FileZilla_3.67.1_win64_sponsored-setup.exeGet hashmaliciousUnknownBrowse
                      • flow.lavasoft.com/v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1
                      SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exeGet hashmaliciousPetite VirusBrowse
                      • flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubBundleStart
                      Setup.exeGet hashmaliciousUnknownBrowse
                      • geo.lavasoft.com/
                      Setup.exeGet hashmaliciousUnknownBrowse
                      • geo.lavasoft.com/
                      Setup.exeGet hashmaliciousUnknownBrowse
                      • geo.lavasoft.com/
                      Setup.exeGet hashmaliciousUnknownBrowse
                      • geo.lavasoft.com/
                      SecuriteInfo.com.Program.Unwanted.4662.20461.1147.exeGet hashmaliciousUnknownBrowse
                      • downloadnada.lavasoft.com/update/12.10.158.0/win32/AdAwareWebInstaller.exe
                      Setup (1).exeGet hashmaliciousUnknownBrowse
                      • wcdownloadercdn.lavasoft.com/12.1.4.1003/WebCompanion-12.1.4.1003-prod.zip
                      104.16.148.130FileZilla_3.67.1_win64_sponsored-setup.exeGet hashmaliciousUnknownBrowse
                      • flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
                      FileZilla_3.67.1_win64_sponsored-setup.exeGet hashmaliciousUnknownBrowse
                      • wcdownloadercdn.lavasoft.com/9.1.0.993/WebCompanion-9.1.0.993-prod.zip
                      SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exeGet hashmaliciousPetite VirusBrowse
                      • flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubBundleStart
                      Setup.exeGet hashmaliciousUnknownBrowse
                      • geo.lavasoft.com/
                      Setup.exeGet hashmaliciousUnknownBrowse
                      • geo.lavasoft.com/
                      Setup.exeGet hashmaliciousUnknownBrowse
                      • geo.lavasoft.com/
                      Setup.exeGet hashmaliciousUnknownBrowse
                      • geo.lavasoft.com/
                      SecuriteInfo.com.Program.Unwanted.4662.20461.1147.exeGet hashmaliciousUnknownBrowse
                      • downloadnada.lavasoft.com/update/12.10.158.0/win32/AdAwareWebInstaller.exe
                      Setup (1).exeGet hashmaliciousUnknownBrowse
                      • geo.lavasoft.com/
                      Setup (1).exeGet hashmaliciousUnknownBrowse
                      • geo.lavasoft.com/

                      Domains

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      wcdownloadercdn.lavasoft.comFileZilla_3.67.1_win64_sponsored-setup.exeGet hashmaliciousUnknownBrowse
                      • 104.16.149.130
                      FileZilla_3.67.1_win64_sponsored-setup.exeGet hashmaliciousUnknownBrowse
                      • 104.16.148.130
                      Setup.exeGet hashmaliciousUnknownBrowse
                      • 104.16.149.130
                      Setup.exeGet hashmaliciousUnknownBrowse
                      • 104.16.149.130
                      Setup.exeGet hashmaliciousUnknownBrowse
                      • 104.16.148.130
                      Setup.exeGet hashmaliciousUnknownBrowse
                      • 104.16.148.130
                      Setup.exeGet hashmaliciousUnknownBrowse
                      • 104.16.149.130
                      Setup.exeGet hashmaliciousUnknownBrowse
                      • 104.16.148.130
                      Setup (1).exeGet hashmaliciousUnknownBrowse
                      • 104.16.149.130
                      Setup (1).exeGet hashmaliciousUnknownBrowse
                      • 104.16.149.130
                      featureflags.lavasoft.comWebCompanionInstaller-12.901.5.1061-prod.exeGet hashmaliciousUnknownBrowse
                      • 104.16.148.130
                      Setup.exeGet hashmaliciousUnknownBrowse
                      • 104.16.148.130
                      Setup.exeGet hashmaliciousUnknownBrowse
                      • 104.16.149.130
                      Setup.exeGet hashmaliciousUnknownBrowse
                      • 104.16.148.130
                      Setup.exeGet hashmaliciousUnknownBrowse
                      • 104.16.148.130
                      Setup.exeGet hashmaliciousUnknownBrowse
                      • 104.16.148.130
                      Setup.exeGet hashmaliciousUnknownBrowse
                      • 104.16.148.130
                      Setup (1).exeGet hashmaliciousUnknownBrowse
                      • 104.16.148.130
                      Setup (1).exeGet hashmaliciousUnknownBrowse
                      • 104.16.148.130
                      https://webcompanion.com/nano_download.php?savename=Setup.exe&partner=IN230901&nonadmin&direct&tych&campaign=18022583703Get hashmaliciousUnknownBrowse
                      • 104.16.149.130
                      geo.lavasoft.comWebCompanionInstaller-12.901.5.1061-prod.exeGet hashmaliciousUnknownBrowse
                      • 104.16.149.130
                      Setup.exeGet hashmaliciousUnknownBrowse
                      • 104.16.149.130
                      Setup.exeGet hashmaliciousUnknownBrowse
                      • 104.16.149.130
                      Setup.exeGet hashmaliciousUnknownBrowse
                      • 104.16.148.130
                      Setup.exeGet hashmaliciousUnknownBrowse
                      • 104.16.148.130
                      Setup.exeGet hashmaliciousUnknownBrowse
                      • 104.16.149.130
                      Setup.exeGet hashmaliciousUnknownBrowse
                      • 104.16.148.130
                      Setup (1).exeGet hashmaliciousUnknownBrowse
                      • 104.16.148.130
                      Setup (1).exeGet hashmaliciousUnknownBrowse
                      • 104.16.148.130
                      https://webcompanion.com/nano_download.php?savename=Setup.exe&partner=IN230901&nonadmin&direct&tych&campaign=18022583703Get hashmaliciousUnknownBrowse
                      • 104.16.148.130
                      flwadw.comWebCompanionInstaller-12.901.5.1061-prod.exeGet hashmaliciousUnknownBrowse
                      • 104.18.26.149
                      Setup.exeGet hashmaliciousUnknownBrowse
                      • 104.18.26.149
                      Setup.exeGet hashmaliciousUnknownBrowse
                      • 104.18.27.149
                      Setup.exeGet hashmaliciousUnknownBrowse
                      • 104.18.26.149
                      Setup.exeGet hashmaliciousUnknownBrowse
                      • 104.18.27.149
                      Setup.exeGet hashmaliciousUnknownBrowse
                      • 104.18.26.149
                      Setup.exeGet hashmaliciousUnknownBrowse
                      • 104.18.26.149
                      Setup (1).exeGet hashmaliciousUnknownBrowse
                      • 104.18.26.149
                      Setup (1).exeGet hashmaliciousUnknownBrowse
                      • 104.18.27.149
                      https://webcompanion.com/nano_download.php?savename=Setup.exe&partner=IN230901&nonadmin&direct&tych&campaign=18022583703Get hashmaliciousUnknownBrowse
                      • 104.18.26.149

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      CLOUDFLARENETUShttps://acrylicwifi.com/AcrylicWifi/downloads/AcrylicDownload.php?product%5C=analyzerGet hashmaliciousUnknownBrowse
                      • 172.66.42.234
                      setup.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                      • 172.64.41.3
                      https://brudetieindustrialcom.freshdesk.com/en/support/solutions/articles/154000181622-new-pdf-document-shared-with-youGet hashmaliciousHTMLPhisherBrowse
                      • 104.17.25.14
                      https://cutt.ly/RejPFR2S?USe=HRp5x0X6WRGet hashmaliciousUnknownBrowse
                      • 104.21.33.122
                      http://www.gouv-link.com/reglementGet hashmaliciousUnknownBrowse
                      • 1.1.1.1
                      http://deffarma.com.br/dayo/aqu7x/cGhpc2hpbmdAYW1hem9uLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                      • 1.1.1.1
                      setup.exeGet hashmaliciousXmrigBrowse
                      • 172.67.19.24
                      https://us-west-2.protection.sophos.com/?d=www.qub.ac.uk:80&u=aHR0cDovL3d3dy5xdWIuYWMudWs6ODAvY2dpLWJpbi9hd3JlZGlyLnBsP3RhZz1xb2xhZG1pbnpvbmVwYXBlciZ1cmw9aHR0cHM6Ly9NU09GVF9ET0NVU0lHTl9WRVJJRklDQVRJT05fU0VDVVJFRC1ET0NfT0ZGSUNFLnphdHJkZy5jb20vcGFnZS1hdXRoZW50aWNhdGlvbi90Yzk1cWE2ejJhM2prc3h0d21hY2txdXRzeXdrdHI0ZDZneGY3MHhia3Nnend0bGphdi9TY3M=&i=NjYxNTM4MDZlODUyMzI3MTgyMDg3OWRj&t=QVhPeXk5N2FTT2kwS01sUTZPdWtjMitCNnJPYXQ3QkNqRVdnS2dBVUxjVT0=&h=94b78c65a45e4051a50666d826fcc7d9&s=AVNPUEhUT0NFTkNSWVBUSVZjJiXkv4M8K2bVMFnw-0MTb6Ltl3CEuIQzTUv0EqA5XOsg5_Kf4S_qfX-BzPPb9Wo2IZulDC238gpPJ35Gz0Tj8DmzL6DsKCOs71T5CI_hmwGet hashmaliciousHTMLPhisherBrowse
                      • 188.114.96.3
                      https://proposalbidpamojabags.wordpress.com/Get hashmaliciousUnknownBrowse
                      • 188.114.96.3
                      setup.exeGet hashmaliciousLummaC, VidarBrowse
                      • 188.114.97.3
                      CLOUDFLARENETUShttps://acrylicwifi.com/AcrylicWifi/downloads/AcrylicDownload.php?product%5C=analyzerGet hashmaliciousUnknownBrowse
                      • 172.66.42.234
                      setup.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                      • 172.64.41.3
                      https://brudetieindustrialcom.freshdesk.com/en/support/solutions/articles/154000181622-new-pdf-document-shared-with-youGet hashmaliciousHTMLPhisherBrowse
                      • 104.17.25.14
                      https://cutt.ly/RejPFR2S?USe=HRp5x0X6WRGet hashmaliciousUnknownBrowse
                      • 104.21.33.122
                      http://www.gouv-link.com/reglementGet hashmaliciousUnknownBrowse
                      • 1.1.1.1
                      http://deffarma.com.br/dayo/aqu7x/cGhpc2hpbmdAYW1hem9uLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                      • 1.1.1.1
                      setup.exeGet hashmaliciousXmrigBrowse
                      • 172.67.19.24
                      https://us-west-2.protection.sophos.com/?d=www.qub.ac.uk:80&u=aHR0cDovL3d3dy5xdWIuYWMudWs6ODAvY2dpLWJpbi9hd3JlZGlyLnBsP3RhZz1xb2xhZG1pbnpvbmVwYXBlciZ1cmw9aHR0cHM6Ly9NU09GVF9ET0NVU0lHTl9WRVJJRklDQVRJT05fU0VDVVJFRC1ET0NfT0ZGSUNFLnphdHJkZy5jb20vcGFnZS1hdXRoZW50aWNhdGlvbi90Yzk1cWE2ejJhM2prc3h0d21hY2txdXRzeXdrdHI0ZDZneGY3MHhia3Nnend0bGphdi9TY3M=&i=NjYxNTM4MDZlODUyMzI3MTgyMDg3OWRj&t=QVhPeXk5N2FTT2kwS01sUTZPdWtjMitCNnJPYXQ3QkNqRVdnS2dBVUxjVT0=&h=94b78c65a45e4051a50666d826fcc7d9&s=AVNPUEhUT0NFTkNSWVBUSVZjJiXkv4M8K2bVMFnw-0MTb6Ltl3CEuIQzTUv0EqA5XOsg5_Kf4S_qfX-BzPPb9Wo2IZulDC238gpPJ35Gz0Tj8DmzL6DsKCOs71T5CI_hmwGet hashmaliciousHTMLPhisherBrowse
                      • 188.114.96.3
                      https://proposalbidpamojabags.wordpress.com/Get hashmaliciousUnknownBrowse
                      • 188.114.96.3
                      setup.exeGet hashmaliciousLummaC, VidarBrowse
                      • 188.114.97.3
                      CLOUDFLARENETUShttps://acrylicwifi.com/AcrylicWifi/downloads/AcrylicDownload.php?product%5C=analyzerGet hashmaliciousUnknownBrowse
                      • 172.66.42.234
                      setup.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                      • 172.64.41.3
                      https://brudetieindustrialcom.freshdesk.com/en/support/solutions/articles/154000181622-new-pdf-document-shared-with-youGet hashmaliciousHTMLPhisherBrowse
                      • 104.17.25.14
                      https://cutt.ly/RejPFR2S?USe=HRp5x0X6WRGet hashmaliciousUnknownBrowse
                      • 104.21.33.122
                      http://www.gouv-link.com/reglementGet hashmaliciousUnknownBrowse
                      • 1.1.1.1
                      http://deffarma.com.br/dayo/aqu7x/cGhpc2hpbmdAYW1hem9uLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                      • 1.1.1.1
                      setup.exeGet hashmaliciousXmrigBrowse
                      • 172.67.19.24
                      https://us-west-2.protection.sophos.com/?d=www.qub.ac.uk:80&u=aHR0cDovL3d3dy5xdWIuYWMudWs6ODAvY2dpLWJpbi9hd3JlZGlyLnBsP3RhZz1xb2xhZG1pbnpvbmVwYXBlciZ1cmw9aHR0cHM6Ly9NU09GVF9ET0NVU0lHTl9WRVJJRklDQVRJT05fU0VDVVJFRC1ET0NfT0ZGSUNFLnphdHJkZy5jb20vcGFnZS1hdXRoZW50aWNhdGlvbi90Yzk1cWE2ejJhM2prc3h0d21hY2txdXRzeXdrdHI0ZDZneGY3MHhia3Nnend0bGphdi9TY3M=&i=NjYxNTM4MDZlODUyMzI3MTgyMDg3OWRj&t=QVhPeXk5N2FTT2kwS01sUTZPdWtjMitCNnJPYXQ3QkNqRVdnS2dBVUxjVT0=&h=94b78c65a45e4051a50666d826fcc7d9&s=AVNPUEhUT0NFTkNSWVBUSVZjJiXkv4M8K2bVMFnw-0MTb6Ltl3CEuIQzTUv0EqA5XOsg5_Kf4S_qfX-BzPPb9Wo2IZulDC238gpPJ35Gz0Tj8DmzL6DsKCOs71T5CI_hmwGet hashmaliciousHTMLPhisherBrowse
                      • 188.114.96.3
                      https://proposalbidpamojabags.wordpress.com/Get hashmaliciousUnknownBrowse
                      • 188.114.96.3
                      setup.exeGet hashmaliciousLummaC, VidarBrowse
                      • 188.114.97.3

                      JA3 Fingerprints

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      3b5074b1b5d032e5620f69f9f700ff0ehttps://cutt.ly/RejPFR2S?USe=HRp5x0X6WRGet hashmaliciousUnknownBrowse
                      • 104.16.149.130
                      • 104.16.148.130
                      • 104.18.26.149
                      setup.exeGet hashmaliciousXWormBrowse
                      • 104.16.149.130
                      • 104.16.148.130
                      • 104.18.26.149
                      system47.exeGet hashmaliciousXWormBrowse
                      • 104.16.149.130
                      • 104.16.148.130
                      • 104.18.26.149
                      SolaraModified.exeGet hashmaliciousXWormBrowse
                      • 104.16.149.130
                      • 104.16.148.130
                      • 104.18.26.149
                      aznuril.exeGet hashmaliciousXWormBrowse
                      • 104.16.149.130
                      • 104.16.148.130
                      • 104.18.26.149
                      setup.exeGet hashmaliciousXWormBrowse
                      • 104.16.149.130
                      • 104.16.148.130
                      • 104.18.26.149
                      https://deffarma.com.br/dayo/zrbfp/amFpLnBpbGxhaUBjY2kuY29t?utm_source=promotions&utm_medium=email&utm_campaign=Get hashmaliciousUnknownBrowse
                      • 104.16.149.130
                      • 104.16.148.130
                      • 104.18.26.149
                      http://154.243.109.208.host.secureserver.netGet hashmaliciousHTMLPhisherBrowse
                      • 104.16.149.130
                      • 104.16.148.130
                      • 104.18.26.149
                      PO 49420 Docs PDF.exeGet hashmaliciousAgentTeslaBrowse
                      • 104.16.149.130
                      • 104.16.148.130
                      • 104.18.26.149
                      -kredi Karti Hesap #U00d6zeti- 4508 0519.xls.exeGet hashmaliciousSnake KeyloggerBrowse
                      • 104.16.149.130
                      • 104.16.148.130
                      • 104.18.26.149

                      Dropped Files

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      C:\Users\user\AppData\Local\Temp\7zS43EAAD03\ICSharpCode.SharpZipLib.dllSetup.exeGet hashmaliciousUnknownBrowse
                        Setup.exeGet hashmaliciousUnknownBrowse
                          Setup.exeGet hashmaliciousUnknownBrowse
                            C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exeSetup.exeGet hashmaliciousUnknownBrowse
                              Setup.exeGet hashmaliciousUnknownBrowse
                                Setup.exeGet hashmaliciousUnknownBrowse
                                  C:\Users\user\AppData\Local\Temp\7zS43EAAD03\Newtonsoft.Json.dllSetup.exeGet hashmaliciousUnknownBrowse
                                    Setup.exeGet hashmaliciousUnknownBrowse
                                      Setup.exeGet hashmaliciousUnknownBrowse

                                        Created / dropped Files

                                        C:\Users\user\AppData\Local\Temp\7zS43EAAD03\ICSharpCode.SharpZipLib.dll

                                        Download File
                                        Process:C:\Users\user\Desktop\Setup.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):213656
                                        Entropy (8bit):5.7590593524797615
                                        Encrypted:false
                                        SSDEEP:3072:LK1c/KCOAUXk31Vv91GOtJJKuE1iA5mGPB8qd9OTymIpn+64kRAclDwRNG95ZI4Q:Ge9OAQsFtJrGPBnmIRZUL
                                        MD5:0CFE19791546A96C6699657A94604596
                                        SHA1:5D1A1B74CCA9F74FFFEBCB583661C02E4CA626DD
                                        SHA-256:56FDFD148F0D60805B2873A5A49739909001D11789B75DAB2B0EA8E55BC60913
                                        SHA-512:586CC695A2C3C03008D0A1032C221CD3384B5F4363E83C9D903753FB1DAD65B340BC8CD0659F7F891A641F8BD7535C9B889219842045854AA98CD380F0FE4AA3
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 4%
                                        Joe Sandbox View:
                                        • Filename: Setup.exe, Detection: malicious, Browse
                                        • Filename: Setup.exe, Detection: malicious, Browse
                                        • Filename: Setup.exe, Detection: malicious, Browse
                                        Reputation:low
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......S...........!......... ........... ........@.. .......................@......sC....@.................................d...W........................2... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Local\Temp\7zS43EAAD03\Newtonsoft.Json.dll

                                        Download File
                                        Process:C:\Users\user\Desktop\Setup.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):438424
                                        Entropy (8bit):6.09887709092106
                                        Encrypted:false
                                        SSDEEP:6144:fHerwzLkqCG3uKWf4g6tUwoOkErUx5/Rsnaszr0tZDPEaN+YB5+GonYy:fHerIacuKUtOkESbKQrvB5+qy
                                        MD5:461C476F474A5F13D2EA9344AE6F70F6
                                        SHA1:8F74702B99F08277D4514C63956E2E69E8090073
                                        SHA-256:4F0EC6439B24652F16DF066F4A38B64518B5A874080EDA63DE45968545830F67
                                        SHA-512:E69080C205CD82EA2C056FA1328BBEC4C03CA3FDC3EE381C4FB44CB356247BE5FE4B8ADD53036DCB19CAC2C6D59B8E02F81932320EA534B5BA50DB80A0647017
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 3%
                                        Joe Sandbox View:
                                        • Filename: Setup.exe, Detection: malicious, Browse
                                        • Filename: Setup.exe, Detection: malicious, Browse
                                        • Filename: Setup.exe, Detection: malicious, Browse
                                        Reputation:low
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....L.R...........!.....t............... ........... ..............................%.....@.....................................K.......8............~...2..........x................................................ ............... ..H............text....s... ...t.................. ..`.rsrc...8............v..............@..@.reloc...............|..............@..B........................H.......h...................X...P ......................................yK.N...f....i5.#I..xV. ..%BR..^.....t0"..z.%./.G'.j....{...2...k)w...'>.c..P..X.......n...h....E...ex..X/H].R.e.{..;&.-.'....{....*"..}....*V.(x.....(......}....*2.{....oy...*2.{....oz...*B..(....&..(....*...0...........oo........YE....}...............}...n...............n.......I...I...I...I...3...I...X...8D....t......{.....or...o{....ow.....+U..o|.....{.....o....oo...o}.....o....o....t.....o....o..

                                        C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe

                                        Download File
                                        Process:C:\Users\user\Desktop\Setup.exe
                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):438936
                                        Entropy (8bit):6.4311342686757245
                                        Encrypted:false
                                        SSDEEP:6144:p0CMChRMg/ZytotgM7/J/NMFkl619WTRIlY57pMF9v2aiSVRlY/8a:CGhGI1Wo/J1l619WQY57pMfi8a
                                        MD5:A27F9713DB1688D03D2082BFA1827803
                                        SHA1:B8DF4649659003609419D052757166499D2322E8
                                        SHA-256:2F86EB0D3902A11DA1F534D9734DABAE37D33E2C57B03F968198A1CFC2E652A9
                                        SHA-512:F952C6792F10CB60CA3ECC00B317C33AADB65C8471D106171660EC0FCB0603C8D18B8AD2A90AACDA6581D342647290099AF0ED0FDD897EDB390D5BF9209EA905
                                        Malicious:true
                                        Yara Hits:
                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe, Author: Joe Security
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 21%
                                        Joe Sandbox View:
                                        • Filename: Setup.exe, Detection: malicious, Browse
                                        • Filename: Setup.exe, Detection: malicious, Browse
                                        • Filename: Setup.exe, Detection: malicious, Browse
                                        Reputation:low
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$Cf.....................t.......(... ...@....@.. ....................................@..................................(..K....@...q...............2..........X'............................................... ............... ..H............text........ ...................... ..`.rsrc....q...@...r..................@..@.reloc...............~..............@..B.................(......H..................{....i...9............................................~....}.....(......su...}......(....}....*.r...p*z.(....r'..p.{....(......(....*....0..j..........{....r...pov...,.(.....+.(......r...p(......(......r...p.{....o....o.......(........sG........o......z*..........UU......N.(....r...p..(....*.r...p.....*..{....*"..}....*.rA..p*.rS..p*.(....oV...*f.~....}.....(......(....*.ro..p*N.(....r...p..(....*.0..i.......~......(....(!...,.r...p.+..(.......(j.....(...+

                                        C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe.config

                                        Download File
                                        Process:C:\Users\user\Desktop\Setup.exe
                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):2273
                                        Entropy (8bit):5.064418012146103
                                        Encrypted:false
                                        SSDEEP:48:c5+qM3DzYnwAGvSy6ZYEcCUkmPlrAn6EVr6R841docr7S3tB:jV3f84CRvur+rAN3r7sz
                                        MD5:E3D3AA100B93504676414B9268DFBAD4
                                        SHA1:A7D1E59C9D8C48DFE259D2973C13B0E2965E67AA
                                        SHA-256:EA7747D876307B0022F055C311C4F8F8112FDDE380E0848FD35508C00EDF8E7A
                                        SHA-512:9470E0B4784CE3AA94248DDBD9C17BCA988B6A680754511CBE1F1C368270F6D18C75AD1EA0F3A438CA5BB1A12E55E8745F68F2EBC9F78C68B373A6541AC9EFBE
                                        Malicious:false
                                        Reputation:low
                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ProdSettings" type="System.Configuration.NameValueSectionHandler"/>.. <section name="StagingSettings" type="System.Configuration.NameValueSectionHandler"/>.. </configSections>.. <ProdSettings>.. <add key="Installer" value="https://wcdownloadercdn.lavasoft.com/13.0.0.1080/WebCompanionInstaller-13.0.0.1080-prod.exe"/>.. <add key="WebProtectionZip" value="https://rt.webcompanion.com/notifications/download/rt/dci/latest/Webprotection.zip"/>.. <add key="InstallerZip" value="http://wcdownloadercdn.lavasoft.com/13.0.0.1080/WebCompanion-13.0.0.1080-prod.zip"/>.. <add key="WebInstallerZip" value="http://wcdownloadercdn.lavasoft.com/13.0.0.1080/webinstaller-13.0.0.1080-prod.zip"/>.. </ProdSettings>.. <StagingSettings>.. <add key="Installer" value="https://wcdownloader-qa.lavasoft.com/13.0.0.1080/WebCompanionInstaller-13.0.0.1080-internal.exe"/>.. <add key="WebProtectionZip" va

                                        C:\Users\user\AppData\Local\Temp\7zS43EAAD03\de-DE\WebCompanion-Installer.resources.dll

                                        Download File
                                        Process:C:\Users\user\Desktop\Setup.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):6656
                                        Entropy (8bit):4.423116664692943
                                        Encrypted:false
                                        SSDEEP:96:5GfMjBmbsmYpthmv13DA+7ZaOrO2I72LYlty5dPolY:5GEjBmb/Ypthmd3k+7LBTUa5NolY
                                        MD5:A564D6AE745D289B599A010E570E609E
                                        SHA1:7A698D14CDAB971982B02AF5A9C49D8AEDA56A19
                                        SHA-256:E20A9695E1322491C57C8A0E61839E5AEEBA40F43AAB400C29F19531D18FA037
                                        SHA-512:2894F6832F6D20E97E18FF09780D34E7CC25074F0382742838C9A060AF7ADE3FFD3DA9F844E0475697E3854A97379F0961A7F65A1EB5F2ACBA2AF17E49D75B39
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$Cf...........!.................1... ...@....... ....................................@..................................0..O....@.......................`....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................1......H.......h-..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....".......PADPADP......n.....V ...].......}.E(/....xv.|.-..X:..o.....V..................v...1.D|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq............g...i...............!.......z...............5...v.......K....... .......3...<...

                                        C:\Users\user\AppData\Local\Temp\7zS43EAAD03\en-US\WebCompanion-Installer.resources.dll

                                        Download File
                                        Process:C:\Users\user\Desktop\Setup.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):6144
                                        Entropy (8bit):4.337584317889265
                                        Encrypted:false
                                        SSDEEP:96:tDXGBpbsiopCUoHve6v7ptEAT0VOGSxQ7F0ltEj8dPolY:trGBpbLopDoHm1MeGU8NolY
                                        MD5:88498F281D2BC857F09C3A0EFFE97A35
                                        SHA1:5560555DED4D2336EBAAC6AECBD80C2FC6F0AAE7
                                        SHA-256:2FBD9C10CEC246D5E6EE2F41635F283C3064773724253BAE598BFAEA735B702D
                                        SHA-512:2550C9C2E42E77A44520EC53418636721C3A56BE7B647C839B7A3063A9BDE4FFD304A6812F51A95DF19B1F04E05285FA9C23AF946472F07DE10F514DDB0DF9C0
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$Cf...........!................N/... ...@....... ....................................@................................../..K....@.......................`....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................0/......H........+..d...........P ..I...........................................E..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet.... .......PADPADP......n.....V ...].......}.E(/....xv.|.-..X:..o.....V..............v.D|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq........\.......i.......t...............z...O...L...<...5...*.......................E...........L...

                                        C:\Users\user\AppData\Local\Temp\7zS43EAAD03\es-ES\WebCompanion-Installer.resources.dll

                                        Download File
                                        Process:C:\Users\user\Desktop\Setup.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):6656
                                        Entropy (8bit):4.320496600456879
                                        Encrypted:false
                                        SSDEEP:96:wfMjBDbsPnpEaLv3lhC3E1Wb/xg/x9lt2EZdPolY:wEjBDbWnpEaLPlhC3fa9ZNolY
                                        MD5:A22C9231A5562DCA9F0BC186BDA3348D
                                        SHA1:D4D281A596E272A482C6917DC3CA67C150E72FCB
                                        SHA-256:AF899C47BDE2A325F3F9F22772F4E305F6B50EAF040670DE508226FEFBED649B
                                        SHA-512:C140934BF63AADB01F7C0A1A4A7E89FB7CC6DEAA5219BBCB64EB6FB9D29F8139DC4A17C990373BB008A891436BD60E8B21CF748DAB0FA263853663AD17BA9FB4
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$Cf...........!.................0... ...@....... ....................................@.................................<0..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p0......H........,..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....".......PADPADP......n.....V ...].......}.E(/....xv.|.-..X:..o.....V..................v...1.D|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq............g...i...............!.......z...............5...v.......K....... .......3...<...

                                        C:\Users\user\AppData\Local\Temp\7zS43EAAD03\fr-CA\WebCompanion-Installer.resources.dll

                                        Download File
                                        Process:C:\Users\user\Desktop\Setup.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):6656
                                        Entropy (8bit):4.4162624308031155
                                        Encrypted:false
                                        SSDEEP:96:vfMjBwbssSpcuov88johXbk3LFXRq7hltE5dPolY:vEjBwbJSpcuo0aX07hM5NolY
                                        MD5:07759138B75C31E8E62E2DCB9E5B4121
                                        SHA1:C78CAC2D69DD3770256EA1D22FE62F8991AE1735
                                        SHA-256:460E0EA0F891B4A7D8FCF4D7C1DAF4034B1A8C01F35C55B87C4DE4D34F7E1119
                                        SHA-512:7089069EFBE9109ED034C9538B16F482573757A6DAED2D870CF1711F15B1F39FFFC6E5F9FF5E3380514EAFCEE49797F63DD0C9E472D37647EE3FCF34E086B189
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$Cf...........!.................0... ...@....... ....................................@..................................0..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................0......H.......8-..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....".......PADPADP......n.....V ...].......}.E(/....xv.|.-..X:..o.....V..................v...1.D|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq............g...i...............!.......z...............5...v.......K....... .......3...<...

                                        C:\Users\user\AppData\Local\Temp\7zS43EAAD03\it-IT\WebCompanion-Installer.resources.dll

                                        Download File
                                        Process:C:\Users\user\Desktop\Setup.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):5632
                                        Entropy (8bit):4.05939038461759
                                        Encrypted:false
                                        SSDEEP:48:64WHsDO4eUqFAjpI1UhCvEWRCYVl6TxNLu6hxPFraKuhuXahZ439M/oKx8Welt4u:UFfAjpI1fvC6StPPtM+7tlth8tdPolY
                                        MD5:320A49D5E8C225BF7D8C8FC8F0FBA1FE
                                        SHA1:6986D89BABDB474B16E3074865EEDFFCCECC9337
                                        SHA-256:53F48BF5DEB5FB756EB61D5EE78BB72EF4509ADB396EB40BEF9671ECAA8D9819
                                        SHA-512:6EC2883F6542F8EA3966F367E11359B3702B8E8E01FAFA3D3828E16D216CC77CC71B92BB1BFBC0C7F146C79FB4DBEE5FAD84288DFE1C5979F0C59841B92F03D6
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$Cf...........!................n,... ...@....... ....................................@..................................,..W....@.......................`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P,......H........(..d...........P ..`...........................................\..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP........V ...].......}....xv.|.-..X:.....V..................v...1.D|-...."..&#Uv=.9.W.F.^:1;j........a.......J...'...........(...............p.......E...........{...........b.......B...O............B.T.N._.C.L.O.S.E......

                                        C:\Users\user\AppData\Local\Temp\7zS43EAAD03\ja-JP\WebCompanion-Installer.resources.dll

                                        Download File
                                        Process:C:\Users\user\Desktop\Setup.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):5632
                                        Entropy (8bit):4.697358912630535
                                        Encrypted:false
                                        SSDEEP:96:KsC3ASpa3kvBYTnRDzIWI2dPRp0QltdHmdPolY:KsOASpa3kpXoR+Q1GNolY
                                        MD5:442654050F5E5EBFB286C75A6AD10485
                                        SHA1:7F9AB13C925DDDE3ADE1EBA334DD17F6BF341F7A
                                        SHA-256:B85CC7BA82B58AFD8FA00DFCCD820B5B34BC14A942EBDAB5380FCE8F7257C0AE
                                        SHA-512:E7F9F728603091728451127C02B1F8412C741C57C5ADFED91FECA37989C07570886ACA262ECBDB17A968474E05936C3485602115CBC26EDCEE65DD7764B76795
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$Cf...........!.................-... ...@....... ....................................@..................................-..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H....... *..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP........V ...].......}....xv.|.-..X:.....V..................v...1.D|-...."..&.9.W.F.^:1;j........a.......)...............(...............O.......$...........{.......j...b...B...O............B.T.N._.C.L.O.S.E......B.T.N._.

                                        C:\Users\user\AppData\Local\Temp\7zS43EAAD03\pt-BR\WebCompanion-Installer.resources.dll

                                        Download File
                                        Process:C:\Users\user\Desktop\Setup.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):6656
                                        Entropy (8bit):4.272201212454418
                                        Encrypted:false
                                        SSDEEP:96:afMjBsbswapvL6vu1667y4UNGaB3q4kUO6ltMNdPolY:aEjBsb9apvL6ms67yJ3hUNNolY
                                        MD5:01CCD85F0676258B5E4A223832E3258C
                                        SHA1:630CD9F369A81A7823905FD842FDDEEFAF23D3A1
                                        SHA-256:C482D074CFDA0B6921A6750F0CCC1279BA6FCFB9D2037CA6EAAF704D8DAF811F
                                        SHA-512:1BB2DB0ABF3E0BCA3B131D2DF5329006A56E3FAA4E540621E54AA98DBB0BF4E27093314B477AA66E4F10FE0AF5DF1887FF23CAD938C5B0F98E455433E14FAD01
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$Cf...........!.................0... ...@....... ....................................@................................../..K....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................0......H.......|,..d...........P ..,...........................................(..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....".......PADPADP......n.....V ...].......}.E(/....xv.|.-..X:..o.....V..................v...1.D|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq............g...i...............!.......z...............5...v.......K....... .......3...<...

                                        C:\Users\user\AppData\Local\Temp\7zS43EAAD03\ru-RU\WebCompanion-Installer.resources.dll

                                        Download File
                                        Process:C:\Users\user\Desktop\Setup.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):7680
                                        Entropy (8bit):4.608207837862824
                                        Encrypted:false
                                        SSDEEP:96:41fMjBGbsSopXm7vGQdkxbdV2UCwbT+T/UA7+1styo36glt55odPolY:eEjBGbbopXm7eXxbWqExi1splHoNolY
                                        MD5:F2876EC061D1CC88E44104ED97FC36F8
                                        SHA1:68BFE2A32CA14B0C379EF725E426AB2FED09E075
                                        SHA-256:6071DAA27880FE3F6B9FB704890250CA655CAFE832A1B9A4E59F0CFFFB042E04
                                        SHA-512:E3DD2BAAB3C5AFB124DC9CC0BB2D9318D33707732B4F23C211C2E3BC5A8A8889FAF42003857DA98D43DD7F7368CAFB3A02591BE04DCA4E1343A00283CA071DB6
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$Cf...........!.................3... ...@....... ....................................@..................................3..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................3......H.......L0..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....".......PADPADP......n.....V ...].......}.E(/....xv.|.-..X:..o.....V..................v...1.D|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq............g...i...............!.......z...............5...v.......K....... .......3...<...

                                        C:\Users\user\AppData\Local\Temp\7zS43EAAD03\tr-TR\WebCompanion-Installer.resources.dll

                                        Download File
                                        Process:C:\Users\user\Desktop\Setup.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):5632
                                        Entropy (8bit):4.204809000235561
                                        Encrypted:false
                                        SSDEEP:48:6teH9O4G6ULy3ABApQe1eBpQvu18JvLh4jK0YuPx4S8zqeelt4833PPbknI5Klfy:TsC3AWpt1eYvJgjKZSJltkFdPolY
                                        MD5:D0009577C38F3338B2A3DCCEE9DF5169
                                        SHA1:D567D95A61B57885B55D7D70B93BC839EF162436
                                        SHA-256:598BAD964E2BED4A4EDAFAC5E8838C7B922C6EBBFBA70EDA0D400E543B91E54B
                                        SHA-512:95F766F541CA5EFC74C3DCC9D5C299798B581F1B302A4EFFDCA9B7ED4177DAF4E8547B7729DB724EB0A8A28C9770FC470BF9BDF2C616F70782DC96056CF8410E
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$Cf...........!.................,... ...@....... ....................................@.................................<,..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p,......H........(..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP........V ...].......}....xv.|.-..X:.....V..................v...1.D|-...."..&.9.W.F.^:1;j........a.......)...............(...............O.......$...........{.......j...b...B...O............B.T.N._.C.L.O.S.E......B.T.N._.

                                        C:\Users\user\AppData\Local\Temp\7zS43EAAD03\zh-CHS\WebCompanion-Installer.resources.dll

                                        Download File
                                        Process:C:\Users\user\Desktop\Setup.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):5120
                                        Entropy (8bit):4.582926268925439
                                        Encrypted:false
                                        SSDEEP:96:vsC3AjpTfYGvqLH+/WZGrlqlt9kdPolY:vsOAjpTfxyb+/gGJq1kNolY
                                        MD5:322549094C487E49ACEB9899419D8EC6
                                        SHA1:DD0E5FF6BC3E4590203829DA1BB8BD7B00CBD07E
                                        SHA-256:7824381C18E86E72C0D4A8BB0ED377DFDB6E3B5374984ED67AF119B14268E70D
                                        SHA-512:80747F72196406993110D0DB5B736BCA21975C26615D34F771042E69CA0D519ED80C0E9267A90517A5B9862AB44CF9F9D96C354E952CB9CB0C32EB4887F80A1C
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$Cf...........!.................+... ...@....... ....................................@.................................t+..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........(..h...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP........V ...].......}....xv.|.-..X:.....V..................v...1.D|-...."..&.9.W.F.^:1;j........a.......)...............(...............O.......$...........{.......j...b...B...O............B.T.N._.C.L.O.S.E......B.T.N._.

                                        C:\Users\user\AppData\Local\Temp\7zSC52CA132\ICSharpCode.SharpZipLib.dll

                                        Download File
                                        Process:C:\Users\user\Desktop\Setup.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):213656
                                        Entropy (8bit):5.7590593524797615
                                        Encrypted:false
                                        SSDEEP:3072:LK1c/KCOAUXk31Vv91GOtJJKuE1iA5mGPB8qd9OTymIpn+64kRAclDwRNG95ZI4Q:Ge9OAQsFtJrGPBnmIRZUL
                                        MD5:0CFE19791546A96C6699657A94604596
                                        SHA1:5D1A1B74CCA9F74FFFEBCB583661C02E4CA626DD
                                        SHA-256:56FDFD148F0D60805B2873A5A49739909001D11789B75DAB2B0EA8E55BC60913
                                        SHA-512:586CC695A2C3C03008D0A1032C221CD3384B5F4363E83C9D903753FB1DAD65B340BC8CD0659F7F891A641F8BD7535C9B889219842045854AA98CD380F0FE4AA3
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 4%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......S...........!......... ........... ........@.. .......................@......sC....@.................................d...W........................2... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Local\Temp\7zSC52CA132\Newtonsoft.Json.dll

                                        Download File
                                        Process:C:\Users\user\Desktop\Setup.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):438424
                                        Entropy (8bit):6.09887709092106
                                        Encrypted:false
                                        SSDEEP:6144:fHerwzLkqCG3uKWf4g6tUwoOkErUx5/Rsnaszr0tZDPEaN+YB5+GonYy:fHerIacuKUtOkESbKQrvB5+qy
                                        MD5:461C476F474A5F13D2EA9344AE6F70F6
                                        SHA1:8F74702B99F08277D4514C63956E2E69E8090073
                                        SHA-256:4F0EC6439B24652F16DF066F4A38B64518B5A874080EDA63DE45968545830F67
                                        SHA-512:E69080C205CD82EA2C056FA1328BBEC4C03CA3FDC3EE381C4FB44CB356247BE5FE4B8ADD53036DCB19CAC2C6D59B8E02F81932320EA534B5BA50DB80A0647017
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 3%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....L.R...........!.....t............... ........... ..............................%.....@.....................................K.......8............~...2..........x................................................ ............... ..H............text....s... ...t.................. ..`.rsrc...8............v..............@..@.reloc...............|..............@..B........................H.......h...................X...P ......................................yK.N...f....i5.#I..xV. ..%BR..^.....t0"..z.%./.G'.j....{...2...k)w...'>.c..P..X.......n...h....E...ex..X/H].R.e.{..;&.-.'....{....*"..}....*V.(x.....(......}....*2.{....oy...*2.{....oz...*B..(....&..(....*...0...........oo........YE....}...............}...n...............n.......I...I...I...I...3...I...X...8D....t......{.....or...o{....ow.....+U..o|.....{.....o....oo...o}.....o....o....t.....o....o..

                                        C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe

                                        Download File
                                        Process:C:\Users\user\Desktop\Setup.exe
                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):438936
                                        Entropy (8bit):6.4311342686757245
                                        Encrypted:false
                                        SSDEEP:6144:p0CMChRMg/ZytotgM7/J/NMFkl619WTRIlY57pMF9v2aiSVRlY/8a:CGhGI1Wo/J1l619WQY57pMfi8a
                                        MD5:A27F9713DB1688D03D2082BFA1827803
                                        SHA1:B8DF4649659003609419D052757166499D2322E8
                                        SHA-256:2F86EB0D3902A11DA1F534D9734DABAE37D33E2C57B03F968198A1CFC2E652A9
                                        SHA-512:F952C6792F10CB60CA3ECC00B317C33AADB65C8471D106171660EC0FCB0603C8D18B8AD2A90AACDA6581D342647290099AF0ED0FDD897EDB390D5BF9209EA905
                                        Malicious:true
                                        Yara Hits:
                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe, Author: Joe Security
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 21%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$Cf.....................t.......(... ...@....@.. ....................................@..................................(..K....@...q...............2..........X'............................................... ............... ..H............text........ ...................... ..`.rsrc....q...@...r..................@..@.reloc...............~..............@..B.................(......H..................{....i...9............................................~....}.....(......su...}......(....}....*.r...p*z.(....r'..p.{....(......(....*....0..j..........{....r...pov...,.(.....+.(......r...p(......(......r...p.{....o....o.......(........sG........o......z*..........UU......N.(....r...p..(....*.r...p.....*..{....*"..}....*.rA..p*.rS..p*.(....oV...*f.~....}.....(......(....*.ro..p*N.(....r...p..(....*.0..i.......~......(....(!...,.r...p.+..(.......(j.....(...+

                                        C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe.config

                                        Download File
                                        Process:C:\Users\user\Desktop\Setup.exe
                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):2273
                                        Entropy (8bit):5.064418012146103
                                        Encrypted:false
                                        SSDEEP:48:c5+qM3DzYnwAGvSy6ZYEcCUkmPlrAn6EVr6R841docr7S3tB:jV3f84CRvur+rAN3r7sz
                                        MD5:E3D3AA100B93504676414B9268DFBAD4
                                        SHA1:A7D1E59C9D8C48DFE259D2973C13B0E2965E67AA
                                        SHA-256:EA7747D876307B0022F055C311C4F8F8112FDDE380E0848FD35508C00EDF8E7A
                                        SHA-512:9470E0B4784CE3AA94248DDBD9C17BCA988B6A680754511CBE1F1C368270F6D18C75AD1EA0F3A438CA5BB1A12E55E8745F68F2EBC9F78C68B373A6541AC9EFBE
                                        Malicious:false
                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ProdSettings" type="System.Configuration.NameValueSectionHandler"/>.. <section name="StagingSettings" type="System.Configuration.NameValueSectionHandler"/>.. </configSections>.. <ProdSettings>.. <add key="Installer" value="https://wcdownloadercdn.lavasoft.com/13.0.0.1080/WebCompanionInstaller-13.0.0.1080-prod.exe"/>.. <add key="WebProtectionZip" value="https://rt.webcompanion.com/notifications/download/rt/dci/latest/Webprotection.zip"/>.. <add key="InstallerZip" value="http://wcdownloadercdn.lavasoft.com/13.0.0.1080/WebCompanion-13.0.0.1080-prod.zip"/>.. <add key="WebInstallerZip" value="http://wcdownloadercdn.lavasoft.com/13.0.0.1080/webinstaller-13.0.0.1080-prod.zip"/>.. </ProdSettings>.. <StagingSettings>.. <add key="Installer" value="https://wcdownloader-qa.lavasoft.com/13.0.0.1080/WebCompanionInstaller-13.0.0.1080-internal.exe"/>.. <add key="WebProtectionZip" va

                                        C:\Users\user\AppData\Local\Temp\7zSC52CA132\de-DE\WebCompanion-Installer.resources.dll

                                        Download File
                                        Process:C:\Users\user\Desktop\Setup.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):6656
                                        Entropy (8bit):4.423116664692943
                                        Encrypted:false
                                        SSDEEP:96:5GfMjBmbsmYpthmv13DA+7ZaOrO2I72LYlty5dPolY:5GEjBmb/Ypthmd3k+7LBTUa5NolY
                                        MD5:A564D6AE745D289B599A010E570E609E
                                        SHA1:7A698D14CDAB971982B02AF5A9C49D8AEDA56A19
                                        SHA-256:E20A9695E1322491C57C8A0E61839E5AEEBA40F43AAB400C29F19531D18FA037
                                        SHA-512:2894F6832F6D20E97E18FF09780D34E7CC25074F0382742838C9A060AF7ADE3FFD3DA9F844E0475697E3854A97379F0961A7F65A1EB5F2ACBA2AF17E49D75B39
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$Cf...........!.................1... ...@....... ....................................@..................................0..O....@.......................`....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................1......H.......h-..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....".......PADPADP......n.....V ...].......}.E(/....xv.|.-..X:..o.....V..................v...1.D|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq............g...i...............!.......z...............5...v.......K....... .......3...<...

                                        C:\Users\user\AppData\Local\Temp\7zSC52CA132\en-US\WebCompanion-Installer.resources.dll

                                        Download File
                                        Process:C:\Users\user\Desktop\Setup.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):6144
                                        Entropy (8bit):4.337584317889265
                                        Encrypted:false
                                        SSDEEP:96:tDXGBpbsiopCUoHve6v7ptEAT0VOGSxQ7F0ltEj8dPolY:trGBpbLopDoHm1MeGU8NolY
                                        MD5:88498F281D2BC857F09C3A0EFFE97A35
                                        SHA1:5560555DED4D2336EBAAC6AECBD80C2FC6F0AAE7
                                        SHA-256:2FBD9C10CEC246D5E6EE2F41635F283C3064773724253BAE598BFAEA735B702D
                                        SHA-512:2550C9C2E42E77A44520EC53418636721C3A56BE7B647C839B7A3063A9BDE4FFD304A6812F51A95DF19B1F04E05285FA9C23AF946472F07DE10F514DDB0DF9C0
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$Cf...........!................N/... ...@....... ....................................@................................../..K....@.......................`....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................0/......H........+..d...........P ..I...........................................E..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet.... .......PADPADP......n.....V ...].......}.E(/....xv.|.-..X:..o.....V..............v.D|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq........\.......i.......t...............z...O...L...<...5...*.......................E...........L...

                                        C:\Users\user\AppData\Local\Temp\7zSC52CA132\es-ES\WebCompanion-Installer.resources.dll

                                        Download File
                                        Process:C:\Users\user\Desktop\Setup.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):6656
                                        Entropy (8bit):4.320496600456879
                                        Encrypted:false
                                        SSDEEP:96:wfMjBDbsPnpEaLv3lhC3E1Wb/xg/x9lt2EZdPolY:wEjBDbWnpEaLPlhC3fa9ZNolY
                                        MD5:A22C9231A5562DCA9F0BC186BDA3348D
                                        SHA1:D4D281A596E272A482C6917DC3CA67C150E72FCB
                                        SHA-256:AF899C47BDE2A325F3F9F22772F4E305F6B50EAF040670DE508226FEFBED649B
                                        SHA-512:C140934BF63AADB01F7C0A1A4A7E89FB7CC6DEAA5219BBCB64EB6FB9D29F8139DC4A17C990373BB008A891436BD60E8B21CF748DAB0FA263853663AD17BA9FB4
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$Cf...........!.................0... ...@....... ....................................@.................................<0..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p0......H........,..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....".......PADPADP......n.....V ...].......}.E(/....xv.|.-..X:..o.....V..................v...1.D|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq............g...i...............!.......z...............5...v.......K....... .......3...<...

                                        C:\Users\user\AppData\Local\Temp\7zSC52CA132\fr-CA\WebCompanion-Installer.resources.dll

                                        Download File
                                        Process:C:\Users\user\Desktop\Setup.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):6656
                                        Entropy (8bit):4.4162624308031155
                                        Encrypted:false
                                        SSDEEP:96:vfMjBwbssSpcuov88johXbk3LFXRq7hltE5dPolY:vEjBwbJSpcuo0aX07hM5NolY
                                        MD5:07759138B75C31E8E62E2DCB9E5B4121
                                        SHA1:C78CAC2D69DD3770256EA1D22FE62F8991AE1735
                                        SHA-256:460E0EA0F891B4A7D8FCF4D7C1DAF4034B1A8C01F35C55B87C4DE4D34F7E1119
                                        SHA-512:7089069EFBE9109ED034C9538B16F482573757A6DAED2D870CF1711F15B1F39FFFC6E5F9FF5E3380514EAFCEE49797F63DD0C9E472D37647EE3FCF34E086B189
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$Cf...........!.................0... ...@....... ....................................@..................................0..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................0......H.......8-..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....".......PADPADP......n.....V ...].......}.E(/....xv.|.-..X:..o.....V..................v...1.D|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq............g...i...............!.......z...............5...v.......K....... .......3...<...

                                        C:\Users\user\AppData\Local\Temp\7zSC52CA132\it-IT\WebCompanion-Installer.resources.dll

                                        Download File
                                        Process:C:\Users\user\Desktop\Setup.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):5632
                                        Entropy (8bit):4.05939038461759
                                        Encrypted:false
                                        SSDEEP:48:64WHsDO4eUqFAjpI1UhCvEWRCYVl6TxNLu6hxPFraKuhuXahZ439M/oKx8Welt4u:UFfAjpI1fvC6StPPtM+7tlth8tdPolY
                                        MD5:320A49D5E8C225BF7D8C8FC8F0FBA1FE
                                        SHA1:6986D89BABDB474B16E3074865EEDFFCCECC9337
                                        SHA-256:53F48BF5DEB5FB756EB61D5EE78BB72EF4509ADB396EB40BEF9671ECAA8D9819
                                        SHA-512:6EC2883F6542F8EA3966F367E11359B3702B8E8E01FAFA3D3828E16D216CC77CC71B92BB1BFBC0C7F146C79FB4DBEE5FAD84288DFE1C5979F0C59841B92F03D6
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$Cf...........!................n,... ...@....... ....................................@..................................,..W....@.......................`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P,......H........(..d...........P ..`...........................................\..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP........V ...].......}....xv.|.-..X:.....V..................v...1.D|-...."..&#Uv=.9.W.F.^:1;j........a.......J...'...........(...............p.......E...........{...........b.......B...O............B.T.N._.C.L.O.S.E......

                                        C:\Users\user\AppData\Local\Temp\7zSC52CA132\ja-JP\WebCompanion-Installer.resources.dll

                                        Download File
                                        Process:C:\Users\user\Desktop\Setup.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):5632
                                        Entropy (8bit):4.697358912630535
                                        Encrypted:false
                                        SSDEEP:96:KsC3ASpa3kvBYTnRDzIWI2dPRp0QltdHmdPolY:KsOASpa3kpXoR+Q1GNolY
                                        MD5:442654050F5E5EBFB286C75A6AD10485
                                        SHA1:7F9AB13C925DDDE3ADE1EBA334DD17F6BF341F7A
                                        SHA-256:B85CC7BA82B58AFD8FA00DFCCD820B5B34BC14A942EBDAB5380FCE8F7257C0AE
                                        SHA-512:E7F9F728603091728451127C02B1F8412C741C57C5ADFED91FECA37989C07570886ACA262ECBDB17A968474E05936C3485602115CBC26EDCEE65DD7764B76795
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$Cf...........!.................-... ...@....... ....................................@..................................-..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H....... *..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP........V ...].......}....xv.|.-..X:.....V..................v...1.D|-...."..&.9.W.F.^:1;j........a.......)...............(...............O.......$...........{.......j...b...B...O............B.T.N._.C.L.O.S.E......B.T.N._.

                                        C:\Users\user\AppData\Local\Temp\7zSC52CA132\pt-BR\WebCompanion-Installer.resources.dll

                                        Download File
                                        Process:C:\Users\user\Desktop\Setup.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):6656
                                        Entropy (8bit):4.272201212454418
                                        Encrypted:false
                                        SSDEEP:96:afMjBsbswapvL6vu1667y4UNGaB3q4kUO6ltMNdPolY:aEjBsb9apvL6ms67yJ3hUNNolY
                                        MD5:01CCD85F0676258B5E4A223832E3258C
                                        SHA1:630CD9F369A81A7823905FD842FDDEEFAF23D3A1
                                        SHA-256:C482D074CFDA0B6921A6750F0CCC1279BA6FCFB9D2037CA6EAAF704D8DAF811F
                                        SHA-512:1BB2DB0ABF3E0BCA3B131D2DF5329006A56E3FAA4E540621E54AA98DBB0BF4E27093314B477AA66E4F10FE0AF5DF1887FF23CAD938C5B0F98E455433E14FAD01
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$Cf...........!.................0... ...@....... ....................................@................................../..K....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................0......H.......|,..d...........P ..,...........................................(..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....".......PADPADP......n.....V ...].......}.E(/....xv.|.-..X:..o.....V..................v...1.D|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq............g...i...............!.......z...............5...v.......K....... .......3...<...

                                        C:\Users\user\AppData\Local\Temp\7zSC52CA132\ru-RU\WebCompanion-Installer.resources.dll

                                        Download File
                                        Process:C:\Users\user\Desktop\Setup.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):7680
                                        Entropy (8bit):4.608207837862824
                                        Encrypted:false
                                        SSDEEP:96:41fMjBGbsSopXm7vGQdkxbdV2UCwbT+T/UA7+1styo36glt55odPolY:eEjBGbbopXm7eXxbWqExi1splHoNolY
                                        MD5:F2876EC061D1CC88E44104ED97FC36F8
                                        SHA1:68BFE2A32CA14B0C379EF725E426AB2FED09E075
                                        SHA-256:6071DAA27880FE3F6B9FB704890250CA655CAFE832A1B9A4E59F0CFFFB042E04
                                        SHA-512:E3DD2BAAB3C5AFB124DC9CC0BB2D9318D33707732B4F23C211C2E3BC5A8A8889FAF42003857DA98D43DD7F7368CAFB3A02591BE04DCA4E1343A00283CA071DB6
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$Cf...........!.................3... ...@....... ....................................@..................................3..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................3......H.......L0..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....".......PADPADP......n.....V ...].......}.E(/....xv.|.-..X:..o.....V..................v...1.D|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq............g...i...............!.......z...............5...v.......K....... .......3...<...

                                        C:\Users\user\AppData\Local\Temp\7zSC52CA132\tr-TR\WebCompanion-Installer.resources.dll

                                        Download File
                                        Process:C:\Users\user\Desktop\Setup.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):5632
                                        Entropy (8bit):4.204809000235561
                                        Encrypted:false
                                        SSDEEP:48:6teH9O4G6ULy3ABApQe1eBpQvu18JvLh4jK0YuPx4S8zqeelt4833PPbknI5Klfy:TsC3AWpt1eYvJgjKZSJltkFdPolY
                                        MD5:D0009577C38F3338B2A3DCCEE9DF5169
                                        SHA1:D567D95A61B57885B55D7D70B93BC839EF162436
                                        SHA-256:598BAD964E2BED4A4EDAFAC5E8838C7B922C6EBBFBA70EDA0D400E543B91E54B
                                        SHA-512:95F766F541CA5EFC74C3DCC9D5C299798B581F1B302A4EFFDCA9B7ED4177DAF4E8547B7729DB724EB0A8A28C9770FC470BF9BDF2C616F70782DC96056CF8410E
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$Cf...........!.................,... ...@....... ....................................@.................................<,..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p,......H........(..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP........V ...].......}....xv.|.-..X:.....V..................v...1.D|-...."..&.9.W.F.^:1;j........a.......)...............(...............O.......$...........{.......j...b...B...O............B.T.N._.C.L.O.S.E......B.T.N._.

                                        C:\Users\user\AppData\Local\Temp\7zSC52CA132\zh-CHS\WebCompanion-Installer.resources.dll

                                        Download File
                                        Process:C:\Users\user\Desktop\Setup.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):5120
                                        Entropy (8bit):4.582926268925439
                                        Encrypted:false
                                        SSDEEP:96:vsC3AjpTfYGvqLH+/WZGrlqlt9kdPolY:vsOAjpTfxyb+/gGJq1kNolY
                                        MD5:322549094C487E49ACEB9899419D8EC6
                                        SHA1:DD0E5FF6BC3E4590203829DA1BB8BD7B00CBD07E
                                        SHA-256:7824381C18E86E72C0D4A8BB0ED377DFDB6E3B5374984ED67AF119B14268E70D
                                        SHA-512:80747F72196406993110D0DB5B736BCA21975C26615D34F771042E69CA0D519ED80C0E9267A90517A5B9862AB44CF9F9D96C354E952CB9CB0C32EB4887F80A1C
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$Cf...........!.................+... ...@....... ....................................@.................................t+..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........(..h...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP........V ...].......}....xv.|.-..X:.....V..................v...1.D|-...."..&.9.W.F.^:1;j........a.......)...............(...............O.......$...........{.......j...b...B...O............B.T.N._.C.L.O.S.E......B.T.N._.

                                        C:\Users\user\AppData\Local\Temp\WcInstaller.log

                                        Download File
                                        Process:C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        File Type:ASCII text, with very long lines (912), with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):8071
                                        Entropy (8bit):5.356620348192058
                                        Encrypted:false
                                        SSDEEP:192:DK1PAKis+sky4IPFK1PAtATtT7ixhtM5AKis+MH/iQcf5AtA/:+B6s+PIPoBkci1Y6s+5Qcxkc
                                        MD5:BC6327EED9465EEF0CCBFC6AEF07B6B0
                                        SHA1:8EFF3C8FFCE71B9EC14A8BA221537243DE380B3D
                                        SHA-256:8C319106AC1269DF103FDE671D8DE84039A1B9475D222F630331A7379E87544E
                                        SHA-512:8675BB871D19FD3DC1F70B00641C7C643AFEC4F206AF65B5456E8918F3EF0975A52EE7F55E43A2BFA20E6285AAEAA4132B5E24DF8E94A374E31CC0E8DF47D269
                                        Malicious:false
                                        Preview:Detecting windows culture..Preparing request for featureflag: {"Geo":"US","Partner":"IN230901","Campaign":"16075236377","InstallDate":"20240802","TriggerType":"install","TriggerEvent":"installer","Version":"13.900.0.1080","featurewp":true,"featureal":true}..Getting response from featureflag: [{"sectionCode":"WAC","code":"WAC","configuration":"{\"Icon\": \"https://webcompanion.com/images/favicon.ico\", \"AppName\": \"Web Companion\", \"Settings\": [\"WCAutoUpdate\", \"EnableGranularity\", \"PostRunV2Action\", \"PostRunTimerAction\", \"EnableTelemetryScan\", \"EnableWebProtection\", \"EnableDynamicNotification\"], \"CompanyName\": \"Lavasoft\", \"ConfigVersion\": \"v1\", \"CurrentVersion\": \"9.3.0\", \"IsNewUpdaterService\": true}","targetId":301},{"sectionCode":"WFAI","code":"WCP","configuration":"{\"Version\": \"3.0.2.12\", \"FilePath\": \"https://rt.webcompanion.com/notifications/download/rt/dci/latest/Webprotection.zip\", \"BlackList\": \"https://acs.lavasoft.com/api/v2/url/blacklis

                                        C:\Users\user\AppData\Local\Temp\WebCompanion.zip

                                        Download File
                                        Process:C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                        Category:modified
                                        Size (bytes):126976
                                        Entropy (8bit):7.9964957773971435
                                        Encrypted:true
                                        SSDEEP:3072:bcPj+hoTClu9j8RwdEPK1UGfAwC1xoyje69fKncJbF:baj+hom3RwdEyemJC7VjIncJJ
                                        MD5:07B53179743BD7FB3AE84D9A6B3DD439
                                        SHA1:209A3DAD02379B8766E4F1596269DE3B81927547
                                        SHA-256:63802BBBD52A6DD71FF769D4BBE373E484D7CDF881130EF33B45FE8EDD6A365E
                                        SHA-512:E0871CEFAD124ECA1266DBE7098A61C37D9055B35A79E4E8AC6E094783AF1D9D0CF8B3FC999F2CAF1AB15EC1C4D6DA5BEFBA28A832C5111EC5B584909F570A4A
                                        Malicious:false
                                        Preview:PK.........%.X....FF...$......Application/7za.exe.yxTE.8|{I.YH'@CX.V[..%CP.4h_.MnCG@DQ..h..... .`'..\[...u..yg....QGY\........{..d.....S.......~.}y...N.:u..S.NU...`......*.k....~.......e..o.`.......[`._..]U..g.s...?..~..J..:.~.s.t.}..q.>}2l.....u.....#.Y..Mt}.......6z......{.:.:.y^KW.]....ys."..Nu.........C.EB..$..P.k......s.(..zN..K.........iH..Z.....[..x.P.7.iB.6..Ta.,..I...#....g.r...<.wg.....zb......QUw..M.:...L...nHN..r...]#..TA.r...vO..5.'.:B]..p}<.lxU... ...6...........?i...o...g..7H...%E_..B...d.... .f.].&I..Q..G.S..x.o.K......../.~...g.Q_..^(..h^...Dq.J\Y2.....&...........Fo`...........}....98E'..Kne+c........._./..o.o.+g.z..M.6.....D.D.^I9..!..0HJ..?h.7..2"U.;...RY..=b..k.^y....0.l...m*...h..9.........f....J-N..KU....HH."......Y...I)8..=s>.)MPH!.L....e...J..`bc(.:.-M=}...v...=..9.:..u.7.X.O...T..%e.)V...rS..s....o...[1.C... ...x7g)P..:............8. .u...lv-a..MB.TyW..D..p$..0.x>..'..K..l./g..U......b{.!_...,....<.....$#zh.e....+.

                                        C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Options\Statistics.txt

                                        Download File
                                        Process:C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        File Type:JSON data
                                        Category:dropped
                                        Size (bytes):56
                                        Entropy (8bit):4.610577243331644
                                        Encrypted:false
                                        SSDEEP:3:asLGY8aLHR5XTqlKNdHY:aqGY8oR5DUKNFY
                                        MD5:787F43804C942A2D3669B1C7C6152405
                                        SHA1:63A3F46ECA0E26128D586C4BD9E537AE2E4B62B0
                                        SHA-256:AAC2B8E4813A9098F1B44F3B169CE31A12DCAE6C07D8EDBDEFAFBED40CB4A9EE
                                        SHA-512:0D52964B4C362BB217C4A98ED45EB02584E81F94367C9DA1E1206A378F6DD745E0CBA7A44375D35097FEC5BB2208438D3FA51B8039D3B533D560C8E071EE31E6
                                        Malicious:false
                                        Preview:{ "install_id" : "90a0c9b1-1b37-4d26-b254-2c7e43bf3118"}

                                        Static File Info

                                        General

                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                        Entropy (8bit):7.653622896708725
                                        TrID:
                                        • Win32 Executable (generic) a (10002005/4) 99.40%
                                        • InstallShield setup (43055/19) 0.43%
                                        • Windows Screen Saver (13104/52) 0.13%
                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                        • DOS Executable Generic (2002/1) 0.02%
                                        File name:Setup.exe
                                        File size:545'352 bytes
                                        MD5:13f5fecf34a18af19e500f24f21434d4
                                        SHA1:57d96e264fcb813bbd37dc677ca6717585802d22
                                        SHA256:849ec4445694a35b8a28f448b173473df747923e9809a24823bc978260926cab
                                        SHA512:57628a6f9227e32574a5a6041458ba10ea56bb602b547a0e3b2060cf471fc71d426c744b1650b1af4d5e030eabe1d1943f4088dab437714c0a34c9ae6d7d2ed4
                                        SSDEEP:12288:XG5knZfFKeT/OydwORmV42Y5RBHtf8WS8sejGxUeRx7/yy:XG50ZfFKM/RCa0gDS8geeuy
                                        TLSH:ABC4F1127DE089B5D5820431CC745FA6A2B6FE560A20887773997E3E7F7F642C232A1D
                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W..s...s...s..c}...s..Yy...s..w,...s...r./.s..w....s..Yx...s.......s.......s.Zyu...s.Rich..s.................PE..L......M...

                                        File Icon

                                        Icon Hash:8011090b07071616

                                        Static PE Info

                                        General

                                        Entrypoint:0x4148d4
                                        Entrypoint Section:.text
                                        Digitally signed:true
                                        Imagebase:0x400000
                                        Subsystem:windows gui
                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                        DLL Characteristics:
                                        Time Stamp:0x4DAC88CE [Mon Apr 18 18:54:06 2011 UTC]
                                        TLS Callbacks:
                                        CLR (.Net) Version:
                                        OS Version Major:4
                                        OS Version Minor:0
                                        File Version Major:4
                                        File Version Minor:0
                                        Subsystem Version Major:4
                                        Subsystem Version Minor:0
                                        Import Hash:e00de6e48b9b06aceb12a81e7bf494c9

                                        Authenticode Signature

                                        Signature Valid:true
                                        Signature Issuer:CN=Entrust Extended Validation Code Signing CA - EVCS2, O="Entrust, Inc.", C=US
                                        Signature Validation Error:The operation completed successfully
                                        Error Number:0
                                        Not Before, Not After
                                        • 01/05/2024 10:39:26 01/05/2025 10:39:25
                                        Subject Chain
                                        • CN=7270356 Canada Inc., SERIALNUMBER=1417258-2, OID.2.5.4.15=Private Organization, O=7270356 Canada Inc., OID.1.3.6.1.4.1.311.60.2.1.3=CA, L=Saint-Laurent, S=Quebec, C=CA
                                        Version:3
                                        Thumbprint MD5:0E3940FCE9D8B244F0D82DDEEBE28F5E
                                        Thumbprint SHA-1:EA06433E6F12D2AADA040F4A6EF7C927404A4CBA
                                        Thumbprint SHA-256:EB0A666D9DFD790059DF788FBA544ABC93E1690F1425147BA0A6E784AFC6F5B5
                                        Serial:25D0CB9D7B0D6C700CDAE43D243AB1C6

                                        Entrypoint Preview

                                        Instruction
                                        push ebp
                                        mov ebp, esp
                                        push FFFFFFFFh
                                        push 0041B9E8h
                                        push 004147FCh
                                        mov eax, dword ptr fs:[00000000h]
                                        push eax
                                        mov dword ptr fs:[00000000h], esp
                                        sub esp, 58h
                                        push ebx
                                        push esi
                                        push edi
                                        mov dword ptr [ebp-18h], esp
                                        call dword ptr [0041B078h]
                                        xor edx, edx
                                        mov dl, ah
                                        mov dword ptr [004233F0h], edx
                                        mov ecx, eax
                                        and ecx, 000000FFh
                                        mov dword ptr [004233ECh], ecx
                                        shl ecx, 08h
                                        add ecx, edx
                                        mov dword ptr [004233E8h], ecx
                                        shr eax, 10h
                                        mov dword ptr [004233E4h], eax
                                        push 00000001h
                                        call 00007FD2386A61FBh
                                        pop ecx
                                        test eax, eax
                                        jne 00007FD2386A536Ah
                                        push 0000001Ch
                                        call 00007FD2386A5428h
                                        pop ecx
                                        call 00007FD2386A5CADh
                                        test eax, eax
                                        jne 00007FD2386A536Ah
                                        push 00000010h
                                        call 00007FD2386A5417h
                                        pop ecx
                                        xor esi, esi
                                        mov dword ptr [ebp-04h], esi
                                        call 00007FD2386A7E1Ch
                                        call dword ptr [0041B07Ch]
                                        mov dword ptr [00425A5Ch], eax
                                        call 00007FD2386A7CDAh
                                        mov dword ptr [00423360h], eax
                                        call 00007FD2386A7A83h
                                        call 00007FD2386A79C5h
                                        call 00007FD2386A7420h
                                        mov dword ptr [ebp-30h], esi
                                        lea eax, dword ptr [ebp-5Ch]
                                        push eax
                                        call dword ptr [0041B080h]
                                        call 00007FD2386A7956h
                                        mov dword ptr [ebp-64h], eax
                                        test byte ptr [ebp-30h], 00000001h
                                        je 00007FD2386A5368h
                                        movzx eax, word ptr [ebp+00h]

                                        Rich Headers

                                        Programming Language:
                                        • [ C ] VS98 (6.0) SP6 build 8804
                                        • [C++] VS98 (6.0) SP6 build 8804
                                        • [ C ] VS2010 build 30319
                                        • [ASM] VS2010 build 30319
                                        • [EXP] VC++ 6.0 SP5 build 8804

                                        Data Directories

                                        NameVirtual AddressVirtual Size Is in Section
                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x1e9ac0x64.rdata
                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x270000x71d4.rsrc
                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x81fb00x3298
                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IAT0x1b0000x200.rdata
                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                        Sections

                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                        .text0x10000x197c00x19800206b62d600beb166f8bf863ad5301f8cFalse0.5831609987745098DOS executable (COM)6.60822715389085IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                        .rdata0x1b0000x44900x4600b0314f39355cab7d4674a0928d3b15f2False0.312109375data4.383775518811042IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .data0x200000x5a680x32008d44c03d32e0c923339cda9fae15827aFalse0.123828125data1.3793356235333818IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                        .sxdata0x260000x40x20035925cfdc1176bd9ffc634a58b40ec17False0.02734375data0.020393135236084953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_LNK_INFO, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                        .rsrc0x270000x71d40x7200cd606fe2fe8a9aaa6244d6a44a46010aFalse0.3919613486842105data4.655199945289653IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                        Resources

                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                        RT_ICON0x273540x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.37231182795698925
                                        RT_ICON0x2763c0x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.5472972972972973
                                        RT_ICON0x277640x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2833 x 2833 px/m0.3200354609929078
                                        RT_ICON0x27bcc0x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304, resolution 2833 x 2833 px/m0.23688524590163934
                                        RT_ICON0x285540x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2833 x 2833 px/m0.1721388367729831
                                        RT_ICON0x295fc0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2833 x 2833 px/m0.1241701244813278
                                        RT_ICON0x2bba40x1a7bPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9648915769287506
                                        RT_DIALOG0x2d6200xb8dataEnglishUnited States0.6684782608695652
                                        RT_STRING0x2d6d80x94dataEnglishUnited States0.668918918918919
                                        RT_STRING0x2d76c0x34dataEnglishUnited States0.6538461538461539
                                        RT_GROUP_ICON0x2d7a00x4cdata0.8289473684210527
                                        RT_GROUP_ICON0x2d7ec0x22dataEnglishUnited States1.0
                                        RT_VERSION0x2d8100x344dataEnglishUnited States0.4318181818181818
                                        RT_MANIFEST0x2db540x67fexported SGML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3692122669873722

                                        Imports

                                        DLLImport
                                        OLEAUT32.dllVariantClear, SysAllocString
                                        USER32.dllSendMessageA, SetTimer, DialogBoxParamW, DialogBoxParamA, SetWindowLongA, GetWindowLongA, SetWindowTextW, LoadIconA, LoadStringW, LoadStringA, CharUpperW, CharUpperA, DestroyWindow, EndDialog, PostMessageA, ShowWindow, MessageBoxW, GetDlgItem, KillTimer, SetWindowTextA
                                        SHELL32.dllShellExecuteExA
                                        KERNEL32.dllGetCurrentDirectoryA, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, InterlockedIncrement, InterlockedDecrement, GetProcAddress, GetOEMCP, GetACP, GetCPInfo, IsBadCodePtr, IsBadReadPtr, GetFileType, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, HeapSize, GetCurrentProcess, TerminateProcess, IsBadWritePtr, HeapCreate, HeapDestroy, GetEnvironmentVariableA, SetUnhandledExceptionFilter, TlsAlloc, ExitProcess, GetVersion, GetCommandLineA, GetStartupInfoA, GetModuleHandleA, WaitForSingleObject, CloseHandle, CreateProcessA, GetCommandLineW, GetVersionExA, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, MultiByteToWideChar, WideCharToMultiByte, GetLastError, LoadLibraryA, GetModuleFileNameW, GetModuleFileNameA, LocalFree, FormatMessageW, FormatMessageA, SetFileTime, CreateFileW, SetLastError, SetFileAttributesW, SetFileAttributesA, RemoveDirectoryW, RemoveDirectoryA, CreateDirectoryW, CreateDirectoryA, DeleteFileW, DeleteFileA, GetFullPathNameW, GetFullPathNameA, SetCurrentDirectoryW, SetCurrentDirectoryA, GetCurrentDirectoryW, GetTempPathW, GetTempPathA, GetCurrentProcessId, GetTickCount, GetCurrentThreadId, FindClose, FindFirstFileW, FindFirstFileA, FindNextFileW, FindNextFileA, CreateFileA, GetFileSize, SetFilePointer, ReadFile, WriteFile, SetEndOfFile, GetStdHandle, WaitForMultipleObjects, Sleep, VirtualAlloc, VirtualFree, CreateEventA, SetEvent, ResetEvent, InitializeCriticalSection, RtlUnwind, RaiseException, HeapAlloc, HeapFree, HeapReAlloc, CreateThread, TlsSetValue, TlsGetValue, ExitThread

                                        Possible Origin

                                        Language of compilation systemCountry where language is spokenMap
                                        EnglishUnited States

                                        Network Behavior

                                        DNS Queries

                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                        Aug 2, 2024 18:58:25.774523973 CEST192.168.2.171.1.1.10x780fStandard query (0)geo.lavasoft.comA (IP address)IN (0x0001)false
                                        Aug 2, 2024 18:58:26.519659042 CEST192.168.2.171.1.1.10x9410Standard query (0)featureflags.lavasoft.comA (IP address)IN (0x0001)false
                                        Aug 2, 2024 18:58:27.641307116 CEST192.168.2.171.1.1.10x5cf0Standard query (0)flwadw.comA (IP address)IN (0x0001)false
                                        Aug 2, 2024 18:58:44.053636074 CEST192.168.2.171.1.1.10x17c6Standard query (0)wcdownloadercdn.lavasoft.comA (IP address)IN (0x0001)false

                                        DNS Answers

                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                        Aug 2, 2024 18:58:25.784712076 CEST1.1.1.1192.168.2.170x780fNo error (0)geo.lavasoft.com104.16.148.130A (IP address)IN (0x0001)false
                                        Aug 2, 2024 18:58:25.784712076 CEST1.1.1.1192.168.2.170x780fNo error (0)geo.lavasoft.com104.16.149.130A (IP address)IN (0x0001)false
                                        Aug 2, 2024 18:58:26.528232098 CEST1.1.1.1192.168.2.170x9410No error (0)featureflags.lavasoft.com104.16.149.130A (IP address)IN (0x0001)false
                                        Aug 2, 2024 18:58:26.528232098 CEST1.1.1.1192.168.2.170x9410No error (0)featureflags.lavasoft.com104.16.148.130A (IP address)IN (0x0001)false
                                        Aug 2, 2024 18:58:27.652076960 CEST1.1.1.1192.168.2.170x5cf0No error (0)flwadw.com104.18.26.149A (IP address)IN (0x0001)false
                                        Aug 2, 2024 18:58:27.652076960 CEST1.1.1.1192.168.2.170x5cf0No error (0)flwadw.com104.18.27.149A (IP address)IN (0x0001)false
                                        Aug 2, 2024 18:58:44.063968897 CEST1.1.1.1192.168.2.170x17c6No error (0)wcdownloadercdn.lavasoft.com104.16.148.130A (IP address)IN (0x0001)false
                                        Aug 2, 2024 18:58:44.063968897 CEST1.1.1.1192.168.2.170x17c6No error (0)wcdownloadercdn.lavasoft.com104.16.149.130A (IP address)IN (0x0001)false

                                        HTTP Packets

                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        0192.168.2.1749706104.16.148.130802788C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 2, 2024 18:58:25.795270920 CEST66OUTGET / HTTP/1.1
                                        Host: geo.lavasoft.com
                                        Connection: Keep-Alive
                                        Aug 2, 2024 18:58:26.294344902 CEST310INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:58:26 GMT
                                        Content-Type: text/plain
                                        Content-Length: 76
                                        Connection: keep-alive
                                        Access-Control-Allow-Origin: *
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9cd9cea8c45e-EWR
                                        Data Raw: 7b 22 78 2d 67 65 6f 63 6f 75 6e 74 72 79 22 3a 22 55 53 22 2c 22 78 2d 67 65 6f 63 6f 75 6e 74 72 79 6e 61 6d 65 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 66 2d 69 70 63 6f 75 6e 74 72 79 22 3a 22 55 53 22 7d
                                        Data Ascii: {"x-geocountry":"US","x-geocountryname":"United States","cf-ipcountry":"US"}
                                        Aug 2, 2024 18:58:41.842248917 CEST42OUTGET / HTTP/1.1
                                        Host: geo.lavasoft.com
                                        Aug 2, 2024 18:58:41.965676069 CEST310INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:58:41 GMT
                                        Content-Type: text/plain
                                        Content-Length: 76
                                        Connection: keep-alive
                                        Access-Control-Allow-Origin: *
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9d3bd86ac45e-EWR
                                        Data Raw: 7b 22 78 2d 67 65 6f 63 6f 75 6e 74 72 79 22 3a 22 55 53 22 2c 22 78 2d 67 65 6f 63 6f 75 6e 74 72 79 6e 61 6d 65 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 66 2d 69 70 63 6f 75 6e 74 72 79 22 3a 22 55 53 22 7d
                                        Data Ascii: {"x-geocountry":"US","x-geocountryname":"United States","cf-ipcountry":"US"}


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        1192.168.2.1749748104.16.148.130806580C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        Aug 2, 2024 18:59:42.791121960 CEST66OUTGET / HTTP/1.1
                                        Host: geo.lavasoft.com
                                        Connection: Keep-Alive
                                        Aug 2, 2024 18:59:43.403448105 CEST311INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:59:43 GMT
                                        Content-Type: text/plain
                                        Content-Length: 77
                                        Connection: keep-alive
                                        Access-Control-Allow-Origin: *
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9ebb19054267-EWR
                                        Data Raw: 7b 22 78 2d 67 65 6f 63 6f 75 6e 74 72 79 22 3a 22 47 42 22 2c 22 78 2d 67 65 6f 63 6f 75 6e 74 72 79 6e 61 6d 65 22 3a 22 55 6e 69 74 65 64 20 4b 69 6e 67 64 6f 6d 22 2c 22 63 66 2d 69 70 63 6f 75 6e 74 72 79 22 3a 22 55 53 22 7d
                                        Data Ascii: {"x-geocountry":"GB","x-geocountryname":"United Kingdom","cf-ipcountry":"US"}
                                        Aug 2, 2024 18:59:59.323128939 CEST42OUTGET / HTTP/1.1
                                        Host: geo.lavasoft.com
                                        Aug 2, 2024 18:59:59.451169968 CEST311INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:59:59 GMT
                                        Content-Type: text/plain
                                        Content-Length: 77
                                        Connection: keep-alive
                                        Access-Control-Allow-Origin: *
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9f201c894267-EWR
                                        Data Raw: 7b 22 78 2d 67 65 6f 63 6f 75 6e 74 72 79 22 3a 22 47 42 22 2c 22 78 2d 67 65 6f 63 6f 75 6e 74 72 79 6e 61 6d 65 22 3a 22 55 6e 69 74 65 64 20 4b 69 6e 67 64 6f 6d 22 2c 22 63 66 2d 69 70 63 6f 75 6e 74 72 79 22 3a 22 55 53 22 7d
                                        Data Ascii: {"x-geocountry":"GB","x-geocountryname":"United Kingdom","cf-ipcountry":"US"}


                                        HTTPS Proxied Packets

                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        0192.168.2.1749707104.16.149.1304432788C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:58:27 UTC143OUTPOST /api/feature/WC HTTP/1.1
                                        Content-Type: application/json
                                        Host: featureflags.lavasoft.com
                                        Content-Length: 194
                                        Connection: Keep-Alive
                                        2024-08-02 16:58:27 UTC194OUTData Raw: 7b 22 47 65 6f 22 3a 22 55 53 22 2c 22 50 61 72 74 6e 65 72 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 43 61 6d 70 61 69 67 6e 22 3a 22 31 36 30 37 35 32 33 36 33 37 37 22 2c 22 49 6e 73 74 61 6c 6c 44 61 74 65 22 3a 22 32 30 32 34 30 38 30 32 22 2c 22 54 72 69 67 67 65 72 54 79 70 65 22 3a 22 69 6e 73 74 61 6c 6c 22 2c 22 54 72 69 67 67 65 72 45 76 65 6e 74 22 3a 22 69 6e 73 74 61 6c 6c 65 72 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 22 66 65 61 74 75 72 65 77 70 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 61 6c 22 3a 74 72 75 65 7d
                                        Data Ascii: {"Geo":"US","Partner":"IN230901","Campaign":"16075236377","InstallDate":"20240802","TriggerType":"install","TriggerEvent":"installer","Version":"13.900.0.1080","featurewp":true,"featureal":true}
                                        2024-08-02 16:58:27 UTC472INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:58:27 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Content-Length: 877
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9ce11cb7c356-EWR
                                        2024-08-02 16:58:27 UTC877INData Raw: 5b 7b 22 73 65 63 74 69 6f 6e 43 6f 64 65 22 3a 22 57 41 43 22 2c 22 63 6f 64 65 22 3a 22 57 41 43 22 2c 22 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 22 3a 22 7b 5c 22 49 63 6f 6e 5c 22 3a 20 5c 22 68 74 74 70 73 3a 2f 2f 77 65 62 63 6f 6d 70 61 6e 69 6f 6e 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 5c 22 2c 20 5c 22 41 70 70 4e 61 6d 65 5c 22 3a 20 5c 22 57 65 62 20 43 6f 6d 70 61 6e 69 6f 6e 5c 22 2c 20 5c 22 53 65 74 74 69 6e 67 73 5c 22 3a 20 5b 5c 22 57 43 41 75 74 6f 55 70 64 61 74 65 5c 22 2c 20 5c 22 45 6e 61 62 6c 65 47 72 61 6e 75 6c 61 72 69 74 79 5c 22 2c 20 5c 22 50 6f 73 74 52 75 6e 56 32 41 63 74 69 6f 6e 5c 22 2c 20 5c 22 50 6f 73 74 52 75 6e 54 69 6d 65 72 41 63 74 69 6f 6e 5c 22 2c 20 5c 22 45 6e 61 62 6c 65 54 65
                                        Data Ascii: [{"sectionCode":"WAC","code":"WAC","configuration":"{\"Icon\": \"https://webcompanion.com/images/favicon.ico\", \"AppName\": \"Web Companion\", \"Settings\": [\"WCAutoUpdate\", \"EnableGranularity\", \"PostRunV2Action\", \"PostRunTimerAction\", \"EnableTe


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        1192.168.2.1749708104.18.26.1494432788C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:58:28 UTC166OUTPOST /v1/event-stat?Type=Start&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 447
                                        Connection: Keep-Alive
                                        2024-08-02 16:58:28 UTC447OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 0d 0a 20 20 22 4d 61 63 68 69 6e 65 49 64 22 3a 20 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 0d 0a 20 20 22 49 6e 73 74 61 6c 6c 49 64 22 3a 20 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 0d 0a 20 20 22 56 65 72 73 69 6f 6e 22 3a 20 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 0d 0a 20 20 22 54 72 69 67 67 65 72 22 3a 20 22 69 6e 73 74 61 6c 6c 22 2c 0d 0a 20 20 22 4f 73 56 65 72 73 69 6f 6e 22 3a 20 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 0d 0a 20 20 22 4f 73 42 69 74 22 3a 20 22 36 34 22 2c 0d 0a 20 20 22 50 61 72 74 6e 65 72 49 64 22
                                        Data Ascii: {"Data": { "MachineId": "fdd42ee1-88e9-3143-7f4f-be2c09611698", "InstallId": "90a0c9b1-1b37-4d26-b254-2c7e43bf3118", "Version": "13.900.0.1080", "Trigger": "install", "OsVersion": "Microsoft Windows 10 Pro", "OsBit": "64", "PartnerId"
                                        2024-08-02 16:58:28 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:58:28 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9ce63b4c42fc-EWR
                                        2024-08-02 16:58:28 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:58:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        2192.168.2.1749709104.18.26.1494432788C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:58:28 UTC145OUTPOST /v1/event-stat-wc?Type=Start&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 398
                                        2024-08-02 16:58:28 UTC398OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 22 54 72 69 67 67 65 72 22 3a 22 69 6e 73 74 61 6c 6c 22 2c 22 4f 73 56 65 72 73 69 6f 6e 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 22 4f 73 42 69 74 22 3a 22 36 34 22 2c 22 50 61 72 74 6e 65 72 49 44 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 50 61 72 74 6e 65 72 49 64 22 3a 22 49 4e 32 33 30 39 30 31 22
                                        Data Ascii: {"Data": {"MachineId":"fdd42ee1-88e9-3143-7f4f-be2c09611698","InstallId":"90a0c9b1-1b37-4d26-b254-2c7e43bf3118","Version":"13.900.0.1080","Trigger":"install","OsVersion":"Microsoft Windows 10 Pro","OsBit":"64","PartnerID":"IN230901","PartnerId":"IN230901"
                                        2024-08-02 16:58:28 UTC235INHTTP/1.1 400 Bad Request
                                        Date: Fri, 02 Aug 2024 16:58:28 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9cea788141ec-EWR
                                        2024-08-02 16:58:28 UTC39INData Raw: 32 31 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 49 6e 76 61 6c 69 64 20 66 6f 72 6d 61 74 2f 64 61 74 61 22 7d 0d 0a
                                        Data Ascii: 21{"message":"Invalid format/data"}
                                        2024-08-02 16:58:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        3192.168.2.1749710104.18.26.1494432788C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:58:29 UTC152OUTPOST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 508
                                        2024-08-02 16:58:29 UTC508OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 0d 0a 20 20 22 4d 61 63 68 69 6e 65 49 64 22 3a 20 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 0d 0a 20 20 22 49 6e 73 74 61 6c 6c 49 64 22 3a 20 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 0d 0a 20 20 22 56 65 72 73 69 6f 6e 22 3a 20 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 0d 0a 20 20 22 4f 73 56 65 72 73 69 6f 6e 22 3a 20 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 0d 0a 20 20 22 4f 73 42 69 74 22 3a 20 22 36 34 22 2c 0d 0a 20 20 22 50 61 72 74 6e 65 72 49 64 22 3a 20 22 49 4e 32 33 30 39 30 31 22 2c 0d 0a 20 20 22 43 61 6d 70 61 69 67
                                        Data Ascii: {"Data": { "MachineId": "fdd42ee1-88e9-3143-7f4f-be2c09611698", "InstallId": "90a0c9b1-1b37-4d26-b254-2c7e43bf3118", "Version": "13.900.0.1080", "OsVersion": "Microsoft Windows 10 Pro", "OsBit": "64", "PartnerId": "IN230901", "Campaig
                                        2024-08-02 16:58:29 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:58:29 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9ceefa43437e-EWR
                                        2024-08-02 16:58:29 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:58:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        4192.168.2.1749711104.18.26.1494432788C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:58:30 UTC155OUTPOST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 646
                                        2024-08-02 16:58:30 UTC646OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 22 4f 73 56 65 72 73 69 6f 6e 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 22 4f 73 42 69 74 22 3a 22 36 34 22 2c 22 50 61 72 74 6e 65 72 49 44 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 50 61 72 74 6e 65 72 49 64 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 43 61 6d 70 61 69 67 6e 49 44 22 3a 22 31 36 30 37 35
                                        Data Ascii: {"Data": {"MachineId":"fdd42ee1-88e9-3143-7f4f-be2c09611698","InstallId":"90a0c9b1-1b37-4d26-b254-2c7e43bf3118","Version":"13.900.0.1080","OsVersion":"Microsoft Windows 10 Pro","OsBit":"64","PartnerID":"IN230901","PartnerId":"IN230901","CampaignID":"16075
                                        2024-08-02 16:58:30 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:58:30 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9cf30e8442e5-EWR
                                        2024-08-02 16:58:30 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:58:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        5192.168.2.1749712104.18.26.1494432788C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:58:31 UTC152OUTPOST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 515
                                        2024-08-02 16:58:31 UTC515OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 0d 0a 20 20 22 4d 61 63 68 69 6e 65 49 64 22 3a 20 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 0d 0a 20 20 22 49 6e 73 74 61 6c 6c 49 64 22 3a 20 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 0d 0a 20 20 22 56 65 72 73 69 6f 6e 22 3a 20 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 0d 0a 20 20 22 4f 73 56 65 72 73 69 6f 6e 22 3a 20 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 0d 0a 20 20 22 4f 73 42 69 74 22 3a 20 22 36 34 22 2c 0d 0a 20 20 22 50 61 72 74 6e 65 72 49 64 22 3a 20 22 49 4e 32 33 30 39 30 31 22 2c 0d 0a 20 20 22 43 61 6d 70 61 69 67
                                        Data Ascii: {"Data": { "MachineId": "fdd42ee1-88e9-3143-7f4f-be2c09611698", "InstallId": "90a0c9b1-1b37-4d26-b254-2c7e43bf3118", "Version": "13.900.0.1080", "OsVersion": "Microsoft Windows 10 Pro", "OsBit": "64", "PartnerId": "IN230901", "Campaig
                                        2024-08-02 16:58:31 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:58:31 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9cfb8d8c726b-EWR
                                        2024-08-02 16:58:31 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:58:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        6192.168.2.1749713104.18.26.1494432788C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:58:32 UTC155OUTPOST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 482
                                        2024-08-02 16:58:32 UTC482OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 22 4f 73 56 65 72 73 69 6f 6e 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 22 4f 73 42 69 74 22 3a 22 36 34 22 2c 22 50 61 72 74 6e 65 72 49 44 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 50 61 72 74 6e 65 72 49 64 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 43 61 6d 70 61 69 67 6e 49 44 22 3a 22 31 36 30 37 35
                                        Data Ascii: {"Data": {"MachineId":"fdd42ee1-88e9-3143-7f4f-be2c09611698","InstallId":"90a0c9b1-1b37-4d26-b254-2c7e43bf3118","Version":"13.900.0.1080","OsVersion":"Microsoft Windows 10 Pro","OsBit":"64","PartnerID":"IN230901","PartnerId":"IN230901","CampaignID":"16075
                                        2024-08-02 16:58:32 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:58:32 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9cffb9f91899-EWR
                                        2024-08-02 16:58:32 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:58:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        7192.168.2.1749714104.18.26.1494432788C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:58:33 UTC152OUTPOST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 515
                                        2024-08-02 16:58:33 UTC515OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 0d 0a 20 20 22 4d 61 63 68 69 6e 65 49 64 22 3a 20 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 0d 0a 20 20 22 49 6e 73 74 61 6c 6c 49 64 22 3a 20 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 0d 0a 20 20 22 56 65 72 73 69 6f 6e 22 3a 20 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 0d 0a 20 20 22 4f 73 56 65 72 73 69 6f 6e 22 3a 20 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 0d 0a 20 20 22 4f 73 42 69 74 22 3a 20 22 36 34 22 2c 0d 0a 20 20 22 50 61 72 74 6e 65 72 49 64 22 3a 20 22 49 4e 32 33 30 39 30 31 22 2c 0d 0a 20 20 22 43 61 6d 70 61 69 67
                                        Data Ascii: {"Data": { "MachineId": "fdd42ee1-88e9-3143-7f4f-be2c09611698", "InstallId": "90a0c9b1-1b37-4d26-b254-2c7e43bf3118", "Version": "13.900.0.1080", "OsVersion": "Microsoft Windows 10 Pro", "OsBit": "64", "PartnerId": "IN230901", "Campaig
                                        2024-08-02 16:58:33 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:58:33 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9d0568f5c329-EWR
                                        2024-08-02 16:58:33 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:58:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        8192.168.2.1749715104.18.26.1494432788C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:58:33 UTC155OUTPOST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 488
                                        2024-08-02 16:58:33 UTC488OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 22 4f 73 56 65 72 73 69 6f 6e 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 22 4f 73 42 69 74 22 3a 22 36 34 22 2c 22 50 61 72 74 6e 65 72 49 44 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 50 61 72 74 6e 65 72 49 64 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 43 61 6d 70 61 69 67 6e 49 44 22 3a 22 31 36 30 37 35
                                        Data Ascii: {"Data": {"MachineId":"fdd42ee1-88e9-3143-7f4f-be2c09611698","InstallId":"90a0c9b1-1b37-4d26-b254-2c7e43bf3118","Version":"13.900.0.1080","OsVersion":"Microsoft Windows 10 Pro","OsBit":"64","PartnerID":"IN230901","PartnerId":"IN230901","CampaignID":"16075
                                        2024-08-02 16:58:33 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:58:33 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9d09cddb7d1e-EWR
                                        2024-08-02 16:58:33 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:58:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        9192.168.2.1749716104.18.26.1494432788C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:58:35 UTC152OUTPOST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 527
                                        2024-08-02 16:58:35 UTC527OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 0d 0a 20 20 22 4d 61 63 68 69 6e 65 49 64 22 3a 20 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 0d 0a 20 20 22 49 6e 73 74 61 6c 6c 49 64 22 3a 20 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 0d 0a 20 20 22 56 65 72 73 69 6f 6e 22 3a 20 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 0d 0a 20 20 22 4f 73 56 65 72 73 69 6f 6e 22 3a 20 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 0d 0a 20 20 22 4f 73 42 69 74 22 3a 20 22 36 34 22 2c 0d 0a 20 20 22 50 61 72 74 6e 65 72 49 64 22 3a 20 22 49 4e 32 33 30 39 30 31 22 2c 0d 0a 20 20 22 43 61 6d 70 61 69 67
                                        Data Ascii: {"Data": { "MachineId": "fdd42ee1-88e9-3143-7f4f-be2c09611698", "InstallId": "90a0c9b1-1b37-4d26-b254-2c7e43bf3118", "Version": "13.900.0.1080", "OsVersion": "Microsoft Windows 10 Pro", "OsBit": "64", "PartnerId": "IN230901", "Campaig
                                        2024-08-02 16:58:35 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:58:35 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9d133a0c8c29-EWR
                                        2024-08-02 16:58:35 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:58:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        10192.168.2.1749718104.18.26.1494432788C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:58:35 UTC155OUTPOST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 466
                                        2024-08-02 16:58:35 UTC466OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 22 4f 73 56 65 72 73 69 6f 6e 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 22 4f 73 42 69 74 22 3a 22 36 34 22 2c 22 50 61 72 74 6e 65 72 49 44 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 50 61 72 74 6e 65 72 49 64 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 43 61 6d 70 61 69 67 6e 49 44 22 3a 22 31 36 30 37 35
                                        Data Ascii: {"Data": {"MachineId":"fdd42ee1-88e9-3143-7f4f-be2c09611698","InstallId":"90a0c9b1-1b37-4d26-b254-2c7e43bf3118","Version":"13.900.0.1080","OsVersion":"Microsoft Windows 10 Pro","OsBit":"64","PartnerID":"IN230901","PartnerId":"IN230901","CampaignID":"16075
                                        2024-08-02 16:58:36 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:58:36 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9d1749cd4205-EWR
                                        2024-08-02 16:58:36 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:58:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        11192.168.2.1749719104.18.26.1494432788C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:58:36 UTC152OUTPOST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 527
                                        2024-08-02 16:58:36 UTC527OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 0d 0a 20 20 22 4d 61 63 68 69 6e 65 49 64 22 3a 20 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 0d 0a 20 20 22 49 6e 73 74 61 6c 6c 49 64 22 3a 20 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 0d 0a 20 20 22 56 65 72 73 69 6f 6e 22 3a 20 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 0d 0a 20 20 22 4f 73 56 65 72 73 69 6f 6e 22 3a 20 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 0d 0a 20 20 22 4f 73 42 69 74 22 3a 20 22 36 34 22 2c 0d 0a 20 20 22 50 61 72 74 6e 65 72 49 64 22 3a 20 22 49 4e 32 33 30 39 30 31 22 2c 0d 0a 20 20 22 43 61 6d 70 61 69 67
                                        Data Ascii: {"Data": { "MachineId": "fdd42ee1-88e9-3143-7f4f-be2c09611698", "InstallId": "90a0c9b1-1b37-4d26-b254-2c7e43bf3118", "Version": "13.900.0.1080", "OsVersion": "Microsoft Windows 10 Pro", "OsBit": "64", "PartnerId": "IN230901", "Campaig
                                        2024-08-02 16:58:36 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:58:36 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9d1bfa8142d7-EWR
                                        2024-08-02 16:58:36 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:58:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        12192.168.2.1749720104.18.26.1494432788C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:58:37 UTC155OUTPOST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 458
                                        2024-08-02 16:58:37 UTC458OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 22 4f 73 56 65 72 73 69 6f 6e 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 22 4f 73 42 69 74 22 3a 22 36 34 22 2c 22 50 61 72 74 6e 65 72 49 44 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 50 61 72 74 6e 65 72 49 64 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 43 61 6d 70 61 69 67 6e 49 44 22 3a 22 31 36 30 37 35
                                        Data Ascii: {"Data": {"MachineId":"fdd42ee1-88e9-3143-7f4f-be2c09611698","InstallId":"90a0c9b1-1b37-4d26-b254-2c7e43bf3118","Version":"13.900.0.1080","OsVersion":"Microsoft Windows 10 Pro","OsBit":"64","PartnerID":"IN230901","PartnerId":"IN230901","CampaignID":"16075
                                        2024-08-02 16:58:37 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:58:37 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9d20ac1678d0-EWR
                                        2024-08-02 16:58:37 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:58:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        13192.168.2.1749721104.18.26.1494432788C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:58:38 UTC152OUTPOST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 520
                                        2024-08-02 16:58:38 UTC520OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 0d 0a 20 20 22 4d 61 63 68 69 6e 65 49 64 22 3a 20 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 0d 0a 20 20 22 49 6e 73 74 61 6c 6c 49 64 22 3a 20 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 0d 0a 20 20 22 56 65 72 73 69 6f 6e 22 3a 20 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 0d 0a 20 20 22 4f 73 56 65 72 73 69 6f 6e 22 3a 20 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 0d 0a 20 20 22 4f 73 42 69 74 22 3a 20 22 36 34 22 2c 0d 0a 20 20 22 50 61 72 74 6e 65 72 49 64 22 3a 20 22 49 4e 32 33 30 39 30 31 22 2c 0d 0a 20 20 22 43 61 6d 70 61 69 67
                                        Data Ascii: {"Data": { "MachineId": "fdd42ee1-88e9-3143-7f4f-be2c09611698", "InstallId": "90a0c9b1-1b37-4d26-b254-2c7e43bf3118", "Version": "13.900.0.1080", "OsVersion": "Microsoft Windows 10 Pro", "OsBit": "64", "PartnerId": "IN230901", "Campaig
                                        2024-08-02 16:58:38 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:58:38 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9d250bd98c2d-EWR
                                        2024-08-02 16:58:38 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:58:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        14192.168.2.1749722104.18.26.1494432788C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:58:38 UTC155OUTPOST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 460
                                        2024-08-02 16:58:38 UTC460OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 22 4f 73 56 65 72 73 69 6f 6e 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 22 4f 73 42 69 74 22 3a 22 36 34 22 2c 22 50 61 72 74 6e 65 72 49 44 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 50 61 72 74 6e 65 72 49 64 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 43 61 6d 70 61 69 67 6e 49 44 22 3a 22 31 36 30 37 35
                                        Data Ascii: {"Data": {"MachineId":"fdd42ee1-88e9-3143-7f4f-be2c09611698","InstallId":"90a0c9b1-1b37-4d26-b254-2c7e43bf3118","Version":"13.900.0.1080","OsVersion":"Microsoft Windows 10 Pro","OsBit":"64","PartnerID":"IN230901","PartnerId":"IN230901","CampaignID":"16075
                                        2024-08-02 16:58:39 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:58:38 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9d293abc4251-EWR
                                        2024-08-02 16:58:39 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:58:39 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        15192.168.2.1749723104.18.26.1494432788C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:58:39 UTC152OUTPOST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 520
                                        2024-08-02 16:58:39 UTC520OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 0d 0a 20 20 22 4d 61 63 68 69 6e 65 49 64 22 3a 20 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 0d 0a 20 20 22 49 6e 73 74 61 6c 6c 49 64 22 3a 20 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 0d 0a 20 20 22 56 65 72 73 69 6f 6e 22 3a 20 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 0d 0a 20 20 22 4f 73 56 65 72 73 69 6f 6e 22 3a 20 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 0d 0a 20 20 22 4f 73 42 69 74 22 3a 20 22 36 34 22 2c 0d 0a 20 20 22 50 61 72 74 6e 65 72 49 64 22 3a 20 22 49 4e 32 33 30 39 30 31 22 2c 0d 0a 20 20 22 43 61 6d 70 61 69 67
                                        Data Ascii: {"Data": { "MachineId": "fdd42ee1-88e9-3143-7f4f-be2c09611698", "InstallId": "90a0c9b1-1b37-4d26-b254-2c7e43bf3118", "Version": "13.900.0.1080", "OsVersion": "Microsoft Windows 10 Pro", "OsBit": "64", "PartnerId": "IN230901", "Campaig
                                        2024-08-02 16:58:39 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:58:39 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9d2ded5f434f-EWR
                                        2024-08-02 16:58:39 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:58:39 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        16192.168.2.1749724104.18.26.1494432788C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:58:40 UTC155OUTPOST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 475
                                        2024-08-02 16:58:40 UTC475OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 22 4f 73 56 65 72 73 69 6f 6e 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 22 4f 73 42 69 74 22 3a 22 36 34 22 2c 22 50 61 72 74 6e 65 72 49 44 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 50 61 72 74 6e 65 72 49 64 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 43 61 6d 70 61 69 67 6e 49 44 22 3a 22 31 36 30 37 35
                                        Data Ascii: {"Data": {"MachineId":"fdd42ee1-88e9-3143-7f4f-be2c09611698","InstallId":"90a0c9b1-1b37-4d26-b254-2c7e43bf3118","Version":"13.900.0.1080","OsVersion":"Microsoft Windows 10 Pro","OsBit":"64","PartnerID":"IN230901","PartnerId":"IN230901","CampaignID":"16075
                                        2024-08-02 16:58:40 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:58:40 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9d323a73c420-EWR
                                        2024-08-02 16:58:40 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:58:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        17192.168.2.1749725104.18.26.1494432788C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:58:40 UTC152OUTPOST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 520
                                        2024-08-02 16:58:40 UTC520OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 0d 0a 20 20 22 4d 61 63 68 69 6e 65 49 64 22 3a 20 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 0d 0a 20 20 22 49 6e 73 74 61 6c 6c 49 64 22 3a 20 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 0d 0a 20 20 22 56 65 72 73 69 6f 6e 22 3a 20 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 0d 0a 20 20 22 4f 73 56 65 72 73 69 6f 6e 22 3a 20 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 0d 0a 20 20 22 4f 73 42 69 74 22 3a 20 22 36 34 22 2c 0d 0a 20 20 22 50 61 72 74 6e 65 72 49 64 22 3a 20 22 49 4e 32 33 30 39 30 31 22 2c 0d 0a 20 20 22 43 61 6d 70 61 69 67
                                        Data Ascii: {"Data": { "MachineId": "fdd42ee1-88e9-3143-7f4f-be2c09611698", "InstallId": "90a0c9b1-1b37-4d26-b254-2c7e43bf3118", "Version": "13.900.0.1080", "OsVersion": "Microsoft Windows 10 Pro", "OsBit": "64", "PartnerId": "IN230901", "Campaig
                                        2024-08-02 16:58:41 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:58:41 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9d363fea4372-EWR
                                        2024-08-02 16:58:41 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:58:41 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        18192.168.2.1749728104.18.26.1494432788C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:58:41 UTC155OUTPOST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 491
                                        2024-08-02 16:58:41 UTC491OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 22 4f 73 56 65 72 73 69 6f 6e 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 22 4f 73 42 69 74 22 3a 22 36 34 22 2c 22 50 61 72 74 6e 65 72 49 44 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 50 61 72 74 6e 65 72 49 64 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 43 61 6d 70 61 69 67 6e 49 44 22 3a 22 31 36 30 37 35
                                        Data Ascii: {"Data": {"MachineId":"fdd42ee1-88e9-3143-7f4f-be2c09611698","InstallId":"90a0c9b1-1b37-4d26-b254-2c7e43bf3118","Version":"13.900.0.1080","OsVersion":"Microsoft Windows 10 Pro","OsBit":"64","PartnerID":"IN230901","PartnerId":"IN230901","CampaignID":"16075
                                        2024-08-02 16:58:41 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:58:41 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9d3afa8741bd-EWR
                                        2024-08-02 16:58:41 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:58:41 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        19192.168.2.1749729104.16.149.1304432788C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:58:42 UTC118OUTPOST /api/Update/WC HTTP/1.1
                                        Content-Type: application/json
                                        Host: featureflags.lavasoft.com
                                        Content-Length: 194
                                        2024-08-02 16:58:42 UTC194OUTData Raw: 7b 22 47 65 6f 22 3a 22 55 53 22 2c 22 50 61 72 74 6e 65 72 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 43 61 6d 70 61 69 67 6e 22 3a 22 31 36 30 37 35 32 33 36 33 37 37 22 2c 22 49 6e 73 74 61 6c 6c 44 61 74 65 22 3a 22 32 30 32 34 30 38 30 32 22 2c 22 54 72 69 67 67 65 72 54 79 70 65 22 3a 22 69 6e 73 74 61 6c 6c 22 2c 22 54 72 69 67 67 65 72 45 76 65 6e 74 22 3a 22 69 6e 73 74 61 6c 6c 65 72 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 22 66 65 61 74 75 72 65 77 70 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 61 6c 22 3a 74 72 75 65 7d
                                        Data Ascii: {"Geo":"US","Partner":"IN230901","Campaign":"16075236377","InstallDate":"20240802","TriggerType":"install","TriggerEvent":"installer","Version":"13.900.0.1080","featurewp":true,"featureal":true}
                                        2024-08-02 16:58:42 UTC472INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:58:42 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Content-Length: 320
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9d3fe8220f4d-EWR
                                        2024-08-02 16:58:42 UTC320INData Raw: 7b 22 63 6f 64 65 22 3a 22 55 50 44 22 2c 22 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 22 3a 22 7b 5c 22 56 65 72 73 69 6f 6e 5c 22 3a 20 5c 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 5c 22 2c 20 5c 22 49 6e 73 74 61 6c 6c 65 72 45 78 65 5c 22 3a 20 5c 22 68 74 74 70 73 3a 2f 2f 77 63 64 6f 77 6e 6c 6f 61 64 65 72 63 64 6e 2e 6c 61 76 61 73 6f 66 74 2e 63 6f 6d 2f 31 33 2e 30 2e 30 2e 31 30 38 30 2f 57 43 49 6e 73 74 61 6c 6c 65 72 5f 4e 6f 6e 41 64 6d 69 6e 2e 65 78 65 5c 22 2c 20 5c 22 49 6e 73 74 61 6c 6c 65 72 5a 69 70 5c 22 3a 20 5c 22 68 74 74 70 73 3a 2f 2f 77 63 64 6f 77 6e 6c 6f 61 64 65 72 63 64 6e 2e 6c 61 76 61 73 6f 66 74 2e 63 6f 6d 2f 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 2f 57 65 62 43 6f 6d 70 61 6e 69 6f 6e 2d 31 33 2e 39 30 30 2e 30 2e 31
                                        Data Ascii: {"code":"UPD","configuration":"{\"Version\": \"13.900.0.1080\", \"InstallerExe\": \"https://wcdownloadercdn.lavasoft.com/13.0.0.1080/WCInstaller_NonAdmin.exe\", \"InstallerZip\": \"https://wcdownloadercdn.lavasoft.com/13.900.0.1080/WebCompanion-13.900.0.1


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        20192.168.2.1749730104.18.26.1494432788C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:58:43 UTC176OUTPOST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 517
                                        Connection: Keep-Alive
                                        2024-08-02 16:58:43 UTC517OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 0d 0a 20 20 22 4d 61 63 68 69 6e 65 49 64 22 3a 20 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 0d 0a 20 20 22 49 6e 73 74 61 6c 6c 49 64 22 3a 20 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 0d 0a 20 20 22 56 65 72 73 69 6f 6e 22 3a 20 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 0d 0a 20 20 22 4f 73 56 65 72 73 69 6f 6e 22 3a 20 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 0d 0a 20 20 22 4f 73 42 69 74 22 3a 20 22 36 34 22 2c 0d 0a 20 20 22 50 61 72 74 6e 65 72 49 64 22 3a 20 22 49 4e 32 33 30 39 30 31 22 2c 0d 0a 20 20 22 43 61 6d 70 61 69 67
                                        Data Ascii: {"Data": { "MachineId": "fdd42ee1-88e9-3143-7f4f-be2c09611698", "InstallId": "90a0c9b1-1b37-4d26-b254-2c7e43bf3118", "Version": "13.900.0.1080", "OsVersion": "Microsoft Windows 10 Pro", "OsBit": "64", "PartnerId": "IN230901", "Campaig
                                        2024-08-02 16:58:43 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:58:43 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9d444ac378db-EWR
                                        2024-08-02 16:58:43 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:58:43 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        21192.168.2.1749732104.18.26.1494432788C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:58:43 UTC155OUTPOST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 485
                                        2024-08-02 16:58:43 UTC485OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 22 4f 73 56 65 72 73 69 6f 6e 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 22 4f 73 42 69 74 22 3a 22 36 34 22 2c 22 50 61 72 74 6e 65 72 49 44 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 50 61 72 74 6e 65 72 49 64 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 43 61 6d 70 61 69 67 6e 49 44 22 3a 22 31 36 30 37 35
                                        Data Ascii: {"Data": {"MachineId":"fdd42ee1-88e9-3143-7f4f-be2c09611698","InstallId":"90a0c9b1-1b37-4d26-b254-2c7e43bf3118","Version":"13.900.0.1080","OsVersion":"Microsoft Windows 10 Pro","OsBit":"64","PartnerID":"IN230901","PartnerId":"IN230901","CampaignID":"16075
                                        2024-08-02 16:58:44 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:58:43 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9d48a95e43d3-EWR
                                        2024-08-02 16:58:44 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:58:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        22192.168.2.1749733104.16.148.1304432788C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:58:44 UTC127OUTGET /13.900.0.1080/WebCompanion-13.900.0.1080-prod.zip HTTP/1.1
                                        Host: wcdownloadercdn.lavasoft.com
                                        Connection: Keep-Alive
                                        2024-08-02 16:58:44 UTC381INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:58:44 GMT
                                        Content-Type: application/zip
                                        Content-Length: 10494317
                                        Connection: close
                                        ETag: "3718275022"
                                        Last-Modified: Wed, 15 May 2024 10:29:47 GMT
                                        CF-Cache-Status: HIT
                                        Age: 1187
                                        Expires: Fri, 02 Aug 2024 20:58:44 GMT
                                        Cache-Control: public, max-age=14400
                                        Accept-Ranges: bytes
                                        Server: cloudflare
                                        CF-RAY: 8acf9d4d4ab9435d-EWR
                                        2024-08-02 16:58:44 UTC988INData Raw: 50 4b 03 04 14 00 00 00 08 00 d3 25 ae 58 c9 f2 0a dc 46 46 03 00 98 24 07 00 13 00 00 00 41 70 70 6c 69 63 61 74 69 6f 6e 2f 37 7a 61 2e 65 78 65 ec bd 79 78 54 45 d6 38 7c 7b 49 d2 59 48 27 40 43 58 c4 56 5b 8d 84 25 43 50 93 34 68 5f d2 4d 6e 43 47 40 44 51 a3 a0 68 0b ae 18 fa 86 20 8b 60 27 be e9 5c 5b 1d c5 19 75 1c c7 79 67 9c cf 19 97 51 47 59 5c bb 13 c8 c2 be b8 b0 8c 8a 7b 85 16 64 91 10 b6 dc ef 9c 53 b7 b7 10 a2 cf f7 fc 7e ff 7d 79 9e f4 dd aa 4e 9d 3a 75 ea d4 a9 53 a7 4e 55 dc f4 a4 60 10 04 c1 08 ff aa 2a 08 6b 04 fe e7 10 7e fd 8f c1 7f f6 f9 ef 65 0b ef a4 6f be 60 8d ce b3 f9 82 eb e6 ce 5b 60 9d 5f f5 c0 5d 55 b7 dd 67 9d 73 db fd f7 3f e0 b3 de 7e a7 b5 4a be df 3a ef 7e ab 73 ca 74 eb 7d 0f dc 71 e7 a8 3e 7d 32 6c 1a 8c f3 87 dd dd
                                        Data Ascii: PK%XFF$Application/7za.exeyxTE8|{IYH'@CXV[%CP4h_MnCG@DQh `'\[uygQGY\{dS~}yN:uSNU`*k~eo`[`_]Ugs?~J:~st}q>}2l
                                        2024-08-02 16:58:44 UTC1369INData Raw: 24 23 7a 68 16 65 1b d6 f6 c2 2b 0c 82 7f 89 ad 50 f0 0d c7 24 f9 1c 18 0a 38 68 10 2c ec c3 6c ed 56 62 6f c3 6d fb fd 54 69 fc f2 b7 f8 97 67 a3 b7 c5 2c 88 25 fb d7 cd 25 ee 8b b7 51 b0 a2 98 0d de 1e 6d 9f 4d 67 b5 71 b0 42 62 27 b7 f5 f6 3d 9f ed e9 e5 bb 12 c4 aa 32 33 2f 1d 93 38 81 1f ad dd fa ae 14 6b b7 0a e5 90 47 f9 46 52 0e 17 ed 2d b9 c9 64 ae 3d 4f 8f b4 d7 7b fd c5 23 cd 75 39 f0 a0 34 69 e4 73 06 ef 51 95 88 d3 be b1 fa 41 e8 f4 6e 65 a0 72 aa 78 b0 af 9f 84 dd 51 52 43 c5 79 f2 71 85 a7 14 ed 67 96 95 04 cb 75 a2 dd 69 33 2d cc 77 2b 59 36 e0 4b 3d db d1 4f 10 4a 9b 7c d9 ca fa 28 48 e5 e7 48 8e 96 29 92 a6 dd a8 eb dd fe 96 3c fb 6b b6 57 e0 a1 ea 8f 4e 7b 64 e9 40 29 78 8d 55 0a 5a 76 6f 33 0a 6c df 00 41 18 13 6a af 86 51 46 0c ce 80
                                        Data Ascii: $#zhe+P$8h,lVbomTig,%%QmMgqBb'=23/8kGFR-d=O{#u94isQAnerxQRCyqgui3-w+Y6K=OJ|(HH)<kWN{d@)xUZvo3lAjQF
                                        2024-08-02 16:58:44 UTC1369INData Raw: 6f 01 92 a9 81 72 98 19 0c 9d 00 5c 03 59 ae 80 c1 ad 64 96 c9 37 92 0b a1 2b 53 50 08 39 6d 33 71 74 cb 26 71 d8 ca fe 60 e1 63 1b ca a3 2d ac 76 04 f5 84 c2 59 b7 26 4b 94 c4 3e 33 93 0d 4e 11 12 f5 5e f1 3a 69 c5 4f cb b1 9e d1 01 44 54 18 2a 3b f0 38 97 b4 6f ae b0 ce 65 83 7c 28 66 1d a5 2d 72 4a 3b 33 e0 10 ad 69 80 73 d9 25 f7 c2 14 92 3e 6c c5 0f 2b 96 d8 f2 f7 a9 ea c3 55 29 ed 1f 1b a2 aa ed 97 a0 d7 3c b9 e2 cc 9b 30 01 35 d7 4e 00 96 5a 71 e6 2d ba bf 42 c7 93 cc 64 8b fb 90 d4 01 55 15 74 a2 3b aa 73 51 ae e2 fb bf e0 e0 8e af 3d c1 c7 6c ad a4 12 81 d0 bd 0e 68 41 a5 33 ad f4 21 38 aa cf 64 25 c6 98 7a 39 0a 6f db ed 80 03 48 f8 56 52 0d 00 8a 4f 4b 98 13 4f 98 42 09 fb 6a c8 ce 65 97 dd 23 08 1e a5 d2 36 53 cb 37 a1 7e 5c 9e 02 63 a7 dd 97
                                        Data Ascii: or\Yd7+SP9m3qt&q`c-vY&K>3N^:iODT*;8oe|(f-rJ;3is%>l+U)<05NZq-BdUt;sQ=lhA3!8d%z9oHVROKOBje#6S7~\c
                                        2024-08-02 16:58:44 UTC1369INData Raw: 63 ef f8 41 c2 42 a3 d7 df 68 f5 06 72 71 34 32 af ce f5 d6 ed 90 bf 6b da 14 d5 c7 78 e3 79 94 af 61 b4 18 6a f3 2a 4b 05 34 e4 a2 44 f7 da bf f2 4d f3 fa 4f dd 56 95 0b bf 0f 2d 4c 09 2e d8 17 01 4d f2 d4 c3 0b 53 bc ca d1 48 96 79 f5 46 d5 e2 f8 00 2b 71 c8 eb 57 6f ab 1a 06 bf 0f 2d 4c f5 fa 7f b6 46 fa c2 fd c3 d5 90 66 ab 6a 19 4a 69 3a bd f6 e3 72 5f 6f dd 5e 79 25 ef 79 9a 5c 87 5e 79 78 13 e8 fe e9 91 e1 2e a8 a0 1b d0 04 fd 94 e3 9e 02 3a 74 c8 1a 14 3f 1e 37 68 a1 61 79 d8 6a 5e d5 06 b5 0d cb 59 0d 19 a0 1c d7 b6 c9 9b df d4 01 00 ac 6f 16 52 2e 4f e2 a3 2e 0c c9 40 1a bb 0e 2a 15 f2 fd 00 09 20 19 96 b1 dd d5 a0 77 36 64 b8 21 95 da e8 2a 0d fb 2e c4 a2 00 78 aa 18 94 ac 30 e7 68 68 15 79 69 46 98 0d 59 c5 d2 36 d9 04 70 e5 d6 68 31 08 03 80
                                        Data Ascii: cABhrq42kxyaj*K4DMOV-L.MSHyF+qWo-LFfjJi:r_o^y%y\^yx.:t?7hayj^YoR.O.@* w6d!*.x0hhyiFY6ph1
                                        2024-08-02 16:58:44 UTC1369INData Raw: 57 5e b3 d1 64 1a 2d 78 47 82 fd 0b 2a 94 76 04 3e 17 80 13 64 ad b6 9f e1 c4 cb 0f 80 9d 41 17 cc c6 b3 ec c0 47 6e e5 53 36 1f 5e f1 02 f2 63 2b 09 bc 1f 89 8a c3 54 a1 98 9c ca 04 a8 76 5f 9c 14 3a 6d e4 e2 11 80 19 11 ab 51 a3 53 8f c2 84 be 87 cb ef 6d 5e b1 c4 14 f0 d8 1c 4e a5 cd 67 4e 68 8e 12 93 fc 0b 2d 91 56 28 ad 31 a8 1b d9 a8 24 48 67 8d 1f 38 68 b0 65 87 7a 18 3f 34 8e 8c 8e 20 b1 3e 6d 5e b5 e7 3d 6e 6d 3e c1 6e 3b a3 8d 00 2d 5e 31 30 c4 2b b6 94 e9 f9 54 64 16 95 a5 c9 ae bd dc d8 ea 2d 19 0c 3a 3a c8 0f 40 58 6d 22 f6 f9 05 9a fb 3c 9a 65 65 3b 83 65 3a 20 1a 32 8e 7d 25 f6 bf e6 38 ff 27 c3 29 1e 1c 13 81 4d 5c 04 ee 64 bb 4e ab 6a 1d 34 c5 30 df 40 b7 b2 51 d9 69 5e 95 26 81 64 0e 90 6e 28 a9 1b e4 83 80 9c f1 66 21 19 6e b7 f1 ec e9
                                        Data Ascii: W^d-xG*v>dAGnS6^c+Tv_:mQSm^NgNh-V(1$Hg8hez?4 >m^=nm>n;-^10+Td-::@Xm"<ee;e: 2}%8')M\dNj40@Qi^&dn(f!n
                                        2024-08-02 16:58:44 UTC1369INData Raw: 84 41 a0 2e a4 b0 9a 0b 5d ca 3a 34 0d 6f 61 af 9f 46 fd 0d 6a 8a 0f 87 40 a7 15 0d 07 ec f7 9b aa 36 24 29 ac 09 e3 7b 31 88 d0 16 91 34 45 51 61 a4 22 3a 95 49 d0 72 47 a0 1a d0 c4 e6 da 97 04 5c 3a d4 2b 9b 8b 76 80 46 cb fd 9a d0 c8 2f d0 22 40 fe 3f 10 49 a5 53 b6 a9 96 fe 74 ef ab 82 29 d2 8a a9 7c 8a 34 1b 52 ce f6 5d 63 14 d8 a7 8f 01 e7 d8 cb b2 aa 33 10 d3 8d ec 2f 47 b0 25 0c 4e 18 c5 3c 4a 6a d1 0e 65 73 60 89 2d 1f 57 db ad aa 65 c7 cb 08 49 c6 c9 d6 95 67 41 52 10 52 a0 cc 84 d3 3b 50 6a 8d 12 69 a8 c5 bc 66 ce fa 24 9f 42 8f f2 5f 6e 7f d6 79 94 bf db b0 2a ae a2 0e 67 e0 41 93 b3 be d0 55 3f d6 86 75 05 ed c6 a3 ec 77 d9 b7 50 75 33 75 54 dd 8a c0 82 4e f8 3f e4 0a 2c 60 80 dc 56 b8 df a7 5a 26 00 5e a2 bd 59 39 24 8f 56 2d 17 f3 07 73 ed
                                        Data Ascii: A.]:4oaFj@6$){14EQa":IrG\:+vF/"@?ISt)|4R]c3/G%N<Jjes`-WeIgARR;Pjif$B_ny*gAU?uwPu3uTN?,`VZ&^Y9$V-s
                                        2024-08-02 16:58:44 UTC1369INData Raw: e6 3a d4 cb 00 19 f3 ca 50 fb 03 70 fb a6 ae 1d 5d d8 34 bd 9e e6 03 1b d0 6d 20 38 74 02 a8 63 92 7d 0f fa fe 95 e1 9c a5 d2 97 0d bf a3 7d 26 c9 0e 44 d8 25 33 50 5c dc 4a 9b a7 a0 d1 bd bd 93 2d 26 f3 0b f0 dd 56 ae 3c b5 ff e3 20 1a 3d 7b 81 3b da eb 5f dc 55 09 5d 1b 2e a3 65 23 70 70 d7 6f 2f 2e ab 7b 71 57 1e e4 36 d6 e9 49 56 8a 3d b1 8e fe e3 61 cc b0 d5 19 74 c0 3c c7 30 29 d8 df c1 fe 8b c6 f3 84 05 16 65 9a a9 08 cd b2 30 9f 49 f7 fa 4b 86 fb fa c1 ef d5 be 3e 2a ad 5b da 1b ab f6 f3 15 59 18 10 8a 76 78 ed 8d be 7c af 7f 91 be 54 be c0 5b 32 cd 28 0f f1 8e bf 4d a8 4a f5 8e 7f 48 a8 06 69 26 0a 7c cd 92 4c 75 0d 8d f1 39 d7 f2 45 b9 82 af 70 f9 a2 be 82 6f f8 f2 45 fd 04 9f ed 7d 4c 52 72 a3 09 f4 27 45 07 83 fd 88 bf 62 5b 9a c8 b5 23 ff 45
                                        Data Ascii: :Pp]4m 8tc}}&D%3P\J-&V< ={;_U].e#ppo/.{qW6IV=at<0)e0IK>*[Yvx|T[2(MJHi&|Lu9EpoE}LRr'Eb[#E
                                        2024-08-02 16:58:44 UTC1369INData Raw: b5 df a9 ea 93 4a 93 12 b1 9f aa be 97 76 1e 57 08 5e d1 3f 2e ab d2 67 a2 eb 68 79 b2 53 59 af 99 38 79 9e 6a d0 1d 39 5b bc f6 09 d2 9a cf d4 71 37 82 39 b6 d7 2e 15 f5 50 03 36 3d 37 01 1d 39 a5 17 82 2e 1d 6e 56 5c a7 b7 ff 5c f5 c7 82 4e 65 1b 6e 73 c6 3d 7c e4 33 89 90 87 c6 20 5f db 0d 72 7c 17 df 6b df d1 4a b6 b6 d3 e1 79 80 ab f9 51 4e fe 84 c8 27 f5 d0 10 c9 7e 94 1b fe d0 db 1e bb e5 c4 2b 3b 93 5c 96 cf fa fe 55 fc bb b3 de 69 cb d3 64 14 b5 55 3e b6 95 5b 39 2c 36 30 50 cd 80 6b 5d 0d ad 1e a5 b1 68 07 bb ec 04 17 c1 cd a9 02 28 a4 57 e2 16 cb 54 9d b3 61 33 e8 7c 6f eb 70 2a 86 7b b1 1c 0d 0c 3a a8 ce fc e8 40 f2 eb 07 1a e6 e0 a7 41 9d aa 8a 16 09 50 5f ea 4f 6a 3b d4 80 66 85 6c d7 49 cd 65 bb 10 dd 20 80 e7 2d d8 8d af 42 04 95 8d ec 8a
                                        Data Ascii: JvW^?.ghySY8yj9[q79.P6=79.nV\\Nens=|3 _r|kJyQN'~+;\UidU>[9,60Pk]h(WTa3|op*{:@AP_Oj;flIe -B
                                        2024-08-02 16:58:44 UTC1369INData Raw: 70 49 c3 67 73 38 e1 47 c2 1f 0f 3e 4e c5 bb 99 f8 53 89 8f b3 f1 6e 2e fe dc 2b 05 a7 e4 91 fa cf 1c 5d 04 94 56 5e 59 a4 13 45 a6 c7 36 95 7d ad dd 39 d8 5d 31 65 98 8d 6b a5 a5 5c c0 d6 6d d7 74 ca cb 5a b9 44 bd 80 ae 99 38 03 4e d2 88 cf 7b 80 7b 81 88 ea 66 51 d9 84 2a b1 a4 8c 6b 25 6d fc 7f d0 8b de 59 b2 c0 e4 1b 4c 95 ef 8f 3d 58 49 67 6f ec a7 aa cb 46 67 fd 82 7e 62 e9 41 54 1b a7 e4 a3 fe b5 0e 54 80 08 48 f9 29 c5 f8 b4 0a 9f ce 4f 4a f0 37 7c 95 15 4d f0 0c 0f 7e 30 3f 39 06 53 d2 bc e5 a9 ce de f6 51 e6 13 6f 1c 0c 74 8f 65 54 93 c0 e8 38 1b 91 fc 8d c5 34 3a 17 80 40 2e 3a 50 72 8f d5 fc e8 7f 31 6e 86 66 9b 33 a6 e2 bc eb 15 ea 2f 21 13 de d3 32 2f 5f 2b 7a 3a 82 06 30 73 a0 8e 9c 37 a9 55 57 6a cb c0 48 f3 9c cf 01 64 08 7b 8f 03 fe f1
                                        Data Ascii: pIgs8G>NSn.+]V^YE6}9]1ek\mtZD8N{{fQ*k%mYL=XIgoFg~bATTH)OJ7|M~0?9SQoteT84:@.:Pr1nf3/!2/_+z:0s7UWjHd{
                                        2024-08-02 16:58:44 UTC1369INData Raw: 48 d7 c2 01 c4 42 01 24 fa 51 1e e2 1b fd d8 87 80 57 d1 de d2 26 19 03 08 0c 74 2a cd 68 a3 db ac 5a c6 03 0c c9 0e b3 bb 34 2d bc 65 f7 bd 6e 5c ed 67 4b 13 f3 c3 e4 6e 8b 6a c9 e8 96 35 ea f3 02 03 7b 21 6d ab 00 54 fb cc 90 52 b5 ce ae 18 a2 0b 2e 6b 52 30 60 08 da 38 bc dc 17 51 b5 34 2f 35 0a e3 8d f0 7a a1 05 6a 94 1b f3 1a bf 7f 0b d9 43 d1 56 b8 62 1d 42 e5 b8 f5 68 4b 89 ca 18 f6 f2 26 f2 51 93 f8 7e 8f 8d 6c 1e b7 cd 5e 40 f1 d0 b6 a3 66 56 63 51 43 f6 32 d3 82 ec 64 4f 44 5c f1 c1 31 cd 52 5e cb e3 7b dd b3 35 79 e3 cf d9 be 6c 52 cc 97 4d 42 5f 36 07 5b f9 70 82 2f 9b 66 97 c1 2d 47 3c a8 a5 83 34 1d 8a 3a e1 20 a1 cc 3a 61 fe db c2 43 a5 e9 a2 41 85 34 49 a9 49 6d 2d d4 1a 5a b5 d1 b9 4c 69 29 da b1 56 e8 87 54 2b 5c 4c 0c 70 13 ea 75 cf 6a
                                        Data Ascii: HB$QW&t*hZ4-en\gKnj5{!mTR.kR0`8Q4/5zjCVbBhK&Q~l^@fVcQC2dOD\1R^{5ylRMB_6[p/f-G<4: :aCA4IIm-ZLi)VT+\Lpuj


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        23192.168.2.1749740104.16.148.1304432788C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:58:52 UTC103OUTGET /13.900.0.1080/WebCompanion-13.900.0.1080-prod.zip HTTP/1.1
                                        Host: wcdownloadercdn.lavasoft.com
                                        2024-08-02 16:58:53 UTC381INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:58:53 GMT
                                        Content-Type: application/zip
                                        Content-Length: 10494317
                                        Connection: close
                                        ETag: "3718275022"
                                        Last-Modified: Wed, 15 May 2024 10:29:47 GMT
                                        CF-Cache-Status: HIT
                                        Age: 1196
                                        Expires: Fri, 02 Aug 2024 20:58:53 GMT
                                        Cache-Control: public, max-age=14400
                                        Accept-Ranges: bytes
                                        Server: cloudflare
                                        CF-RAY: 8acf9d817bd94414-EWR
                                        2024-08-02 16:58:53 UTC988INData Raw: 50 4b 03 04 14 00 00 00 08 00 d3 25 ae 58 c9 f2 0a dc 46 46 03 00 98 24 07 00 13 00 00 00 41 70 70 6c 69 63 61 74 69 6f 6e 2f 37 7a 61 2e 65 78 65 ec bd 79 78 54 45 d6 38 7c 7b 49 d2 59 48 27 40 43 58 c4 56 5b 8d 84 25 43 50 93 34 68 5f d2 4d 6e 43 47 40 44 51 a3 a0 68 0b ae 18 fa 86 20 8b 60 27 be e9 5c 5b 1d c5 19 75 1c c7 79 67 9c cf 19 97 51 47 59 5c bb 13 c8 c2 be b8 b0 8c 8a 7b 85 16 64 91 10 b6 dc ef 9c 53 b7 b7 10 a2 cf f7 fc 7e ff 7d 79 9e f4 dd aa 4e 9d 3a 75 ea d4 a9 53 a7 4e 55 dc f4 a4 60 10 04 c1 08 ff aa 2a 08 6b 04 fe e7 10 7e fd 8f c1 7f f6 f9 ef 65 0b ef a4 6f be 60 8d ce b3 f9 82 eb e6 ce 5b 60 9d 5f f5 c0 5d 55 b7 dd 67 9d 73 db fd f7 3f e0 b3 de 7e a7 b5 4a be df 3a ef 7e ab 73 ca 74 eb 7d 0f dc 71 e7 a8 3e 7d 32 6c 1a 8c f3 87 dd dd
                                        Data Ascii: PK%XFF$Application/7za.exeyxTE8|{IYH'@CXV[%CP4h_MnCG@DQh `'\[uygQGY\{dS~}yN:uSNU`*k~eo`[`_]Ugs?~J:~st}q>}2l
                                        2024-08-02 16:58:53 UTC1369INData Raw: 24 23 7a 68 16 65 1b d6 f6 c2 2b 0c 82 7f 89 ad 50 f0 0d c7 24 f9 1c 18 0a 38 68 10 2c ec c3 6c ed 56 62 6f c3 6d fb fd 54 69 fc f2 b7 f8 97 67 a3 b7 c5 2c 88 25 fb d7 cd 25 ee 8b b7 51 b0 a2 98 0d de 1e 6d 9f 4d 67 b5 71 b0 42 62 27 b7 f5 f6 3d 9f ed e9 e5 bb 12 c4 aa 32 33 2f 1d 93 38 81 1f ad dd fa ae 14 6b b7 0a e5 90 47 f9 46 52 0e 17 ed 2d b9 c9 64 ae 3d 4f 8f b4 d7 7b fd c5 23 cd 75 39 f0 a0 34 69 e4 73 06 ef 51 95 88 d3 be b1 fa 41 e8 f4 6e 65 a0 72 aa 78 b0 af 9f 84 dd 51 52 43 c5 79 f2 71 85 a7 14 ed 67 96 95 04 cb 75 a2 dd 69 33 2d cc 77 2b 59 36 e0 4b 3d db d1 4f 10 4a 9b 7c d9 ca fa 28 48 e5 e7 48 8e 96 29 92 a6 dd a8 eb dd fe 96 3c fb 6b b6 57 e0 a1 ea 8f 4e 7b 64 e9 40 29 78 8d 55 0a 5a 76 6f 33 0a 6c df 00 41 18 13 6a af 86 51 46 0c ce 80
                                        Data Ascii: $#zhe+P$8h,lVbomTig,%%QmMgqBb'=23/8kGFR-d=O{#u94isQAnerxQRCyqgui3-w+Y6K=OJ|(HH)<kWN{d@)xUZvo3lAjQF
                                        2024-08-02 16:58:53 UTC1369INData Raw: 6f 01 92 a9 81 72 98 19 0c 9d 00 5c 03 59 ae 80 c1 ad 64 96 c9 37 92 0b a1 2b 53 50 08 39 6d 33 71 74 cb 26 71 d8 ca fe 60 e1 63 1b ca a3 2d ac 76 04 f5 84 c2 59 b7 26 4b 94 c4 3e 33 93 0d 4e 11 12 f5 5e f1 3a 69 c5 4f cb b1 9e d1 01 44 54 18 2a 3b f0 38 97 b4 6f ae b0 ce 65 83 7c 28 66 1d a5 2d 72 4a 3b 33 e0 10 ad 69 80 73 d9 25 f7 c2 14 92 3e 6c c5 0f 2b 96 d8 f2 f7 a9 ea c3 55 29 ed 1f 1b a2 aa ed 97 a0 d7 3c b9 e2 cc 9b 30 01 35 d7 4e 00 96 5a 71 e6 2d ba bf 42 c7 93 cc 64 8b fb 90 d4 01 55 15 74 a2 3b aa 73 51 ae e2 fb bf e0 e0 8e af 3d c1 c7 6c ad a4 12 81 d0 bd 0e 68 41 a5 33 ad f4 21 38 aa cf 64 25 c6 98 7a 39 0a 6f db ed 80 03 48 f8 56 52 0d 00 8a 4f 4b 98 13 4f 98 42 09 fb 6a c8 ce 65 97 dd 23 08 1e a5 d2 36 53 cb 37 a1 7e 5c 9e 02 63 a7 dd 97
                                        Data Ascii: or\Yd7+SP9m3qt&q`c-vY&K>3N^:iODT*;8oe|(f-rJ;3is%>l+U)<05NZq-BdUt;sQ=lhA3!8d%z9oHVROKOBje#6S7~\c
                                        2024-08-02 16:58:53 UTC1369INData Raw: 63 ef f8 41 c2 42 a3 d7 df 68 f5 06 72 71 34 32 af ce f5 d6 ed 90 bf 6b da 14 d5 c7 78 e3 79 94 af 61 b4 18 6a f3 2a 4b 05 34 e4 a2 44 f7 da bf f2 4d f3 fa 4f dd 56 95 0b bf 0f 2d 4c 09 2e d8 17 01 4d f2 d4 c3 0b 53 bc ca d1 48 96 79 f5 46 d5 e2 f8 00 2b 71 c8 eb 57 6f ab 1a 06 bf 0f 2d 4c f5 fa 7f b6 46 fa c2 fd c3 d5 90 66 ab 6a 19 4a 69 3a bd f6 e3 72 5f 6f dd 5e 79 25 ef 79 9a 5c 87 5e 79 78 13 e8 fe e9 91 e1 2e a8 a0 1b d0 04 fd 94 e3 9e 02 3a 74 c8 1a 14 3f 1e 37 68 a1 61 79 d8 6a 5e d5 06 b5 0d cb 59 0d 19 a0 1c d7 b6 c9 9b df d4 01 00 ac 6f 16 52 2e 4f e2 a3 2e 0c c9 40 1a bb 0e 2a 15 f2 fd 00 09 20 19 96 b1 dd d5 a0 77 36 64 b8 21 95 da e8 2a 0d fb 2e c4 a2 00 78 aa 18 94 ac 30 e7 68 68 15 79 69 46 98 0d 59 c5 d2 36 d9 04 70 e5 d6 68 31 08 03 80
                                        Data Ascii: cABhrq42kxyaj*K4DMOV-L.MSHyF+qWo-LFfjJi:r_o^y%y\^yx.:t?7hayj^YoR.O.@* w6d!*.x0hhyiFY6ph1
                                        2024-08-02 16:58:53 UTC1369INData Raw: 57 5e b3 d1 64 1a 2d 78 47 82 fd 0b 2a 94 76 04 3e 17 80 13 64 ad b6 9f e1 c4 cb 0f 80 9d 41 17 cc c6 b3 ec c0 47 6e e5 53 36 1f 5e f1 02 f2 63 2b 09 bc 1f 89 8a c3 54 a1 98 9c ca 04 a8 76 5f 9c 14 3a 6d e4 e2 11 80 19 11 ab 51 a3 53 8f c2 84 be 87 cb ef 6d 5e b1 c4 14 f0 d8 1c 4e a5 cd 67 4e 68 8e 12 93 fc 0b 2d 91 56 28 ad 31 a8 1b d9 a8 24 48 67 8d 1f 38 68 b0 65 87 7a 18 3f 34 8e 8c 8e 20 b1 3e 6d 5e b5 e7 3d 6e 6d 3e c1 6e 3b a3 8d 00 2d 5e 31 30 c4 2b b6 94 e9 f9 54 64 16 95 a5 c9 ae bd dc d8 ea 2d 19 0c 3a 3a c8 0f 40 58 6d 22 f6 f9 05 9a fb 3c 9a 65 65 3b 83 65 3a 20 1a 32 8e 7d 25 f6 bf e6 38 ff 27 c3 29 1e 1c 13 81 4d 5c 04 ee 64 bb 4e ab 6a 1d 34 c5 30 df 40 b7 b2 51 d9 69 5e 95 26 81 64 0e 90 6e 28 a9 1b e4 83 80 9c f1 66 21 19 6e b7 f1 ec e9
                                        Data Ascii: W^d-xG*v>dAGnS6^c+Tv_:mQSm^NgNh-V(1$Hg8hez?4 >m^=nm>n;-^10+Td-::@Xm"<ee;e: 2}%8')M\dNj40@Qi^&dn(f!n
                                        2024-08-02 16:58:53 UTC1369INData Raw: 84 41 a0 2e a4 b0 9a 0b 5d ca 3a 34 0d 6f 61 af 9f 46 fd 0d 6a 8a 0f 87 40 a7 15 0d 07 ec f7 9b aa 36 24 29 ac 09 e3 7b 31 88 d0 16 91 34 45 51 61 a4 22 3a 95 49 d0 72 47 a0 1a d0 c4 e6 da 97 04 5c 3a d4 2b 9b 8b 76 80 46 cb fd 9a d0 c8 2f d0 22 40 fe 3f 10 49 a5 53 b6 a9 96 fe 74 ef ab 82 29 d2 8a a9 7c 8a 34 1b 52 ce f6 5d 63 14 d8 a7 8f 01 e7 d8 cb b2 aa 33 10 d3 8d ec 2f 47 b0 25 0c 4e 18 c5 3c 4a 6a d1 0e 65 73 60 89 2d 1f 57 db ad aa 65 c7 cb 08 49 c6 c9 d6 95 67 41 52 10 52 a0 cc 84 d3 3b 50 6a 8d 12 69 a8 c5 bc 66 ce fa 24 9f 42 8f f2 5f 6e 7f d6 79 94 bf db b0 2a ae a2 0e 67 e0 41 93 b3 be d0 55 3f d6 86 75 05 ed c6 a3 ec 77 d9 b7 50 75 33 75 54 dd 8a c0 82 4e f8 3f e4 0a 2c 60 80 dc 56 b8 df a7 5a 26 00 5e a2 bd 59 39 24 8f 56 2d 17 f3 07 73 ed
                                        Data Ascii: A.]:4oaFj@6$){14EQa":IrG\:+vF/"@?ISt)|4R]c3/G%N<Jjes`-WeIgARR;Pjif$B_ny*gAU?uwPu3uTN?,`VZ&^Y9$V-s
                                        2024-08-02 16:58:53 UTC1369INData Raw: e6 3a d4 cb 00 19 f3 ca 50 fb 03 70 fb a6 ae 1d 5d d8 34 bd 9e e6 03 1b d0 6d 20 38 74 02 a8 63 92 7d 0f fa fe 95 e1 9c a5 d2 97 0d bf a3 7d 26 c9 0e 44 d8 25 33 50 5c dc 4a 9b a7 a0 d1 bd bd 93 2d 26 f3 0b f0 dd 56 ae 3c b5 ff e3 20 1a 3d 7b 81 3b da eb 5f dc 55 09 5d 1b 2e a3 65 23 70 70 d7 6f 2f 2e ab 7b 71 57 1e e4 36 d6 e9 49 56 8a 3d b1 8e fe e3 61 cc b0 d5 19 74 c0 3c c7 30 29 d8 df c1 fe 8b c6 f3 84 05 16 65 9a a9 08 cd b2 30 9f 49 f7 fa 4b 86 fb fa c1 ef d5 be 3e 2a ad 5b da 1b ab f6 f3 15 59 18 10 8a 76 78 ed 8d be 7c af 7f 91 be 54 be c0 5b 32 cd 28 0f f1 8e bf 4d a8 4a f5 8e 7f 48 a8 06 69 26 0a 7c cd 92 4c 75 0d 8d f1 39 d7 f2 45 b9 82 af 70 f9 a2 be 82 6f f8 f2 45 fd 04 9f ed 7d 4c 52 72 a3 09 f4 27 45 07 83 fd 88 bf 62 5b 9a c8 b5 23 ff 45
                                        Data Ascii: :Pp]4m 8tc}}&D%3P\J-&V< ={;_U].e#ppo/.{qW6IV=at<0)e0IK>*[Yvx|T[2(MJHi&|Lu9EpoE}LRr'Eb[#E
                                        2024-08-02 16:58:53 UTC1369INData Raw: b5 df a9 ea 93 4a 93 12 b1 9f aa be 97 76 1e 57 08 5e d1 3f 2e ab d2 67 a2 eb 68 79 b2 53 59 af 99 38 79 9e 6a d0 1d 39 5b bc f6 09 d2 9a cf d4 71 37 82 39 b6 d7 2e 15 f5 50 03 36 3d 37 01 1d 39 a5 17 82 2e 1d 6e 56 5c a7 b7 ff 5c f5 c7 82 4e 65 1b 6e 73 c6 3d 7c e4 33 89 90 87 c6 20 5f db 0d 72 7c 17 df 6b df d1 4a b6 b6 d3 e1 79 80 ab f9 51 4e fe 84 c8 27 f5 d0 10 c9 7e 94 1b fe d0 db 1e bb e5 c4 2b 3b 93 5c 96 cf fa fe 55 fc bb b3 de 69 cb d3 64 14 b5 55 3e b6 95 5b 39 2c 36 30 50 cd 80 6b 5d 0d ad 1e a5 b1 68 07 bb ec 04 17 c1 cd a9 02 28 a4 57 e2 16 cb 54 9d b3 61 33 e8 7c 6f eb 70 2a 86 7b b1 1c 0d 0c 3a a8 ce fc e8 40 f2 eb 07 1a e6 e0 a7 41 9d aa 8a 16 09 50 5f ea 4f 6a 3b d4 80 66 85 6c d7 49 cd 65 bb 10 dd 20 80 e7 2d d8 8d af 42 04 95 8d ec 8a
                                        Data Ascii: JvW^?.ghySY8yj9[q79.P6=79.nV\\Nens=|3 _r|kJyQN'~+;\UidU>[9,60Pk]h(WTa3|op*{:@AP_Oj;flIe -B
                                        2024-08-02 16:58:53 UTC1369INData Raw: 70 49 c3 67 73 38 e1 47 c2 1f 0f 3e 4e c5 bb 99 f8 53 89 8f b3 f1 6e 2e fe dc 2b 05 a7 e4 91 fa cf 1c 5d 04 94 56 5e 59 a4 13 45 a6 c7 36 95 7d ad dd 39 d8 5d 31 65 98 8d 6b a5 a5 5c c0 d6 6d d7 74 ca cb 5a b9 44 bd 80 ae 99 38 03 4e d2 88 cf 7b 80 7b 81 88 ea 66 51 d9 84 2a b1 a4 8c 6b 25 6d fc 7f d0 8b de 59 b2 c0 e4 1b 4c 95 ef 8f 3d 58 49 67 6f ec a7 aa cb 46 67 fd 82 7e 62 e9 41 54 1b a7 e4 a3 fe b5 0e 54 80 08 48 f9 29 c5 f8 b4 0a 9f ce 4f 4a f0 37 7c 95 15 4d f0 0c 0f 7e 30 3f 39 06 53 d2 bc e5 a9 ce de f6 51 e6 13 6f 1c 0c 74 8f 65 54 93 c0 e8 38 1b 91 fc 8d c5 34 3a 17 80 40 2e 3a 50 72 8f d5 fc e8 7f 31 6e 86 66 9b 33 a6 e2 bc eb 15 ea 2f 21 13 de d3 32 2f 5f 2b 7a 3a 82 06 30 73 a0 8e 9c 37 a9 55 57 6a cb c0 48 f3 9c cf 01 64 08 7b 8f 03 fe f1
                                        Data Ascii: pIgs8G>NSn.+]V^YE6}9]1ek\mtZD8N{{fQ*k%mYL=XIgoFg~bATTH)OJ7|M~0?9SQoteT84:@.:Pr1nf3/!2/_+z:0s7UWjHd{
                                        2024-08-02 16:58:53 UTC1369INData Raw: 48 d7 c2 01 c4 42 01 24 fa 51 1e e2 1b fd d8 87 80 57 d1 de d2 26 19 03 08 0c 74 2a cd 68 a3 db ac 5a c6 03 0c c9 0e b3 bb 34 2d bc 65 f7 bd 6e 5c ed 67 4b 13 f3 c3 e4 6e 8b 6a c9 e8 96 35 ea f3 02 03 7b 21 6d ab 00 54 fb cc 90 52 b5 ce ae 18 a2 0b 2e 6b 52 30 60 08 da 38 bc dc 17 51 b5 34 2f 35 0a e3 8d f0 7a a1 05 6a 94 1b f3 1a bf 7f 0b d9 43 d1 56 b8 62 1d 42 e5 b8 f5 68 4b 89 ca 18 f6 f2 26 f2 51 93 f8 7e 8f 8d 6c 1e b7 cd 5e 40 f1 d0 b6 a3 66 56 63 51 43 f6 32 d3 82 ec 64 4f 44 5c f1 c1 31 cd 52 5e cb e3 7b dd b3 35 79 e3 cf d9 be 6c 52 cc 97 4d 42 5f 36 07 5b f9 70 82 2f 9b 66 97 c1 2d 47 3c a8 a5 83 34 1d 8a 3a e1 20 a1 cc 3a 61 fe db c2 43 a5 e9 a2 41 85 34 49 a9 49 6d 2d d4 1a 5a b5 d1 b9 4c 69 29 da b1 56 e8 87 54 2b 5c 4c 0c 70 13 ea 75 cf 6a
                                        Data Ascii: HB$QW&t*hZ4-en\gKnj5{!mTR.kR0`8Q4/5zjCVbBhK&Q~l^@fVcQC2dOD\1R^{5ylRMB_6[p/f-G<4: :aCA4IIm-ZLi)VT+\Lpuj


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        24192.168.2.1749741104.16.148.1304432788C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:59:01 UTC127OUTGET /13.900.0.1080/WebCompanion-13.900.0.1080-prod.zip HTTP/1.1
                                        Host: wcdownloadercdn.lavasoft.com
                                        Connection: Keep-Alive
                                        2024-08-02 16:59:01 UTC381INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:59:01 GMT
                                        Content-Type: application/zip
                                        Content-Length: 10494317
                                        Connection: close
                                        ETag: "3718275022"
                                        Last-Modified: Wed, 15 May 2024 10:29:47 GMT
                                        CF-Cache-Status: HIT
                                        Age: 1204
                                        Expires: Fri, 02 Aug 2024 20:59:01 GMT
                                        Cache-Control: public, max-age=14400
                                        Accept-Ranges: bytes
                                        Server: cloudflare
                                        CF-RAY: 8acf9db70e457cee-EWR
                                        2024-08-02 16:59:01 UTC988INData Raw: 50 4b 03 04 14 00 00 00 08 00 d3 25 ae 58 c9 f2 0a dc 46 46 03 00 98 24 07 00 13 00 00 00 41 70 70 6c 69 63 61 74 69 6f 6e 2f 37 7a 61 2e 65 78 65 ec bd 79 78 54 45 d6 38 7c 7b 49 d2 59 48 27 40 43 58 c4 56 5b 8d 84 25 43 50 93 34 68 5f d2 4d 6e 43 47 40 44 51 a3 a0 68 0b ae 18 fa 86 20 8b 60 27 be e9 5c 5b 1d c5 19 75 1c c7 79 67 9c cf 19 97 51 47 59 5c bb 13 c8 c2 be b8 b0 8c 8a 7b 85 16 64 91 10 b6 dc ef 9c 53 b7 b7 10 a2 cf f7 fc 7e ff 7d 79 9e f4 dd aa 4e 9d 3a 75 ea d4 a9 53 a7 4e 55 dc f4 a4 60 10 04 c1 08 ff aa 2a 08 6b 04 fe e7 10 7e fd 8f c1 7f f6 f9 ef 65 0b ef a4 6f be 60 8d ce b3 f9 82 eb e6 ce 5b 60 9d 5f f5 c0 5d 55 b7 dd 67 9d 73 db fd f7 3f e0 b3 de 7e a7 b5 4a be df 3a ef 7e ab 73 ca 74 eb 7d 0f dc 71 e7 a8 3e 7d 32 6c 1a 8c f3 87 dd dd
                                        Data Ascii: PK%XFF$Application/7za.exeyxTE8|{IYH'@CXV[%CP4h_MnCG@DQh `'\[uygQGY\{dS~}yN:uSNU`*k~eo`[`_]Ugs?~J:~st}q>}2l
                                        2024-08-02 16:59:01 UTC1369INData Raw: 24 23 7a 68 16 65 1b d6 f6 c2 2b 0c 82 7f 89 ad 50 f0 0d c7 24 f9 1c 18 0a 38 68 10 2c ec c3 6c ed 56 62 6f c3 6d fb fd 54 69 fc f2 b7 f8 97 67 a3 b7 c5 2c 88 25 fb d7 cd 25 ee 8b b7 51 b0 a2 98 0d de 1e 6d 9f 4d 67 b5 71 b0 42 62 27 b7 f5 f6 3d 9f ed e9 e5 bb 12 c4 aa 32 33 2f 1d 93 38 81 1f ad dd fa ae 14 6b b7 0a e5 90 47 f9 46 52 0e 17 ed 2d b9 c9 64 ae 3d 4f 8f b4 d7 7b fd c5 23 cd 75 39 f0 a0 34 69 e4 73 06 ef 51 95 88 d3 be b1 fa 41 e8 f4 6e 65 a0 72 aa 78 b0 af 9f 84 dd 51 52 43 c5 79 f2 71 85 a7 14 ed 67 96 95 04 cb 75 a2 dd 69 33 2d cc 77 2b 59 36 e0 4b 3d db d1 4f 10 4a 9b 7c d9 ca fa 28 48 e5 e7 48 8e 96 29 92 a6 dd a8 eb dd fe 96 3c fb 6b b6 57 e0 a1 ea 8f 4e 7b 64 e9 40 29 78 8d 55 0a 5a 76 6f 33 0a 6c df 00 41 18 13 6a af 86 51 46 0c ce 80
                                        Data Ascii: $#zhe+P$8h,lVbomTig,%%QmMgqBb'=23/8kGFR-d=O{#u94isQAnerxQRCyqgui3-w+Y6K=OJ|(HH)<kWN{d@)xUZvo3lAjQF
                                        2024-08-02 16:59:01 UTC1369INData Raw: 6f 01 92 a9 81 72 98 19 0c 9d 00 5c 03 59 ae 80 c1 ad 64 96 c9 37 92 0b a1 2b 53 50 08 39 6d 33 71 74 cb 26 71 d8 ca fe 60 e1 63 1b ca a3 2d ac 76 04 f5 84 c2 59 b7 26 4b 94 c4 3e 33 93 0d 4e 11 12 f5 5e f1 3a 69 c5 4f cb b1 9e d1 01 44 54 18 2a 3b f0 38 97 b4 6f ae b0 ce 65 83 7c 28 66 1d a5 2d 72 4a 3b 33 e0 10 ad 69 80 73 d9 25 f7 c2 14 92 3e 6c c5 0f 2b 96 d8 f2 f7 a9 ea c3 55 29 ed 1f 1b a2 aa ed 97 a0 d7 3c b9 e2 cc 9b 30 01 35 d7 4e 00 96 5a 71 e6 2d ba bf 42 c7 93 cc 64 8b fb 90 d4 01 55 15 74 a2 3b aa 73 51 ae e2 fb bf e0 e0 8e af 3d c1 c7 6c ad a4 12 81 d0 bd 0e 68 41 a5 33 ad f4 21 38 aa cf 64 25 c6 98 7a 39 0a 6f db ed 80 03 48 f8 56 52 0d 00 8a 4f 4b 98 13 4f 98 42 09 fb 6a c8 ce 65 97 dd 23 08 1e a5 d2 36 53 cb 37 a1 7e 5c 9e 02 63 a7 dd 97
                                        Data Ascii: or\Yd7+SP9m3qt&q`c-vY&K>3N^:iODT*;8oe|(f-rJ;3is%>l+U)<05NZq-BdUt;sQ=lhA3!8d%z9oHVROKOBje#6S7~\c
                                        2024-08-02 16:59:01 UTC1369INData Raw: 63 ef f8 41 c2 42 a3 d7 df 68 f5 06 72 71 34 32 af ce f5 d6 ed 90 bf 6b da 14 d5 c7 78 e3 79 94 af 61 b4 18 6a f3 2a 4b 05 34 e4 a2 44 f7 da bf f2 4d f3 fa 4f dd 56 95 0b bf 0f 2d 4c 09 2e d8 17 01 4d f2 d4 c3 0b 53 bc ca d1 48 96 79 f5 46 d5 e2 f8 00 2b 71 c8 eb 57 6f ab 1a 06 bf 0f 2d 4c f5 fa 7f b6 46 fa c2 fd c3 d5 90 66 ab 6a 19 4a 69 3a bd f6 e3 72 5f 6f dd 5e 79 25 ef 79 9a 5c 87 5e 79 78 13 e8 fe e9 91 e1 2e a8 a0 1b d0 04 fd 94 e3 9e 02 3a 74 c8 1a 14 3f 1e 37 68 a1 61 79 d8 6a 5e d5 06 b5 0d cb 59 0d 19 a0 1c d7 b6 c9 9b df d4 01 00 ac 6f 16 52 2e 4f e2 a3 2e 0c c9 40 1a bb 0e 2a 15 f2 fd 00 09 20 19 96 b1 dd d5 a0 77 36 64 b8 21 95 da e8 2a 0d fb 2e c4 a2 00 78 aa 18 94 ac 30 e7 68 68 15 79 69 46 98 0d 59 c5 d2 36 d9 04 70 e5 d6 68 31 08 03 80
                                        Data Ascii: cABhrq42kxyaj*K4DMOV-L.MSHyF+qWo-LFfjJi:r_o^y%y\^yx.:t?7hayj^YoR.O.@* w6d!*.x0hhyiFY6ph1
                                        2024-08-02 16:59:01 UTC1369INData Raw: 57 5e b3 d1 64 1a 2d 78 47 82 fd 0b 2a 94 76 04 3e 17 80 13 64 ad b6 9f e1 c4 cb 0f 80 9d 41 17 cc c6 b3 ec c0 47 6e e5 53 36 1f 5e f1 02 f2 63 2b 09 bc 1f 89 8a c3 54 a1 98 9c ca 04 a8 76 5f 9c 14 3a 6d e4 e2 11 80 19 11 ab 51 a3 53 8f c2 84 be 87 cb ef 6d 5e b1 c4 14 f0 d8 1c 4e a5 cd 67 4e 68 8e 12 93 fc 0b 2d 91 56 28 ad 31 a8 1b d9 a8 24 48 67 8d 1f 38 68 b0 65 87 7a 18 3f 34 8e 8c 8e 20 b1 3e 6d 5e b5 e7 3d 6e 6d 3e c1 6e 3b a3 8d 00 2d 5e 31 30 c4 2b b6 94 e9 f9 54 64 16 95 a5 c9 ae bd dc d8 ea 2d 19 0c 3a 3a c8 0f 40 58 6d 22 f6 f9 05 9a fb 3c 9a 65 65 3b 83 65 3a 20 1a 32 8e 7d 25 f6 bf e6 38 ff 27 c3 29 1e 1c 13 81 4d 5c 04 ee 64 bb 4e ab 6a 1d 34 c5 30 df 40 b7 b2 51 d9 69 5e 95 26 81 64 0e 90 6e 28 a9 1b e4 83 80 9c f1 66 21 19 6e b7 f1 ec e9
                                        Data Ascii: W^d-xG*v>dAGnS6^c+Tv_:mQSm^NgNh-V(1$Hg8hez?4 >m^=nm>n;-^10+Td-::@Xm"<ee;e: 2}%8')M\dNj40@Qi^&dn(f!n
                                        2024-08-02 16:59:01 UTC1369INData Raw: 84 41 a0 2e a4 b0 9a 0b 5d ca 3a 34 0d 6f 61 af 9f 46 fd 0d 6a 8a 0f 87 40 a7 15 0d 07 ec f7 9b aa 36 24 29 ac 09 e3 7b 31 88 d0 16 91 34 45 51 61 a4 22 3a 95 49 d0 72 47 a0 1a d0 c4 e6 da 97 04 5c 3a d4 2b 9b 8b 76 80 46 cb fd 9a d0 c8 2f d0 22 40 fe 3f 10 49 a5 53 b6 a9 96 fe 74 ef ab 82 29 d2 8a a9 7c 8a 34 1b 52 ce f6 5d 63 14 d8 a7 8f 01 e7 d8 cb b2 aa 33 10 d3 8d ec 2f 47 b0 25 0c 4e 18 c5 3c 4a 6a d1 0e 65 73 60 89 2d 1f 57 db ad aa 65 c7 cb 08 49 c6 c9 d6 95 67 41 52 10 52 a0 cc 84 d3 3b 50 6a 8d 12 69 a8 c5 bc 66 ce fa 24 9f 42 8f f2 5f 6e 7f d6 79 94 bf db b0 2a ae a2 0e 67 e0 41 93 b3 be d0 55 3f d6 86 75 05 ed c6 a3 ec 77 d9 b7 50 75 33 75 54 dd 8a c0 82 4e f8 3f e4 0a 2c 60 80 dc 56 b8 df a7 5a 26 00 5e a2 bd 59 39 24 8f 56 2d 17 f3 07 73 ed
                                        Data Ascii: A.]:4oaFj@6$){14EQa":IrG\:+vF/"@?ISt)|4R]c3/G%N<Jjes`-WeIgARR;Pjif$B_ny*gAU?uwPu3uTN?,`VZ&^Y9$V-s
                                        2024-08-02 16:59:01 UTC1369INData Raw: e6 3a d4 cb 00 19 f3 ca 50 fb 03 70 fb a6 ae 1d 5d d8 34 bd 9e e6 03 1b d0 6d 20 38 74 02 a8 63 92 7d 0f fa fe 95 e1 9c a5 d2 97 0d bf a3 7d 26 c9 0e 44 d8 25 33 50 5c dc 4a 9b a7 a0 d1 bd bd 93 2d 26 f3 0b f0 dd 56 ae 3c b5 ff e3 20 1a 3d 7b 81 3b da eb 5f dc 55 09 5d 1b 2e a3 65 23 70 70 d7 6f 2f 2e ab 7b 71 57 1e e4 36 d6 e9 49 56 8a 3d b1 8e fe e3 61 cc b0 d5 19 74 c0 3c c7 30 29 d8 df c1 fe 8b c6 f3 84 05 16 65 9a a9 08 cd b2 30 9f 49 f7 fa 4b 86 fb fa c1 ef d5 be 3e 2a ad 5b da 1b ab f6 f3 15 59 18 10 8a 76 78 ed 8d be 7c af 7f 91 be 54 be c0 5b 32 cd 28 0f f1 8e bf 4d a8 4a f5 8e 7f 48 a8 06 69 26 0a 7c cd 92 4c 75 0d 8d f1 39 d7 f2 45 b9 82 af 70 f9 a2 be 82 6f f8 f2 45 fd 04 9f ed 7d 4c 52 72 a3 09 f4 27 45 07 83 fd 88 bf 62 5b 9a c8 b5 23 ff 45
                                        Data Ascii: :Pp]4m 8tc}}&D%3P\J-&V< ={;_U].e#ppo/.{qW6IV=at<0)e0IK>*[Yvx|T[2(MJHi&|Lu9EpoE}LRr'Eb[#E
                                        2024-08-02 16:59:01 UTC1369INData Raw: b5 df a9 ea 93 4a 93 12 b1 9f aa be 97 76 1e 57 08 5e d1 3f 2e ab d2 67 a2 eb 68 79 b2 53 59 af 99 38 79 9e 6a d0 1d 39 5b bc f6 09 d2 9a cf d4 71 37 82 39 b6 d7 2e 15 f5 50 03 36 3d 37 01 1d 39 a5 17 82 2e 1d 6e 56 5c a7 b7 ff 5c f5 c7 82 4e 65 1b 6e 73 c6 3d 7c e4 33 89 90 87 c6 20 5f db 0d 72 7c 17 df 6b df d1 4a b6 b6 d3 e1 79 80 ab f9 51 4e fe 84 c8 27 f5 d0 10 c9 7e 94 1b fe d0 db 1e bb e5 c4 2b 3b 93 5c 96 cf fa fe 55 fc bb b3 de 69 cb d3 64 14 b5 55 3e b6 95 5b 39 2c 36 30 50 cd 80 6b 5d 0d ad 1e a5 b1 68 07 bb ec 04 17 c1 cd a9 02 28 a4 57 e2 16 cb 54 9d b3 61 33 e8 7c 6f eb 70 2a 86 7b b1 1c 0d 0c 3a a8 ce fc e8 40 f2 eb 07 1a e6 e0 a7 41 9d aa 8a 16 09 50 5f ea 4f 6a 3b d4 80 66 85 6c d7 49 cd 65 bb 10 dd 20 80 e7 2d d8 8d af 42 04 95 8d ec 8a
                                        Data Ascii: JvW^?.ghySY8yj9[q79.P6=79.nV\\Nens=|3 _r|kJyQN'~+;\UidU>[9,60Pk]h(WTa3|op*{:@AP_Oj;flIe -B
                                        2024-08-02 16:59:01 UTC1369INData Raw: 70 49 c3 67 73 38 e1 47 c2 1f 0f 3e 4e c5 bb 99 f8 53 89 8f b3 f1 6e 2e fe dc 2b 05 a7 e4 91 fa cf 1c 5d 04 94 56 5e 59 a4 13 45 a6 c7 36 95 7d ad dd 39 d8 5d 31 65 98 8d 6b a5 a5 5c c0 d6 6d d7 74 ca cb 5a b9 44 bd 80 ae 99 38 03 4e d2 88 cf 7b 80 7b 81 88 ea 66 51 d9 84 2a b1 a4 8c 6b 25 6d fc 7f d0 8b de 59 b2 c0 e4 1b 4c 95 ef 8f 3d 58 49 67 6f ec a7 aa cb 46 67 fd 82 7e 62 e9 41 54 1b a7 e4 a3 fe b5 0e 54 80 08 48 f9 29 c5 f8 b4 0a 9f ce 4f 4a f0 37 7c 95 15 4d f0 0c 0f 7e 30 3f 39 06 53 d2 bc e5 a9 ce de f6 51 e6 13 6f 1c 0c 74 8f 65 54 93 c0 e8 38 1b 91 fc 8d c5 34 3a 17 80 40 2e 3a 50 72 8f d5 fc e8 7f 31 6e 86 66 9b 33 a6 e2 bc eb 15 ea 2f 21 13 de d3 32 2f 5f 2b 7a 3a 82 06 30 73 a0 8e 9c 37 a9 55 57 6a cb c0 48 f3 9c cf 01 64 08 7b 8f 03 fe f1
                                        Data Ascii: pIgs8G>NSn.+]V^YE6}9]1ek\mtZD8N{{fQ*k%mYL=XIgoFg~bATTH)OJ7|M~0?9SQoteT84:@.:Pr1nf3/!2/_+z:0s7UWjHd{
                                        2024-08-02 16:59:01 UTC1369INData Raw: 48 d7 c2 01 c4 42 01 24 fa 51 1e e2 1b fd d8 87 80 57 d1 de d2 26 19 03 08 0c 74 2a cd 68 a3 db ac 5a c6 03 0c c9 0e b3 bb 34 2d bc 65 f7 bd 6e 5c ed 67 4b 13 f3 c3 e4 6e 8b 6a c9 e8 96 35 ea f3 02 03 7b 21 6d ab 00 54 fb cc 90 52 b5 ce ae 18 a2 0b 2e 6b 52 30 60 08 da 38 bc dc 17 51 b5 34 2f 35 0a e3 8d f0 7a a1 05 6a 94 1b f3 1a bf 7f 0b d9 43 d1 56 b8 62 1d 42 e5 b8 f5 68 4b 89 ca 18 f6 f2 26 f2 51 93 f8 7e 8f 8d 6c 1e b7 cd 5e 40 f1 d0 b6 a3 66 56 63 51 43 f6 32 d3 82 ec 64 4f 44 5c f1 c1 31 cd 52 5e cb e3 7b dd b3 35 79 e3 cf d9 be 6c 52 cc 97 4d 42 5f 36 07 5b f9 70 82 2f 9b 66 97 c1 2d 47 3c a8 a5 83 34 1d 8a 3a e1 20 a1 cc 3a 61 fe db c2 43 a5 e9 a2 41 85 34 49 a9 49 6d 2d d4 1a 5a b5 d1 b9 4c 69 29 da b1 56 e8 87 54 2b 5c 4c 0c 70 13 ea 75 cf 6a
                                        Data Ascii: HB$QW&t*hZ4-en\gKnj5{!mTR.kR0`8Q4/5zjCVbBhK&Q~l^@fVcQC2dOD\1R^{5ylRMB_6[p/f-G<4: :aCA4IIm-ZLi)VT+\Lpuj


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        25192.168.2.1749742104.16.148.1304432788C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:59:10 UTC127OUTGET /13.900.0.1080/WebCompanion-13.900.0.1080-prod.zip HTTP/1.1
                                        Host: wcdownloadercdn.lavasoft.com
                                        Connection: Keep-Alive
                                        2024-08-02 16:59:10 UTC381INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:59:10 GMT
                                        Content-Type: application/zip
                                        Content-Length: 10494317
                                        Connection: close
                                        ETag: "3718275022"
                                        Last-Modified: Wed, 15 May 2024 10:29:47 GMT
                                        CF-Cache-Status: HIT
                                        Age: 1213
                                        Expires: Fri, 02 Aug 2024 20:59:10 GMT
                                        Cache-Control: public, max-age=14400
                                        Accept-Ranges: bytes
                                        Server: cloudflare
                                        CF-RAY: 8acf9dec58ffc34d-EWR
                                        2024-08-02 16:59:10 UTC988INData Raw: 50 4b 03 04 14 00 00 00 08 00 d3 25 ae 58 c9 f2 0a dc 46 46 03 00 98 24 07 00 13 00 00 00 41 70 70 6c 69 63 61 74 69 6f 6e 2f 37 7a 61 2e 65 78 65 ec bd 79 78 54 45 d6 38 7c 7b 49 d2 59 48 27 40 43 58 c4 56 5b 8d 84 25 43 50 93 34 68 5f d2 4d 6e 43 47 40 44 51 a3 a0 68 0b ae 18 fa 86 20 8b 60 27 be e9 5c 5b 1d c5 19 75 1c c7 79 67 9c cf 19 97 51 47 59 5c bb 13 c8 c2 be b8 b0 8c 8a 7b 85 16 64 91 10 b6 dc ef 9c 53 b7 b7 10 a2 cf f7 fc 7e ff 7d 79 9e f4 dd aa 4e 9d 3a 75 ea d4 a9 53 a7 4e 55 dc f4 a4 60 10 04 c1 08 ff aa 2a 08 6b 04 fe e7 10 7e fd 8f c1 7f f6 f9 ef 65 0b ef a4 6f be 60 8d ce b3 f9 82 eb e6 ce 5b 60 9d 5f f5 c0 5d 55 b7 dd 67 9d 73 db fd f7 3f e0 b3 de 7e a7 b5 4a be df 3a ef 7e ab 73 ca 74 eb 7d 0f dc 71 e7 a8 3e 7d 32 6c 1a 8c f3 87 dd dd
                                        Data Ascii: PK%XFF$Application/7za.exeyxTE8|{IYH'@CXV[%CP4h_MnCG@DQh `'\[uygQGY\{dS~}yN:uSNU`*k~eo`[`_]Ugs?~J:~st}q>}2l
                                        2024-08-02 16:59:10 UTC1369INData Raw: 24 23 7a 68 16 65 1b d6 f6 c2 2b 0c 82 7f 89 ad 50 f0 0d c7 24 f9 1c 18 0a 38 68 10 2c ec c3 6c ed 56 62 6f c3 6d fb fd 54 69 fc f2 b7 f8 97 67 a3 b7 c5 2c 88 25 fb d7 cd 25 ee 8b b7 51 b0 a2 98 0d de 1e 6d 9f 4d 67 b5 71 b0 42 62 27 b7 f5 f6 3d 9f ed e9 e5 bb 12 c4 aa 32 33 2f 1d 93 38 81 1f ad dd fa ae 14 6b b7 0a e5 90 47 f9 46 52 0e 17 ed 2d b9 c9 64 ae 3d 4f 8f b4 d7 7b fd c5 23 cd 75 39 f0 a0 34 69 e4 73 06 ef 51 95 88 d3 be b1 fa 41 e8 f4 6e 65 a0 72 aa 78 b0 af 9f 84 dd 51 52 43 c5 79 f2 71 85 a7 14 ed 67 96 95 04 cb 75 a2 dd 69 33 2d cc 77 2b 59 36 e0 4b 3d db d1 4f 10 4a 9b 7c d9 ca fa 28 48 e5 e7 48 8e 96 29 92 a6 dd a8 eb dd fe 96 3c fb 6b b6 57 e0 a1 ea 8f 4e 7b 64 e9 40 29 78 8d 55 0a 5a 76 6f 33 0a 6c df 00 41 18 13 6a af 86 51 46 0c ce 80
                                        Data Ascii: $#zhe+P$8h,lVbomTig,%%QmMgqBb'=23/8kGFR-d=O{#u94isQAnerxQRCyqgui3-w+Y6K=OJ|(HH)<kWN{d@)xUZvo3lAjQF
                                        2024-08-02 16:59:10 UTC1369INData Raw: 6f 01 92 a9 81 72 98 19 0c 9d 00 5c 03 59 ae 80 c1 ad 64 96 c9 37 92 0b a1 2b 53 50 08 39 6d 33 71 74 cb 26 71 d8 ca fe 60 e1 63 1b ca a3 2d ac 76 04 f5 84 c2 59 b7 26 4b 94 c4 3e 33 93 0d 4e 11 12 f5 5e f1 3a 69 c5 4f cb b1 9e d1 01 44 54 18 2a 3b f0 38 97 b4 6f ae b0 ce 65 83 7c 28 66 1d a5 2d 72 4a 3b 33 e0 10 ad 69 80 73 d9 25 f7 c2 14 92 3e 6c c5 0f 2b 96 d8 f2 f7 a9 ea c3 55 29 ed 1f 1b a2 aa ed 97 a0 d7 3c b9 e2 cc 9b 30 01 35 d7 4e 00 96 5a 71 e6 2d ba bf 42 c7 93 cc 64 8b fb 90 d4 01 55 15 74 a2 3b aa 73 51 ae e2 fb bf e0 e0 8e af 3d c1 c7 6c ad a4 12 81 d0 bd 0e 68 41 a5 33 ad f4 21 38 aa cf 64 25 c6 98 7a 39 0a 6f db ed 80 03 48 f8 56 52 0d 00 8a 4f 4b 98 13 4f 98 42 09 fb 6a c8 ce 65 97 dd 23 08 1e a5 d2 36 53 cb 37 a1 7e 5c 9e 02 63 a7 dd 97
                                        Data Ascii: or\Yd7+SP9m3qt&q`c-vY&K>3N^:iODT*;8oe|(f-rJ;3is%>l+U)<05NZq-BdUt;sQ=lhA3!8d%z9oHVROKOBje#6S7~\c
                                        2024-08-02 16:59:10 UTC1369INData Raw: 63 ef f8 41 c2 42 a3 d7 df 68 f5 06 72 71 34 32 af ce f5 d6 ed 90 bf 6b da 14 d5 c7 78 e3 79 94 af 61 b4 18 6a f3 2a 4b 05 34 e4 a2 44 f7 da bf f2 4d f3 fa 4f dd 56 95 0b bf 0f 2d 4c 09 2e d8 17 01 4d f2 d4 c3 0b 53 bc ca d1 48 96 79 f5 46 d5 e2 f8 00 2b 71 c8 eb 57 6f ab 1a 06 bf 0f 2d 4c f5 fa 7f b6 46 fa c2 fd c3 d5 90 66 ab 6a 19 4a 69 3a bd f6 e3 72 5f 6f dd 5e 79 25 ef 79 9a 5c 87 5e 79 78 13 e8 fe e9 91 e1 2e a8 a0 1b d0 04 fd 94 e3 9e 02 3a 74 c8 1a 14 3f 1e 37 68 a1 61 79 d8 6a 5e d5 06 b5 0d cb 59 0d 19 a0 1c d7 b6 c9 9b df d4 01 00 ac 6f 16 52 2e 4f e2 a3 2e 0c c9 40 1a bb 0e 2a 15 f2 fd 00 09 20 19 96 b1 dd d5 a0 77 36 64 b8 21 95 da e8 2a 0d fb 2e c4 a2 00 78 aa 18 94 ac 30 e7 68 68 15 79 69 46 98 0d 59 c5 d2 36 d9 04 70 e5 d6 68 31 08 03 80
                                        Data Ascii: cABhrq42kxyaj*K4DMOV-L.MSHyF+qWo-LFfjJi:r_o^y%y\^yx.:t?7hayj^YoR.O.@* w6d!*.x0hhyiFY6ph1
                                        2024-08-02 16:59:10 UTC1369INData Raw: 57 5e b3 d1 64 1a 2d 78 47 82 fd 0b 2a 94 76 04 3e 17 80 13 64 ad b6 9f e1 c4 cb 0f 80 9d 41 17 cc c6 b3 ec c0 47 6e e5 53 36 1f 5e f1 02 f2 63 2b 09 bc 1f 89 8a c3 54 a1 98 9c ca 04 a8 76 5f 9c 14 3a 6d e4 e2 11 80 19 11 ab 51 a3 53 8f c2 84 be 87 cb ef 6d 5e b1 c4 14 f0 d8 1c 4e a5 cd 67 4e 68 8e 12 93 fc 0b 2d 91 56 28 ad 31 a8 1b d9 a8 24 48 67 8d 1f 38 68 b0 65 87 7a 18 3f 34 8e 8c 8e 20 b1 3e 6d 5e b5 e7 3d 6e 6d 3e c1 6e 3b a3 8d 00 2d 5e 31 30 c4 2b b6 94 e9 f9 54 64 16 95 a5 c9 ae bd dc d8 ea 2d 19 0c 3a 3a c8 0f 40 58 6d 22 f6 f9 05 9a fb 3c 9a 65 65 3b 83 65 3a 20 1a 32 8e 7d 25 f6 bf e6 38 ff 27 c3 29 1e 1c 13 81 4d 5c 04 ee 64 bb 4e ab 6a 1d 34 c5 30 df 40 b7 b2 51 d9 69 5e 95 26 81 64 0e 90 6e 28 a9 1b e4 83 80 9c f1 66 21 19 6e b7 f1 ec e9
                                        Data Ascii: W^d-xG*v>dAGnS6^c+Tv_:mQSm^NgNh-V(1$Hg8hez?4 >m^=nm>n;-^10+Td-::@Xm"<ee;e: 2}%8')M\dNj40@Qi^&dn(f!n
                                        2024-08-02 16:59:10 UTC1369INData Raw: 84 41 a0 2e a4 b0 9a 0b 5d ca 3a 34 0d 6f 61 af 9f 46 fd 0d 6a 8a 0f 87 40 a7 15 0d 07 ec f7 9b aa 36 24 29 ac 09 e3 7b 31 88 d0 16 91 34 45 51 61 a4 22 3a 95 49 d0 72 47 a0 1a d0 c4 e6 da 97 04 5c 3a d4 2b 9b 8b 76 80 46 cb fd 9a d0 c8 2f d0 22 40 fe 3f 10 49 a5 53 b6 a9 96 fe 74 ef ab 82 29 d2 8a a9 7c 8a 34 1b 52 ce f6 5d 63 14 d8 a7 8f 01 e7 d8 cb b2 aa 33 10 d3 8d ec 2f 47 b0 25 0c 4e 18 c5 3c 4a 6a d1 0e 65 73 60 89 2d 1f 57 db ad aa 65 c7 cb 08 49 c6 c9 d6 95 67 41 52 10 52 a0 cc 84 d3 3b 50 6a 8d 12 69 a8 c5 bc 66 ce fa 24 9f 42 8f f2 5f 6e 7f d6 79 94 bf db b0 2a ae a2 0e 67 e0 41 93 b3 be d0 55 3f d6 86 75 05 ed c6 a3 ec 77 d9 b7 50 75 33 75 54 dd 8a c0 82 4e f8 3f e4 0a 2c 60 80 dc 56 b8 df a7 5a 26 00 5e a2 bd 59 39 24 8f 56 2d 17 f3 07 73 ed
                                        Data Ascii: A.]:4oaFj@6$){14EQa":IrG\:+vF/"@?ISt)|4R]c3/G%N<Jjes`-WeIgARR;Pjif$B_ny*gAU?uwPu3uTN?,`VZ&^Y9$V-s
                                        2024-08-02 16:59:10 UTC1369INData Raw: e6 3a d4 cb 00 19 f3 ca 50 fb 03 70 fb a6 ae 1d 5d d8 34 bd 9e e6 03 1b d0 6d 20 38 74 02 a8 63 92 7d 0f fa fe 95 e1 9c a5 d2 97 0d bf a3 7d 26 c9 0e 44 d8 25 33 50 5c dc 4a 9b a7 a0 d1 bd bd 93 2d 26 f3 0b f0 dd 56 ae 3c b5 ff e3 20 1a 3d 7b 81 3b da eb 5f dc 55 09 5d 1b 2e a3 65 23 70 70 d7 6f 2f 2e ab 7b 71 57 1e e4 36 d6 e9 49 56 8a 3d b1 8e fe e3 61 cc b0 d5 19 74 c0 3c c7 30 29 d8 df c1 fe 8b c6 f3 84 05 16 65 9a a9 08 cd b2 30 9f 49 f7 fa 4b 86 fb fa c1 ef d5 be 3e 2a ad 5b da 1b ab f6 f3 15 59 18 10 8a 76 78 ed 8d be 7c af 7f 91 be 54 be c0 5b 32 cd 28 0f f1 8e bf 4d a8 4a f5 8e 7f 48 a8 06 69 26 0a 7c cd 92 4c 75 0d 8d f1 39 d7 f2 45 b9 82 af 70 f9 a2 be 82 6f f8 f2 45 fd 04 9f ed 7d 4c 52 72 a3 09 f4 27 45 07 83 fd 88 bf 62 5b 9a c8 b5 23 ff 45
                                        Data Ascii: :Pp]4m 8tc}}&D%3P\J-&V< ={;_U].e#ppo/.{qW6IV=at<0)e0IK>*[Yvx|T[2(MJHi&|Lu9EpoE}LRr'Eb[#E
                                        2024-08-02 16:59:10 UTC1369INData Raw: b5 df a9 ea 93 4a 93 12 b1 9f aa be 97 76 1e 57 08 5e d1 3f 2e ab d2 67 a2 eb 68 79 b2 53 59 af 99 38 79 9e 6a d0 1d 39 5b bc f6 09 d2 9a cf d4 71 37 82 39 b6 d7 2e 15 f5 50 03 36 3d 37 01 1d 39 a5 17 82 2e 1d 6e 56 5c a7 b7 ff 5c f5 c7 82 4e 65 1b 6e 73 c6 3d 7c e4 33 89 90 87 c6 20 5f db 0d 72 7c 17 df 6b df d1 4a b6 b6 d3 e1 79 80 ab f9 51 4e fe 84 c8 27 f5 d0 10 c9 7e 94 1b fe d0 db 1e bb e5 c4 2b 3b 93 5c 96 cf fa fe 55 fc bb b3 de 69 cb d3 64 14 b5 55 3e b6 95 5b 39 2c 36 30 50 cd 80 6b 5d 0d ad 1e a5 b1 68 07 bb ec 04 17 c1 cd a9 02 28 a4 57 e2 16 cb 54 9d b3 61 33 e8 7c 6f eb 70 2a 86 7b b1 1c 0d 0c 3a a8 ce fc e8 40 f2 eb 07 1a e6 e0 a7 41 9d aa 8a 16 09 50 5f ea 4f 6a 3b d4 80 66 85 6c d7 49 cd 65 bb 10 dd 20 80 e7 2d d8 8d af 42 04 95 8d ec 8a
                                        Data Ascii: JvW^?.ghySY8yj9[q79.P6=79.nV\\Nens=|3 _r|kJyQN'~+;\UidU>[9,60Pk]h(WTa3|op*{:@AP_Oj;flIe -B
                                        2024-08-02 16:59:10 UTC1369INData Raw: 70 49 c3 67 73 38 e1 47 c2 1f 0f 3e 4e c5 bb 99 f8 53 89 8f b3 f1 6e 2e fe dc 2b 05 a7 e4 91 fa cf 1c 5d 04 94 56 5e 59 a4 13 45 a6 c7 36 95 7d ad dd 39 d8 5d 31 65 98 8d 6b a5 a5 5c c0 d6 6d d7 74 ca cb 5a b9 44 bd 80 ae 99 38 03 4e d2 88 cf 7b 80 7b 81 88 ea 66 51 d9 84 2a b1 a4 8c 6b 25 6d fc 7f d0 8b de 59 b2 c0 e4 1b 4c 95 ef 8f 3d 58 49 67 6f ec a7 aa cb 46 67 fd 82 7e 62 e9 41 54 1b a7 e4 a3 fe b5 0e 54 80 08 48 f9 29 c5 f8 b4 0a 9f ce 4f 4a f0 37 7c 95 15 4d f0 0c 0f 7e 30 3f 39 06 53 d2 bc e5 a9 ce de f6 51 e6 13 6f 1c 0c 74 8f 65 54 93 c0 e8 38 1b 91 fc 8d c5 34 3a 17 80 40 2e 3a 50 72 8f d5 fc e8 7f 31 6e 86 66 9b 33 a6 e2 bc eb 15 ea 2f 21 13 de d3 32 2f 5f 2b 7a 3a 82 06 30 73 a0 8e 9c 37 a9 55 57 6a cb c0 48 f3 9c cf 01 64 08 7b 8f 03 fe f1
                                        Data Ascii: pIgs8G>NSn.+]V^YE6}9]1ek\mtZD8N{{fQ*k%mYL=XIgoFg~bATTH)OJ7|M~0?9SQoteT84:@.:Pr1nf3/!2/_+z:0s7UWjHd{
                                        2024-08-02 16:59:10 UTC1369INData Raw: 48 d7 c2 01 c4 42 01 24 fa 51 1e e2 1b fd d8 87 80 57 d1 de d2 26 19 03 08 0c 74 2a cd 68 a3 db ac 5a c6 03 0c c9 0e b3 bb 34 2d bc 65 f7 bd 6e 5c ed 67 4b 13 f3 c3 e4 6e 8b 6a c9 e8 96 35 ea f3 02 03 7b 21 6d ab 00 54 fb cc 90 52 b5 ce ae 18 a2 0b 2e 6b 52 30 60 08 da 38 bc dc 17 51 b5 34 2f 35 0a e3 8d f0 7a a1 05 6a 94 1b f3 1a bf 7f 0b d9 43 d1 56 b8 62 1d 42 e5 b8 f5 68 4b 89 ca 18 f6 f2 26 f2 51 93 f8 7e 8f 8d 6c 1e b7 cd 5e 40 f1 d0 b6 a3 66 56 63 51 43 f6 32 d3 82 ec 64 4f 44 5c f1 c1 31 cd 52 5e cb e3 7b dd b3 35 79 e3 cf d9 be 6c 52 cc 97 4d 42 5f 36 07 5b f9 70 82 2f 9b 66 97 c1 2d 47 3c a8 a5 83 34 1d 8a 3a e1 20 a1 cc 3a 61 fe db c2 43 a5 e9 a2 41 85 34 49 a9 49 6d 2d d4 1a 5a b5 d1 b9 4c 69 29 da b1 56 e8 87 54 2b 5c 4c 0c 70 13 ea 75 cf 6a
                                        Data Ascii: HB$QW&t*hZ4-en\gKnj5{!mTR.kR0`8Q4/5zjCVbBhK&Q~l^@fVcQC2dOD\1R^{5ylRMB_6[p/f-G<4: :aCA4IIm-ZLi)VT+\Lpuj


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        26192.168.2.1749744104.18.26.1494432788C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:59:18 UTC173OUTPOST /v1/event-stat?Type=ErrorInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 728
                                        Connection: Keep-Alive
                                        2024-08-02 16:59:18 UTC728OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 0d 0a 20 20 22 4d 61 63 68 69 6e 65 49 64 22 3a 20 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 0d 0a 20 20 22 49 6e 73 74 61 6c 6c 49 64 22 3a 20 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 0d 0a 20 20 22 56 65 72 73 69 6f 6e 22 3a 20 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 0d 0a 20 20 22 4f 73 56 65 72 73 69 6f 6e 22 3a 20 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 0d 0a 20 20 22 4f 73 42 69 74 22 3a 20 22 36 34 22 2c 0d 0a 20 20 22 50 61 72 74 6e 65 72 49 64 22 3a 20 22 49 4e 32 33 30 39 30 31 22 2c 0d 0a 20 20 22 43 61 6d 70 61 69 67
                                        Data Ascii: {"Data": { "MachineId": "fdd42ee1-88e9-3143-7f4f-be2c09611698", "InstallId": "90a0c9b1-1b37-4d26-b254-2c7e43bf3118", "Version": "13.900.0.1080", "OsVersion": "Microsoft Windows 10 Pro", "OsBit": "64", "PartnerId": "IN230901", "Campaig
                                        2024-08-02 16:59:18 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:59:18 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9e224ce4423a-EWR
                                        2024-08-02 16:59:18 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:59:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        27192.168.2.1749745104.18.26.1494432788C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:59:19 UTC152OUTPOST /v1/event-stat-wc?Type=ErrorInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 674
                                        2024-08-02 16:59:19 UTC674OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 22 4f 73 56 65 72 73 69 6f 6e 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 22 4f 73 42 69 74 22 3a 22 36 34 22 2c 22 50 61 72 74 6e 65 72 49 44 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 50 61 72 74 6e 65 72 49 64 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 43 61 6d 70 61 69 67 6e 49 44 22 3a 22 31 36 30 37 35
                                        Data Ascii: {"Data": {"MachineId":"fdd42ee1-88e9-3143-7f4f-be2c09611698","InstallId":"90a0c9b1-1b37-4d26-b254-2c7e43bf3118","Version":"13.900.0.1080","OsVersion":"Microsoft Windows 10 Pro","OsBit":"64","PartnerID":"IN230901","PartnerId":"IN230901","CampaignID":"16075
                                        2024-08-02 16:59:19 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:59:19 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9e274ef11998-EWR
                                        2024-08-02 16:59:19 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:59:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        28192.168.2.1749746104.18.26.1494432788C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:59:37 UTC145OUTPOST /v1/event-stat?Type=Complete&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 447
                                        2024-08-02 16:59:37 UTC447OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 0d 0a 20 20 22 4d 61 63 68 69 6e 65 49 64 22 3a 20 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 0d 0a 20 20 22 49 6e 73 74 61 6c 6c 49 64 22 3a 20 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 0d 0a 20 20 22 56 65 72 73 69 6f 6e 22 3a 20 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 0d 0a 20 20 22 54 72 69 67 67 65 72 22 3a 20 22 69 6e 73 74 61 6c 6c 22 2c 0d 0a 20 20 22 4f 73 56 65 72 73 69 6f 6e 22 3a 20 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 0d 0a 20 20 22 4f 73 42 69 74 22 3a 20 22 36 34 22 2c 0d 0a 20 20 22 50 61 72 74 6e 65 72 49 64 22
                                        Data Ascii: {"Data": { "MachineId": "fdd42ee1-88e9-3143-7f4f-be2c09611698", "InstallId": "90a0c9b1-1b37-4d26-b254-2c7e43bf3118", "Version": "13.900.0.1080", "Trigger": "install", "OsVersion": "Microsoft Windows 10 Pro", "OsBit": "64", "PartnerId"
                                        2024-08-02 16:59:37 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:59:37 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9e96fc7f43a7-EWR
                                        2024-08-02 16:59:37 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:59:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        29192.168.2.1749747104.18.26.1494432788C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:59:37 UTC172OUTPOST /v1/event-stat-wc?Type=Complete&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 398
                                        Connection: Keep-Alive
                                        2024-08-02 16:59:37 UTC398OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 22 54 72 69 67 67 65 72 22 3a 22 69 6e 73 74 61 6c 6c 22 2c 22 4f 73 56 65 72 73 69 6f 6e 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 22 4f 73 42 69 74 22 3a 22 36 34 22 2c 22 50 61 72 74 6e 65 72 49 44 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 50 61 72 74 6e 65 72 49 64 22 3a 22 49 4e 32 33 30 39 30 31 22
                                        Data Ascii: {"Data": {"MachineId":"fdd42ee1-88e9-3143-7f4f-be2c09611698","InstallId":"90a0c9b1-1b37-4d26-b254-2c7e43bf3118","Version":"13.900.0.1080","Trigger":"install","OsVersion":"Microsoft Windows 10 Pro","OsBit":"64","PartnerID":"IN230901","PartnerId":"IN230901"
                                        2024-08-02 16:59:38 UTC235INHTTP/1.1 400 Bad Request
                                        Date: Fri, 02 Aug 2024 16:59:38 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9e9af8bdb9c5-EWR
                                        2024-08-02 16:59:38 UTC39INData Raw: 32 31 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 49 6e 76 61 6c 69 64 20 66 6f 72 6d 61 74 2f 64 61 74 61 22 7d 0d 0a
                                        Data Ascii: 21{"message":"Invalid format/data"}
                                        2024-08-02 16:59:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        30192.168.2.1749749104.16.149.1304436580C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:59:44 UTC143OUTPOST /api/feature/WC HTTP/1.1
                                        Content-Type: application/json
                                        Host: featureflags.lavasoft.com
                                        Content-Length: 194
                                        Connection: Keep-Alive
                                        2024-08-02 16:59:44 UTC194OUTData Raw: 7b 22 47 65 6f 22 3a 22 47 42 22 2c 22 50 61 72 74 6e 65 72 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 43 61 6d 70 61 69 67 6e 22 3a 22 31 36 30 37 35 32 33 36 33 37 37 22 2c 22 49 6e 73 74 61 6c 6c 44 61 74 65 22 3a 22 32 30 32 34 30 38 30 32 22 2c 22 54 72 69 67 67 65 72 54 79 70 65 22 3a 22 69 6e 73 74 61 6c 6c 22 2c 22 54 72 69 67 67 65 72 45 76 65 6e 74 22 3a 22 69 6e 73 74 61 6c 6c 65 72 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 22 66 65 61 74 75 72 65 77 70 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 61 6c 22 3a 74 72 75 65 7d
                                        Data Ascii: {"Geo":"GB","Partner":"IN230901","Campaign":"16075236377","InstallDate":"20240802","TriggerType":"install","TriggerEvent":"installer","Version":"13.900.0.1080","featurewp":true,"featureal":true}
                                        2024-08-02 16:59:44 UTC472INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:59:44 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Content-Length: 877
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9ec168b28c41-EWR
                                        2024-08-02 16:59:44 UTC877INData Raw: 5b 7b 22 73 65 63 74 69 6f 6e 43 6f 64 65 22 3a 22 57 41 43 22 2c 22 63 6f 64 65 22 3a 22 57 41 43 22 2c 22 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 22 3a 22 7b 5c 22 49 63 6f 6e 5c 22 3a 20 5c 22 68 74 74 70 73 3a 2f 2f 77 65 62 63 6f 6d 70 61 6e 69 6f 6e 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 5c 22 2c 20 5c 22 41 70 70 4e 61 6d 65 5c 22 3a 20 5c 22 57 65 62 20 43 6f 6d 70 61 6e 69 6f 6e 5c 22 2c 20 5c 22 53 65 74 74 69 6e 67 73 5c 22 3a 20 5b 5c 22 57 43 41 75 74 6f 55 70 64 61 74 65 5c 22 2c 20 5c 22 45 6e 61 62 6c 65 47 72 61 6e 75 6c 61 72 69 74 79 5c 22 2c 20 5c 22 50 6f 73 74 52 75 6e 56 32 41 63 74 69 6f 6e 5c 22 2c 20 5c 22 50 6f 73 74 52 75 6e 54 69 6d 65 72 41 63 74 69 6f 6e 5c 22 2c 20 5c 22 45 6e 61 62 6c 65 54 65
                                        Data Ascii: [{"sectionCode":"WAC","code":"WAC","configuration":"{\"Icon\": \"https://webcompanion.com/images/favicon.ico\", \"AppName\": \"Web Companion\", \"Settings\": [\"WCAutoUpdate\", \"EnableGranularity\", \"PostRunV2Action\", \"PostRunTimerAction\", \"EnableTe


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        31192.168.2.1749750104.18.26.1494436580C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:59:45 UTC166OUTPOST /v1/event-stat?Type=Start&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 447
                                        Connection: Keep-Alive
                                        2024-08-02 16:59:45 UTC447OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 0d 0a 20 20 22 4d 61 63 68 69 6e 65 49 64 22 3a 20 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 0d 0a 20 20 22 49 6e 73 74 61 6c 6c 49 64 22 3a 20 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 0d 0a 20 20 22 56 65 72 73 69 6f 6e 22 3a 20 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 0d 0a 20 20 22 54 72 69 67 67 65 72 22 3a 20 22 69 6e 73 74 61 6c 6c 22 2c 0d 0a 20 20 22 4f 73 56 65 72 73 69 6f 6e 22 3a 20 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 0d 0a 20 20 22 4f 73 42 69 74 22 3a 20 22 36 34 22 2c 0d 0a 20 20 22 50 61 72 74 6e 65 72 49 64 22
                                        Data Ascii: {"Data": { "MachineId": "fdd42ee1-88e9-3143-7f4f-be2c09611698", "InstallId": "90a0c9b1-1b37-4d26-b254-2c7e43bf3118", "Version": "13.900.0.1080", "Trigger": "install", "OsVersion": "Microsoft Windows 10 Pro", "OsBit": "64", "PartnerId"
                                        2024-08-02 16:59:45 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:59:45 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9ec6dcfa42e8-EWR
                                        2024-08-02 16:59:45 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:59:45 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        32192.168.2.1749751104.18.26.1494436580C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:59:45 UTC145OUTPOST /v1/event-stat-wc?Type=Start&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 398
                                        2024-08-02 16:59:45 UTC398OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 22 54 72 69 67 67 65 72 22 3a 22 69 6e 73 74 61 6c 6c 22 2c 22 4f 73 56 65 72 73 69 6f 6e 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 22 4f 73 42 69 74 22 3a 22 36 34 22 2c 22 50 61 72 74 6e 65 72 49 44 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 50 61 72 74 6e 65 72 49 64 22 3a 22 49 4e 32 33 30 39 30 31 22
                                        Data Ascii: {"Data": {"MachineId":"fdd42ee1-88e9-3143-7f4f-be2c09611698","InstallId":"90a0c9b1-1b37-4d26-b254-2c7e43bf3118","Version":"13.900.0.1080","Trigger":"install","OsVersion":"Microsoft Windows 10 Pro","OsBit":"64","PartnerID":"IN230901","PartnerId":"IN230901"
                                        2024-08-02 16:59:45 UTC235INHTTP/1.1 400 Bad Request
                                        Date: Fri, 02 Aug 2024 16:59:45 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9ecbbb580fa4-EWR
                                        2024-08-02 16:59:45 UTC39INData Raw: 32 31 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 49 6e 76 61 6c 69 64 20 66 6f 72 6d 61 74 2f 64 61 74 61 22 7d 0d 0a
                                        Data Ascii: 21{"message":"Invalid format/data"}
                                        2024-08-02 16:59:45 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        33192.168.2.1749752104.18.26.1494436580C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:59:46 UTC152OUTPOST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 508
                                        2024-08-02 16:59:46 UTC508OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 0d 0a 20 20 22 4d 61 63 68 69 6e 65 49 64 22 3a 20 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 0d 0a 20 20 22 49 6e 73 74 61 6c 6c 49 64 22 3a 20 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 0d 0a 20 20 22 56 65 72 73 69 6f 6e 22 3a 20 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 0d 0a 20 20 22 4f 73 56 65 72 73 69 6f 6e 22 3a 20 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 0d 0a 20 20 22 4f 73 42 69 74 22 3a 20 22 36 34 22 2c 0d 0a 20 20 22 50 61 72 74 6e 65 72 49 64 22 3a 20 22 49 4e 32 33 30 39 30 31 22 2c 0d 0a 20 20 22 43 61 6d 70 61 69 67
                                        Data Ascii: {"Data": { "MachineId": "fdd42ee1-88e9-3143-7f4f-be2c09611698", "InstallId": "90a0c9b1-1b37-4d26-b254-2c7e43bf3118", "Version": "13.900.0.1080", "OsVersion": "Microsoft Windows 10 Pro", "OsBit": "64", "PartnerId": "IN230901", "Campaig
                                        2024-08-02 16:59:46 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:59:46 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9ed01b4478d9-EWR
                                        2024-08-02 16:59:46 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:59:46 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        34192.168.2.1749753104.18.26.1494436580C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:59:47 UTC155OUTPOST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 647
                                        2024-08-02 16:59:47 UTC647OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 22 4f 73 56 65 72 73 69 6f 6e 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 22 4f 73 42 69 74 22 3a 22 36 34 22 2c 22 50 61 72 74 6e 65 72 49 44 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 50 61 72 74 6e 65 72 49 64 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 43 61 6d 70 61 69 67 6e 49 44 22 3a 22 31 36 30 37 35
                                        Data Ascii: {"Data": {"MachineId":"fdd42ee1-88e9-3143-7f4f-be2c09611698","InstallId":"90a0c9b1-1b37-4d26-b254-2c7e43bf3118","Version":"13.900.0.1080","OsVersion":"Microsoft Windows 10 Pro","OsBit":"64","PartnerID":"IN230901","PartnerId":"IN230901","CampaignID":"16075
                                        2024-08-02 16:59:47 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:59:47 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9ed44898c407-EWR
                                        2024-08-02 16:59:47 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:59:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        35192.168.2.1749754104.18.26.1494436580C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:59:48 UTC152OUTPOST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 515
                                        2024-08-02 16:59:48 UTC515OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 0d 0a 20 20 22 4d 61 63 68 69 6e 65 49 64 22 3a 20 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 0d 0a 20 20 22 49 6e 73 74 61 6c 6c 49 64 22 3a 20 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 0d 0a 20 20 22 56 65 72 73 69 6f 6e 22 3a 20 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 0d 0a 20 20 22 4f 73 56 65 72 73 69 6f 6e 22 3a 20 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 0d 0a 20 20 22 4f 73 42 69 74 22 3a 20 22 36 34 22 2c 0d 0a 20 20 22 50 61 72 74 6e 65 72 49 64 22 3a 20 22 49 4e 32 33 30 39 30 31 22 2c 0d 0a 20 20 22 43 61 6d 70 61 69 67
                                        Data Ascii: {"Data": { "MachineId": "fdd42ee1-88e9-3143-7f4f-be2c09611698", "InstallId": "90a0c9b1-1b37-4d26-b254-2c7e43bf3118", "Version": "13.900.0.1080", "OsVersion": "Microsoft Windows 10 Pro", "OsBit": "64", "PartnerId": "IN230901", "Campaig
                                        2024-08-02 16:59:48 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:59:48 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9edc18060cd1-EWR
                                        2024-08-02 16:59:48 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:59:48 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        36192.168.2.1749755104.18.26.1494436580C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:59:49 UTC155OUTPOST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 482
                                        2024-08-02 16:59:49 UTC482OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 22 4f 73 56 65 72 73 69 6f 6e 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 22 4f 73 42 69 74 22 3a 22 36 34 22 2c 22 50 61 72 74 6e 65 72 49 44 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 50 61 72 74 6e 65 72 49 64 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 43 61 6d 70 61 69 67 6e 49 44 22 3a 22 31 36 30 37 35
                                        Data Ascii: {"Data": {"MachineId":"fdd42ee1-88e9-3143-7f4f-be2c09611698","InstallId":"90a0c9b1-1b37-4d26-b254-2c7e43bf3118","Version":"13.900.0.1080","OsVersion":"Microsoft Windows 10 Pro","OsBit":"64","PartnerID":"IN230901","PartnerId":"IN230901","CampaignID":"16075
                                        2024-08-02 16:59:49 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:59:49 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9ee06c421986-EWR
                                        2024-08-02 16:59:49 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:59:49 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        37192.168.2.1749756104.18.26.1494436580C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:59:49 UTC152OUTPOST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 515
                                        2024-08-02 16:59:49 UTC515OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 0d 0a 20 20 22 4d 61 63 68 69 6e 65 49 64 22 3a 20 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 0d 0a 20 20 22 49 6e 73 74 61 6c 6c 49 64 22 3a 20 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 0d 0a 20 20 22 56 65 72 73 69 6f 6e 22 3a 20 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 0d 0a 20 20 22 4f 73 56 65 72 73 69 6f 6e 22 3a 20 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 0d 0a 20 20 22 4f 73 42 69 74 22 3a 20 22 36 34 22 2c 0d 0a 20 20 22 50 61 72 74 6e 65 72 49 64 22 3a 20 22 49 4e 32 33 30 39 30 31 22 2c 0d 0a 20 20 22 43 61 6d 70 61 69 67
                                        Data Ascii: {"Data": { "MachineId": "fdd42ee1-88e9-3143-7f4f-be2c09611698", "InstallId": "90a0c9b1-1b37-4d26-b254-2c7e43bf3118", "Version": "13.900.0.1080", "OsVersion": "Microsoft Windows 10 Pro", "OsBit": "64", "PartnerId": "IN230901", "Campaig
                                        2024-08-02 16:59:50 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:59:49 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9ee53c0d4243-EWR
                                        2024-08-02 16:59:50 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:59:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        38192.168.2.1749757104.18.26.1494436580C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:59:50 UTC155OUTPOST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 488
                                        2024-08-02 16:59:50 UTC488OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 22 4f 73 56 65 72 73 69 6f 6e 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 22 4f 73 42 69 74 22 3a 22 36 34 22 2c 22 50 61 72 74 6e 65 72 49 44 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 50 61 72 74 6e 65 72 49 64 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 43 61 6d 70 61 69 67 6e 49 44 22 3a 22 31 36 30 37 35
                                        Data Ascii: {"Data": {"MachineId":"fdd42ee1-88e9-3143-7f4f-be2c09611698","InstallId":"90a0c9b1-1b37-4d26-b254-2c7e43bf3118","Version":"13.900.0.1080","OsVersion":"Microsoft Windows 10 Pro","OsBit":"64","PartnerID":"IN230901","PartnerId":"IN230901","CampaignID":"16075
                                        2024-08-02 16:59:50 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:59:50 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9ee9ec6d7288-EWR
                                        2024-08-02 16:59:50 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:59:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        39192.168.2.1749758104.18.26.1494436580C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:59:51 UTC152OUTPOST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 527
                                        2024-08-02 16:59:51 UTC527OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 0d 0a 20 20 22 4d 61 63 68 69 6e 65 49 64 22 3a 20 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 0d 0a 20 20 22 49 6e 73 74 61 6c 6c 49 64 22 3a 20 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 0d 0a 20 20 22 56 65 72 73 69 6f 6e 22 3a 20 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 0d 0a 20 20 22 4f 73 56 65 72 73 69 6f 6e 22 3a 20 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 0d 0a 20 20 22 4f 73 42 69 74 22 3a 20 22 36 34 22 2c 0d 0a 20 20 22 50 61 72 74 6e 65 72 49 64 22 3a 20 22 49 4e 32 33 30 39 30 31 22 2c 0d 0a 20 20 22 43 61 6d 70 61 69 67
                                        Data Ascii: {"Data": { "MachineId": "fdd42ee1-88e9-3143-7f4f-be2c09611698", "InstallId": "90a0c9b1-1b37-4d26-b254-2c7e43bf3118", "Version": "13.900.0.1080", "OsVersion": "Microsoft Windows 10 Pro", "OsBit": "64", "PartnerId": "IN230901", "Campaig
                                        2024-08-02 16:59:51 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:59:51 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9ef09936438b-EWR
                                        2024-08-02 16:59:51 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:59:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        40192.168.2.1749759104.18.26.1494436580C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:59:52 UTC155OUTPOST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 466
                                        2024-08-02 16:59:52 UTC466OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 22 4f 73 56 65 72 73 69 6f 6e 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 22 4f 73 42 69 74 22 3a 22 36 34 22 2c 22 50 61 72 74 6e 65 72 49 44 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 50 61 72 74 6e 65 72 49 64 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 43 61 6d 70 61 69 67 6e 49 44 22 3a 22 31 36 30 37 35
                                        Data Ascii: {"Data": {"MachineId":"fdd42ee1-88e9-3143-7f4f-be2c09611698","InstallId":"90a0c9b1-1b37-4d26-b254-2c7e43bf3118","Version":"13.900.0.1080","OsVersion":"Microsoft Windows 10 Pro","OsBit":"64","PartnerID":"IN230901","PartnerId":"IN230901","CampaignID":"16075
                                        2024-08-02 16:59:52 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:59:52 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9ef50cea7c81-EWR
                                        2024-08-02 16:59:52 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:59:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        41192.168.2.1749760104.18.26.1494436580C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:59:53 UTC152OUTPOST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 527
                                        2024-08-02 16:59:53 UTC527OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 0d 0a 20 20 22 4d 61 63 68 69 6e 65 49 64 22 3a 20 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 0d 0a 20 20 22 49 6e 73 74 61 6c 6c 49 64 22 3a 20 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 0d 0a 20 20 22 56 65 72 73 69 6f 6e 22 3a 20 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 0d 0a 20 20 22 4f 73 56 65 72 73 69 6f 6e 22 3a 20 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 0d 0a 20 20 22 4f 73 42 69 74 22 3a 20 22 36 34 22 2c 0d 0a 20 20 22 50 61 72 74 6e 65 72 49 64 22 3a 20 22 49 4e 32 33 30 39 30 31 22 2c 0d 0a 20 20 22 43 61 6d 70 61 69 67
                                        Data Ascii: {"Data": { "MachineId": "fdd42ee1-88e9-3143-7f4f-be2c09611698", "InstallId": "90a0c9b1-1b37-4d26-b254-2c7e43bf3118", "Version": "13.900.0.1080", "OsVersion": "Microsoft Windows 10 Pro", "OsBit": "64", "PartnerId": "IN230901", "Campaig
                                        2024-08-02 16:59:54 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:59:54 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9ef90bf3425f-EWR
                                        2024-08-02 16:59:54 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:59:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        42192.168.2.1749761104.18.26.1494436580C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:59:54 UTC155OUTPOST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 458
                                        2024-08-02 16:59:54 UTC458OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 22 4f 73 56 65 72 73 69 6f 6e 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 22 4f 73 42 69 74 22 3a 22 36 34 22 2c 22 50 61 72 74 6e 65 72 49 44 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 50 61 72 74 6e 65 72 49 64 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 43 61 6d 70 61 69 67 6e 49 44 22 3a 22 31 36 30 37 35
                                        Data Ascii: {"Data": {"MachineId":"fdd42ee1-88e9-3143-7f4f-be2c09611698","InstallId":"90a0c9b1-1b37-4d26-b254-2c7e43bf3118","Version":"13.900.0.1080","OsVersion":"Microsoft Windows 10 Pro","OsBit":"64","PartnerID":"IN230901","PartnerId":"IN230901","CampaignID":"16075
                                        2024-08-02 16:59:54 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:59:54 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9f03da714243-EWR
                                        2024-08-02 16:59:54 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:59:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        43192.168.2.1749762104.18.26.1494436580C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:59:55 UTC152OUTPOST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 520
                                        2024-08-02 16:59:55 UTC520OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 0d 0a 20 20 22 4d 61 63 68 69 6e 65 49 64 22 3a 20 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 0d 0a 20 20 22 49 6e 73 74 61 6c 6c 49 64 22 3a 20 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 0d 0a 20 20 22 56 65 72 73 69 6f 6e 22 3a 20 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 0d 0a 20 20 22 4f 73 56 65 72 73 69 6f 6e 22 3a 20 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 0d 0a 20 20 22 4f 73 42 69 74 22 3a 20 22 36 34 22 2c 0d 0a 20 20 22 50 61 72 74 6e 65 72 49 64 22 3a 20 22 49 4e 32 33 30 39 30 31 22 2c 0d 0a 20 20 22 43 61 6d 70 61 69 67
                                        Data Ascii: {"Data": { "MachineId": "fdd42ee1-88e9-3143-7f4f-be2c09611698", "InstallId": "90a0c9b1-1b37-4d26-b254-2c7e43bf3118", "Version": "13.900.0.1080", "OsVersion": "Microsoft Windows 10 Pro", "OsBit": "64", "PartnerId": "IN230901", "Campaig
                                        2024-08-02 16:59:55 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:59:55 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9f086d328cda-EWR
                                        2024-08-02 16:59:55 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:59:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        44192.168.2.1749763104.18.26.1494436580C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:59:56 UTC155OUTPOST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 460
                                        2024-08-02 16:59:56 UTC460OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 22 4f 73 56 65 72 73 69 6f 6e 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 22 4f 73 42 69 74 22 3a 22 36 34 22 2c 22 50 61 72 74 6e 65 72 49 44 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 50 61 72 74 6e 65 72 49 64 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 43 61 6d 70 61 69 67 6e 49 44 22 3a 22 31 36 30 37 35
                                        Data Ascii: {"Data": {"MachineId":"fdd42ee1-88e9-3143-7f4f-be2c09611698","InstallId":"90a0c9b1-1b37-4d26-b254-2c7e43bf3118","Version":"13.900.0.1080","OsVersion":"Microsoft Windows 10 Pro","OsBit":"64","PartnerID":"IN230901","PartnerId":"IN230901","CampaignID":"16075
                                        2024-08-02 16:59:56 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:59:56 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9f0cfdea43b6-EWR
                                        2024-08-02 16:59:56 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:59:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        45192.168.2.1749764104.18.26.1494436580C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:59:56 UTC152OUTPOST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 520
                                        2024-08-02 16:59:56 UTC520OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 0d 0a 20 20 22 4d 61 63 68 69 6e 65 49 64 22 3a 20 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 0d 0a 20 20 22 49 6e 73 74 61 6c 6c 49 64 22 3a 20 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 0d 0a 20 20 22 56 65 72 73 69 6f 6e 22 3a 20 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 0d 0a 20 20 22 4f 73 56 65 72 73 69 6f 6e 22 3a 20 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 0d 0a 20 20 22 4f 73 42 69 74 22 3a 20 22 36 34 22 2c 0d 0a 20 20 22 50 61 72 74 6e 65 72 49 64 22 3a 20 22 49 4e 32 33 30 39 30 31 22 2c 0d 0a 20 20 22 43 61 6d 70 61 69 67
                                        Data Ascii: {"Data": { "MachineId": "fdd42ee1-88e9-3143-7f4f-be2c09611698", "InstallId": "90a0c9b1-1b37-4d26-b254-2c7e43bf3118", "Version": "13.900.0.1080", "OsVersion": "Microsoft Windows 10 Pro", "OsBit": "64", "PartnerId": "IN230901", "Campaig
                                        2024-08-02 16:59:57 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:59:56 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9f10fb504362-EWR
                                        2024-08-02 16:59:57 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:59:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        46192.168.2.1749765104.18.26.1494436580C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:59:57 UTC155OUTPOST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 475
                                        2024-08-02 16:59:57 UTC475OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 22 4f 73 56 65 72 73 69 6f 6e 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 22 4f 73 42 69 74 22 3a 22 36 34 22 2c 22 50 61 72 74 6e 65 72 49 44 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 50 61 72 74 6e 65 72 49 64 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 43 61 6d 70 61 69 67 6e 49 44 22 3a 22 31 36 30 37 35
                                        Data Ascii: {"Data": {"MachineId":"fdd42ee1-88e9-3143-7f4f-be2c09611698","InstallId":"90a0c9b1-1b37-4d26-b254-2c7e43bf3118","Version":"13.900.0.1080","OsVersion":"Microsoft Windows 10 Pro","OsBit":"64","PartnerID":"IN230901","PartnerId":"IN230901","CampaignID":"16075
                                        2024-08-02 16:59:58 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:59:57 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9f16f9987d1e-EWR
                                        2024-08-02 16:59:58 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:59:58 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        47192.168.2.1749766104.18.26.1494436580C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:59:58 UTC152OUTPOST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 520
                                        2024-08-02 16:59:58 UTC520OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 0d 0a 20 20 22 4d 61 63 68 69 6e 65 49 64 22 3a 20 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 0d 0a 20 20 22 49 6e 73 74 61 6c 6c 49 64 22 3a 20 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 0d 0a 20 20 22 56 65 72 73 69 6f 6e 22 3a 20 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 0d 0a 20 20 22 4f 73 56 65 72 73 69 6f 6e 22 3a 20 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 0d 0a 20 20 22 4f 73 42 69 74 22 3a 20 22 36 34 22 2c 0d 0a 20 20 22 50 61 72 74 6e 65 72 49 64 22 3a 20 22 49 4e 32 33 30 39 30 31 22 2c 0d 0a 20 20 22 43 61 6d 70 61 69 67
                                        Data Ascii: {"Data": { "MachineId": "fdd42ee1-88e9-3143-7f4f-be2c09611698", "InstallId": "90a0c9b1-1b37-4d26-b254-2c7e43bf3118", "Version": "13.900.0.1080", "OsVersion": "Microsoft Windows 10 Pro", "OsBit": "64", "PartnerId": "IN230901", "Campaig
                                        2024-08-02 16:59:58 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:59:58 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9f1b1a0b7ce4-EWR
                                        2024-08-02 16:59:58 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:59:58 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        48192.168.2.1749767104.18.26.1494436580C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 16:59:59 UTC155OUTPOST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 491
                                        2024-08-02 16:59:59 UTC491OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 22 4f 73 56 65 72 73 69 6f 6e 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 22 4f 73 42 69 74 22 3a 22 36 34 22 2c 22 50 61 72 74 6e 65 72 49 44 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 50 61 72 74 6e 65 72 49 64 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 43 61 6d 70 61 69 67 6e 49 44 22 3a 22 31 36 30 37 35
                                        Data Ascii: {"Data": {"MachineId":"fdd42ee1-88e9-3143-7f4f-be2c09611698","InstallId":"90a0c9b1-1b37-4d26-b254-2c7e43bf3118","Version":"13.900.0.1080","OsVersion":"Microsoft Windows 10 Pro","OsBit":"64","PartnerID":"IN230901","PartnerId":"IN230901","CampaignID":"16075
                                        2024-08-02 16:59:59 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 16:59:59 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9f1f3aaa432b-EWR
                                        2024-08-02 16:59:59 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 16:59:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        49192.168.2.1749768104.16.149.1304436580C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 17:00:00 UTC118OUTPOST /api/Update/WC HTTP/1.1
                                        Content-Type: application/json
                                        Host: featureflags.lavasoft.com
                                        Content-Length: 194
                                        2024-08-02 17:00:00 UTC194OUTData Raw: 7b 22 47 65 6f 22 3a 22 47 42 22 2c 22 50 61 72 74 6e 65 72 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 43 61 6d 70 61 69 67 6e 22 3a 22 31 36 30 37 35 32 33 36 33 37 37 22 2c 22 49 6e 73 74 61 6c 6c 44 61 74 65 22 3a 22 32 30 32 34 30 38 30 32 22 2c 22 54 72 69 67 67 65 72 54 79 70 65 22 3a 22 69 6e 73 74 61 6c 6c 22 2c 22 54 72 69 67 67 65 72 45 76 65 6e 74 22 3a 22 69 6e 73 74 61 6c 6c 65 72 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 22 66 65 61 74 75 72 65 77 70 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 61 6c 22 3a 74 72 75 65 7d
                                        Data Ascii: {"Geo":"GB","Partner":"IN230901","Campaign":"16075236377","InstallDate":"20240802","TriggerType":"install","TriggerEvent":"installer","Version":"13.900.0.1080","featurewp":true,"featureal":true}
                                        2024-08-02 17:00:00 UTC472INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 17:00:00 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Content-Length: 320
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9f24ebf019bb-EWR
                                        2024-08-02 17:00:00 UTC320INData Raw: 7b 22 63 6f 64 65 22 3a 22 55 50 44 22 2c 22 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 22 3a 22 7b 5c 22 56 65 72 73 69 6f 6e 5c 22 3a 20 5c 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 5c 22 2c 20 5c 22 49 6e 73 74 61 6c 6c 65 72 45 78 65 5c 22 3a 20 5c 22 68 74 74 70 73 3a 2f 2f 77 63 64 6f 77 6e 6c 6f 61 64 65 72 63 64 6e 2e 6c 61 76 61 73 6f 66 74 2e 63 6f 6d 2f 31 33 2e 30 2e 30 2e 31 30 38 30 2f 57 43 49 6e 73 74 61 6c 6c 65 72 5f 4e 6f 6e 41 64 6d 69 6e 2e 65 78 65 5c 22 2c 20 5c 22 49 6e 73 74 61 6c 6c 65 72 5a 69 70 5c 22 3a 20 5c 22 68 74 74 70 73 3a 2f 2f 77 63 64 6f 77 6e 6c 6f 61 64 65 72 63 64 6e 2e 6c 61 76 61 73 6f 66 74 2e 63 6f 6d 2f 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 2f 57 65 62 43 6f 6d 70 61 6e 69 6f 6e 2d 31 33 2e 39 30 30 2e 30 2e 31
                                        Data Ascii: {"code":"UPD","configuration":"{\"Version\": \"13.900.0.1080\", \"InstallerExe\": \"https://wcdownloadercdn.lavasoft.com/13.0.0.1080/WCInstaller_NonAdmin.exe\", \"InstallerZip\": \"https://wcdownloadercdn.lavasoft.com/13.900.0.1080/WebCompanion-13.900.0.1


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        50192.168.2.1749769104.18.26.1494436580C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 17:00:00 UTC176OUTPOST /v1/event-stat?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 517
                                        Connection: Keep-Alive
                                        2024-08-02 17:00:00 UTC517OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 0d 0a 20 20 22 4d 61 63 68 69 6e 65 49 64 22 3a 20 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 0d 0a 20 20 22 49 6e 73 74 61 6c 6c 49 64 22 3a 20 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 0d 0a 20 20 22 56 65 72 73 69 6f 6e 22 3a 20 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 0d 0a 20 20 22 4f 73 56 65 72 73 69 6f 6e 22 3a 20 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 0d 0a 20 20 22 4f 73 42 69 74 22 3a 20 22 36 34 22 2c 0d 0a 20 20 22 50 61 72 74 6e 65 72 49 64 22 3a 20 22 49 4e 32 33 30 39 30 31 22 2c 0d 0a 20 20 22 43 61 6d 70 61 69 67
                                        Data Ascii: {"Data": { "MachineId": "fdd42ee1-88e9-3143-7f4f-be2c09611698", "InstallId": "90a0c9b1-1b37-4d26-b254-2c7e43bf3118", "Version": "13.900.0.1080", "OsVersion": "Microsoft Windows 10 Pro", "OsBit": "64", "PartnerId": "IN230901", "Campaig
                                        2024-08-02 17:00:00 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 17:00:00 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9f295b90198e-EWR
                                        2024-08-02 17:00:00 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 17:00:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        51192.168.2.1749770104.18.26.1494436580C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 17:00:01 UTC155OUTPOST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                        Content-Type: application/json
                                        Host: flwadw.com
                                        Content-Length: 485
                                        2024-08-02 17:00:01 UTC485OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 39 30 61 30 63 39 62 31 2d 31 62 33 37 2d 34 64 32 36 2d 62 32 35 34 2d 32 63 37 65 34 33 62 66 33 31 31 38 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 31 33 2e 39 30 30 2e 30 2e 31 30 38 30 22 2c 22 4f 73 56 65 72 73 69 6f 6e 22 3a 22 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22 2c 22 4f 73 42 69 74 22 3a 22 36 34 22 2c 22 50 61 72 74 6e 65 72 49 44 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 50 61 72 74 6e 65 72 49 64 22 3a 22 49 4e 32 33 30 39 30 31 22 2c 22 43 61 6d 70 61 69 67 6e 49 44 22 3a 22 31 36 30 37 35
                                        Data Ascii: {"Data": {"MachineId":"fdd42ee1-88e9-3143-7f4f-be2c09611698","InstallId":"90a0c9b1-1b37-4d26-b254-2c7e43bf3118","Version":"13.900.0.1080","OsVersion":"Microsoft Windows 10 Pro","OsBit":"64","PartnerID":"IN230901","PartnerId":"IN230901","CampaignID":"16075
                                        2024-08-02 17:00:01 UTC479INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 17:00:01 GMT
                                        Content-Type: application/json; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                        Access-Control-Expose-Headers: Content-Length,Content-Range
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8acf9f2dc9960ca4-EWR
                                        2024-08-02 17:00:01 UTC35INData Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                        Data Ascii: 1d{"message":"Event persisted"}
                                        2024-08-02 17:00:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        52192.168.2.1749771104.16.148.1304436580C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 17:00:02 UTC127OUTGET /13.900.0.1080/WebCompanion-13.900.0.1080-prod.zip HTTP/1.1
                                        Host: wcdownloadercdn.lavasoft.com
                                        Connection: Keep-Alive
                                        2024-08-02 17:00:02 UTC381INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 17:00:02 GMT
                                        Content-Type: application/zip
                                        Content-Length: 10494317
                                        Connection: close
                                        ETag: "3718275022"
                                        Last-Modified: Wed, 15 May 2024 10:29:47 GMT
                                        CF-Cache-Status: HIT
                                        Age: 1265
                                        Expires: Fri, 02 Aug 2024 21:00:02 GMT
                                        Cache-Control: public, max-age=14400
                                        Accept-Ranges: bytes
                                        Server: cloudflare
                                        CF-RAY: 8acf9f333e2b7c90-EWR
                                        2024-08-02 17:00:02 UTC988INData Raw: 50 4b 03 04 14 00 00 00 08 00 d3 25 ae 58 c9 f2 0a dc 46 46 03 00 98 24 07 00 13 00 00 00 41 70 70 6c 69 63 61 74 69 6f 6e 2f 37 7a 61 2e 65 78 65 ec bd 79 78 54 45 d6 38 7c 7b 49 d2 59 48 27 40 43 58 c4 56 5b 8d 84 25 43 50 93 34 68 5f d2 4d 6e 43 47 40 44 51 a3 a0 68 0b ae 18 fa 86 20 8b 60 27 be e9 5c 5b 1d c5 19 75 1c c7 79 67 9c cf 19 97 51 47 59 5c bb 13 c8 c2 be b8 b0 8c 8a 7b 85 16 64 91 10 b6 dc ef 9c 53 b7 b7 10 a2 cf f7 fc 7e ff 7d 79 9e f4 dd aa 4e 9d 3a 75 ea d4 a9 53 a7 4e 55 dc f4 a4 60 10 04 c1 08 ff aa 2a 08 6b 04 fe e7 10 7e fd 8f c1 7f f6 f9 ef 65 0b ef a4 6f be 60 8d ce b3 f9 82 eb e6 ce 5b 60 9d 5f f5 c0 5d 55 b7 dd 67 9d 73 db fd f7 3f e0 b3 de 7e a7 b5 4a be df 3a ef 7e ab 73 ca 74 eb 7d 0f dc 71 e7 a8 3e 7d 32 6c 1a 8c f3 87 dd dd
                                        Data Ascii: PK%XFF$Application/7za.exeyxTE8|{IYH'@CXV[%CP4h_MnCG@DQh `'\[uygQGY\{dS~}yN:uSNU`*k~eo`[`_]Ugs?~J:~st}q>}2l
                                        2024-08-02 17:00:02 UTC1369INData Raw: 24 23 7a 68 16 65 1b d6 f6 c2 2b 0c 82 7f 89 ad 50 f0 0d c7 24 f9 1c 18 0a 38 68 10 2c ec c3 6c ed 56 62 6f c3 6d fb fd 54 69 fc f2 b7 f8 97 67 a3 b7 c5 2c 88 25 fb d7 cd 25 ee 8b b7 51 b0 a2 98 0d de 1e 6d 9f 4d 67 b5 71 b0 42 62 27 b7 f5 f6 3d 9f ed e9 e5 bb 12 c4 aa 32 33 2f 1d 93 38 81 1f ad dd fa ae 14 6b b7 0a e5 90 47 f9 46 52 0e 17 ed 2d b9 c9 64 ae 3d 4f 8f b4 d7 7b fd c5 23 cd 75 39 f0 a0 34 69 e4 73 06 ef 51 95 88 d3 be b1 fa 41 e8 f4 6e 65 a0 72 aa 78 b0 af 9f 84 dd 51 52 43 c5 79 f2 71 85 a7 14 ed 67 96 95 04 cb 75 a2 dd 69 33 2d cc 77 2b 59 36 e0 4b 3d db d1 4f 10 4a 9b 7c d9 ca fa 28 48 e5 e7 48 8e 96 29 92 a6 dd a8 eb dd fe 96 3c fb 6b b6 57 e0 a1 ea 8f 4e 7b 64 e9 40 29 78 8d 55 0a 5a 76 6f 33 0a 6c df 00 41 18 13 6a af 86 51 46 0c ce 80
                                        Data Ascii: $#zhe+P$8h,lVbomTig,%%QmMgqBb'=23/8kGFR-d=O{#u94isQAnerxQRCyqgui3-w+Y6K=OJ|(HH)<kWN{d@)xUZvo3lAjQF
                                        2024-08-02 17:00:02 UTC1369INData Raw: 6f 01 92 a9 81 72 98 19 0c 9d 00 5c 03 59 ae 80 c1 ad 64 96 c9 37 92 0b a1 2b 53 50 08 39 6d 33 71 74 cb 26 71 d8 ca fe 60 e1 63 1b ca a3 2d ac 76 04 f5 84 c2 59 b7 26 4b 94 c4 3e 33 93 0d 4e 11 12 f5 5e f1 3a 69 c5 4f cb b1 9e d1 01 44 54 18 2a 3b f0 38 97 b4 6f ae b0 ce 65 83 7c 28 66 1d a5 2d 72 4a 3b 33 e0 10 ad 69 80 73 d9 25 f7 c2 14 92 3e 6c c5 0f 2b 96 d8 f2 f7 a9 ea c3 55 29 ed 1f 1b a2 aa ed 97 a0 d7 3c b9 e2 cc 9b 30 01 35 d7 4e 00 96 5a 71 e6 2d ba bf 42 c7 93 cc 64 8b fb 90 d4 01 55 15 74 a2 3b aa 73 51 ae e2 fb bf e0 e0 8e af 3d c1 c7 6c ad a4 12 81 d0 bd 0e 68 41 a5 33 ad f4 21 38 aa cf 64 25 c6 98 7a 39 0a 6f db ed 80 03 48 f8 56 52 0d 00 8a 4f 4b 98 13 4f 98 42 09 fb 6a c8 ce 65 97 dd 23 08 1e a5 d2 36 53 cb 37 a1 7e 5c 9e 02 63 a7 dd 97
                                        Data Ascii: or\Yd7+SP9m3qt&q`c-vY&K>3N^:iODT*;8oe|(f-rJ;3is%>l+U)<05NZq-BdUt;sQ=lhA3!8d%z9oHVROKOBje#6S7~\c
                                        2024-08-02 17:00:02 UTC1369INData Raw: 63 ef f8 41 c2 42 a3 d7 df 68 f5 06 72 71 34 32 af ce f5 d6 ed 90 bf 6b da 14 d5 c7 78 e3 79 94 af 61 b4 18 6a f3 2a 4b 05 34 e4 a2 44 f7 da bf f2 4d f3 fa 4f dd 56 95 0b bf 0f 2d 4c 09 2e d8 17 01 4d f2 d4 c3 0b 53 bc ca d1 48 96 79 f5 46 d5 e2 f8 00 2b 71 c8 eb 57 6f ab 1a 06 bf 0f 2d 4c f5 fa 7f b6 46 fa c2 fd c3 d5 90 66 ab 6a 19 4a 69 3a bd f6 e3 72 5f 6f dd 5e 79 25 ef 79 9a 5c 87 5e 79 78 13 e8 fe e9 91 e1 2e a8 a0 1b d0 04 fd 94 e3 9e 02 3a 74 c8 1a 14 3f 1e 37 68 a1 61 79 d8 6a 5e d5 06 b5 0d cb 59 0d 19 a0 1c d7 b6 c9 9b df d4 01 00 ac 6f 16 52 2e 4f e2 a3 2e 0c c9 40 1a bb 0e 2a 15 f2 fd 00 09 20 19 96 b1 dd d5 a0 77 36 64 b8 21 95 da e8 2a 0d fb 2e c4 a2 00 78 aa 18 94 ac 30 e7 68 68 15 79 69 46 98 0d 59 c5 d2 36 d9 04 70 e5 d6 68 31 08 03 80
                                        Data Ascii: cABhrq42kxyaj*K4DMOV-L.MSHyF+qWo-LFfjJi:r_o^y%y\^yx.:t?7hayj^YoR.O.@* w6d!*.x0hhyiFY6ph1
                                        2024-08-02 17:00:02 UTC1369INData Raw: 57 5e b3 d1 64 1a 2d 78 47 82 fd 0b 2a 94 76 04 3e 17 80 13 64 ad b6 9f e1 c4 cb 0f 80 9d 41 17 cc c6 b3 ec c0 47 6e e5 53 36 1f 5e f1 02 f2 63 2b 09 bc 1f 89 8a c3 54 a1 98 9c ca 04 a8 76 5f 9c 14 3a 6d e4 e2 11 80 19 11 ab 51 a3 53 8f c2 84 be 87 cb ef 6d 5e b1 c4 14 f0 d8 1c 4e a5 cd 67 4e 68 8e 12 93 fc 0b 2d 91 56 28 ad 31 a8 1b d9 a8 24 48 67 8d 1f 38 68 b0 65 87 7a 18 3f 34 8e 8c 8e 20 b1 3e 6d 5e b5 e7 3d 6e 6d 3e c1 6e 3b a3 8d 00 2d 5e 31 30 c4 2b b6 94 e9 f9 54 64 16 95 a5 c9 ae bd dc d8 ea 2d 19 0c 3a 3a c8 0f 40 58 6d 22 f6 f9 05 9a fb 3c 9a 65 65 3b 83 65 3a 20 1a 32 8e 7d 25 f6 bf e6 38 ff 27 c3 29 1e 1c 13 81 4d 5c 04 ee 64 bb 4e ab 6a 1d 34 c5 30 df 40 b7 b2 51 d9 69 5e 95 26 81 64 0e 90 6e 28 a9 1b e4 83 80 9c f1 66 21 19 6e b7 f1 ec e9
                                        Data Ascii: W^d-xG*v>dAGnS6^c+Tv_:mQSm^NgNh-V(1$Hg8hez?4 >m^=nm>n;-^10+Td-::@Xm"<ee;e: 2}%8')M\dNj40@Qi^&dn(f!n
                                        2024-08-02 17:00:02 UTC1369INData Raw: 84 41 a0 2e a4 b0 9a 0b 5d ca 3a 34 0d 6f 61 af 9f 46 fd 0d 6a 8a 0f 87 40 a7 15 0d 07 ec f7 9b aa 36 24 29 ac 09 e3 7b 31 88 d0 16 91 34 45 51 61 a4 22 3a 95 49 d0 72 47 a0 1a d0 c4 e6 da 97 04 5c 3a d4 2b 9b 8b 76 80 46 cb fd 9a d0 c8 2f d0 22 40 fe 3f 10 49 a5 53 b6 a9 96 fe 74 ef ab 82 29 d2 8a a9 7c 8a 34 1b 52 ce f6 5d 63 14 d8 a7 8f 01 e7 d8 cb b2 aa 33 10 d3 8d ec 2f 47 b0 25 0c 4e 18 c5 3c 4a 6a d1 0e 65 73 60 89 2d 1f 57 db ad aa 65 c7 cb 08 49 c6 c9 d6 95 67 41 52 10 52 a0 cc 84 d3 3b 50 6a 8d 12 69 a8 c5 bc 66 ce fa 24 9f 42 8f f2 5f 6e 7f d6 79 94 bf db b0 2a ae a2 0e 67 e0 41 93 b3 be d0 55 3f d6 86 75 05 ed c6 a3 ec 77 d9 b7 50 75 33 75 54 dd 8a c0 82 4e f8 3f e4 0a 2c 60 80 dc 56 b8 df a7 5a 26 00 5e a2 bd 59 39 24 8f 56 2d 17 f3 07 73 ed
                                        Data Ascii: A.]:4oaFj@6$){14EQa":IrG\:+vF/"@?ISt)|4R]c3/G%N<Jjes`-WeIgARR;Pjif$B_ny*gAU?uwPu3uTN?,`VZ&^Y9$V-s
                                        2024-08-02 17:00:02 UTC1369INData Raw: e6 3a d4 cb 00 19 f3 ca 50 fb 03 70 fb a6 ae 1d 5d d8 34 bd 9e e6 03 1b d0 6d 20 38 74 02 a8 63 92 7d 0f fa fe 95 e1 9c a5 d2 97 0d bf a3 7d 26 c9 0e 44 d8 25 33 50 5c dc 4a 9b a7 a0 d1 bd bd 93 2d 26 f3 0b f0 dd 56 ae 3c b5 ff e3 20 1a 3d 7b 81 3b da eb 5f dc 55 09 5d 1b 2e a3 65 23 70 70 d7 6f 2f 2e ab 7b 71 57 1e e4 36 d6 e9 49 56 8a 3d b1 8e fe e3 61 cc b0 d5 19 74 c0 3c c7 30 29 d8 df c1 fe 8b c6 f3 84 05 16 65 9a a9 08 cd b2 30 9f 49 f7 fa 4b 86 fb fa c1 ef d5 be 3e 2a ad 5b da 1b ab f6 f3 15 59 18 10 8a 76 78 ed 8d be 7c af 7f 91 be 54 be c0 5b 32 cd 28 0f f1 8e bf 4d a8 4a f5 8e 7f 48 a8 06 69 26 0a 7c cd 92 4c 75 0d 8d f1 39 d7 f2 45 b9 82 af 70 f9 a2 be 82 6f f8 f2 45 fd 04 9f ed 7d 4c 52 72 a3 09 f4 27 45 07 83 fd 88 bf 62 5b 9a c8 b5 23 ff 45
                                        Data Ascii: :Pp]4m 8tc}}&D%3P\J-&V< ={;_U].e#ppo/.{qW6IV=at<0)e0IK>*[Yvx|T[2(MJHi&|Lu9EpoE}LRr'Eb[#E
                                        2024-08-02 17:00:02 UTC1369INData Raw: b5 df a9 ea 93 4a 93 12 b1 9f aa be 97 76 1e 57 08 5e d1 3f 2e ab d2 67 a2 eb 68 79 b2 53 59 af 99 38 79 9e 6a d0 1d 39 5b bc f6 09 d2 9a cf d4 71 37 82 39 b6 d7 2e 15 f5 50 03 36 3d 37 01 1d 39 a5 17 82 2e 1d 6e 56 5c a7 b7 ff 5c f5 c7 82 4e 65 1b 6e 73 c6 3d 7c e4 33 89 90 87 c6 20 5f db 0d 72 7c 17 df 6b df d1 4a b6 b6 d3 e1 79 80 ab f9 51 4e fe 84 c8 27 f5 d0 10 c9 7e 94 1b fe d0 db 1e bb e5 c4 2b 3b 93 5c 96 cf fa fe 55 fc bb b3 de 69 cb d3 64 14 b5 55 3e b6 95 5b 39 2c 36 30 50 cd 80 6b 5d 0d ad 1e a5 b1 68 07 bb ec 04 17 c1 cd a9 02 28 a4 57 e2 16 cb 54 9d b3 61 33 e8 7c 6f eb 70 2a 86 7b b1 1c 0d 0c 3a a8 ce fc e8 40 f2 eb 07 1a e6 e0 a7 41 9d aa 8a 16 09 50 5f ea 4f 6a 3b d4 80 66 85 6c d7 49 cd 65 bb 10 dd 20 80 e7 2d d8 8d af 42 04 95 8d ec 8a
                                        Data Ascii: JvW^?.ghySY8yj9[q79.P6=79.nV\\Nens=|3 _r|kJyQN'~+;\UidU>[9,60Pk]h(WTa3|op*{:@AP_Oj;flIe -B
                                        2024-08-02 17:00:02 UTC1369INData Raw: 70 49 c3 67 73 38 e1 47 c2 1f 0f 3e 4e c5 bb 99 f8 53 89 8f b3 f1 6e 2e fe dc 2b 05 a7 e4 91 fa cf 1c 5d 04 94 56 5e 59 a4 13 45 a6 c7 36 95 7d ad dd 39 d8 5d 31 65 98 8d 6b a5 a5 5c c0 d6 6d d7 74 ca cb 5a b9 44 bd 80 ae 99 38 03 4e d2 88 cf 7b 80 7b 81 88 ea 66 51 d9 84 2a b1 a4 8c 6b 25 6d fc 7f d0 8b de 59 b2 c0 e4 1b 4c 95 ef 8f 3d 58 49 67 6f ec a7 aa cb 46 67 fd 82 7e 62 e9 41 54 1b a7 e4 a3 fe b5 0e 54 80 08 48 f9 29 c5 f8 b4 0a 9f ce 4f 4a f0 37 7c 95 15 4d f0 0c 0f 7e 30 3f 39 06 53 d2 bc e5 a9 ce de f6 51 e6 13 6f 1c 0c 74 8f 65 54 93 c0 e8 38 1b 91 fc 8d c5 34 3a 17 80 40 2e 3a 50 72 8f d5 fc e8 7f 31 6e 86 66 9b 33 a6 e2 bc eb 15 ea 2f 21 13 de d3 32 2f 5f 2b 7a 3a 82 06 30 73 a0 8e 9c 37 a9 55 57 6a cb c0 48 f3 9c cf 01 64 08 7b 8f 03 fe f1
                                        Data Ascii: pIgs8G>NSn.+]V^YE6}9]1ek\mtZD8N{{fQ*k%mYL=XIgoFg~bATTH)OJ7|M~0?9SQoteT84:@.:Pr1nf3/!2/_+z:0s7UWjHd{
                                        2024-08-02 17:00:02 UTC1369INData Raw: 48 d7 c2 01 c4 42 01 24 fa 51 1e e2 1b fd d8 87 80 57 d1 de d2 26 19 03 08 0c 74 2a cd 68 a3 db ac 5a c6 03 0c c9 0e b3 bb 34 2d bc 65 f7 bd 6e 5c ed 67 4b 13 f3 c3 e4 6e 8b 6a c9 e8 96 35 ea f3 02 03 7b 21 6d ab 00 54 fb cc 90 52 b5 ce ae 18 a2 0b 2e 6b 52 30 60 08 da 38 bc dc 17 51 b5 34 2f 35 0a e3 8d f0 7a a1 05 6a 94 1b f3 1a bf 7f 0b d9 43 d1 56 b8 62 1d 42 e5 b8 f5 68 4b 89 ca 18 f6 f2 26 f2 51 93 f8 7e 8f 8d 6c 1e b7 cd 5e 40 f1 d0 b6 a3 66 56 63 51 43 f6 32 d3 82 ec 64 4f 44 5c f1 c1 31 cd 52 5e cb e3 7b dd b3 35 79 e3 cf d9 be 6c 52 cc 97 4d 42 5f 36 07 5b f9 70 82 2f 9b 66 97 c1 2d 47 3c a8 a5 83 34 1d 8a 3a e1 20 a1 cc 3a 61 fe db c2 43 a5 e9 a2 41 85 34 49 a9 49 6d 2d d4 1a 5a b5 d1 b9 4c 69 29 da b1 56 e8 87 54 2b 5c 4c 0c 70 13 ea 75 cf 6a
                                        Data Ascii: HB$QW&t*hZ4-en\gKnj5{!mTR.kR0`8Q4/5zjCVbBhK&Q~l^@fVcQC2dOD\1R^{5ylRMB_6[p/f-G<4: :aCA4IIm-ZLi)VT+\Lpuj


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        53192.168.2.1749772104.16.148.1304436580C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 17:00:12 UTC103OUTGET /13.900.0.1080/WebCompanion-13.900.0.1080-prod.zip HTTP/1.1
                                        Host: wcdownloadercdn.lavasoft.com
                                        2024-08-02 17:00:12 UTC381INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 17:00:12 GMT
                                        Content-Type: application/zip
                                        Content-Length: 10494317
                                        Connection: close
                                        ETag: "3718275022"
                                        Last-Modified: Wed, 15 May 2024 10:29:47 GMT
                                        CF-Cache-Status: HIT
                                        Age: 1275
                                        Expires: Fri, 02 Aug 2024 21:00:12 GMT
                                        Cache-Control: public, max-age=14400
                                        Accept-Ranges: bytes
                                        Server: cloudflare
                                        CF-RAY: 8acf9f701a984393-EWR
                                        2024-08-02 17:00:12 UTC988INData Raw: 50 4b 03 04 14 00 00 00 08 00 d3 25 ae 58 c9 f2 0a dc 46 46 03 00 98 24 07 00 13 00 00 00 41 70 70 6c 69 63 61 74 69 6f 6e 2f 37 7a 61 2e 65 78 65 ec bd 79 78 54 45 d6 38 7c 7b 49 d2 59 48 27 40 43 58 c4 56 5b 8d 84 25 43 50 93 34 68 5f d2 4d 6e 43 47 40 44 51 a3 a0 68 0b ae 18 fa 86 20 8b 60 27 be e9 5c 5b 1d c5 19 75 1c c7 79 67 9c cf 19 97 51 47 59 5c bb 13 c8 c2 be b8 b0 8c 8a 7b 85 16 64 91 10 b6 dc ef 9c 53 b7 b7 10 a2 cf f7 fc 7e ff 7d 79 9e f4 dd aa 4e 9d 3a 75 ea d4 a9 53 a7 4e 55 dc f4 a4 60 10 04 c1 08 ff aa 2a 08 6b 04 fe e7 10 7e fd 8f c1 7f f6 f9 ef 65 0b ef a4 6f be 60 8d ce b3 f9 82 eb e6 ce 5b 60 9d 5f f5 c0 5d 55 b7 dd 67 9d 73 db fd f7 3f e0 b3 de 7e a7 b5 4a be df 3a ef 7e ab 73 ca 74 eb 7d 0f dc 71 e7 a8 3e 7d 32 6c 1a 8c f3 87 dd dd
                                        Data Ascii: PK%XFF$Application/7za.exeyxTE8|{IYH'@CXV[%CP4h_MnCG@DQh `'\[uygQGY\{dS~}yN:uSNU`*k~eo`[`_]Ugs?~J:~st}q>}2l
                                        2024-08-02 17:00:12 UTC1369INData Raw: 24 23 7a 68 16 65 1b d6 f6 c2 2b 0c 82 7f 89 ad 50 f0 0d c7 24 f9 1c 18 0a 38 68 10 2c ec c3 6c ed 56 62 6f c3 6d fb fd 54 69 fc f2 b7 f8 97 67 a3 b7 c5 2c 88 25 fb d7 cd 25 ee 8b b7 51 b0 a2 98 0d de 1e 6d 9f 4d 67 b5 71 b0 42 62 27 b7 f5 f6 3d 9f ed e9 e5 bb 12 c4 aa 32 33 2f 1d 93 38 81 1f ad dd fa ae 14 6b b7 0a e5 90 47 f9 46 52 0e 17 ed 2d b9 c9 64 ae 3d 4f 8f b4 d7 7b fd c5 23 cd 75 39 f0 a0 34 69 e4 73 06 ef 51 95 88 d3 be b1 fa 41 e8 f4 6e 65 a0 72 aa 78 b0 af 9f 84 dd 51 52 43 c5 79 f2 71 85 a7 14 ed 67 96 95 04 cb 75 a2 dd 69 33 2d cc 77 2b 59 36 e0 4b 3d db d1 4f 10 4a 9b 7c d9 ca fa 28 48 e5 e7 48 8e 96 29 92 a6 dd a8 eb dd fe 96 3c fb 6b b6 57 e0 a1 ea 8f 4e 7b 64 e9 40 29 78 8d 55 0a 5a 76 6f 33 0a 6c df 00 41 18 13 6a af 86 51 46 0c ce 80
                                        Data Ascii: $#zhe+P$8h,lVbomTig,%%QmMgqBb'=23/8kGFR-d=O{#u94isQAnerxQRCyqgui3-w+Y6K=OJ|(HH)<kWN{d@)xUZvo3lAjQF
                                        2024-08-02 17:00:12 UTC1369INData Raw: 6f 01 92 a9 81 72 98 19 0c 9d 00 5c 03 59 ae 80 c1 ad 64 96 c9 37 92 0b a1 2b 53 50 08 39 6d 33 71 74 cb 26 71 d8 ca fe 60 e1 63 1b ca a3 2d ac 76 04 f5 84 c2 59 b7 26 4b 94 c4 3e 33 93 0d 4e 11 12 f5 5e f1 3a 69 c5 4f cb b1 9e d1 01 44 54 18 2a 3b f0 38 97 b4 6f ae b0 ce 65 83 7c 28 66 1d a5 2d 72 4a 3b 33 e0 10 ad 69 80 73 d9 25 f7 c2 14 92 3e 6c c5 0f 2b 96 d8 f2 f7 a9 ea c3 55 29 ed 1f 1b a2 aa ed 97 a0 d7 3c b9 e2 cc 9b 30 01 35 d7 4e 00 96 5a 71 e6 2d ba bf 42 c7 93 cc 64 8b fb 90 d4 01 55 15 74 a2 3b aa 73 51 ae e2 fb bf e0 e0 8e af 3d c1 c7 6c ad a4 12 81 d0 bd 0e 68 41 a5 33 ad f4 21 38 aa cf 64 25 c6 98 7a 39 0a 6f db ed 80 03 48 f8 56 52 0d 00 8a 4f 4b 98 13 4f 98 42 09 fb 6a c8 ce 65 97 dd 23 08 1e a5 d2 36 53 cb 37 a1 7e 5c 9e 02 63 a7 dd 97
                                        Data Ascii: or\Yd7+SP9m3qt&q`c-vY&K>3N^:iODT*;8oe|(f-rJ;3is%>l+U)<05NZq-BdUt;sQ=lhA3!8d%z9oHVROKOBje#6S7~\c
                                        2024-08-02 17:00:12 UTC1369INData Raw: 63 ef f8 41 c2 42 a3 d7 df 68 f5 06 72 71 34 32 af ce f5 d6 ed 90 bf 6b da 14 d5 c7 78 e3 79 94 af 61 b4 18 6a f3 2a 4b 05 34 e4 a2 44 f7 da bf f2 4d f3 fa 4f dd 56 95 0b bf 0f 2d 4c 09 2e d8 17 01 4d f2 d4 c3 0b 53 bc ca d1 48 96 79 f5 46 d5 e2 f8 00 2b 71 c8 eb 57 6f ab 1a 06 bf 0f 2d 4c f5 fa 7f b6 46 fa c2 fd c3 d5 90 66 ab 6a 19 4a 69 3a bd f6 e3 72 5f 6f dd 5e 79 25 ef 79 9a 5c 87 5e 79 78 13 e8 fe e9 91 e1 2e a8 a0 1b d0 04 fd 94 e3 9e 02 3a 74 c8 1a 14 3f 1e 37 68 a1 61 79 d8 6a 5e d5 06 b5 0d cb 59 0d 19 a0 1c d7 b6 c9 9b df d4 01 00 ac 6f 16 52 2e 4f e2 a3 2e 0c c9 40 1a bb 0e 2a 15 f2 fd 00 09 20 19 96 b1 dd d5 a0 77 36 64 b8 21 95 da e8 2a 0d fb 2e c4 a2 00 78 aa 18 94 ac 30 e7 68 68 15 79 69 46 98 0d 59 c5 d2 36 d9 04 70 e5 d6 68 31 08 03 80
                                        Data Ascii: cABhrq42kxyaj*K4DMOV-L.MSHyF+qWo-LFfjJi:r_o^y%y\^yx.:t?7hayj^YoR.O.@* w6d!*.x0hhyiFY6ph1
                                        2024-08-02 17:00:12 UTC1369INData Raw: 57 5e b3 d1 64 1a 2d 78 47 82 fd 0b 2a 94 76 04 3e 17 80 13 64 ad b6 9f e1 c4 cb 0f 80 9d 41 17 cc c6 b3 ec c0 47 6e e5 53 36 1f 5e f1 02 f2 63 2b 09 bc 1f 89 8a c3 54 a1 98 9c ca 04 a8 76 5f 9c 14 3a 6d e4 e2 11 80 19 11 ab 51 a3 53 8f c2 84 be 87 cb ef 6d 5e b1 c4 14 f0 d8 1c 4e a5 cd 67 4e 68 8e 12 93 fc 0b 2d 91 56 28 ad 31 a8 1b d9 a8 24 48 67 8d 1f 38 68 b0 65 87 7a 18 3f 34 8e 8c 8e 20 b1 3e 6d 5e b5 e7 3d 6e 6d 3e c1 6e 3b a3 8d 00 2d 5e 31 30 c4 2b b6 94 e9 f9 54 64 16 95 a5 c9 ae bd dc d8 ea 2d 19 0c 3a 3a c8 0f 40 58 6d 22 f6 f9 05 9a fb 3c 9a 65 65 3b 83 65 3a 20 1a 32 8e 7d 25 f6 bf e6 38 ff 27 c3 29 1e 1c 13 81 4d 5c 04 ee 64 bb 4e ab 6a 1d 34 c5 30 df 40 b7 b2 51 d9 69 5e 95 26 81 64 0e 90 6e 28 a9 1b e4 83 80 9c f1 66 21 19 6e b7 f1 ec e9
                                        Data Ascii: W^d-xG*v>dAGnS6^c+Tv_:mQSm^NgNh-V(1$Hg8hez?4 >m^=nm>n;-^10+Td-::@Xm"<ee;e: 2}%8')M\dNj40@Qi^&dn(f!n
                                        2024-08-02 17:00:12 UTC1369INData Raw: 84 41 a0 2e a4 b0 9a 0b 5d ca 3a 34 0d 6f 61 af 9f 46 fd 0d 6a 8a 0f 87 40 a7 15 0d 07 ec f7 9b aa 36 24 29 ac 09 e3 7b 31 88 d0 16 91 34 45 51 61 a4 22 3a 95 49 d0 72 47 a0 1a d0 c4 e6 da 97 04 5c 3a d4 2b 9b 8b 76 80 46 cb fd 9a d0 c8 2f d0 22 40 fe 3f 10 49 a5 53 b6 a9 96 fe 74 ef ab 82 29 d2 8a a9 7c 8a 34 1b 52 ce f6 5d 63 14 d8 a7 8f 01 e7 d8 cb b2 aa 33 10 d3 8d ec 2f 47 b0 25 0c 4e 18 c5 3c 4a 6a d1 0e 65 73 60 89 2d 1f 57 db ad aa 65 c7 cb 08 49 c6 c9 d6 95 67 41 52 10 52 a0 cc 84 d3 3b 50 6a 8d 12 69 a8 c5 bc 66 ce fa 24 9f 42 8f f2 5f 6e 7f d6 79 94 bf db b0 2a ae a2 0e 67 e0 41 93 b3 be d0 55 3f d6 86 75 05 ed c6 a3 ec 77 d9 b7 50 75 33 75 54 dd 8a c0 82 4e f8 3f e4 0a 2c 60 80 dc 56 b8 df a7 5a 26 00 5e a2 bd 59 39 24 8f 56 2d 17 f3 07 73 ed
                                        Data Ascii: A.]:4oaFj@6$){14EQa":IrG\:+vF/"@?ISt)|4R]c3/G%N<Jjes`-WeIgARR;Pjif$B_ny*gAU?uwPu3uTN?,`VZ&^Y9$V-s
                                        2024-08-02 17:00:12 UTC1369INData Raw: e6 3a d4 cb 00 19 f3 ca 50 fb 03 70 fb a6 ae 1d 5d d8 34 bd 9e e6 03 1b d0 6d 20 38 74 02 a8 63 92 7d 0f fa fe 95 e1 9c a5 d2 97 0d bf a3 7d 26 c9 0e 44 d8 25 33 50 5c dc 4a 9b a7 a0 d1 bd bd 93 2d 26 f3 0b f0 dd 56 ae 3c b5 ff e3 20 1a 3d 7b 81 3b da eb 5f dc 55 09 5d 1b 2e a3 65 23 70 70 d7 6f 2f 2e ab 7b 71 57 1e e4 36 d6 e9 49 56 8a 3d b1 8e fe e3 61 cc b0 d5 19 74 c0 3c c7 30 29 d8 df c1 fe 8b c6 f3 84 05 16 65 9a a9 08 cd b2 30 9f 49 f7 fa 4b 86 fb fa c1 ef d5 be 3e 2a ad 5b da 1b ab f6 f3 15 59 18 10 8a 76 78 ed 8d be 7c af 7f 91 be 54 be c0 5b 32 cd 28 0f f1 8e bf 4d a8 4a f5 8e 7f 48 a8 06 69 26 0a 7c cd 92 4c 75 0d 8d f1 39 d7 f2 45 b9 82 af 70 f9 a2 be 82 6f f8 f2 45 fd 04 9f ed 7d 4c 52 72 a3 09 f4 27 45 07 83 fd 88 bf 62 5b 9a c8 b5 23 ff 45
                                        Data Ascii: :Pp]4m 8tc}}&D%3P\J-&V< ={;_U].e#ppo/.{qW6IV=at<0)e0IK>*[Yvx|T[2(MJHi&|Lu9EpoE}LRr'Eb[#E
                                        2024-08-02 17:00:12 UTC1369INData Raw: b5 df a9 ea 93 4a 93 12 b1 9f aa be 97 76 1e 57 08 5e d1 3f 2e ab d2 67 a2 eb 68 79 b2 53 59 af 99 38 79 9e 6a d0 1d 39 5b bc f6 09 d2 9a cf d4 71 37 82 39 b6 d7 2e 15 f5 50 03 36 3d 37 01 1d 39 a5 17 82 2e 1d 6e 56 5c a7 b7 ff 5c f5 c7 82 4e 65 1b 6e 73 c6 3d 7c e4 33 89 90 87 c6 20 5f db 0d 72 7c 17 df 6b df d1 4a b6 b6 d3 e1 79 80 ab f9 51 4e fe 84 c8 27 f5 d0 10 c9 7e 94 1b fe d0 db 1e bb e5 c4 2b 3b 93 5c 96 cf fa fe 55 fc bb b3 de 69 cb d3 64 14 b5 55 3e b6 95 5b 39 2c 36 30 50 cd 80 6b 5d 0d ad 1e a5 b1 68 07 bb ec 04 17 c1 cd a9 02 28 a4 57 e2 16 cb 54 9d b3 61 33 e8 7c 6f eb 70 2a 86 7b b1 1c 0d 0c 3a a8 ce fc e8 40 f2 eb 07 1a e6 e0 a7 41 9d aa 8a 16 09 50 5f ea 4f 6a 3b d4 80 66 85 6c d7 49 cd 65 bb 10 dd 20 80 e7 2d d8 8d af 42 04 95 8d ec 8a
                                        Data Ascii: JvW^?.ghySY8yj9[q79.P6=79.nV\\Nens=|3 _r|kJyQN'~+;\UidU>[9,60Pk]h(WTa3|op*{:@AP_Oj;flIe -B
                                        2024-08-02 17:00:12 UTC1369INData Raw: 70 49 c3 67 73 38 e1 47 c2 1f 0f 3e 4e c5 bb 99 f8 53 89 8f b3 f1 6e 2e fe dc 2b 05 a7 e4 91 fa cf 1c 5d 04 94 56 5e 59 a4 13 45 a6 c7 36 95 7d ad dd 39 d8 5d 31 65 98 8d 6b a5 a5 5c c0 d6 6d d7 74 ca cb 5a b9 44 bd 80 ae 99 38 03 4e d2 88 cf 7b 80 7b 81 88 ea 66 51 d9 84 2a b1 a4 8c 6b 25 6d fc 7f d0 8b de 59 b2 c0 e4 1b 4c 95 ef 8f 3d 58 49 67 6f ec a7 aa cb 46 67 fd 82 7e 62 e9 41 54 1b a7 e4 a3 fe b5 0e 54 80 08 48 f9 29 c5 f8 b4 0a 9f ce 4f 4a f0 37 7c 95 15 4d f0 0c 0f 7e 30 3f 39 06 53 d2 bc e5 a9 ce de f6 51 e6 13 6f 1c 0c 74 8f 65 54 93 c0 e8 38 1b 91 fc 8d c5 34 3a 17 80 40 2e 3a 50 72 8f d5 fc e8 7f 31 6e 86 66 9b 33 a6 e2 bc eb 15 ea 2f 21 13 de d3 32 2f 5f 2b 7a 3a 82 06 30 73 a0 8e 9c 37 a9 55 57 6a cb c0 48 f3 9c cf 01 64 08 7b 8f 03 fe f1
                                        Data Ascii: pIgs8G>NSn.+]V^YE6}9]1ek\mtZD8N{{fQ*k%mYL=XIgoFg~bATTH)OJ7|M~0?9SQoteT84:@.:Pr1nf3/!2/_+z:0s7UWjHd{
                                        2024-08-02 17:00:12 UTC1369INData Raw: 48 d7 c2 01 c4 42 01 24 fa 51 1e e2 1b fd d8 87 80 57 d1 de d2 26 19 03 08 0c 74 2a cd 68 a3 db ac 5a c6 03 0c c9 0e b3 bb 34 2d bc 65 f7 bd 6e 5c ed 67 4b 13 f3 c3 e4 6e 8b 6a c9 e8 96 35 ea f3 02 03 7b 21 6d ab 00 54 fb cc 90 52 b5 ce ae 18 a2 0b 2e 6b 52 30 60 08 da 38 bc dc 17 51 b5 34 2f 35 0a e3 8d f0 7a a1 05 6a 94 1b f3 1a bf 7f 0b d9 43 d1 56 b8 62 1d 42 e5 b8 f5 68 4b 89 ca 18 f6 f2 26 f2 51 93 f8 7e 8f 8d 6c 1e b7 cd 5e 40 f1 d0 b6 a3 66 56 63 51 43 f6 32 d3 82 ec 64 4f 44 5c f1 c1 31 cd 52 5e cb e3 7b dd b3 35 79 e3 cf d9 be 6c 52 cc 97 4d 42 5f 36 07 5b f9 70 82 2f 9b 66 97 c1 2d 47 3c a8 a5 83 34 1d 8a 3a e1 20 a1 cc 3a 61 fe db c2 43 a5 e9 a2 41 85 34 49 a9 49 6d 2d d4 1a 5a b5 d1 b9 4c 69 29 da b1 56 e8 87 54 2b 5c 4c 0c 70 13 ea 75 cf 6a
                                        Data Ascii: HB$QW&t*hZ4-en\gKnj5{!mTR.kR0`8Q4/5zjCVbBhK&Q~l^@fVcQC2dOD\1R^{5ylRMB_6[p/f-G<4: :aCA4IIm-ZLi)VT+\Lpuj


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        54192.168.2.1749773104.16.148.1304436580C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 17:00:20 UTC127OUTGET /13.900.0.1080/WebCompanion-13.900.0.1080-prod.zip HTTP/1.1
                                        Host: wcdownloadercdn.lavasoft.com
                                        Connection: Keep-Alive
                                        2024-08-02 17:00:21 UTC381INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 17:00:20 GMT
                                        Content-Type: application/zip
                                        Content-Length: 10494317
                                        Connection: close
                                        ETag: "3718275022"
                                        Last-Modified: Wed, 15 May 2024 10:29:47 GMT
                                        CF-Cache-Status: HIT
                                        Age: 1283
                                        Expires: Fri, 02 Aug 2024 21:00:20 GMT
                                        Cache-Control: public, max-age=14400
                                        Accept-Ranges: bytes
                                        Server: cloudflare
                                        CF-RAY: 8acf9fa6eb380fa1-EWR
                                        2024-08-02 17:00:21 UTC988INData Raw: 50 4b 03 04 14 00 00 00 08 00 d3 25 ae 58 c9 f2 0a dc 46 46 03 00 98 24 07 00 13 00 00 00 41 70 70 6c 69 63 61 74 69 6f 6e 2f 37 7a 61 2e 65 78 65 ec bd 79 78 54 45 d6 38 7c 7b 49 d2 59 48 27 40 43 58 c4 56 5b 8d 84 25 43 50 93 34 68 5f d2 4d 6e 43 47 40 44 51 a3 a0 68 0b ae 18 fa 86 20 8b 60 27 be e9 5c 5b 1d c5 19 75 1c c7 79 67 9c cf 19 97 51 47 59 5c bb 13 c8 c2 be b8 b0 8c 8a 7b 85 16 64 91 10 b6 dc ef 9c 53 b7 b7 10 a2 cf f7 fc 7e ff 7d 79 9e f4 dd aa 4e 9d 3a 75 ea d4 a9 53 a7 4e 55 dc f4 a4 60 10 04 c1 08 ff aa 2a 08 6b 04 fe e7 10 7e fd 8f c1 7f f6 f9 ef 65 0b ef a4 6f be 60 8d ce b3 f9 82 eb e6 ce 5b 60 9d 5f f5 c0 5d 55 b7 dd 67 9d 73 db fd f7 3f e0 b3 de 7e a7 b5 4a be df 3a ef 7e ab 73 ca 74 eb 7d 0f dc 71 e7 a8 3e 7d 32 6c 1a 8c f3 87 dd dd
                                        Data Ascii: PK%XFF$Application/7za.exeyxTE8|{IYH'@CXV[%CP4h_MnCG@DQh `'\[uygQGY\{dS~}yN:uSNU`*k~eo`[`_]Ugs?~J:~st}q>}2l
                                        2024-08-02 17:00:21 UTC1369INData Raw: 24 23 7a 68 16 65 1b d6 f6 c2 2b 0c 82 7f 89 ad 50 f0 0d c7 24 f9 1c 18 0a 38 68 10 2c ec c3 6c ed 56 62 6f c3 6d fb fd 54 69 fc f2 b7 f8 97 67 a3 b7 c5 2c 88 25 fb d7 cd 25 ee 8b b7 51 b0 a2 98 0d de 1e 6d 9f 4d 67 b5 71 b0 42 62 27 b7 f5 f6 3d 9f ed e9 e5 bb 12 c4 aa 32 33 2f 1d 93 38 81 1f ad dd fa ae 14 6b b7 0a e5 90 47 f9 46 52 0e 17 ed 2d b9 c9 64 ae 3d 4f 8f b4 d7 7b fd c5 23 cd 75 39 f0 a0 34 69 e4 73 06 ef 51 95 88 d3 be b1 fa 41 e8 f4 6e 65 a0 72 aa 78 b0 af 9f 84 dd 51 52 43 c5 79 f2 71 85 a7 14 ed 67 96 95 04 cb 75 a2 dd 69 33 2d cc 77 2b 59 36 e0 4b 3d db d1 4f 10 4a 9b 7c d9 ca fa 28 48 e5 e7 48 8e 96 29 92 a6 dd a8 eb dd fe 96 3c fb 6b b6 57 e0 a1 ea 8f 4e 7b 64 e9 40 29 78 8d 55 0a 5a 76 6f 33 0a 6c df 00 41 18 13 6a af 86 51 46 0c ce 80
                                        Data Ascii: $#zhe+P$8h,lVbomTig,%%QmMgqBb'=23/8kGFR-d=O{#u94isQAnerxQRCyqgui3-w+Y6K=OJ|(HH)<kWN{d@)xUZvo3lAjQF
                                        2024-08-02 17:00:21 UTC1369INData Raw: 6f 01 92 a9 81 72 98 19 0c 9d 00 5c 03 59 ae 80 c1 ad 64 96 c9 37 92 0b a1 2b 53 50 08 39 6d 33 71 74 cb 26 71 d8 ca fe 60 e1 63 1b ca a3 2d ac 76 04 f5 84 c2 59 b7 26 4b 94 c4 3e 33 93 0d 4e 11 12 f5 5e f1 3a 69 c5 4f cb b1 9e d1 01 44 54 18 2a 3b f0 38 97 b4 6f ae b0 ce 65 83 7c 28 66 1d a5 2d 72 4a 3b 33 e0 10 ad 69 80 73 d9 25 f7 c2 14 92 3e 6c c5 0f 2b 96 d8 f2 f7 a9 ea c3 55 29 ed 1f 1b a2 aa ed 97 a0 d7 3c b9 e2 cc 9b 30 01 35 d7 4e 00 96 5a 71 e6 2d ba bf 42 c7 93 cc 64 8b fb 90 d4 01 55 15 74 a2 3b aa 73 51 ae e2 fb bf e0 e0 8e af 3d c1 c7 6c ad a4 12 81 d0 bd 0e 68 41 a5 33 ad f4 21 38 aa cf 64 25 c6 98 7a 39 0a 6f db ed 80 03 48 f8 56 52 0d 00 8a 4f 4b 98 13 4f 98 42 09 fb 6a c8 ce 65 97 dd 23 08 1e a5 d2 36 53 cb 37 a1 7e 5c 9e 02 63 a7 dd 97
                                        Data Ascii: or\Yd7+SP9m3qt&q`c-vY&K>3N^:iODT*;8oe|(f-rJ;3is%>l+U)<05NZq-BdUt;sQ=lhA3!8d%z9oHVROKOBje#6S7~\c
                                        2024-08-02 17:00:21 UTC1369INData Raw: 63 ef f8 41 c2 42 a3 d7 df 68 f5 06 72 71 34 32 af ce f5 d6 ed 90 bf 6b da 14 d5 c7 78 e3 79 94 af 61 b4 18 6a f3 2a 4b 05 34 e4 a2 44 f7 da bf f2 4d f3 fa 4f dd 56 95 0b bf 0f 2d 4c 09 2e d8 17 01 4d f2 d4 c3 0b 53 bc ca d1 48 96 79 f5 46 d5 e2 f8 00 2b 71 c8 eb 57 6f ab 1a 06 bf 0f 2d 4c f5 fa 7f b6 46 fa c2 fd c3 d5 90 66 ab 6a 19 4a 69 3a bd f6 e3 72 5f 6f dd 5e 79 25 ef 79 9a 5c 87 5e 79 78 13 e8 fe e9 91 e1 2e a8 a0 1b d0 04 fd 94 e3 9e 02 3a 74 c8 1a 14 3f 1e 37 68 a1 61 79 d8 6a 5e d5 06 b5 0d cb 59 0d 19 a0 1c d7 b6 c9 9b df d4 01 00 ac 6f 16 52 2e 4f e2 a3 2e 0c c9 40 1a bb 0e 2a 15 f2 fd 00 09 20 19 96 b1 dd d5 a0 77 36 64 b8 21 95 da e8 2a 0d fb 2e c4 a2 00 78 aa 18 94 ac 30 e7 68 68 15 79 69 46 98 0d 59 c5 d2 36 d9 04 70 e5 d6 68 31 08 03 80
                                        Data Ascii: cABhrq42kxyaj*K4DMOV-L.MSHyF+qWo-LFfjJi:r_o^y%y\^yx.:t?7hayj^YoR.O.@* w6d!*.x0hhyiFY6ph1
                                        2024-08-02 17:00:21 UTC1369INData Raw: 57 5e b3 d1 64 1a 2d 78 47 82 fd 0b 2a 94 76 04 3e 17 80 13 64 ad b6 9f e1 c4 cb 0f 80 9d 41 17 cc c6 b3 ec c0 47 6e e5 53 36 1f 5e f1 02 f2 63 2b 09 bc 1f 89 8a c3 54 a1 98 9c ca 04 a8 76 5f 9c 14 3a 6d e4 e2 11 80 19 11 ab 51 a3 53 8f c2 84 be 87 cb ef 6d 5e b1 c4 14 f0 d8 1c 4e a5 cd 67 4e 68 8e 12 93 fc 0b 2d 91 56 28 ad 31 a8 1b d9 a8 24 48 67 8d 1f 38 68 b0 65 87 7a 18 3f 34 8e 8c 8e 20 b1 3e 6d 5e b5 e7 3d 6e 6d 3e c1 6e 3b a3 8d 00 2d 5e 31 30 c4 2b b6 94 e9 f9 54 64 16 95 a5 c9 ae bd dc d8 ea 2d 19 0c 3a 3a c8 0f 40 58 6d 22 f6 f9 05 9a fb 3c 9a 65 65 3b 83 65 3a 20 1a 32 8e 7d 25 f6 bf e6 38 ff 27 c3 29 1e 1c 13 81 4d 5c 04 ee 64 bb 4e ab 6a 1d 34 c5 30 df 40 b7 b2 51 d9 69 5e 95 26 81 64 0e 90 6e 28 a9 1b e4 83 80 9c f1 66 21 19 6e b7 f1 ec e9
                                        Data Ascii: W^d-xG*v>dAGnS6^c+Tv_:mQSm^NgNh-V(1$Hg8hez?4 >m^=nm>n;-^10+Td-::@Xm"<ee;e: 2}%8')M\dNj40@Qi^&dn(f!n
                                        2024-08-02 17:00:21 UTC1369INData Raw: 84 41 a0 2e a4 b0 9a 0b 5d ca 3a 34 0d 6f 61 af 9f 46 fd 0d 6a 8a 0f 87 40 a7 15 0d 07 ec f7 9b aa 36 24 29 ac 09 e3 7b 31 88 d0 16 91 34 45 51 61 a4 22 3a 95 49 d0 72 47 a0 1a d0 c4 e6 da 97 04 5c 3a d4 2b 9b 8b 76 80 46 cb fd 9a d0 c8 2f d0 22 40 fe 3f 10 49 a5 53 b6 a9 96 fe 74 ef ab 82 29 d2 8a a9 7c 8a 34 1b 52 ce f6 5d 63 14 d8 a7 8f 01 e7 d8 cb b2 aa 33 10 d3 8d ec 2f 47 b0 25 0c 4e 18 c5 3c 4a 6a d1 0e 65 73 60 89 2d 1f 57 db ad aa 65 c7 cb 08 49 c6 c9 d6 95 67 41 52 10 52 a0 cc 84 d3 3b 50 6a 8d 12 69 a8 c5 bc 66 ce fa 24 9f 42 8f f2 5f 6e 7f d6 79 94 bf db b0 2a ae a2 0e 67 e0 41 93 b3 be d0 55 3f d6 86 75 05 ed c6 a3 ec 77 d9 b7 50 75 33 75 54 dd 8a c0 82 4e f8 3f e4 0a 2c 60 80 dc 56 b8 df a7 5a 26 00 5e a2 bd 59 39 24 8f 56 2d 17 f3 07 73 ed
                                        Data Ascii: A.]:4oaFj@6$){14EQa":IrG\:+vF/"@?ISt)|4R]c3/G%N<Jjes`-WeIgARR;Pjif$B_ny*gAU?uwPu3uTN?,`VZ&^Y9$V-s
                                        2024-08-02 17:00:21 UTC1369INData Raw: e6 3a d4 cb 00 19 f3 ca 50 fb 03 70 fb a6 ae 1d 5d d8 34 bd 9e e6 03 1b d0 6d 20 38 74 02 a8 63 92 7d 0f fa fe 95 e1 9c a5 d2 97 0d bf a3 7d 26 c9 0e 44 d8 25 33 50 5c dc 4a 9b a7 a0 d1 bd bd 93 2d 26 f3 0b f0 dd 56 ae 3c b5 ff e3 20 1a 3d 7b 81 3b da eb 5f dc 55 09 5d 1b 2e a3 65 23 70 70 d7 6f 2f 2e ab 7b 71 57 1e e4 36 d6 e9 49 56 8a 3d b1 8e fe e3 61 cc b0 d5 19 74 c0 3c c7 30 29 d8 df c1 fe 8b c6 f3 84 05 16 65 9a a9 08 cd b2 30 9f 49 f7 fa 4b 86 fb fa c1 ef d5 be 3e 2a ad 5b da 1b ab f6 f3 15 59 18 10 8a 76 78 ed 8d be 7c af 7f 91 be 54 be c0 5b 32 cd 28 0f f1 8e bf 4d a8 4a f5 8e 7f 48 a8 06 69 26 0a 7c cd 92 4c 75 0d 8d f1 39 d7 f2 45 b9 82 af 70 f9 a2 be 82 6f f8 f2 45 fd 04 9f ed 7d 4c 52 72 a3 09 f4 27 45 07 83 fd 88 bf 62 5b 9a c8 b5 23 ff 45
                                        Data Ascii: :Pp]4m 8tc}}&D%3P\J-&V< ={;_U].e#ppo/.{qW6IV=at<0)e0IK>*[Yvx|T[2(MJHi&|Lu9EpoE}LRr'Eb[#E
                                        2024-08-02 17:00:21 UTC1369INData Raw: b5 df a9 ea 93 4a 93 12 b1 9f aa be 97 76 1e 57 08 5e d1 3f 2e ab d2 67 a2 eb 68 79 b2 53 59 af 99 38 79 9e 6a d0 1d 39 5b bc f6 09 d2 9a cf d4 71 37 82 39 b6 d7 2e 15 f5 50 03 36 3d 37 01 1d 39 a5 17 82 2e 1d 6e 56 5c a7 b7 ff 5c f5 c7 82 4e 65 1b 6e 73 c6 3d 7c e4 33 89 90 87 c6 20 5f db 0d 72 7c 17 df 6b df d1 4a b6 b6 d3 e1 79 80 ab f9 51 4e fe 84 c8 27 f5 d0 10 c9 7e 94 1b fe d0 db 1e bb e5 c4 2b 3b 93 5c 96 cf fa fe 55 fc bb b3 de 69 cb d3 64 14 b5 55 3e b6 95 5b 39 2c 36 30 50 cd 80 6b 5d 0d ad 1e a5 b1 68 07 bb ec 04 17 c1 cd a9 02 28 a4 57 e2 16 cb 54 9d b3 61 33 e8 7c 6f eb 70 2a 86 7b b1 1c 0d 0c 3a a8 ce fc e8 40 f2 eb 07 1a e6 e0 a7 41 9d aa 8a 16 09 50 5f ea 4f 6a 3b d4 80 66 85 6c d7 49 cd 65 bb 10 dd 20 80 e7 2d d8 8d af 42 04 95 8d ec 8a
                                        Data Ascii: JvW^?.ghySY8yj9[q79.P6=79.nV\\Nens=|3 _r|kJyQN'~+;\UidU>[9,60Pk]h(WTa3|op*{:@AP_Oj;flIe -B
                                        2024-08-02 17:00:21 UTC1369INData Raw: 70 49 c3 67 73 38 e1 47 c2 1f 0f 3e 4e c5 bb 99 f8 53 89 8f b3 f1 6e 2e fe dc 2b 05 a7 e4 91 fa cf 1c 5d 04 94 56 5e 59 a4 13 45 a6 c7 36 95 7d ad dd 39 d8 5d 31 65 98 8d 6b a5 a5 5c c0 d6 6d d7 74 ca cb 5a b9 44 bd 80 ae 99 38 03 4e d2 88 cf 7b 80 7b 81 88 ea 66 51 d9 84 2a b1 a4 8c 6b 25 6d fc 7f d0 8b de 59 b2 c0 e4 1b 4c 95 ef 8f 3d 58 49 67 6f ec a7 aa cb 46 67 fd 82 7e 62 e9 41 54 1b a7 e4 a3 fe b5 0e 54 80 08 48 f9 29 c5 f8 b4 0a 9f ce 4f 4a f0 37 7c 95 15 4d f0 0c 0f 7e 30 3f 39 06 53 d2 bc e5 a9 ce de f6 51 e6 13 6f 1c 0c 74 8f 65 54 93 c0 e8 38 1b 91 fc 8d c5 34 3a 17 80 40 2e 3a 50 72 8f d5 fc e8 7f 31 6e 86 66 9b 33 a6 e2 bc eb 15 ea 2f 21 13 de d3 32 2f 5f 2b 7a 3a 82 06 30 73 a0 8e 9c 37 a9 55 57 6a cb c0 48 f3 9c cf 01 64 08 7b 8f 03 fe f1
                                        Data Ascii: pIgs8G>NSn.+]V^YE6}9]1ek\mtZD8N{{fQ*k%mYL=XIgoFg~bATTH)OJ7|M~0?9SQoteT84:@.:Pr1nf3/!2/_+z:0s7UWjHd{
                                        2024-08-02 17:00:21 UTC1369INData Raw: 48 d7 c2 01 c4 42 01 24 fa 51 1e e2 1b fd d8 87 80 57 d1 de d2 26 19 03 08 0c 74 2a cd 68 a3 db ac 5a c6 03 0c c9 0e b3 bb 34 2d bc 65 f7 bd 6e 5c ed 67 4b 13 f3 c3 e4 6e 8b 6a c9 e8 96 35 ea f3 02 03 7b 21 6d ab 00 54 fb cc 90 52 b5 ce ae 18 a2 0b 2e 6b 52 30 60 08 da 38 bc dc 17 51 b5 34 2f 35 0a e3 8d f0 7a a1 05 6a 94 1b f3 1a bf 7f 0b d9 43 d1 56 b8 62 1d 42 e5 b8 f5 68 4b 89 ca 18 f6 f2 26 f2 51 93 f8 7e 8f 8d 6c 1e b7 cd 5e 40 f1 d0 b6 a3 66 56 63 51 43 f6 32 d3 82 ec 64 4f 44 5c f1 c1 31 cd 52 5e cb e3 7b dd b3 35 79 e3 cf d9 be 6c 52 cc 97 4d 42 5f 36 07 5b f9 70 82 2f 9b 66 97 c1 2d 47 3c a8 a5 83 34 1d 8a 3a e1 20 a1 cc 3a 61 fe db c2 43 a5 e9 a2 41 85 34 49 a9 49 6d 2d d4 1a 5a b5 d1 b9 4c 69 29 da b1 56 e8 87 54 2b 5c 4c 0c 70 13 ea 75 cf 6a
                                        Data Ascii: HB$QW&t*hZ4-en\gKnj5{!mTR.kR0`8Q4/5zjCVbBhK&Q~l^@fVcQC2dOD\1R^{5ylRMB_6[p/f-G<4: :aCA4IIm-ZLi)VT+\Lpuj


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        55192.168.2.1749774104.16.148.1304436580C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe
                                        TimestampBytes transferredDirectionData
                                        2024-08-02 17:00:29 UTC127OUTGET /13.900.0.1080/WebCompanion-13.900.0.1080-prod.zip HTTP/1.1
                                        Host: wcdownloadercdn.lavasoft.com
                                        Connection: Keep-Alive
                                        2024-08-02 17:00:29 UTC381INHTTP/1.1 200 OK
                                        Date: Fri, 02 Aug 2024 17:00:29 GMT
                                        Content-Type: application/zip
                                        Content-Length: 10494317
                                        Connection: close
                                        ETag: "3718275022"
                                        Last-Modified: Wed, 15 May 2024 10:29:47 GMT
                                        CF-Cache-Status: HIT
                                        Age: 1292
                                        Expires: Fri, 02 Aug 2024 21:00:29 GMT
                                        Cache-Control: public, max-age=14400
                                        Accept-Ranges: bytes
                                        Server: cloudflare
                                        CF-RAY: 8acf9fdeaa677cab-EWR
                                        2024-08-02 17:00:29 UTC988INData Raw: 50 4b 03 04 14 00 00 00 08 00 d3 25 ae 58 c9 f2 0a dc 46 46 03 00 98 24 07 00 13 00 00 00 41 70 70 6c 69 63 61 74 69 6f 6e 2f 37 7a 61 2e 65 78 65 ec bd 79 78 54 45 d6 38 7c 7b 49 d2 59 48 27 40 43 58 c4 56 5b 8d 84 25 43 50 93 34 68 5f d2 4d 6e 43 47 40 44 51 a3 a0 68 0b ae 18 fa 86 20 8b 60 27 be e9 5c 5b 1d c5 19 75 1c c7 79 67 9c cf 19 97 51 47 59 5c bb 13 c8 c2 be b8 b0 8c 8a 7b 85 16 64 91 10 b6 dc ef 9c 53 b7 b7 10 a2 cf f7 fc 7e ff 7d 79 9e f4 dd aa 4e 9d 3a 75 ea d4 a9 53 a7 4e 55 dc f4 a4 60 10 04 c1 08 ff aa 2a 08 6b 04 fe e7 10 7e fd 8f c1 7f f6 f9 ef 65 0b ef a4 6f be 60 8d ce b3 f9 82 eb e6 ce 5b 60 9d 5f f5 c0 5d 55 b7 dd 67 9d 73 db fd f7 3f e0 b3 de 7e a7 b5 4a be df 3a ef 7e ab 73 ca 74 eb 7d 0f dc 71 e7 a8 3e 7d 32 6c 1a 8c f3 87 dd dd
                                        Data Ascii: PK%XFF$Application/7za.exeyxTE8|{IYH'@CXV[%CP4h_MnCG@DQh `'\[uygQGY\{dS~}yN:uSNU`*k~eo`[`_]Ugs?~J:~st}q>}2l
                                        2024-08-02 17:00:29 UTC1369INData Raw: 24 23 7a 68 16 65 1b d6 f6 c2 2b 0c 82 7f 89 ad 50 f0 0d c7 24 f9 1c 18 0a 38 68 10 2c ec c3 6c ed 56 62 6f c3 6d fb fd 54 69 fc f2 b7 f8 97 67 a3 b7 c5 2c 88 25 fb d7 cd 25 ee 8b b7 51 b0 a2 98 0d de 1e 6d 9f 4d 67 b5 71 b0 42 62 27 b7 f5 f6 3d 9f ed e9 e5 bb 12 c4 aa 32 33 2f 1d 93 38 81 1f ad dd fa ae 14 6b b7 0a e5 90 47 f9 46 52 0e 17 ed 2d b9 c9 64 ae 3d 4f 8f b4 d7 7b fd c5 23 cd 75 39 f0 a0 34 69 e4 73 06 ef 51 95 88 d3 be b1 fa 41 e8 f4 6e 65 a0 72 aa 78 b0 af 9f 84 dd 51 52 43 c5 79 f2 71 85 a7 14 ed 67 96 95 04 cb 75 a2 dd 69 33 2d cc 77 2b 59 36 e0 4b 3d db d1 4f 10 4a 9b 7c d9 ca fa 28 48 e5 e7 48 8e 96 29 92 a6 dd a8 eb dd fe 96 3c fb 6b b6 57 e0 a1 ea 8f 4e 7b 64 e9 40 29 78 8d 55 0a 5a 76 6f 33 0a 6c df 00 41 18 13 6a af 86 51 46 0c ce 80
                                        Data Ascii: $#zhe+P$8h,lVbomTig,%%QmMgqBb'=23/8kGFR-d=O{#u94isQAnerxQRCyqgui3-w+Y6K=OJ|(HH)<kWN{d@)xUZvo3lAjQF
                                        2024-08-02 17:00:29 UTC1369INData Raw: 6f 01 92 a9 81 72 98 19 0c 9d 00 5c 03 59 ae 80 c1 ad 64 96 c9 37 92 0b a1 2b 53 50 08 39 6d 33 71 74 cb 26 71 d8 ca fe 60 e1 63 1b ca a3 2d ac 76 04 f5 84 c2 59 b7 26 4b 94 c4 3e 33 93 0d 4e 11 12 f5 5e f1 3a 69 c5 4f cb b1 9e d1 01 44 54 18 2a 3b f0 38 97 b4 6f ae b0 ce 65 83 7c 28 66 1d a5 2d 72 4a 3b 33 e0 10 ad 69 80 73 d9 25 f7 c2 14 92 3e 6c c5 0f 2b 96 d8 f2 f7 a9 ea c3 55 29 ed 1f 1b a2 aa ed 97 a0 d7 3c b9 e2 cc 9b 30 01 35 d7 4e 00 96 5a 71 e6 2d ba bf 42 c7 93 cc 64 8b fb 90 d4 01 55 15 74 a2 3b aa 73 51 ae e2 fb bf e0 e0 8e af 3d c1 c7 6c ad a4 12 81 d0 bd 0e 68 41 a5 33 ad f4 21 38 aa cf 64 25 c6 98 7a 39 0a 6f db ed 80 03 48 f8 56 52 0d 00 8a 4f 4b 98 13 4f 98 42 09 fb 6a c8 ce 65 97 dd 23 08 1e a5 d2 36 53 cb 37 a1 7e 5c 9e 02 63 a7 dd 97
                                        Data Ascii: or\Yd7+SP9m3qt&q`c-vY&K>3N^:iODT*;8oe|(f-rJ;3is%>l+U)<05NZq-BdUt;sQ=lhA3!8d%z9oHVROKOBje#6S7~\c
                                        2024-08-02 17:00:29 UTC1369INData Raw: 63 ef f8 41 c2 42 a3 d7 df 68 f5 06 72 71 34 32 af ce f5 d6 ed 90 bf 6b da 14 d5 c7 78 e3 79 94 af 61 b4 18 6a f3 2a 4b 05 34 e4 a2 44 f7 da bf f2 4d f3 fa 4f dd 56 95 0b bf 0f 2d 4c 09 2e d8 17 01 4d f2 d4 c3 0b 53 bc ca d1 48 96 79 f5 46 d5 e2 f8 00 2b 71 c8 eb 57 6f ab 1a 06 bf 0f 2d 4c f5 fa 7f b6 46 fa c2 fd c3 d5 90 66 ab 6a 19 4a 69 3a bd f6 e3 72 5f 6f dd 5e 79 25 ef 79 9a 5c 87 5e 79 78 13 e8 fe e9 91 e1 2e a8 a0 1b d0 04 fd 94 e3 9e 02 3a 74 c8 1a 14 3f 1e 37 68 a1 61 79 d8 6a 5e d5 06 b5 0d cb 59 0d 19 a0 1c d7 b6 c9 9b df d4 01 00 ac 6f 16 52 2e 4f e2 a3 2e 0c c9 40 1a bb 0e 2a 15 f2 fd 00 09 20 19 96 b1 dd d5 a0 77 36 64 b8 21 95 da e8 2a 0d fb 2e c4 a2 00 78 aa 18 94 ac 30 e7 68 68 15 79 69 46 98 0d 59 c5 d2 36 d9 04 70 e5 d6 68 31 08 03 80
                                        Data Ascii: cABhrq42kxyaj*K4DMOV-L.MSHyF+qWo-LFfjJi:r_o^y%y\^yx.:t?7hayj^YoR.O.@* w6d!*.x0hhyiFY6ph1
                                        2024-08-02 17:00:29 UTC1369INData Raw: 57 5e b3 d1 64 1a 2d 78 47 82 fd 0b 2a 94 76 04 3e 17 80 13 64 ad b6 9f e1 c4 cb 0f 80 9d 41 17 cc c6 b3 ec c0 47 6e e5 53 36 1f 5e f1 02 f2 63 2b 09 bc 1f 89 8a c3 54 a1 98 9c ca 04 a8 76 5f 9c 14 3a 6d e4 e2 11 80 19 11 ab 51 a3 53 8f c2 84 be 87 cb ef 6d 5e b1 c4 14 f0 d8 1c 4e a5 cd 67 4e 68 8e 12 93 fc 0b 2d 91 56 28 ad 31 a8 1b d9 a8 24 48 67 8d 1f 38 68 b0 65 87 7a 18 3f 34 8e 8c 8e 20 b1 3e 6d 5e b5 e7 3d 6e 6d 3e c1 6e 3b a3 8d 00 2d 5e 31 30 c4 2b b6 94 e9 f9 54 64 16 95 a5 c9 ae bd dc d8 ea 2d 19 0c 3a 3a c8 0f 40 58 6d 22 f6 f9 05 9a fb 3c 9a 65 65 3b 83 65 3a 20 1a 32 8e 7d 25 f6 bf e6 38 ff 27 c3 29 1e 1c 13 81 4d 5c 04 ee 64 bb 4e ab 6a 1d 34 c5 30 df 40 b7 b2 51 d9 69 5e 95 26 81 64 0e 90 6e 28 a9 1b e4 83 80 9c f1 66 21 19 6e b7 f1 ec e9
                                        Data Ascii: W^d-xG*v>dAGnS6^c+Tv_:mQSm^NgNh-V(1$Hg8hez?4 >m^=nm>n;-^10+Td-::@Xm"<ee;e: 2}%8')M\dNj40@Qi^&dn(f!n
                                        2024-08-02 17:00:29 UTC1369INData Raw: 84 41 a0 2e a4 b0 9a 0b 5d ca 3a 34 0d 6f 61 af 9f 46 fd 0d 6a 8a 0f 87 40 a7 15 0d 07 ec f7 9b aa 36 24 29 ac 09 e3 7b 31 88 d0 16 91 34 45 51 61 a4 22 3a 95 49 d0 72 47 a0 1a d0 c4 e6 da 97 04 5c 3a d4 2b 9b 8b 76 80 46 cb fd 9a d0 c8 2f d0 22 40 fe 3f 10 49 a5 53 b6 a9 96 fe 74 ef ab 82 29 d2 8a a9 7c 8a 34 1b 52 ce f6 5d 63 14 d8 a7 8f 01 e7 d8 cb b2 aa 33 10 d3 8d ec 2f 47 b0 25 0c 4e 18 c5 3c 4a 6a d1 0e 65 73 60 89 2d 1f 57 db ad aa 65 c7 cb 08 49 c6 c9 d6 95 67 41 52 10 52 a0 cc 84 d3 3b 50 6a 8d 12 69 a8 c5 bc 66 ce fa 24 9f 42 8f f2 5f 6e 7f d6 79 94 bf db b0 2a ae a2 0e 67 e0 41 93 b3 be d0 55 3f d6 86 75 05 ed c6 a3 ec 77 d9 b7 50 75 33 75 54 dd 8a c0 82 4e f8 3f e4 0a 2c 60 80 dc 56 b8 df a7 5a 26 00 5e a2 bd 59 39 24 8f 56 2d 17 f3 07 73 ed
                                        Data Ascii: A.]:4oaFj@6$){14EQa":IrG\:+vF/"@?ISt)|4R]c3/G%N<Jjes`-WeIgARR;Pjif$B_ny*gAU?uwPu3uTN?,`VZ&^Y9$V-s
                                        2024-08-02 17:00:29 UTC1369INData Raw: e6 3a d4 cb 00 19 f3 ca 50 fb 03 70 fb a6 ae 1d 5d d8 34 bd 9e e6 03 1b d0 6d 20 38 74 02 a8 63 92 7d 0f fa fe 95 e1 9c a5 d2 97 0d bf a3 7d 26 c9 0e 44 d8 25 33 50 5c dc 4a 9b a7 a0 d1 bd bd 93 2d 26 f3 0b f0 dd 56 ae 3c b5 ff e3 20 1a 3d 7b 81 3b da eb 5f dc 55 09 5d 1b 2e a3 65 23 70 70 d7 6f 2f 2e ab 7b 71 57 1e e4 36 d6 e9 49 56 8a 3d b1 8e fe e3 61 cc b0 d5 19 74 c0 3c c7 30 29 d8 df c1 fe 8b c6 f3 84 05 16 65 9a a9 08 cd b2 30 9f 49 f7 fa 4b 86 fb fa c1 ef d5 be 3e 2a ad 5b da 1b ab f6 f3 15 59 18 10 8a 76 78 ed 8d be 7c af 7f 91 be 54 be c0 5b 32 cd 28 0f f1 8e bf 4d a8 4a f5 8e 7f 48 a8 06 69 26 0a 7c cd 92 4c 75 0d 8d f1 39 d7 f2 45 b9 82 af 70 f9 a2 be 82 6f f8 f2 45 fd 04 9f ed 7d 4c 52 72 a3 09 f4 27 45 07 83 fd 88 bf 62 5b 9a c8 b5 23 ff 45
                                        Data Ascii: :Pp]4m 8tc}}&D%3P\J-&V< ={;_U].e#ppo/.{qW6IV=at<0)e0IK>*[Yvx|T[2(MJHi&|Lu9EpoE}LRr'Eb[#E
                                        2024-08-02 17:00:29 UTC1369INData Raw: b5 df a9 ea 93 4a 93 12 b1 9f aa be 97 76 1e 57 08 5e d1 3f 2e ab d2 67 a2 eb 68 79 b2 53 59 af 99 38 79 9e 6a d0 1d 39 5b bc f6 09 d2 9a cf d4 71 37 82 39 b6 d7 2e 15 f5 50 03 36 3d 37 01 1d 39 a5 17 82 2e 1d 6e 56 5c a7 b7 ff 5c f5 c7 82 4e 65 1b 6e 73 c6 3d 7c e4 33 89 90 87 c6 20 5f db 0d 72 7c 17 df 6b df d1 4a b6 b6 d3 e1 79 80 ab f9 51 4e fe 84 c8 27 f5 d0 10 c9 7e 94 1b fe d0 db 1e bb e5 c4 2b 3b 93 5c 96 cf fa fe 55 fc bb b3 de 69 cb d3 64 14 b5 55 3e b6 95 5b 39 2c 36 30 50 cd 80 6b 5d 0d ad 1e a5 b1 68 07 bb ec 04 17 c1 cd a9 02 28 a4 57 e2 16 cb 54 9d b3 61 33 e8 7c 6f eb 70 2a 86 7b b1 1c 0d 0c 3a a8 ce fc e8 40 f2 eb 07 1a e6 e0 a7 41 9d aa 8a 16 09 50 5f ea 4f 6a 3b d4 80 66 85 6c d7 49 cd 65 bb 10 dd 20 80 e7 2d d8 8d af 42 04 95 8d ec 8a
                                        Data Ascii: JvW^?.ghySY8yj9[q79.P6=79.nV\\Nens=|3 _r|kJyQN'~+;\UidU>[9,60Pk]h(WTa3|op*{:@AP_Oj;flIe -B
                                        2024-08-02 17:00:29 UTC1369INData Raw: 70 49 c3 67 73 38 e1 47 c2 1f 0f 3e 4e c5 bb 99 f8 53 89 8f b3 f1 6e 2e fe dc 2b 05 a7 e4 91 fa cf 1c 5d 04 94 56 5e 59 a4 13 45 a6 c7 36 95 7d ad dd 39 d8 5d 31 65 98 8d 6b a5 a5 5c c0 d6 6d d7 74 ca cb 5a b9 44 bd 80 ae 99 38 03 4e d2 88 cf 7b 80 7b 81 88 ea 66 51 d9 84 2a b1 a4 8c 6b 25 6d fc 7f d0 8b de 59 b2 c0 e4 1b 4c 95 ef 8f 3d 58 49 67 6f ec a7 aa cb 46 67 fd 82 7e 62 e9 41 54 1b a7 e4 a3 fe b5 0e 54 80 08 48 f9 29 c5 f8 b4 0a 9f ce 4f 4a f0 37 7c 95 15 4d f0 0c 0f 7e 30 3f 39 06 53 d2 bc e5 a9 ce de f6 51 e6 13 6f 1c 0c 74 8f 65 54 93 c0 e8 38 1b 91 fc 8d c5 34 3a 17 80 40 2e 3a 50 72 8f d5 fc e8 7f 31 6e 86 66 9b 33 a6 e2 bc eb 15 ea 2f 21 13 de d3 32 2f 5f 2b 7a 3a 82 06 30 73 a0 8e 9c 37 a9 55 57 6a cb c0 48 f3 9c cf 01 64 08 7b 8f 03 fe f1
                                        Data Ascii: pIgs8G>NSn.+]V^YE6}9]1ek\mtZD8N{{fQ*k%mYL=XIgoFg~bATTH)OJ7|M~0?9SQoteT84:@.:Pr1nf3/!2/_+z:0s7UWjHd{
                                        2024-08-02 17:00:29 UTC1369INData Raw: 48 d7 c2 01 c4 42 01 24 fa 51 1e e2 1b fd d8 87 80 57 d1 de d2 26 19 03 08 0c 74 2a cd 68 a3 db ac 5a c6 03 0c c9 0e b3 bb 34 2d bc 65 f7 bd 6e 5c ed 67 4b 13 f3 c3 e4 6e 8b 6a c9 e8 96 35 ea f3 02 03 7b 21 6d ab 00 54 fb cc 90 52 b5 ce ae 18 a2 0b 2e 6b 52 30 60 08 da 38 bc dc 17 51 b5 34 2f 35 0a e3 8d f0 7a a1 05 6a 94 1b f3 1a bf 7f 0b d9 43 d1 56 b8 62 1d 42 e5 b8 f5 68 4b 89 ca 18 f6 f2 26 f2 51 93 f8 7e 8f 8d 6c 1e b7 cd 5e 40 f1 d0 b6 a3 66 56 63 51 43 f6 32 d3 82 ec 64 4f 44 5c f1 c1 31 cd 52 5e cb e3 7b dd b3 35 79 e3 cf d9 be 6c 52 cc 97 4d 42 5f 36 07 5b f9 70 82 2f 9b 66 97 c1 2d 47 3c a8 a5 83 34 1d 8a 3a e1 20 a1 cc 3a 61 fe db c2 43 a5 e9 a2 41 85 34 49 a9 49 6d 2d d4 1a 5a b5 d1 b9 4c 69 29 da b1 56 e8 87 54 2b 5c 4c 0c 70 13 ea 75 cf 6a
                                        Data Ascii: HB$QW&t*hZ4-en\gKnj5{!mTR.kR0`8Q4/5zjCVbBhK&Q~l^@fVcQC2dOD\1R^{5ylRMB_6[p/f-G<4: :aCA4IIm-ZLi)VT+\Lpuj


                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        High Level Behavior Distribution

                                        Click to dive into process behavior distribution

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        General

                                        Target ID:0
                                        Start time:12:58:23
                                        Start date:02/08/2024
                                        Path:C:\Users\user\Desktop\Setup.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\Setup.exe"
                                        Imagebase:0x400000
                                        File size:545'352 bytes
                                        MD5 hash:13F5FECF34A18AF19E500F24F21434D4
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:1
                                        Start time:12:58:23
                                        Start date:02/08/2024
                                        Path:C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe
                                        Wow64 process (32bit):true
                                        Commandline:.\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN230901 --nonadmin --direct --tych --campaign=16075236377 --version=13.900.0.1080
                                        Imagebase:0x10000
                                        File size:438'936 bytes
                                        MD5 hash:A27F9713DB1688D03D2082BFA1827803
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\7zSC52CA132\WebCompanion-Installer.exe, Author: Joe Security
                                        Antivirus matches:
                                        • Detection: 21%, ReversingLabs
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:14
                                        Start time:12:59:40
                                        Start date:02/08/2024
                                        Path:C:\Users\user\Desktop\Setup.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\Setup.exe"
                                        Imagebase:0x400000
                                        File size:545'352 bytes
                                        MD5 hash:13F5FECF34A18AF19E500F24F21434D4
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Reputation:low
                                        Has exited:false

                                        General

                                        Target ID:15
                                        Start time:12:59:41
                                        Start date:02/08/2024
                                        Path:C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe
                                        Wow64 process (32bit):true
                                        Commandline:.\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN230901 --nonadmin --direct --tych --campaign=16075236377 --version=13.900.0.1080
                                        Imagebase:0x300000
                                        File size:438'936 bytes
                                        MD5 hash:A27F9713DB1688D03D2082BFA1827803
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\7zS43EAAD03\WebCompanion-Installer.exe, Author: Joe Security
                                        Antivirus matches:
                                        • Detection: 21%, ReversingLabs
                                        Reputation:low
                                        Has exited:false

                                        Disassembly

                                        Reset < >

                                          Execution Graph

                                          Execution Coverage:12.2%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:0%
                                          Total number of Nodes:6
                                          Total number of Limit Nodes:0
                                          execution_graph 47559 679c8e8 47560 679c906 47559->47560 47563 679b240 47560->47563 47562 679c93d 47565 679e408 LoadLibraryA 47563->47565 47566 679e4e4 47565->47566

                                          Executed Functions

                                          Function 0231F0D0 Relevance: .8, Instructions: 751COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6f2aaac21fbab87d004f663b2befdfe0fae284993443db8627f2d6c9e550cff1
                                          • Instruction ID: 59f00f07675a4d61d6538a822d2d573c5057623b89ed10bb6d578d5e20aa068b
                                          • Opcode Fuzzy Hash: 6f2aaac21fbab87d004f663b2befdfe0fae284993443db8627f2d6c9e550cff1
                                          • Instruction Fuzzy Hash: 0662FD74B002149FDB18DF64D858BADBBB2FF88315F1084A9E90AA77A5DB349D81CF50
                                          Function 02310DE0 Relevance: .6, Instructions: 607COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: acdf8d098ea6cfd4a61c1d6fa55aa3aa6029cddde4f007323fc672fc7eb01cf8
                                          • Instruction ID: 7feef7e91e96d29006cbe0e205a8a7003ae3e7a2c5da2e0f46ae68529e9a811c
                                          • Opcode Fuzzy Hash: acdf8d098ea6cfd4a61c1d6fa55aa3aa6029cddde4f007323fc672fc7eb01cf8
                                          • Instruction Fuzzy Hash: 19421374A012148FDB18EF74E858BAD7BF2EB89301F108569D80AAB764DF309D46CF91
                                          Function 063888B7 Relevance: .5, Instructions: 468COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1784640038.0000000006380000.00000040.00000800.00020000.00000000.sdmp, Offset: 06380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6380000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2a3df9365de54a6add5568824187fc5e05764a9e2e821cdd87c1db106385a2c7
                                          • Instruction ID: 0873a174ccd41840e93fa470138406408cd65753ec17ffbc3aec719914040057
                                          • Opcode Fuzzy Hash: 2a3df9365de54a6add5568824187fc5e05764a9e2e821cdd87c1db106385a2c7
                                          • Instruction Fuzzy Hash: 9F225930D1071ACFDB24EF64C8447D8B7B2FF95300F51869AD9497B251EB70AA89CB91
                                          Function 02314A68 Relevance: 2.0, Instructions: 1978COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 219 2314a68-2316bb8 call 2314938 call 2317b81 609 2316bbe-2316bc6 219->609 611 2316c30-2316c33 609->611 612 2316bc8-2316bdf 609->612 615 2316be1-2316bea 612->615 616 2316c00 612->616 617 2316bf1-2316bf4 615->617 618 2316bec-2316bef 615->618 619 2316c03-2316c13 616->619 620 2316bfe 617->620 618->620 622 2316c21 619->622 623 2316c15-2316c1f 619->623 620->619 624 2316c28-2316c2b 622->624 623->624 624->611
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2e324fc91aae779d004a240860224bde269a41103b3e4d4d0743df320da3f0c6
                                          • Instruction ID: b59fded7791c6b923299359ae72103dc38a0c666efddf2581b966e018c458b81
                                          • Opcode Fuzzy Hash: 2e324fc91aae779d004a240860224bde269a41103b3e4d4d0743df320da3f0c6
                                          • Instruction Fuzzy Hash: 4A235239902344DFCB566FB0CA58A5DB772FB4A346B20847AED066A724CB7B8C51DF04
                                          Function 02314A58 Relevance: 2.0, Instructions: 1977COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 626 2314a58-2316b9d 1012 2316ba5-2316bb8 call 2314938 call 2317b81 626->1012 1016 2316bbe-2316bc6 1012->1016 1018 2316c30-2316c33 1016->1018 1019 2316bc8-2316bdf 1016->1019 1022 2316be1-2316bea 1019->1022 1023 2316c00 1019->1023 1024 2316bf1-2316bf4 1022->1024 1025 2316bec-2316bef 1022->1025 1026 2316c03-2316c13 1023->1026 1027 2316bfe 1024->1027 1025->1027 1029 2316c21 1026->1029 1030 2316c15-2316c1f 1026->1030 1027->1026 1031 2316c28-2316c2b 1029->1031 1030->1031 1031->1018
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ae6ca089eb72fcfc532974fc85ffa9582d5e4c7e8226133b561f273ea00f3b98
                                          • Instruction ID: b7c1351f2aea17098c55546f8ff32193b6abb0423066cd62860d55013eccbfb5
                                          • Opcode Fuzzy Hash: ae6ca089eb72fcfc532974fc85ffa9582d5e4c7e8226133b561f273ea00f3b98
                                          • Instruction Fuzzy Hash: F9235239902344DFCB566F70CA58A5DB772FB4A346B2084BAED066A724CB7B8C51DF04
                                          Function 0679B240 Relevance: 1.6, APIs: 1, Instructions: 89libraryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1033 679b240-679e45f 1035 679e498-679e4e2 LoadLibraryA 1033->1035 1036 679e461-679e46b 1033->1036 1041 679e4eb-679e51c 1035->1041 1042 679e4e4-679e4ea 1035->1042 1036->1035 1037 679e46d-679e46f 1036->1037 1039 679e471-679e47b 1037->1039 1040 679e492-679e495 1037->1040 1043 679e47d 1039->1043 1044 679e47f-679e48e 1039->1044 1040->1035 1048 679e52c 1041->1048 1049 679e51e-679e522 1041->1049 1042->1041 1043->1044 1044->1044 1045 679e490 1044->1045 1045->1040 1051 679e52d 1048->1051 1049->1048 1050 679e524 1049->1050 1050->1048 1051->1051
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1784982204.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6790000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: 35df4f09d741366caa86509d9b9b084ad14f8dc6fece07fe7ee197357d2713a5
                                          • Instruction ID: 8648aadb8148f04901a2492a9a5c61efd9d9815623ac7eed15dcd08985b37d88
                                          • Opcode Fuzzy Hash: 35df4f09d741366caa86509d9b9b084ad14f8dc6fece07fe7ee197357d2713a5
                                          • Instruction Fuzzy Hash: B63123B0D002499FDF54CFA9D845BAEBBF1EF08710F14852AE815A7350E7759481CFA6
                                          Function 0679E3FC Relevance: 1.6, APIs: 1, Instructions: 89libraryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1052 679e3fc-679e45f 1054 679e498-679e4e2 LoadLibraryA 1052->1054 1055 679e461-679e46b 1052->1055 1060 679e4eb-679e51c 1054->1060 1061 679e4e4-679e4ea 1054->1061 1055->1054 1056 679e46d-679e46f 1055->1056 1058 679e471-679e47b 1056->1058 1059 679e492-679e495 1056->1059 1062 679e47d 1058->1062 1063 679e47f-679e48e 1058->1063 1059->1054 1067 679e52c 1060->1067 1068 679e51e-679e522 1060->1068 1061->1060 1062->1063 1063->1063 1064 679e490 1063->1064 1064->1059 1070 679e52d 1067->1070 1068->1067 1069 679e524 1068->1069 1069->1067 1070->1070
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1784982204.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6790000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: 7c69c4af4e5a30ec18f51d2ce98a4c7bf827d947ef1fb55212b3fde468f71da1
                                          • Instruction ID: 32603027584787e3c1e4bfd2d2969414f4a6ddb606857629ae623cdda912af55
                                          • Opcode Fuzzy Hash: 7c69c4af4e5a30ec18f51d2ce98a4c7bf827d947ef1fb55212b3fde468f71da1
                                          • Instruction Fuzzy Hash: 5A3153B0D002499FDF54CFA9D885BAEBBF1AF08700F148129E815E7350E7759485CFA6
                                          Function 0690DA30 Relevance: 1.4, Strings: 1, Instructions: 131COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2365 690da30-690da3e 2367 690da45-690da68 2365->2367 2369 690da6a-690daa3 call 690dc6b 2367->2369 2373 690daa5-690dad8 2369->2373 2374 690dada-690dae2 2369->2374 2373->2374 2376 690daea-690dafe 2374->2376 2377 690db00-690db36 2376->2377 2378 690db3b-690db5f 2376->2378 2377->2378 2382 690db61-690db97 2378->2382 2383 690db9c-690dbc1 2378->2383 2382->2383
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: s/8l^
                                          • API String ID: 0-1719344705
                                          • Opcode ID: 87d9cbf9a6e72c157f3ff6ec740986960a908509dc94108ccdf42ab1f8ae6fab
                                          • Instruction ID: e2faf9d1219c0f1358c22d7a66bc2fc5a40ceb4876780aab50b74b262a2bab6d
                                          • Opcode Fuzzy Hash: 87d9cbf9a6e72c157f3ff6ec740986960a908509dc94108ccdf42ab1f8ae6fab
                                          • Instruction Fuzzy Hash: 5241C134A063545FE742EF68D8106EA7FF2EF82304F14859AD441DF2A2DB718A4ACBD1
                                          Function 0690DA70 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2430 690da70-690daa3 call 690dc6b 2433 690daa5-690dad8 2430->2433 2434 690dada-690dae2 2430->2434 2433->2434 2436 690daea-690dafe 2434->2436 2437 690db00-690db36 2436->2437 2438 690db3b-690db5f 2436->2438 2437->2438 2442 690db61-690db97 2438->2442 2443 690db9c-690dbc1 2438->2443 2442->2443
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: s/8l^
                                          • API String ID: 0-1719344705
                                          • Opcode ID: 797158e9f2c0e67ccf92abfaddf26589c0625d0c557f313397e2d5eb2778cad4
                                          • Instruction ID: 190a0445b23df2965bbf006866f803e557e3a2f80b944ea58792a5bf0a2a7349
                                          • Opcode Fuzzy Hash: 797158e9f2c0e67ccf92abfaddf26589c0625d0c557f313397e2d5eb2778cad4
                                          • Instruction Fuzzy Hash: 9931D374A012089FE741EF64D8406AEBFE2FB85704F1085A9D406DF3A5DB719A468FD1
                                          Function 0690CEFF Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2473 690ceff-690cf0c 2474 690cedd-690cede 2473->2474 2475 690cf0e-690cf60 2473->2475 2477 690cee4-690cef6 2474->2477 2494 690cf62 call 690cf80 2475->2494 2495 690cf62 call 690cf70 2475->2495 2480 690ceb2-690ceb6 2477->2480 2481 690cef8-690cefd 2477->2481 2482 690ceb8-690cebb 2480->2482 2483 690cebd-690cec4 2480->2483 2485 690ceca-690cecc 2482->2485 2483->2485 2485->2477 2486 690cece-690ced4 2485->2486 2488 690ced6 2486->2488 2489 690ced8-690ceda 2486->2489 2488->2477 2489->2477 2493 690cf68-690cf6c 2494->2493 2495->2493
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 3<8l^
                                          • API String ID: 0-2082782841
                                          • Opcode ID: 259ddbee9ad0fd65786e4471b8af160c47b3c7add402e59b23a1934d0413d3f2
                                          • Instruction ID: 181f6342f957aa627e24b77ae9ced88fc8356b20f192ee107434937b2bbc5344
                                          • Opcode Fuzzy Hash: 259ddbee9ad0fd65786e4471b8af160c47b3c7add402e59b23a1934d0413d3f2
                                          • Instruction Fuzzy Hash: C901D632604245AFC321AB6DEC418DBBBA6EFC53743108676E59D8F621EE305D458BE4
                                          Function 0690D048 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: c;8l^
                                          • API String ID: 0-3655354635
                                          • Opcode ID: a3e98ffee67d6eca78dbd698387b8ab83f177941784b70a633fa12bb9c5ad1a8
                                          • Instruction ID: b978801f83e1f0d2a72d87a7595761fbf06bd19ed39acb0b9fe8c7a26e9aeb9c
                                          • Opcode Fuzzy Hash: a3e98ffee67d6eca78dbd698387b8ab83f177941784b70a633fa12bb9c5ad1a8
                                          • Instruction Fuzzy Hash: 7DF046343042148FC20AB734A8216AE7BE6DF8632070442AAE942CB395DF252D038BDA
                                          Function 0690CF10 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 3<8l^
                                          • API String ID: 0-2082782841
                                          • Opcode ID: a250951387215777073aeb3857f332479cdf569d857ea3e8f193b967b40ad7d2
                                          • Instruction ID: 6df73099cdbf4777aeca2a1f243d407a48e69d754898ef5691a6e794eb480ca1
                                          • Opcode Fuzzy Hash: a250951387215777073aeb3857f332479cdf569d857ea3e8f193b967b40ad7d2
                                          • Instruction Fuzzy Hash: 66F054312006459BC310E75ED88089EBB96EBC5364310C629D15D8B724DF70A9059BD4
                                          Function 0690D058 Relevance: 1.3, Strings: 1, Instructions: 31COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: c;8l^
                                          • API String ID: 0-3655354635
                                          • Opcode ID: 9492239b60cee96c90f33efc43d016191032b73f7513460c7fc8842471236a1e
                                          • Instruction ID: 5a721c486b266be980eee097a1ed0d8890fffb80433b77983c9e9f8c987d676c
                                          • Opcode Fuzzy Hash: 9492239b60cee96c90f33efc43d016191032b73f7513460c7fc8842471236a1e
                                          • Instruction Fuzzy Hash: 1EF0A7303002155BD609B724A811AAF76DADBC5724B10866AE9039F384DF756D024BDA
                                          Function 02317240 Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: k9Y!0
                                          • API String ID: 0-1825060378
                                          • Opcode ID: 7190f21ec30e06ef00fb11385632cc4ee1faf00551f5ab6e65a37cdfc10e099a
                                          • Instruction ID: 4ec97e3c6d02163789fed7f7abcff3a8f40bc4d3623ac37c05cb991b28dd1baa
                                          • Opcode Fuzzy Hash: 7190f21ec30e06ef00fb11385632cc4ee1faf00551f5ab6e65a37cdfc10e099a
                                          • Instruction Fuzzy Hash: 32E02B3510C2441FD7069F7C28503D93FA58B85070F0505A6D2989B203E8600613C7E9
                                          Function 02317250 Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: k9Y!0
                                          • API String ID: 0-1825060378
                                          • Opcode ID: 90d21b084c50dc33cdc33ef205bb13e0c095c91e642cd61fe15b282e3cc5d24b
                                          • Instruction ID: f9355f3a8b7e2355e8493aa57cdabea5d73dbc8cba3ece1fadac61cd79ff59f8
                                          • Opcode Fuzzy Hash: 90d21b084c50dc33cdc33ef205bb13e0c095c91e642cd61fe15b282e3cc5d24b
                                          • Instruction Fuzzy Hash: 83D022326043182B6B04EAAD58004CE7FDDCA800B0B00417BC108DB200EC702A4082E9
                                          Function 0690DC6B Relevance: 1.3, Strings: 1, Instructions: 13COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: PCi
                                          • API String ID: 0-2093429400
                                          • Opcode ID: 985e2f39cfd3a937f5e7e6febdfa1fbfc850e7c264134dae05f2de4825fe385d
                                          • Instruction ID: a74bfa317918b865aa091048273dd828602d80e7cf6d92dd28784c2b9d8ac182
                                          • Opcode Fuzzy Hash: 985e2f39cfd3a937f5e7e6febdfa1fbfc850e7c264134dae05f2de4825fe385d
                                          • Instruction Fuzzy Hash: ADC080151062904FCF165B1DD4106C33F715B86300F124492D4945F347D9554A05CFF1
                                          Function 0231D9E0 Relevance: .3, Instructions: 348COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e5db986b58560cc19852011ebf676d3d7fe4570ce6b33b327c2fb64a21716f79
                                          • Instruction ID: 00d75ba1119b397ae0ad5f96a831d5c79ce3cf7bfd8c57d4f34a68a1b8836047
                                          • Opcode Fuzzy Hash: e5db986b58560cc19852011ebf676d3d7fe4570ce6b33b327c2fb64a21716f79
                                          • Instruction Fuzzy Hash: 2AE12834A00209DFDB18DF68D894A9DBBB2FF89314F148569E8469B761DB34ED42CF90
                                          Function 0231B098 Relevance: .3, Instructions: 324COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 59868f3f018404ef7c8850759aae21fdb7103d4c0f215c0908604d6acffce088
                                          • Instruction ID: 40d509aa53427a47758a0f0278fec3a613eaf834228dcac3e4cd1551bb5b9f8e
                                          • Opcode Fuzzy Hash: 59868f3f018404ef7c8850759aae21fdb7103d4c0f215c0908604d6acffce088
                                          • Instruction Fuzzy Hash: 78C129347002058FDB08DBB8D894AAEBBF3FF89314F1585B9D905AB355DB349D428BA0
                                          Function 06909D48 Relevance: .3, Instructions: 309COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3660aac13edff3296bbbbe807f8bb30fa382d5728c77d02e4dbb5a122993d211
                                          • Instruction ID: f9d2fd8b3f5f39ce839704392d88f87b1d775a9cf00e0ff72f98bdcccb8a3bb5
                                          • Opcode Fuzzy Hash: 3660aac13edff3296bbbbe807f8bb30fa382d5728c77d02e4dbb5a122993d211
                                          • Instruction Fuzzy Hash: 03B1BE30701201DFEB48ABB4C45866E3BE7AFCA201B15446DE602CB796EF35DD46CB92
                                          Function 0231F6F9 Relevance: .3, Instructions: 297COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3ae89659b78ce6dd851f8051de9f6ed75fdf2a30aae12554a9be00de36293178
                                          • Instruction ID: 83dbf4074c93335656d6ca784d0f957fdd0002dd4d0b7b2cf9377824641fbc0b
                                          • Opcode Fuzzy Hash: 3ae89659b78ce6dd851f8051de9f6ed75fdf2a30aae12554a9be00de36293178
                                          • Instruction Fuzzy Hash: 93D12734A04219DFDB29DF64D858BADBBB2FF88315F1084A9E80AA7350DB359D81CF50
                                          Function 0231E7E7 Relevance: .3, Instructions: 284COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9651f731a8bd338c4a1a238f356ad424c6ceb4419698557fbe8174aca8029c3f
                                          • Instruction ID: 2ee5aa6d1c92d67172c65e2f6bc6ab35a20aa0ab94e18142462719e1d84a6bbd
                                          • Opcode Fuzzy Hash: 9651f731a8bd338c4a1a238f356ad424c6ceb4419698557fbe8174aca8029c3f
                                          • Instruction Fuzzy Hash: 88A1AF74B042419FCB18DF68C894A6E7BB6FF89714F1580A9E906CB3A2DB35DC42CB51
                                          Function 0231AFA0 Relevance: .2, Instructions: 248COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d0695d1b0d809b8d98a35cbeb7ac0fe6da45d6c2b3ea3a665f2f03d58cbbc40b
                                          • Instruction ID: feedc8353b79f8d3e6d4d967d27b6a946a1702b13f8a3d69fd4c7df3a5e9ef97
                                          • Opcode Fuzzy Hash: d0695d1b0d809b8d98a35cbeb7ac0fe6da45d6c2b3ea3a665f2f03d58cbbc40b
                                          • Instruction Fuzzy Hash: 4F918134A04245CFDB09DB78C894AAEBBB2FF89304F1981A5D445DB366DB34DC46CBA0
                                          Function 0690DCB7 Relevance: .2, Instructions: 242COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5f8cd6f1149efaec38e4663e6d0d6a0b267a88917c4d4007788cb95d86193661
                                          • Instruction ID: 08d6315349380fd0f0d49ba2d6853b10caa3b78478d8850d3daa421f3f354783
                                          • Opcode Fuzzy Hash: 5f8cd6f1149efaec38e4663e6d0d6a0b267a88917c4d4007788cb95d86193661
                                          • Instruction Fuzzy Hash: F281A930B10208DFFBD46AA9C41053D76EA6FD971577544A6D506CFBE0EE20CD08EBA5
                                          Function 023198A0 Relevance: .2, Instructions: 207COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7d5a4d59607199b4ce282b6edcd79cd9ed0717d41adfb3f7964ed4d23981e277
                                          • Instruction ID: 2c9dc511ed7a698d1b7b5eccbe9563b9ffd648768c8aebe71f3cbaf133d6b050
                                          • Opcode Fuzzy Hash: 7d5a4d59607199b4ce282b6edcd79cd9ed0717d41adfb3f7964ed4d23981e277
                                          • Instruction Fuzzy Hash: 4361D4347062118FDB186B79982972E7AEBEF89355B088879E806CB385EF3CCC41C751
                                          Function 069083D8 Relevance: .2, Instructions: 198COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d63e699fb7b9b6314b50dc534b396912d661236f9437d1068b5c7cdf23b4f325
                                          • Instruction ID: c8af656f862954fdd2d064ff468e29a65fd1c38fc287e50c417bdc3f5cc00742
                                          • Opcode Fuzzy Hash: d63e699fb7b9b6314b50dc534b396912d661236f9437d1068b5c7cdf23b4f325
                                          • Instruction Fuzzy Hash: 3471BE74B10205DFEF44EF75D984AAEB7FAAF88244F148429E80AD7390DB34E945CB90
                                          Function 0231B047 Relevance: .2, Instructions: 196COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 07cf62b61c19fb0277f3cbaa34a2592273c62bd66ceb49e6a0cb608b4a679d21
                                          • Instruction ID: de68af14b946d7fb4b7325f6600c6af4fc1c549ef3a37377e97e9eebc511ff99
                                          • Opcode Fuzzy Hash: 07cf62b61c19fb0277f3cbaa34a2592273c62bd66ceb49e6a0cb608b4a679d21
                                          • Instruction Fuzzy Hash: A2810E34700246CFDB09DB64C994AAEBBF3FF89314F1581A5D405AB365DB349D46CBA0
                                          Function 0231B06A Relevance: .2, Instructions: 195COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 32a11222410320b3ec51f99c49fb83ba5e917ae791713ddf5f629a17cc0d63fc
                                          • Instruction ID: e3744089ab97e95db0d9812f7a045c72b770aa605a788892e0cced0e0eca0537
                                          • Opcode Fuzzy Hash: 32a11222410320b3ec51f99c49fb83ba5e917ae791713ddf5f629a17cc0d63fc
                                          • Instruction Fuzzy Hash: 04812C34A002458FDB09DB68C994AAEBBB3FF89314F1581A5D405AB366DB34DC42CBA4
                                          Function 069083CB Relevance: .2, Instructions: 191COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f06c32cc95599863f6dd2df94a8f0a1031f0694e433a4be273060980516b9c16
                                          • Instruction ID: 64fb7df9e284e8fb2ca0e9ceda8d29f9c4efdc360a481d2882388ba32b3ffc01
                                          • Opcode Fuzzy Hash: f06c32cc95599863f6dd2df94a8f0a1031f0694e433a4be273060980516b9c16
                                          • Instruction Fuzzy Hash: 0A61F474B10201DFEF54DF74D984AAEB7F6AF88250F148529D80AD77A0DB34E945CB90
                                          Function 0690801E Relevance: .2, Instructions: 190COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 56d7eea9c4ac4ab57fba21a84d837f49df4398bd017667a59076ba24441ef34f
                                          • Instruction ID: 0d964e253f74ebb34644526b6b564a793f0da90f0fb21ea0ff7b0bdaadeb3cef
                                          • Opcode Fuzzy Hash: 56d7eea9c4ac4ab57fba21a84d837f49df4398bd017667a59076ba24441ef34f
                                          • Instruction Fuzzy Hash: 35719E34B013858FDB09EF78D48089E7BF2AF95304B64446AD8459B366EB31ED4ACB91
                                          Function 0231D9D6 Relevance: .2, Instructions: 184COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d893cc4b1242f5f3e2b368660d4df8ffdae6ad5aab3382870feb70e895454b34
                                          • Instruction ID: 050292b3c860c53cf75fbe6fa7733767b17723334ef6b7f467ea8aee0b323b9c
                                          • Opcode Fuzzy Hash: d893cc4b1242f5f3e2b368660d4df8ffdae6ad5aab3382870feb70e895454b34
                                          • Instruction Fuzzy Hash: E381F934A00209DFDB18DF68D994A9DBBB2FF89315F148569E806AB361DB34ED41CF90
                                          Function 0231A180 Relevance: .2, Instructions: 170COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 06ce5aacf23e24ea264c492ca27f980017184d0c779b4b1c6344c7574a58a720
                                          • Instruction ID: 1f379937c14a57171baae774ce1c6fa19ede15a336882a7483f0655e321d77f9
                                          • Opcode Fuzzy Hash: 06ce5aacf23e24ea264c492ca27f980017184d0c779b4b1c6344c7574a58a720
                                          • Instruction Fuzzy Hash: 7251DF317062009FDB299B78A454BAE7BB7EFC9321F1844BAE506DB281DF358C46C791
                                          Function 02311846 Relevance: .2, Instructions: 170COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 53bd234df425874b344af5e5a71d6f3f798fe09d5dcb095520b4a314e7c29754
                                          • Instruction ID: 5120f5cc5e55c517ad07aafe739058ef4c86a9ccc42832c0c88adfa7108d0297
                                          • Opcode Fuzzy Hash: 53bd234df425874b344af5e5a71d6f3f798fe09d5dcb095520b4a314e7c29754
                                          • Instruction Fuzzy Hash: 5A51F570B012929FDB199B70C4547ADBBF6AF41304F24C0AAC4999B397CB39CC89C791
                                          Function 02319F30 Relevance: .2, Instructions: 162COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 868f0e59ebc5b67c02f1d569c660187c51371ae46fb8a87982105476468b10e0
                                          • Instruction ID: d3957d578bf7ac9a06d71fe768505b6488d008b1512883c759525e910247a67d
                                          • Opcode Fuzzy Hash: 868f0e59ebc5b67c02f1d569c660187c51371ae46fb8a87982105476468b10e0
                                          • Instruction Fuzzy Hash: 4B517B34B052059FDB18CF69C494AAEBBF6BF89315F1580A9E805AB351DB70EC45CBA0
                                          Function 0231CD58 Relevance: .2, Instructions: 158COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: eca1fca2fe50f31cf1fd8aa2df43d0f5c8dbd21a9d1eca215e7696d0461d9e16
                                          • Instruction ID: 63796552d0c54ec501db6c7066cc2810220c588f9a2d010f4532d67af98494ee
                                          • Opcode Fuzzy Hash: eca1fca2fe50f31cf1fd8aa2df43d0f5c8dbd21a9d1eca215e7696d0461d9e16
                                          • Instruction Fuzzy Hash: 3B41CF317052108FD319AB39A86476EBBE6EFC6664F0488BAD905CB341EF359C4687A1
                                          Function 02310CC5 Relevance: .2, Instructions: 154COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ef894cc9705cc956458ef220233327c3459a0a1ca8f73411e81cfea61744761e
                                          • Instruction ID: f4aae02bda6c0aa3487ddc78aa27335a6d1a043c645278e26f5784e1bfd8f55a
                                          • Opcode Fuzzy Hash: ef894cc9705cc956458ef220233327c3459a0a1ca8f73411e81cfea61744761e
                                          • Instruction Fuzzy Hash: 1741EFA290E3E10FD30B5734AD682887FB19E57199B0E00D7C980DF1E3EE26594BC366
                                          Function 0231D320 Relevance: .2, Instructions: 153COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e74ff337d9b9779401961a009fbf8f468703e6c11498c189e525b0c4e95730f8
                                          • Instruction ID: 8da2d08ee0b8ceb35c9f3e297c1bbd0c4d64e8608b35ffac0896f8b272f04fd8
                                          • Opcode Fuzzy Hash: e74ff337d9b9779401961a009fbf8f468703e6c11498c189e525b0c4e95730f8
                                          • Instruction Fuzzy Hash: 9D51FA35A10219EFDF18DFA4E854AADBBB6FF89314F108129E912A7364DF34AD01CB50
                                          Function 023187A0 Relevance: .1, Instructions: 142COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0b69babbbc77f20bfbd1add64d4f2a4e6b039c445ca54990aec5e3a7e2fb5dbf
                                          • Instruction ID: e6b9c5d69f101328cf5d3d4a8a36609491988dc70339a56140d07b094ce0aa1c
                                          • Opcode Fuzzy Hash: 0b69babbbc77f20bfbd1add64d4f2a4e6b039c445ca54990aec5e3a7e2fb5dbf
                                          • Instruction Fuzzy Hash: 384102313093908FD3169B78A855A5A7FE6EFCA31070888BAE549CB352EE74DC42C755
                                          Function 0231DDA7 Relevance: .1, Instructions: 140COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 86ebf87bc353cd7ed02f06a23e19919181e9997620f4768ca203aaa9dcd0ef23
                                          • Instruction ID: 60622221822fb07de6cbb20df57c172e4dd72d40e26ad9c4f75cf027c97d8dc8
                                          • Opcode Fuzzy Hash: 86ebf87bc353cd7ed02f06a23e19919181e9997620f4768ca203aaa9dcd0ef23
                                          • Instruction Fuzzy Hash: B351D835A00209DFDB18DFA4E994A9DBBB2FF89315F258455E806AB360CB34EC42CF50
                                          Function 06907943 Relevance: .1, Instructions: 137COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9cc00b2e4fa9a08e7f136e0cec558aededfedce250c5a766fff0fa7eea7a74c4
                                          • Instruction ID: 85d3e11925c218b0683bce4c58115a3d496dbfbe2c60084e7f796acacde9a372
                                          • Opcode Fuzzy Hash: 9cc00b2e4fa9a08e7f136e0cec558aededfedce250c5a766fff0fa7eea7a74c4
                                          • Instruction Fuzzy Hash: 6F41D374700201AFFB55DB69DC50B7E7BE6AB88710F248029E505DF7D1CA75E902CBA1
                                          Function 02318FD8 Relevance: .1, Instructions: 133COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2fa5ff63d6ffcd8e047e4e4be63687a6feef6c1da32c3cdc0f9eb5b179e210c0
                                          • Instruction ID: 5fb7d9a8f0b7e0e230d1ca9a5b283f8508d4b82c4c97b186ad0084780acc18f6
                                          • Opcode Fuzzy Hash: 2fa5ff63d6ffcd8e047e4e4be63687a6feef6c1da32c3cdc0f9eb5b179e210c0
                                          • Instruction Fuzzy Hash: 8641AD357062549FCB0AAFB8E81995D7FF2EF8930470884A5E50ADB362DB388C52DB41
                                          Function 023132B7 Relevance: .1, Instructions: 123COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7fe023404132089ae223f5f98c8d2b441b51c979a665b0609281685285365d12
                                          • Instruction ID: e85d4a4421f3e169c52177bcd15d8a9f78c1ebb9fc304ab225faf09583d6d5be
                                          • Opcode Fuzzy Hash: 7fe023404132089ae223f5f98c8d2b441b51c979a665b0609281685285365d12
                                          • Instruction Fuzzy Hash: 54417D307012049FDB18EF74E99576EBAE2EFC9314F108868E406AB395DF709E459B91
                                          Function 02313CD0 Relevance: .1, Instructions: 109COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5b8ee60c21f8335c63b2382ce6b8d2cbce4c9c57e2d1b2fa4cc4135f663ad69e
                                          • Instruction ID: bf186ed8f6db7793366cdbcc28562579b602f87efd5cbd80cb5734ecab447afd
                                          • Opcode Fuzzy Hash: 5b8ee60c21f8335c63b2382ce6b8d2cbce4c9c57e2d1b2fa4cc4135f663ad69e
                                          • Instruction Fuzzy Hash: D131AE307082049FDB089B79C8597AE7EE6EFC9314F1484BAE406E7391DF789D468B51
                                          Function 02319308 Relevance: .1, Instructions: 107COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: adb5126ee3d10d30cd4a252113cca1e332baeef7b551746e7f46938a0f8672b1
                                          • Instruction ID: 3175e7f4c37ce60ba6785af208ef696135b1b1fb72f8ddb8a48025e823bbf003
                                          • Opcode Fuzzy Hash: adb5126ee3d10d30cd4a252113cca1e332baeef7b551746e7f46938a0f8672b1
                                          • Instruction Fuzzy Hash: 30413C31A006098FDB15EF69D851BDEBFF1FF89314F008968D4459B255DB70A90ACB94
                                          Function 069082A8 Relevance: .1, Instructions: 92COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b4a0af48ecda4a28b9c267ea16929e2e5237a31afe601d1d605582b35d288903
                                          • Instruction ID: c7e343dd1dafa153a000a9ff5a5fb39dbc098e392447d1e449c9c2ae5f62cbaa
                                          • Opcode Fuzzy Hash: b4a0af48ecda4a28b9c267ea16929e2e5237a31afe601d1d605582b35d288903
                                          • Instruction Fuzzy Hash: F331DF34B013428FEF18EB74E64446E7BFB9BC92047240869C9468B796EB30DD4ACB91
                                          Function 02314381 Relevance: .1, Instructions: 90COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: aece892c73ca5c2bf0bf39ce4ab2d69644e6b7d8c019c5b78e385abc086424cb
                                          • Instruction ID: 78c96102548d10fff05cd81179c411ce993d6e1219ba413c91d318c29274831d
                                          • Opcode Fuzzy Hash: aece892c73ca5c2bf0bf39ce4ab2d69644e6b7d8c019c5b78e385abc086424cb
                                          • Instruction Fuzzy Hash: E631C0302017419FD305AB29E844AAEBFE3EFC5314714C968D0868B765DF70BE86DB85
                                          Function 02314918 Relevance: .1, Instructions: 89COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 96e375644e57ea3cf74c1ccacabe32e35fb23266b907db4b8102c3835941260f
                                          • Instruction ID: ae76330c097b0e453c98fe9b552d0e7d2aa08530be41a3e600d7ced425a9134f
                                          • Opcode Fuzzy Hash: 96e375644e57ea3cf74c1ccacabe32e35fb23266b907db4b8102c3835941260f
                                          • Instruction Fuzzy Hash: 97310931E053468FDB11AFB8D8102EEBBB1FF86304B11823AD555B7341DB34A985C791
                                          Function 023177D8 Relevance: .1, Instructions: 89COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3ec8d46d9b6e7f2b56ea159ba68eebee5f664323356d82685eca51674f4dbedb
                                          • Instruction ID: 4f7e1efe1d0f94d0e20e640e348e4475396f4f9e18f0d56b13771a6f3b110b11
                                          • Opcode Fuzzy Hash: 3ec8d46d9b6e7f2b56ea159ba68eebee5f664323356d82685eca51674f4dbedb
                                          • Instruction Fuzzy Hash: DD318D31D01746DACB10AFB9D8006D9B7B1FF99320F258726E55A7B241EB30B5E5CB80
                                          Function 069086A0 Relevance: .1, Instructions: 88COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d0c44bedb534755b56882b5e9775f660c09ca91416de13f2ac3c3fdf3f0d1398
                                          • Instruction ID: 37be7b4a8c27f5cba482deb8d893e81d99a8b16645d6acbebdf7d8998f513228
                                          • Opcode Fuzzy Hash: d0c44bedb534755b56882b5e9775f660c09ca91416de13f2ac3c3fdf3f0d1398
                                          • Instruction Fuzzy Hash: A521CF32B062929FEF086B74A54402E7FEB9FC5211368446EC885DB745EE35DC47C781
                                          Function 0231B8B8 Relevance: .1, Instructions: 87COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8fde99d2dc056482a83f48ef684333c5ffc3167a2af72819f61f15be8bd11471
                                          • Instruction ID: c902e09e113f430b109e449039318af34e7347a3b7d2fce1124c5115ff7097db
                                          • Opcode Fuzzy Hash: 8fde99d2dc056482a83f48ef684333c5ffc3167a2af72819f61f15be8bd11471
                                          • Instruction Fuzzy Hash: 4C317E30200205DFDB04DF28D888A69BBF6FF85318B148569E445CB765DB74ED87CB90
                                          Function 06907F07 Relevance: .1, Instructions: 85COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b5e6b09672c71d89ffd754180a3b75c2a620a62530d7a1e8ae93a572502011d4
                                          • Instruction ID: 3656f995092394f7fbdaea865edb23301c42e60d2d0ba50a11edb4f820b49b71
                                          • Opcode Fuzzy Hash: b5e6b09672c71d89ffd754180a3b75c2a620a62530d7a1e8ae93a572502011d4
                                          • Instruction Fuzzy Hash: D331D635A005069FCB04EF68E8809AEBBF6FF89314B24C568D449AB345DB30BD46CB91
                                          Function 023177E8 Relevance: .1, Instructions: 85COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 71697e580b70ad801345904965c03218123852d1c9a1f0bd89b2041ac3516045
                                          • Instruction ID: 7efa6e4c8849c923c6cf33cf40e91e322e64b08314f9074019be1b63879a42a8
                                          • Opcode Fuzzy Hash: 71697e580b70ad801345904965c03218123852d1c9a1f0bd89b2041ac3516045
                                          • Instruction Fuzzy Hash: DE316B31D01746DACB20AFB9DC40699B7B1FF99320F258726E55A7B240EB70B5E4CB80
                                          Function 023196F8 Relevance: .1, Instructions: 83COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 50e5e24fcc61e66e07175b214b0e77222419ec04dbe4c6b34a14fe0f973bb79f
                                          • Instruction ID: d299e5f54fceb48c428436c2a5933fff5818534485b8c1ee5a534ed700fd441c
                                          • Opcode Fuzzy Hash: 50e5e24fcc61e66e07175b214b0e77222419ec04dbe4c6b34a14fe0f973bb79f
                                          • Instruction Fuzzy Hash: 4621E0353052518FD7169F7CE89466E7FE6EF89324B1445B9E845CB352DB30DC428B81
                                          Function 0231BA3F Relevance: .1, Instructions: 83COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a4188c6d18dfb2b7ba321a0238cdf76710e66d4183058f04c8b4c148543080ec
                                          • Instruction ID: e15669307407b07f280b1f201f2f007e537e948eed3a8ee4612d6653fdd5fd1b
                                          • Opcode Fuzzy Hash: a4188c6d18dfb2b7ba321a0238cdf76710e66d4183058f04c8b4c148543080ec
                                          • Instruction Fuzzy Hash: EC219A307002028BDB18DFB9D9906BEBBE7EF89254B14842DD945DB394EA32DD03DB91
                                          Function 00C2F184 Relevance: .1, Instructions: 83COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1777730874.0000000000C2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C2D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_c2d000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3bc57761d35961bdb35837eac831bc1956ab2df79c6679efa08dc40ec884d0eb
                                          • Instruction ID: f342e98fd029e1361918304cadca96bcd03d50a02f998dd7e0b19929e8e7d7a3
                                          • Opcode Fuzzy Hash: 3bc57761d35961bdb35837eac831bc1956ab2df79c6679efa08dc40ec884d0eb
                                          • Instruction Fuzzy Hash: 7531A076504244EFDF069F54E9C0B16BF76FB88310F2481BDEE054A66AC336D862DBA1
                                          Function 06907F18 Relevance: .1, Instructions: 81COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0621aa6e616ec08c96be585b88db557655036200f753d17b779232cf29354de5
                                          • Instruction ID: c59eaf876d39475f32f0a67961a799c91772df23b5175f01f559679abdede0e4
                                          • Opcode Fuzzy Hash: 0621aa6e616ec08c96be585b88db557655036200f753d17b779232cf29354de5
                                          • Instruction Fuzzy Hash: 0C318171A0050A9FDB04EF98D48196EB7FAFB89314B24C528E449AB345DB31FD46CBD1
                                          Function 02314938 Relevance: .1, Instructions: 80COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cb0c4d5ca4b55f9cfa826094b6848752fae299737320ba7e8f4f43bde67694e8
                                          • Instruction ID: 8bb11432f479033d7303e84bd468f38b0410f7a84561e4debce74c113e546f59
                                          • Opcode Fuzzy Hash: cb0c4d5ca4b55f9cfa826094b6848752fae299737320ba7e8f4f43bde67694e8
                                          • Instruction Fuzzy Hash: FD31B131E0070A8BDB14AFB9C8142AEB7B5FF85304B108639D55AB7341EF34B985CB91
                                          Function 02317B81 Relevance: .1, Instructions: 80COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b62cdbca70214d36317dc27853ea3809fa8f95b93cec6b9e585dcdeb2ae28ef4
                                          • Instruction ID: 35ef445fe875060f701d9a4644461b65480ba0811f9675308e6ac5104dc49531
                                          • Opcode Fuzzy Hash: b62cdbca70214d36317dc27853ea3809fa8f95b93cec6b9e585dcdeb2ae28ef4
                                          • Instruction Fuzzy Hash: 0021913170E2908FE71D5B74A4193AABFA6DB46706B084079D487D7681DF2ECC81CB51
                                          Function 00C2F088 Relevance: .1, Instructions: 80COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1777730874.0000000000C2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C2D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_c2d000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b80f85b6d6d3faa78ed1ceddfe01adeff4b030e853886211b8b5cee6108f73a5
                                          • Instruction ID: 7dd10d54ae82f4f6d8817487e73c31b4609864106ec9d238516f0d4d032b8a62
                                          • Opcode Fuzzy Hash: b80f85b6d6d3faa78ed1ceddfe01adeff4b030e853886211b8b5cee6108f73a5
                                          • Instruction Fuzzy Hash: 5421D272100204EFCF058F54E980B1ABB76FB88314F2082BDEA090A656C336D926DB61
                                          Function 06908693 Relevance: .1, Instructions: 79COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1a6a36ef659c1352a18bdcb700fdc730d8a304235a10030527ca4094212a6c59
                                          • Instruction ID: dc7c339729d9fdd1171731d520ec0c08ea268cb6f1d4ad4dda4b69ed0765446a
                                          • Opcode Fuzzy Hash: 1a6a36ef659c1352a18bdcb700fdc730d8a304235a10030527ca4094212a6c59
                                          • Instruction Fuzzy Hash: F121CF31B07282AFEF09AB74915412E3FE74FC6200768446EC8819B786EE34CC47C781
                                          Function 02318751 Relevance: .1, Instructions: 79COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a139ea7b9681f17f1beadd9bf65b079184ec42b12866f103c859e49a5b4eee2d
                                          • Instruction ID: b7c984b038e08bcf2d549f5074b3f6f8bd9e4e7f7e8d531ab5cd36fc53157a9f
                                          • Opcode Fuzzy Hash: a139ea7b9681f17f1beadd9bf65b079184ec42b12866f103c859e49a5b4eee2d
                                          • Instruction Fuzzy Hash: 1021233510E3C04FD3139B39A8A06957FB1DF8B10470908DBD0C48F263D228980BCB6A
                                          Function 02311272 Relevance: .1, Instructions: 79COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3ff322446ce9ec301f71b4e59729d7bc43a8a81e67ecb238d1ee10ad8adb6775
                                          • Instruction ID: 3846175474c161c6e4129cb0185ccf4ea8edcd8fac4684308922c50693621cf3
                                          • Opcode Fuzzy Hash: 3ff322446ce9ec301f71b4e59729d7bc43a8a81e67ecb238d1ee10ad8adb6775
                                          • Instruction Fuzzy Hash: FC315874A00205CFCB08EBB8E858AADBBF2FF84304B104569D44AEB364EF31D955CB51
                                          Function 02313CC0 Relevance: .1, Instructions: 79COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a8a2f3781d116ab1255f45202ee6a6c8edcdc65d9b1c7c5cab3dd4c1e1e62d10
                                          • Instruction ID: fdc457111eda0f4207955825ad98f55abb44bcd6dff8528a2e8319fd0c94772e
                                          • Opcode Fuzzy Hash: a8a2f3781d116ab1255f45202ee6a6c8edcdc65d9b1c7c5cab3dd4c1e1e62d10
                                          • Instruction Fuzzy Hash: AB217A31B042049BEB089B75C8987AE7FF6EB8C710F1484B9E406E7390DF749C868B90
                                          Function 00C1D7EC Relevance: .1, Instructions: 77COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1777675374.0000000000C1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_c1d000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 91c8c9591417051dcfd535e831f5bbd67906db7410b708f70548234018ec6c52
                                          • Instruction ID: a0159edab186e2c650c37999fe1ef112123a97d0911b58498eb3ff323188a972
                                          • Opcode Fuzzy Hash: 91c8c9591417051dcfd535e831f5bbd67906db7410b708f70548234018ec6c52
                                          • Instruction Fuzzy Hash: FC213872500200EFEF059F14D8C0B56BFA5FB89314F20C5A9E90A0A286C33AD896DBE1
                                          Function 00C1D408 Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1777675374.0000000000C1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_c1d000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: db923553ff81fb4904e338f7152169f88c990cb27152d43052bb407803140eba
                                          • Instruction ID: dd3880e46b1fdaa67b1883c367465cf0aa516cd824b6aa77320c811ec58c07d8
                                          • Opcode Fuzzy Hash: db923553ff81fb4904e338f7152169f88c990cb27152d43052bb407803140eba
                                          • Instruction Fuzzy Hash: 21213772504200EFDB15DF14D9C0B67BF65FB99314F20C5A9E90B0B256C33AE896E7A1
                                          Function 00C2D610 Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1777730874.0000000000C2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C2D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_c2d000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ae331d5af9d200daa4abd4caac50ac3063394995c8efb2f02fe0869fb2fe591a
                                          • Instruction ID: 189df60b9516f90f5f06075e3e2c718f8aa5848c501cf9fa024c5e3260c6e840
                                          • Opcode Fuzzy Hash: ae331d5af9d200daa4abd4caac50ac3063394995c8efb2f02fe0869fb2fe591a
                                          • Instruction Fuzzy Hash: 6B210475604204DFDB04DF14E9C0B26BBA5FB94314F24C9A9F94F4B696C33AD846CA61
                                          Function 06907B1B Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1757d37ba3c70308d6d9ac32e3cff933cc46fe2fd2ea98fdb7039f2d8e865981
                                          • Instruction ID: 6f10ac09cb9c16cf87200c5a404b5c574eca308a9f36378bc133e83ad748caf5
                                          • Opcode Fuzzy Hash: 1757d37ba3c70308d6d9ac32e3cff933cc46fe2fd2ea98fdb7039f2d8e865981
                                          • Instruction Fuzzy Hash: D421F830200A469FDB51DF2DED80946BBF5FF943147009B29D1998BA25D770F9168FD4
                                          Function 023191F8 Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5a98ec5876b26e8b47d94328589df7fea1d133c179fa6def6669cc2f124e57f2
                                          • Instruction ID: 287e11dbf4599683f6b577287d6da2172226eb4d946a45c7fff821b2c8d2f1c0
                                          • Opcode Fuzzy Hash: 5a98ec5876b26e8b47d94328589df7fea1d133c179fa6def6669cc2f124e57f2
                                          • Instruction Fuzzy Hash: 43218631A002098FDB08DBA8C850BEDBBF2FB8D314F148568D404BB255DB71AE42CBA4
                                          Function 0690A469 Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: baab5c87c138b953e46d931a1ce8b50df7afd63682ef15dcde423187484e092e
                                          • Instruction ID: b9a9e621e6ec0241c0e44e13cd6569771e9f65d27d25e35495f8f65b41c14305
                                          • Opcode Fuzzy Hash: baab5c87c138b953e46d931a1ce8b50df7afd63682ef15dcde423187484e092e
                                          • Instruction Fuzzy Hash: FC2124303056A49FCB06AB34E44886FBFFAEF89210710059AE546C7392CF345E0ACBD2
                                          Function 06907B28 Relevance: .1, Instructions: 67COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e67be5fce9594fbbd97f9c1e8e1ae7725017d1d7e28eb21b4eb61e01766f3514
                                          • Instruction ID: 12ba0a909bba4dffc7809b7319afa97a9d8578f487c35981837d9e95031022d8
                                          • Opcode Fuzzy Hash: e67be5fce9594fbbd97f9c1e8e1ae7725017d1d7e28eb21b4eb61e01766f3514
                                          • Instruction Fuzzy Hash: 3321D430200B469FDB51EF2DED8094ABBF5FF943147009A29E1998BA25E770F9198FD4
                                          Function 02317060 Relevance: .1, Instructions: 65COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d7a6107147bf9be5dc102c3cf554b0d338a1ddca9d0d9cbe081e32e8b3bfcd1a
                                          • Instruction ID: 4d297ff8c70ca39d59cb068707cd75da9b145cf6a470f1f9586d76b6cbdc592d
                                          • Opcode Fuzzy Hash: d7a6107147bf9be5dc102c3cf554b0d338a1ddca9d0d9cbe081e32e8b3bfcd1a
                                          • Instruction Fuzzy Hash: 4C11E2347052406FD7059B38981976E3FB2DF86714F6480B5E545DB396CE388D068791
                                          Function 00C2F17F Relevance: .1, Instructions: 64COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1777730874.0000000000C2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C2D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_c2d000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dc9dcd8a821203a1bd19814fe54a57aa9b463fdb0c93c74936c5b16d84cde03a
                                          • Instruction ID: 0267902d9476b1573c8359872399961809836751ede17ffc56f1683641a75df7
                                          • Opcode Fuzzy Hash: dc9dcd8a821203a1bd19814fe54a57aa9b463fdb0c93c74936c5b16d84cde03a
                                          • Instruction Fuzzy Hash: D5218076404244DFCF06CF54D9C0B56BF72FF88310F2482A9ED094A66AC336D866DB91
                                          Function 0690A478 Relevance: .1, Instructions: 61COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6ce56697a817714b92f0519ef1d8e79f1c6c481886410be7ebaa39ac02ebfb75
                                          • Instruction ID: c9ea9b786c5a5944647642b41cd77396e7f528b0f2ce9d61f39f88f703aa433f
                                          • Opcode Fuzzy Hash: 6ce56697a817714b92f0519ef1d8e79f1c6c481886410be7ebaa39ac02ebfb75
                                          • Instruction Fuzzy Hash: 3311C134705A649FCB06AB38E44896EBBFAEFC9211B00455AE607C7381CF745D06CBD6
                                          Function 00C2F083 Relevance: .1, Instructions: 61COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1777730874.0000000000C2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C2D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_c2d000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 94d976c543fb1643bdbe8b5e3b6992184e4cbb3c6ad9218d786fd491f05bc371
                                          • Instruction ID: 064d697b3a614373b9e2d286ed5b1d9d5995a625894ad55aacb15ef011fb41f7
                                          • Opcode Fuzzy Hash: 94d976c543fb1643bdbe8b5e3b6992184e4cbb3c6ad9218d786fd491f05bc371
                                          • Instruction Fuzzy Hash: 20219D76404244DFCF06CF14D9C0B5ABF72FB88314F24C6A9ED094A66AC336D966CB91
                                          Function 00C1D7E7 Relevance: .1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1777675374.0000000000C1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_c1d000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 86e2d0ad5966b4908552e02efda348fb7df0361686de0292c4c6c9527de2ff27
                                          • Instruction ID: a7765437f027532991d8544b9daf6c87bc49df21274d5785cf11a9d5324eeea1
                                          • Opcode Fuzzy Hash: 86e2d0ad5966b4908552e02efda348fb7df0361686de0292c4c6c9527de2ff27
                                          • Instruction Fuzzy Hash: D921DF72504280DFDF06CF04D9C0B56BF72FB89314F24C6A9D9490B296C33AD966DBA1
                                          Function 02318D30 Relevance: .1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 13b9d83d0ccf593a9786ee48b1347c82538a0381a6a8777b2169b91a4fd39b44
                                          • Instruction ID: 02282cd9794eee506187f484d6ae3d13e5c8d11e958392ce87a2549cc7553cc3
                                          • Opcode Fuzzy Hash: 13b9d83d0ccf593a9786ee48b1347c82538a0381a6a8777b2169b91a4fd39b44
                                          • Instruction Fuzzy Hash: 8811233520A7408FD7159F38E40914A7FE2EFC5318B04497AD546CB345DB38DC82CB85
                                          Function 06908790 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 15f64f0c35a79ebcf4d30f7fcbb450abc4754a45519b20bfa5395398d5da539e
                                          • Instruction ID: 77178a20c137a5810611b135af6709901c97534398e0cd8509193d5261c97122
                                          • Opcode Fuzzy Hash: 15f64f0c35a79ebcf4d30f7fcbb450abc4754a45519b20bfa5395398d5da539e
                                          • Instruction Fuzzy Hash: D8118130A01114CFEB28EF65D554AEEB7F6AF8C305F248529D941BB394CB715C05CBA0
                                          Function 0690D590 Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f407cd783b8b9537336e3dbe3a870f44bdc3903b49921b5111f3ba2456e5414c
                                          • Instruction ID: 60c4c7ee11581b6fd04e2b23e72916bb4ee97799f209f0b8a8e84dffe178aa12
                                          • Opcode Fuzzy Hash: f407cd783b8b9537336e3dbe3a870f44bdc3903b49921b5111f3ba2456e5414c
                                          • Instruction Fuzzy Hash: A6213D70E00249EFDB41EFE8D8556ADBFF2EF89300F1084A9D555A7395DA301A41DB51
                                          Function 00C1D403 Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1777675374.0000000000C1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_c1d000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2cdc662657c6c0affd5a20e4310f074f1f13e851f2143e19b38feb5762d19327
                                          • Instruction ID: 152454f3f70d819b6f2f1ba0a39343916d428e1d73509eb20787c8df1b7d090a
                                          • Opcode Fuzzy Hash: 2cdc662657c6c0affd5a20e4310f074f1f13e851f2143e19b38feb5762d19327
                                          • Instruction Fuzzy Hash: 3D110372504240DFCB16CF00D5C0B56BF72FB94320F24C6A9D80A0B256C33AE95ADBA1
                                          Function 0231C42E Relevance: .1, Instructions: 55COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 741f35fe43c4b0da7af6f1affb0f579b6b36dd2bc9fb0cb5d157d6005a098c26
                                          • Instruction ID: 8f8b4dacd543d16b827216416290f0f590825e1dd8cc0d3b05d8490d843fb72c
                                          • Opcode Fuzzy Hash: 741f35fe43c4b0da7af6f1affb0f579b6b36dd2bc9fb0cb5d157d6005a098c26
                                          • Instruction Fuzzy Hash: 79012B72B4F2608FD7274B3568951BABFE1EA9A22531641BBD445CB242CF248C03C3E2
                                          Function 0690B0D3 Relevance: .1, Instructions: 54COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 98931e24eb760f37ad8a08bababf62f933c231312dc42662d28c7022a434831c
                                          • Instruction ID: 220d7420f4e2259a8e630d5f7548d1d8656c5d9422b79123ea0e08c872ba9153
                                          • Opcode Fuzzy Hash: 98931e24eb760f37ad8a08bababf62f933c231312dc42662d28c7022a434831c
                                          • Instruction Fuzzy Hash: 3A010C1660E3D41FE7036B7868611EE3F658F93514B1E01EBC1D2CB5E7D50A094AC7AA
                                          Function 06906ECF Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3d24e774e8dda7ed23e08ecc4777339867a691e243753fe2713893d1720fb6f6
                                          • Instruction ID: 833654258cca2d53503c1bb330e43bf4c2d69216ca03e160952402956e7782b1
                                          • Opcode Fuzzy Hash: 3d24e774e8dda7ed23e08ecc4777339867a691e243753fe2713893d1720fb6f6
                                          • Instruction Fuzzy Hash: 1B118C34B001489FDB44EF69C458AAEBFF6EF8D610F14416AE506E73A1CB719D41CBA1
                                          Function 00C2D60B Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1777730874.0000000000C2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C2D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_c2d000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 72f31758580e09dbfc95d14a71d78f444649c9c869c0fd5114a31a9b883b897b
                                          • Instruction ID: 738b5c03da8ca16318b9f8dcae25fce6a2bc5c86efe3905ea96b9ef08525d265
                                          • Opcode Fuzzy Hash: 72f31758580e09dbfc95d14a71d78f444649c9c869c0fd5114a31a9b883b897b
                                          • Instruction Fuzzy Hash: 8111DD75504280DFCB05CF14E5C4B15BBB2FB84314F24CAAAE84E4B696C33AD80ACBA1
                                          Function 06906EE0 Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 58330d7b715069ed6e4e8325582f9ee54d3943de6e05f40e00d9100efdfbdbde
                                          • Instruction ID: 9242667ca180020969d1da2b82c1194a520c23d5cf64f6d87f4ad9b48edb014c
                                          • Opcode Fuzzy Hash: 58330d7b715069ed6e4e8325582f9ee54d3943de6e05f40e00d9100efdfbdbde
                                          • Instruction Fuzzy Hash: 16117C34B001089FDB44DF69C454AEDBBF6AF8D310F10406AE506E73A0DB70AD41CBA1
                                          Function 0231B9C2 Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 08aa2bc5cae126aa95a329acdad5a625bfcc5072f76f2b6a2b0d5954539c0649
                                          • Instruction ID: ccac6d811cdb84401fc33717bb59a2e842846f1541d96b1716e1757b89e4a9b1
                                          • Opcode Fuzzy Hash: 08aa2bc5cae126aa95a329acdad5a625bfcc5072f76f2b6a2b0d5954539c0649
                                          • Instruction Fuzzy Hash: DD017C357042059FD748CF2ED894AAAFBBAEF99264714C16AE909C7361EB70DC42C790
                                          Function 0690D5A0 Relevance: .0, Instructions: 48COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 26325e31842659d80fb650aa05a329af56f700cf5c3cb6c74a505b9ccf229528
                                          • Instruction ID: d441062a1f58936a520303f0b4dcd6350c1f8a38459fb06bf8b3aab60f65326e
                                          • Opcode Fuzzy Hash: 26325e31842659d80fb650aa05a329af56f700cf5c3cb6c74a505b9ccf229528
                                          • Instruction Fuzzy Hash: FF11DA74E0020DAFDB44EFE8D9556ADBBF2EB89300F1084A9D509A7395DA305A419F51
                                          Function 0231B9D0 Relevance: .0, Instructions: 47COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 710820f7eaeedc51cd7cccd35def64b65bbbcf5cd888f5f9b37c2f00b94c7b8e
                                          • Instruction ID: 86734e069b8391ef3fe02441de87fd7540c2d95cc974e13c544f5b940d9a1e51
                                          • Opcode Fuzzy Hash: 710820f7eaeedc51cd7cccd35def64b65bbbcf5cd888f5f9b37c2f00b94c7b8e
                                          • Instruction Fuzzy Hash: 2C016D357002159F9748CA6ED84096AFBEBFFD8264714C12AE909C7360EF70EC428790
                                          Function 023197F2 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a7159aef3a9c665990bc42e6cc9b0b810db72a988ebca3202c97bc4a85a0de06
                                          • Instruction ID: a18435ed6011800d6ebfa97ab71a589819d82cd383fbe38187bd6d563afd08b0
                                          • Opcode Fuzzy Hash: a7159aef3a9c665990bc42e6cc9b0b810db72a988ebca3202c97bc4a85a0de06
                                          • Instruction Fuzzy Hash: 4F113935A042588FDB18CBA9C998AEDBBF5AF4C314F158099D505BB361DB749D01CFA0
                                          Function 00C1DC11 Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1777675374.0000000000C1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_c1d000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9eddca04889b7bed6f1e2d101a0e84490fc05f0e18fcdae475cb291f3bc4becf
                                          • Instruction ID: d2b46085275ca157d6cb9f07e67b44230154cb3ccddc8a52dcb7caa3791d02b5
                                          • Opcode Fuzzy Hash: 9eddca04889b7bed6f1e2d101a0e84490fc05f0e18fcdae475cb291f3bc4becf
                                          • Instruction Fuzzy Hash: 0E012B71504340DAE7104A1ACD94BA7BFD8EF92764F18C85AED465F282C3B89980E6F1
                                          Function 02319800 Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5f956e15c5e2a254714acca8037e1b499ba8d9c1c46c78de3be0c74ab768fb36
                                          • Instruction ID: f3d466669511485a8737c4d7eb36b2d94705534c4d96a6a83492e898fa94bcff
                                          • Opcode Fuzzy Hash: 5f956e15c5e2a254714acca8037e1b499ba8d9c1c46c78de3be0c74ab768fb36
                                          • Instruction Fuzzy Hash: C9014C35E002188FDB18CB99C994AEDBBF5AF4C714F158099D505BB361DB75AD40CBA0
                                          Function 0231BB1F Relevance: .0, Instructions: 41COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 92b72b5bc0bee356ab3237d71e532d0c647a6231d20c37d2ee90e210ef5d4acf
                                          • Instruction ID: cc566b3eb5a8c3dd2f911ffe6721eb326d7a5fd31c2696a54e54492803cbca29
                                          • Opcode Fuzzy Hash: 92b72b5bc0bee356ab3237d71e532d0c647a6231d20c37d2ee90e210ef5d4acf
                                          • Instruction Fuzzy Hash: F5F022323086909FE3059BA8689056AFFE6EBC9254B00407AD545C7341EB21CC0287D5
                                          Function 0690F44A Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2c441b58822c01a9f31ef96cc83b6d5a51355147f4bbddd5a1bb2d2b1e2924b7
                                          • Instruction ID: d897c5d616189a4adbb84aec722cd412753578a1bf7e88e73778e0e811720251
                                          • Opcode Fuzzy Hash: 2c441b58822c01a9f31ef96cc83b6d5a51355147f4bbddd5a1bb2d2b1e2924b7
                                          • Instruction Fuzzy Hash: 1AF0B4315093448FC7565BF598500D93F72DF82215F2149EBD981DBA92DD35194AC3A3
                                          Function 06908878 Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c5c7dd797ba3fe1778bde1395977ac84dc23fcdc8c7355f2c6510b5392a86b1c
                                          • Instruction ID: fbcc1c7c647b1c6d9042e16a9b0808ba8457d08ce91aba2d9712c2221cff82df
                                          • Opcode Fuzzy Hash: c5c7dd797ba3fe1778bde1395977ac84dc23fcdc8c7355f2c6510b5392a86b1c
                                          • Instruction Fuzzy Hash: 11F08B327006504BE70A6339A0046AEBBCBEFC2664B144069E51ACB780CFB4AE468BD5
                                          Function 0231A150 Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bc22b4c927aff9b4bee7f0302d3f508dfd0cf646b30a67ed2421548d8f1f6637
                                          • Instruction ID: f76bd9ac0a45e22ce152bc9effce24843112aec66dea85d2d69c4146ed25e8f4
                                          • Opcode Fuzzy Hash: bc22b4c927aff9b4bee7f0302d3f508dfd0cf646b30a67ed2421548d8f1f6637
                                          • Instruction Fuzzy Hash: 5EF02B353092405FC3054B6D9894A92BFF9EFCE16474840F6E248CB322D930CC43C764
                                          Function 02318F58 Relevance: .0, Instructions: 39COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 19b98dfb3c8e45e3c4005e3e4ea175c30db991124d1ee71f9f35e9c6ec6a688a
                                          • Instruction ID: 6df77e175cd3112bd742b7a35c38128049c29b253e2b7d26e1ffe070326bcd0c
                                          • Opcode Fuzzy Hash: 19b98dfb3c8e45e3c4005e3e4ea175c30db991124d1ee71f9f35e9c6ec6a688a
                                          • Instruction Fuzzy Hash: B301AF31305500CFC719AB29E50CA697FB6EFC8716B1500B9F816CB365CB789D92CB85
                                          Function 06906FA0 Relevance: .0, Instructions: 38COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b1f0660436dbde36dc8fa0f5a9d9359c46602ce52e1e0c0379b8acc90958ca3e
                                          • Instruction ID: 081068eb2aa88a376f471dcab8718d6daf89d2e651eeb53530d27ab3e536716d
                                          • Opcode Fuzzy Hash: b1f0660436dbde36dc8fa0f5a9d9359c46602ce52e1e0c0379b8acc90958ca3e
                                          • Instruction Fuzzy Hash: 46F0B2353105109F83489B29D988C59BBAAFB8D6213558069EA0ACB771CB21EC118A90
                                          Function 00C1D60B Relevance: .0, Instructions: 37COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1777675374.0000000000C1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_c1d000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c31c56dbc48a5f013d6ad0cbdadaaf3237ff056a193e05f82c58af2e1eea6fe7
                                          • Instruction ID: 570cec00c1ac9b4082c460581b1622d9b783f978a153bda189aa09c975527550
                                          • Opcode Fuzzy Hash: c31c56dbc48a5f013d6ad0cbdadaaf3237ff056a193e05f82c58af2e1eea6fe7
                                          • Instruction Fuzzy Hash: E4F0F976600600AF97208F0AD885C67FBADEFD5770719C55AF84A4B612C672FC41CAA0
                                          Function 00C1DC10 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1777675374.0000000000C1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_c1d000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3fa46612e5a9e03426d81ba7fa2b5f490dc6d8cf6fda255368f14cafc03d12ab
                                          • Instruction ID: 8e6078489c9b0dffa80e446c14c8f1c58dc8b0a89a26bb9027703d5985ce16f0
                                          • Opcode Fuzzy Hash: 3fa46612e5a9e03426d81ba7fa2b5f490dc6d8cf6fda255368f14cafc03d12ab
                                          • Instruction Fuzzy Hash: BBF0C272404244AEE7108A0ACC84BA2FFD8EB51764F18C45AED095B282C2799C84CAB0
                                          Function 0231BB30 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5e284e9d9e4cb38627b89281fce72ba5c41ce72d1fd84f0b7c3666d335b6d871
                                          • Instruction ID: fbcc37a0d21ee49585f45561a32b5431eaf51eab7eb77d204561d79aa7365f16
                                          • Opcode Fuzzy Hash: 5e284e9d9e4cb38627b89281fce72ba5c41ce72d1fd84f0b7c3666d335b6d871
                                          • Instruction Fuzzy Hash: AEF082327006219BE7145AED984096BF7DAEBC8764B104139E509C7344DB71DC4287D4
                                          Function 02317F18 Relevance: .0, Instructions: 35COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6731bf4264de721e22b3a1e291c6445ecdec6e5e38dd2669275f98332ebb650b
                                          • Instruction ID: cd0355c7aa4eb4b66fbd507c1718f2a052f6955c086bcd332c1b45052f37049c
                                          • Opcode Fuzzy Hash: 6731bf4264de721e22b3a1e291c6445ecdec6e5e38dd2669275f98332ebb650b
                                          • Instruction Fuzzy Hash: BA01A970A013188FCB54EF69D4085DEBBF0FF88311B00412AD419E7240E730AA46CFC4
                                          Function 00C1D5FC Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1777675374.0000000000C1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_c1d000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f6b9c2f7dec20d5c38a818a4c83e17bc5c49b2559cc58c97ea05248b7d52c1cc
                                          • Instruction ID: 781c62207774c4fb1ac3c9cc579bfe5ed35b732fab223ffc1dab22d0610cbd09
                                          • Opcode Fuzzy Hash: f6b9c2f7dec20d5c38a818a4c83e17bc5c49b2559cc58c97ea05248b7d52c1cc
                                          • Instruction Fuzzy Hash: ADF0E775104680AFD725CF06CC85C63BBB9EF8976071AC99EF84A4B252C671FC41CBA1
                                          Function 0690F3F0 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e2b8b25c0ae8785f216e8b061eb6bff0982803d4f953ae830648993540335f2f
                                          • Instruction ID: 914944f0bb3e53d59ef5643cd7edb8a8bab38443ae0bb05e8586def532e1877c
                                          • Opcode Fuzzy Hash: e2b8b25c0ae8785f216e8b061eb6bff0982803d4f953ae830648993540335f2f
                                          • Instruction Fuzzy Hash: 52E065713004185FEB94A6A8E91869A7755DB89765B1000A6DD09C3A90C92199098751
                                          Function 0690CF80 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a53854531d5502e03283ae377d1f6e61de24a805805e139a9218367a658cb649
                                          • Instruction ID: 6d7115b0d8b7df42c54e437d48598f3a381ba81ad4bfc961ed0b1fc4029bb632
                                          • Opcode Fuzzy Hash: a53854531d5502e03283ae377d1f6e61de24a805805e139a9218367a658cb649
                                          • Instruction Fuzzy Hash: 7DE0DF323051502BE620659EEC80F5BFB9EDBC5A3AF24407FE28CC7782C9529C4282A5
                                          Function 02318D20 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 12849e50224796298fcc23220f0d88b18454bff2d04aa01ca2a74d5b2000d314
                                          • Instruction ID: 0eef4bdb28004107563e0376db3514e0c370b1a9b007925c95e8f7d5d7fac20a
                                          • Opcode Fuzzy Hash: 12849e50224796298fcc23220f0d88b18454bff2d04aa01ca2a74d5b2000d314
                                          • Instruction Fuzzy Hash: 07F024312056404BC3259B28E40968A7FA2EFC6314F1482AAE58547355DB745D868BDB
                                          Function 0231D4F5 Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 965785aa9203e7ad8c8ccbbaeedd7ae2791450587a26466d8753bfe5891dbc05
                                          • Instruction ID: ec906eab601c8334e00fcdc0cd8bc434b4abe62192fb66aeff4b71c0c3b9783f
                                          • Opcode Fuzzy Hash: 965785aa9203e7ad8c8ccbbaeedd7ae2791450587a26466d8753bfe5891dbc05
                                          • Instruction Fuzzy Hash: 4D011474A05259AFDF18CF94D895FEDBB76BF49304F208015E802BB2A5CB35A940DF60
                                          Function 02319891 Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 51de5f062a9fffd6283150a2be15de02b5cabbd2506aec408d8fcf381f93e249
                                          • Instruction ID: e82514a44c00c1ffe1cf7d33f29ffff15d09f7abc246a3c5db0eaeef284785ef
                                          • Opcode Fuzzy Hash: 51de5f062a9fffd6283150a2be15de02b5cabbd2506aec408d8fcf381f93e249
                                          • Instruction Fuzzy Hash: 17F0E5313093409FC7156B79A85866F7FAAEFCA66170444BBE509C7346DA758C43C390
                                          Function 0690F3E0 Relevance: .0, Instructions: 30COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 326d4619682ef8481b99a29c85eca72ccd798d65debefc68389c0132718bf51c
                                          • Instruction ID: 216a7bf53fdb14c2d00656666ac4ae7baec4aca85dc2f709b349667d5f5f7a7b
                                          • Opcode Fuzzy Hash: 326d4619682ef8481b99a29c85eca72ccd798d65debefc68389c0132718bf51c
                                          • Instruction Fuzzy Hash: 36F022303002048FDBA49F6CC80464A7BB6EF8A720F5001BBEC81C3BA1CE349C05CB62
                                          Function 02317EB8 Relevance: .0, Instructions: 30COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 438f4e86d9c3a341f013404c536168677e9f4a82873c86eb3edaa0ce1a6eb04d
                                          • Instruction ID: de0a2467c97747a8a317b8c414963259c7cc8c984c31993e763123523bfd61bf
                                          • Opcode Fuzzy Hash: 438f4e86d9c3a341f013404c536168677e9f4a82873c86eb3edaa0ce1a6eb04d
                                          • Instruction Fuzzy Hash: 2DF02B353091D02FE3106779E858AEA7FE9DFCA228B0480BAE14DDB257CA654C42D765
                                          Function 02311F00 Relevance: .0, Instructions: 30COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 738079dae3707ee084092062580bff3225f2ce34d5add0f945ff154f2503dda4
                                          • Instruction ID: 492755996414223e9ff00f0c7d9e627b2b9ead07b443ae5e105a34f793498510
                                          • Opcode Fuzzy Hash: 738079dae3707ee084092062580bff3225f2ce34d5add0f945ff154f2503dda4
                                          • Instruction Fuzzy Hash: 6FF02730514706CFE7465BAC85483EC3B74EF66328F1102A8C2C98B0A2CB740626C66D
                                          Function 0690CFFB Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cbfa0ed0009044766a41a905b4030cc99c9ac387dd9d76de6c370133259d02e2
                                          • Instruction ID: 9580bb7e0624efb33e9842eaf6354f155957f06faa62347dc02b5d00b7494ef2
                                          • Opcode Fuzzy Hash: cbfa0ed0009044766a41a905b4030cc99c9ac387dd9d76de6c370133259d02e2
                                          • Instruction Fuzzy Hash: DAE02B35306100AFD7106B68BC41A967BEDEFC926470440A6E040D7119C9204946CBB1
                                          Function 0690CF70 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 261f501653ea9403b5ceea1f4d49da64d185173bc1296da29a1ae9af20812f99
                                          • Instruction ID: b868453397594f17c6ca34409d23ddc5516c3ab1749389935e8b69304c2c61c4
                                          • Opcode Fuzzy Hash: 261f501653ea9403b5ceea1f4d49da64d185173bc1296da29a1ae9af20812f99
                                          • Instruction Fuzzy Hash: 00E0923220A1809FD3206B5AD882859FBA9EE8222832544BFD9C8C7662D9124C46C391
                                          Function 023134B4 Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 73e08e6387857599f72b8cb76b44e686eb4d14051e9b0e24bba7b07e5f9b0752
                                          • Instruction ID: 82d706a893e484f48b05c4dd09cb0bfcf9e58ee66e58a8c6fd6c6f02506d8db8
                                          • Opcode Fuzzy Hash: 73e08e6387857599f72b8cb76b44e686eb4d14051e9b0e24bba7b07e5f9b0752
                                          • Instruction Fuzzy Hash: 6CE0D873F0D2908FE71A4BA9B8570F87F70DE6629474581D7D0859B422E719885AC711
                                          Function 0690D0D8 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4fcb038349e210a954de32b4aa8a8be856e37249fa7428c113538abbe881e253
                                          • Instruction ID: 99847b7e2dbf1d132dae2f1eeae0908b3a61746aa32d0c2d8ffa487f75b5793f
                                          • Opcode Fuzzy Hash: 4fcb038349e210a954de32b4aa8a8be856e37249fa7428c113538abbe881e253
                                          • Instruction Fuzzy Hash: 78E026263042641BD22421B97006FFF7BAE87C2628F1C407FE50987682CD96684AA3A1
                                          Function 0690B158 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 016ba2b1e6d4c82ca226b2b30aad47b7a6685d74827c8001c7afa9545e86a5d9
                                          • Instruction ID: 892e0db911df6ec1718f304c5592a6025f18a49928a04ebac5304f9558b17b96
                                          • Opcode Fuzzy Hash: 016ba2b1e6d4c82ca226b2b30aad47b7a6685d74827c8001c7afa9545e86a5d9
                                          • Instruction Fuzzy Hash: F6E0262230029416D214717AB4057FF7BCE87C3A28F1C406AE54987285C99A284697E1
                                          Function 0690BD60 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e4d4d183fdbfca8f933c6ae81d0468670e8d080125c808f8c8b1911fa3341386
                                          • Instruction ID: 177c84f333b15e317925e08ae2c019acfc7cf66ac1cbd544b55e7d629ab9c58e
                                          • Opcode Fuzzy Hash: e4d4d183fdbfca8f933c6ae81d0468670e8d080125c808f8c8b1911fa3341386
                                          • Instruction Fuzzy Hash: 59E0262234026416D2252179B006FFF7B9A87C2638F1C007BE10987782D996688AA3E1
                                          Function 0231A361 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 96a2f9bc95e5470db201f00ae013ad35fd825803a270f6517a58dda2e811eddc
                                          • Instruction ID: 9ec2f0b4361391441ed22fa1aaeaa2adebd101540d117c76c9c149a811d004e6
                                          • Opcode Fuzzy Hash: 96a2f9bc95e5470db201f00ae013ad35fd825803a270f6517a58dda2e811eddc
                                          • Instruction Fuzzy Hash: D7F04D38A001098FCB45DF99D9849CCB7F1FF88315B2191A5E905AB365D772AE05CFA0
                                          Function 02317EC8 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e110107b8922262997c3e1d5d791d7d4b96c752682b47bc84f9981d84438c447
                                          • Instruction ID: 2c115aadc8cce6624d12cba6fcc1b2d9e457ee57378808e6ef679f9bd5eda9d1
                                          • Opcode Fuzzy Hash: e110107b8922262997c3e1d5d791d7d4b96c752682b47bc84f9981d84438c447
                                          • Instruction Fuzzy Hash: 89E0DF353042446BA30066AAE8448AB7EDEEBCA328700803AF509D7209CE655C8196A0
                                          Function 0231BB89 Relevance: .0, Instructions: 24COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7fa347ef3d9e0f275ad90f6cb6a9f1344650ae2b285a7025f9502f83fbca90e0
                                          • Instruction ID: 8b2163458fb40af42cc711fb3a80ffb0fa800878c0ef547c9990035671cb6041
                                          • Opcode Fuzzy Hash: 7fa347ef3d9e0f275ad90f6cb6a9f1344650ae2b285a7025f9502f83fbca90e0
                                          • Instruction Fuzzy Hash: 45F039B1C046499FCB45DFB8D5512BEBFF4EF49201F10816AD868E3201E6350652CFD1
                                          Function 0690CFBF Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 36ce5b19236316248c446124bbcbe3500e522cac09291c69cc53f0cd810a109c
                                          • Instruction ID: eb80984e2496a5e3ef607f631b97620e4f1724376cff8f41bbb1e3c632dce234
                                          • Opcode Fuzzy Hash: 36ce5b19236316248c446124bbcbe3500e522cac09291c69cc53f0cd810a109c
                                          • Instruction Fuzzy Hash: D0E020312091104FC3015B28DC00455F7A67F4523031583E6D45DD72D1CB359C42C7D1
                                          Function 0690BD18 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ab4d2f2686c36fa3e6f3e77779079508c956e84eff40725443f7e5667c329508
                                          • Instruction ID: f538be37b6d634ee84df1437a61d3145972ffb04e0e03252fe2d0a7651b4cdaf
                                          • Opcode Fuzzy Hash: ab4d2f2686c36fa3e6f3e77779079508c956e84eff40725443f7e5667c329508
                                          • Instruction Fuzzy Hash: 52E0CD213092649FC7122B7C9C160DD7FA5DF47754311407EF985C3646DD640D8683E6
                                          Function 02310DD0 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 416568edcc6979c1d74a249e286e2cc7717996dbc1ffe402896e5e52156db28e
                                          • Instruction ID: cb0394b91fc1d3f27eae8f0f812f07b9ea56c407c80af7cef7b71afbd92ab3a4
                                          • Opcode Fuzzy Hash: 416568edcc6979c1d74a249e286e2cc7717996dbc1ffe402896e5e52156db28e
                                          • Instruction Fuzzy Hash: 8FE07D33F145108BDB564B66BC483DC77A1EF44A31B400059DD0BC2652DF3482638FE2
                                          Function 0690F468 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c717764090ffe19b4fad41268eb284117074c3875687c3ec8c0bdf9f22c159f3
                                          • Instruction ID: 689d73b69476f28cb09c5d3b0d24d22e74ab08a226c8b80b28d4658b8767a35e
                                          • Opcode Fuzzy Hash: c717764090ffe19b4fad41268eb284117074c3875687c3ec8c0bdf9f22c159f3
                                          • Instruction Fuzzy Hash: B7E086326002089FD744AAA4D4104EE3B6BEF81265F5040AAD506DB345EE315949C7E5
                                          Function 0690753C Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 899126aa426bdd6d0bce22aa12720643e7c1f7ed8797361818b5898a040ce0d6
                                          • Instruction ID: 691cf5c63b21df5a3ca72576e9e888b66629d6709e1d4fa7828169b82953436c
                                          • Opcode Fuzzy Hash: 899126aa426bdd6d0bce22aa12720643e7c1f7ed8797361818b5898a040ce0d6
                                          • Instruction Fuzzy Hash: 30E072A0A0C0449FE380DBBC8C010607FA0FA6B124308C9DEC98FCF6A2E617E803C380
                                          Function 02311F20 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fed4eaaad6e2de2fca942b4a48d7dca3701bfc7d9bed582cb2eff6dc546a0310
                                          • Instruction ID: 6477d4c7899ba9f477c9f6e7d4f4285d8fbfcdc33c128ac9cd98b8c67918d06c
                                          • Opcode Fuzzy Hash: fed4eaaad6e2de2fca942b4a48d7dca3701bfc7d9bed582cb2eff6dc546a0310
                                          • Instruction Fuzzy Hash: C9E0DF70A0830DDBDF44DBA8C4093DFBBFAEF88310F104068D605A6285DBB55A28C7B6
                                          Function 0231BB98 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c5930a6b31966289d5cec0a39b0a3ce3a039825bf9b5308e09d06a30872e5e1f
                                          • Instruction ID: af9ddfc157ed5e0ffbd43eab27974169ce13d16d42312f166f1899dec073c0d9
                                          • Opcode Fuzzy Hash: c5930a6b31966289d5cec0a39b0a3ce3a039825bf9b5308e09d06a30872e5e1f
                                          • Instruction Fuzzy Hash: 2DE092B1D0420D9F8B88DFA9D9416BEFFF8AB48200F10816AE918E2240E7345A51CFD5
                                          Function 02313460 Relevance: .0, Instructions: 18COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cf1208b412c8531b2cfe8d8b297133b470d2887545856f533b76580a6ccb9b12
                                          • Instruction ID: d3d1f350d5d2742fe3b2fed44e8d9409764bac4180dae0ec713736d0a7762f40
                                          • Opcode Fuzzy Hash: cf1208b412c8531b2cfe8d8b297133b470d2887545856f533b76580a6ccb9b12
                                          • Instruction Fuzzy Hash: F8E0BF36E04508CFCB04DFA8E4458DCB770FF89325B005166D51577225EB306999CF50
                                          Function 02317E72 Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 809cb0899b7453503d178b4b6bf7a7c7cdf4be440da5359c9ac44f638b7d4ba6
                                          • Instruction ID: 978d09501ac041eb6e9f11c58fc36f7041cd186a4c600dba7e915b741dcc3e11
                                          • Opcode Fuzzy Hash: 809cb0899b7453503d178b4b6bf7a7c7cdf4be440da5359c9ac44f638b7d4ba6
                                          • Instruction Fuzzy Hash: 97E08660B091C48FF745DB35D155B567FE1DB42608F04909AD0418F256C674A8D1CF54
                                          Function 069074E7 Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 563226ef9ce4c1aea84ac32c879acf69c19de3ebc8d3fb846759639fe8a6b8f1
                                          • Instruction ID: b0fc6e8575159e3b2e4998f32ebb961fe067bf09e241290df54bad3f6e1e00d7
                                          • Opcode Fuzzy Hash: 563226ef9ce4c1aea84ac32c879acf69c19de3ebc8d3fb846759639fe8a6b8f1
                                          • Instruction Fuzzy Hash: BDD05E30A180858E9780EB7C8845694FFA1EF4A11475589F99C5DCB342D9228413EB51
                                          Function 0690CFD0 Relevance: .0, Instructions: 15COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9d5057361917c8bcff19a140aece54d24bb73e5686deb8a4e0751531a655d4ac
                                          • Instruction ID: c515e604ec3715d58aba726340fba525e77f30f67327a9a25bd8c663849fbfb7
                                          • Opcode Fuzzy Hash: 9d5057361917c8bcff19a140aece54d24bb73e5686deb8a4e0751531a655d4ac
                                          • Instruction Fuzzy Hash: A3D0C7363051195B8644D654E544856F7AEFB88630315C3E5D90DD7305CF31FC52CBD6
                                          Function 0690A583 Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a4208f3473d6ac639f890154bfcde3780a69bcab91dff1ec4b8f23488b9b72cf
                                          • Instruction ID: 13149823e3a15e9fd06876cfdc342de7a32d6cebe4d4799d9f0cc48f00ca6378
                                          • Opcode Fuzzy Hash: a4208f3473d6ac639f890154bfcde3780a69bcab91dff1ec4b8f23488b9b72cf
                                          • Instruction Fuzzy Hash: 9DC08CB728E3888EE3020BA878002C47FB0E792176F1100EBC188CA0C3D7660406C355
                                          Function 0690BD28 Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c8120ebb67df2707a738a59cf8ab457b81257d88e5cfa27c23791700a07f7e24
                                          • Instruction ID: 7ace82a761194d4e2b420e760958cfbf6e451d53839ad0dab6d7aa598e52cc68
                                          • Opcode Fuzzy Hash: c8120ebb67df2707a738a59cf8ab457b81257d88e5cfa27c23791700a07f7e24
                                          • Instruction Fuzzy Hash: 45C0C03130413C034B04369CBC090EE364EDF86B59740002DF10FC3780CEA40D4103DA
                                          Function 0690DC90 Relevance: .0, Instructions: 13COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c54961f99bd91a98f1e7796edd6fd1e96db55604900ac8f672ce71b9c73d0c07
                                          • Instruction ID: 907c1994f86f8b2f83cf6e69f7f79da67bfb970377b5abed7c2f27adf7d2c030
                                          • Opcode Fuzzy Hash: c54961f99bd91a98f1e7796edd6fd1e96db55604900ac8f672ce71b9c73d0c07
                                          • Instruction Fuzzy Hash: 82D0123526D3CC1FC2436B757C158913F6B5D9211470844D2E0884E063DDD51415CFA6
                                          Function 02311F68 Relevance: .0, Instructions: 13COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 503fbf3728e1cca139dfa3c50a874fb0d7fece4f0fe39b95853357f52c1f0f54
                                          • Instruction ID: 6e0045101d71c7c7e358a9ad5c4e41e3372fad463a39bc251e617d7d82adbeb2
                                          • Opcode Fuzzy Hash: 503fbf3728e1cca139dfa3c50a874fb0d7fece4f0fe39b95853357f52c1f0f54
                                          • Instruction Fuzzy Hash: 30D0A930A04A09CAEBC0A7E884013EC3BB9FF84300F1001A9C68A820828FB00230CAB7
                                          Function 02311F55 Relevance: .0, Instructions: 13COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1ae45e3faaad1c945a4e0a8c16192c9864df302a5a2eccfe5ff01ff6c403519c
                                          • Instruction ID: be9a9bf70b56a2bfefda6c6ea92c2c3c4f93ed1ba1c3436cdef4a174f5cf5297
                                          • Opcode Fuzzy Hash: 1ae45e3faaad1c945a4e0a8c16192c9864df302a5a2eccfe5ff01ff6c403519c
                                          • Instruction Fuzzy Hash: F9D0A734A04209CEEB84D7D4C0127EC77B5FF84300F101099C24693081CF701630C672
                                          Function 069074F8 Relevance: .0, Instructions: 12COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bdba3288f5d58bb8fe64123428d5d50b8aeb85bc615c5887ca74c3247618933b
                                          • Instruction ID: bd4facac76dfff02f567bcf2c0357362eb3ea5c34ab824ce10718c7f64ba2d9e
                                          • Opcode Fuzzy Hash: bdba3288f5d58bb8fe64123428d5d50b8aeb85bc615c5887ca74c3247618933b
                                          • Instruction Fuzzy Hash: 57C08C34A04108AF8380FABCC802425F7E8FB48114B00C9E98C0ECB342EA33EC138BD1
                                          Function 06906EAB Relevance: .0, Instructions: 12COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2d23fab95ce4ba1fce7a21222fea78af41a21f8f2b3fcba12afb55460bcb6253
                                          • Instruction ID: 96b75ab933321fba32f69c0c5888d1194c82a10d43ff39f9ac756b7546639c8a
                                          • Opcode Fuzzy Hash: 2d23fab95ce4ba1fce7a21222fea78af41a21f8f2b3fcba12afb55460bcb6253
                                          • Instruction Fuzzy Hash: 07C09B317180205BEB48726DB9557FA16AFCBCD318B158067B509E73CDDDA49C4113D5
                                          Function 02311F78 Relevance: .0, Instructions: 12COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8674177be14f1b4be1d5a53472616f73c217b3bada08457c0d24d6e829b9fc3c
                                          • Instruction ID: bee547c120a6c0b5aa029cf4ade2cb00e486e849af5aace8ce2d98f0661dfef1
                                          • Opcode Fuzzy Hash: 8674177be14f1b4be1d5a53472616f73c217b3bada08457c0d24d6e829b9fc3c
                                          • Instruction Fuzzy Hash: A0C01235604E19DAEFC0B7FC98043AC3A69DFD5300F1000B8D944861438FA407348ABB
                                          Function 06907518 Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 92890341e5597a9896322c3d522e9c762ef617721bc14cdebf71dc7ccaeb4ec9
                                          • Instruction ID: ff072a176caf8f74a05a8943d1f9b7dbf47c3f46270f5ec6206e0a3fa83fee60
                                          • Opcode Fuzzy Hash: 92890341e5597a9896322c3d522e9c762ef617721bc14cdebf71dc7ccaeb4ec9
                                          • Instruction Fuzzy Hash: ADC0122415D1C08FDB01DF346C687A03F619B46204F0514A9D6E94A296C9451413CB15
                                          Function 0690DCA0 Relevance: .0, Instructions: 7COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d7c091ee06d88b26213b7a23a7f332b8a347b7e08493a60e1fc6ad1c0c54bfed
                                          • Instruction ID: bbf2cd34e983bcc07049148988467971689ad736c04dadf147c8c63c5657b290
                                          • Opcode Fuzzy Hash: d7c091ee06d88b26213b7a23a7f332b8a347b7e08493a60e1fc6ad1c0c54bfed
                                          • Instruction Fuzzy Hash: EFB0123000038D4FC5417BE9FC05514376EEE50205B400550A10C0D0169DA428004E89
                                          Function 02318E0D Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5778a20df4a87399b877b460285c2660c5df41dc58811f09150a0e5eb5d8b012
                                          • Instruction ID: ca0130be7956186c450638b56e9d5d3a0f9545aca08b796955980b0d28d6611e
                                          • Opcode Fuzzy Hash: 5778a20df4a87399b877b460285c2660c5df41dc58811f09150a0e5eb5d8b012
                                          • Instruction Fuzzy Hash:
                                          Function 02317230 Relevance: .0, Instructions: 3COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ecefbd2f3c86b12d947c7f6a405ef842518a53525baa911b491d00dca24049ef
                                          • Instruction ID: 0955942f8738b28ffbd019bf1bbe70bf53a255baccf50d05414f1874d83f3e85
                                          • Opcode Fuzzy Hash: ecefbd2f3c86b12d947c7f6a405ef842518a53525baa911b491d00dca24049ef
                                          • Instruction Fuzzy Hash:

                                          Non-executed Functions

                                          Function 0638C5B8 Relevance: .6, Instructions: 634COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1784640038.0000000006380000.00000040.00000800.00020000.00000000.sdmp, Offset: 06380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6380000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 99ef23ae6f53c88b952f2dcfc949d0034ab2741dbd460bf72247367ece86f5ab
                                          • Instruction ID: d9e6f9dc7066b1b3d1980b1ad124afd11927939a82e5d44da93f21beb9e3323d
                                          • Opcode Fuzzy Hash: 99ef23ae6f53c88b952f2dcfc949d0034ab2741dbd460bf72247367ece86f5ab
                                          • Instruction Fuzzy Hash: 7E32BF74A007058FDB54EF69C4806AEBBF2FF89304B24982AE446DB755DB70EC45CBA1
                                          Function 06796408 Relevance: .4, Instructions: 386COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1784982204.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6790000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3889a0b520eecc9f71ba3eec46a14a6c64bddda779e97e467793389a0d2d6cd7
                                          • Instruction ID: b7d62f0858f55f6b04d2ecfe876ce4cd149735ba8db7f453525b58a35ac7d2f0
                                          • Opcode Fuzzy Hash: 3889a0b520eecc9f71ba3eec46a14a6c64bddda779e97e467793389a0d2d6cd7
                                          • Instruction Fuzzy Hash: B2E18E347006048FEB55EB79D894A6ABBE2BF88304F14896DD596CB371DE30EC45CBA1
                                          Function 0231E390 Relevance: .4, Instructions: 375COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1778065540.0000000002310000.00000040.00000800.00020000.00000000.sdmp, Offset: 02310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_2310000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b534ccd7c1dd228c462a9e9f8b614146ac9ed8c6e402745e75e358836d49fec5
                                          • Instruction ID: 47125691dad2fc36da382d0f58d97d33273cb2f73d0a337b2c316aed884a4d69
                                          • Opcode Fuzzy Hash: b534ccd7c1dd228c462a9e9f8b614146ac9ed8c6e402745e75e358836d49fec5
                                          • Instruction Fuzzy Hash: AFD19F74B002158FDB08DBB8D854A6E7BF6EF89354B1484A9E906DB3A1DF34DD02CB91
                                          Function 06902BD8 Relevance: .3, Instructions: 338COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6a8c3929caa0b7c3cc241b1ccf2197964c520d4be2d5ef7fc40bd760a1090161
                                          • Instruction ID: 864be6ba938e8e5f979e756188fae33e769805b1771dc405117fd57e3dd0713a
                                          • Opcode Fuzzy Hash: 6a8c3929caa0b7c3cc241b1ccf2197964c520d4be2d5ef7fc40bd760a1090161
                                          • Instruction Fuzzy Hash: 8BD13E71E00209DFDB54DFA8C484AAEBBF6FF48310F14855AE515AB391DB34AA46CB90
                                          Function 069052D8 Relevance: .3, Instructions: 320COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1d86240ba4586aedba024b39fd6ebcb7c11097637c35f5b0c1735313827eb5ab
                                          • Instruction ID: d32cea58d1c6910b3dc8a4bcfca5ba74d3ae7b1da207023628ca2fc0542d1940
                                          • Opcode Fuzzy Hash: 1d86240ba4586aedba024b39fd6ebcb7c11097637c35f5b0c1735313827eb5ab
                                          • Instruction Fuzzy Hash: 14B1C370710105AFEB48DB79D9507BEB6EBAFC8750F298029E406D77A4CE30DD469BA0
                                          Function 06900C58 Relevance: .3, Instructions: 281COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 715c6e36141ebf58c3078d6ec08f45eba9b6198379c8ae3b5ad543f5234c8985
                                          • Instruction ID: e0cfe1db2eb5e613677e85c3ee61d202526b9022432c25b3f095a2862683c17c
                                          • Opcode Fuzzy Hash: 715c6e36141ebf58c3078d6ec08f45eba9b6198379c8ae3b5ad543f5234c8985
                                          • Instruction Fuzzy Hash: FEB18F70E00209CFEB54CFA9C8857EEBBF6EF88304F248129D819E7694DB749845DB95
                                          Function 06901528 Relevance: .3, Instructions: 266COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0ac477284dd269b80032de318c0ae1f2d95bd37b4fbef36dfd83aafcbc43ef1c
                                          • Instruction ID: 0f835712d934070efc0c6aaa6ea7963940f73a5b2bee1270caf256b7449a3040
                                          • Opcode Fuzzy Hash: 0ac477284dd269b80032de318c0ae1f2d95bd37b4fbef36dfd83aafcbc43ef1c
                                          • Instruction Fuzzy Hash: 42B15D71E00209CFEB94CFE9C8857AEBBF6AF88314F248529D815E7694DB749845CB81
                                          Function 06900910 Relevance: .2, Instructions: 238COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1785136675.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_6900000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e356d27af3084f6795d05abb61ad95080be640c6711cb6712a35c747ae9957fa
                                          • Instruction ID: 803c6582346d942b2a1b9aa8d6a53ac8834de3c513e24220eb5566a4e1201bdf
                                          • Opcode Fuzzy Hash: e356d27af3084f6795d05abb61ad95080be640c6711cb6712a35c747ae9957fa
                                          • Instruction Fuzzy Hash: 40917E70E00209CFEF54CFA9C8847EEBBF6EF88714F248529D415A7694DB749845CB91

                                          Execution Graph

                                          Execution Coverage:14.3%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:0%
                                          Total number of Nodes:6
                                          Total number of Limit Nodes:0
                                          execution_graph 45872 64bcde8 45873 64bce06 45872->45873 45876 64bb1f8 45873->45876 45875 64bce3d 45877 64be908 LoadLibraryA 45876->45877 45879 64be9e4 45877->45879

                                          Executed Functions

                                          Function 00BDF0D0 Relevance: .8, Instructions: 755COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 713a737065043050a9919bf4bc6bac528f60a06c9166844db6b89726345b6ef4
                                          • Instruction ID: ed68830a2cf7a87682d8fcc16a249c251c2acbdfff1bfae46b5544256b27ef52
                                          • Opcode Fuzzy Hash: 713a737065043050a9919bf4bc6bac528f60a06c9166844db6b89726345b6ef4
                                          • Instruction Fuzzy Hash: 2862D978A002159FDB14DF64D898B6DBBF2EF88300F1084A9E90AA73A5DB349D85CF51
                                          Function 00BD0DE0 Relevance: .6, Instructions: 607COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4f1e3e67c13db23d2296d8d110ce485ba696caf9cc7d477c3818c40843e490dd
                                          • Instruction ID: b9ec28bc9033343cdc59d82e1c15a9c3116cc996a1b7fd49a899151509a21fc1
                                          • Opcode Fuzzy Hash: 4f1e3e67c13db23d2296d8d110ce485ba696caf9cc7d477c3818c40843e490dd
                                          • Instruction Fuzzy Hash: 76427875A002049FDB54EB78E888B6DB7F6FB89300F1085AAD40A9B364EF349D85CF51
                                          Function 060988E9 Relevance: .5, Instructions: 478COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7f0314025c848b437b666b3e0b0135c6aae5a6224c00bc53616761061ffc6934
                                          • Instruction ID: 7806f9ba3c39db4b5b3ef7527f3cb892d5541094b7356316df649bc3cc9b3a68
                                          • Opcode Fuzzy Hash: 7f0314025c848b437b666b3e0b0135c6aae5a6224c00bc53616761061ffc6934
                                          • Instruction Fuzzy Hash: 40224B30D1061ACFDF60DF68C854798BBB2FF96300F15CA9AD8457B251EB70AA85CB91
                                          Function 06933058 Relevance: .3, Instructions: 340COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 87f87295aed72a964bf20c50104868f1b940409208c7df81727e101d2fe80f02
                                          • Instruction ID: 005be1c24f0c2901558626052015380e487e782e4cc62a88f2efff4dcb902975
                                          • Opcode Fuzzy Hash: 87f87295aed72a964bf20c50104868f1b940409208c7df81727e101d2fe80f02
                                          • Instruction Fuzzy Hash: 0DD15B71E00259DFCB54DFA8C884AAEFBF6FF88310F14855AE415AB351DB34A946CB90
                                          Function 06935758 Relevance: .3, Instructions: 320COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3cc02dcd4168eb143300f1dd73eec3db21c437d3bdc6958d5f7338a418c1fa12
                                          • Instruction ID: 6538afc0f5da9197ea75c52e0bbf2d137037cd3e7cf909c77277f6a5c2a772f0
                                          • Opcode Fuzzy Hash: 3cc02dcd4168eb143300f1dd73eec3db21c437d3bdc6958d5f7338a418c1fa12
                                          • Instruction Fuzzy Hash: 2EB16F34B101149FDB48DB7A885476EB6EBBFC8750F29C069E406D7BA4DE349D41CBA0
                                          Function 069310D8 Relevance: .3, Instructions: 281COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 96d5ae948b56d9bf0029bdccbebfc74acbcebccb5bbb5b363c61e0154f023ad0
                                          • Instruction ID: 2df2d2b99bea0be4e8d9f3fbfc1531057c30d5a8a5d819ade54efb956db5e399
                                          • Opcode Fuzzy Hash: 96d5ae948b56d9bf0029bdccbebfc74acbcebccb5bbb5b363c61e0154f023ad0
                                          • Instruction Fuzzy Hash: FAB15E70E002198FDF54CFA9C9857EEBBF6EF88304F248129D815E76A4DB749846CB91
                                          Function 069319A8 Relevance: .3, Instructions: 266COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c95bc3e96d8efe9375216e931294c1ad749489e74e9dd9064ca1fadb1d3a5bef
                                          • Instruction ID: d6057559f59c8ae6fa60fc0851f3cf130de719f8b21a0e90048dee24c0e8effd
                                          • Opcode Fuzzy Hash: c95bc3e96d8efe9375216e931294c1ad749489e74e9dd9064ca1fadb1d3a5bef
                                          • Instruction Fuzzy Hash: 50B14E70E00219CFDF54CFA9C8817ADBBF6AF88314F248529D815EB7A4EB749845CB81
                                          Function 06097F58 Relevance: 2.6, Strings: 2, Instructions: 111COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 262 6097f58-6097f64 263 6097fa3-6097fd0 262->263 264 6097f66-6097f8a 262->264 273 6098013-6098029 263->273 274 6097fd2-6097ff4 263->274 271 6097f92-6097fa2 264->271 282 609805b-609807e 273->282 283 609802b-6098059 273->283 275 6098099-609809e 274->275 276 6097ffa-6098002 274->276 278 6098009-609800c 276->278 279 6098004-6098007 276->279 281 609800f 278->281 279->281 284 6098086-6098093 281->284 282->284 283->282 284->275 289 6098011 284->289 289->273
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: T;s$l;s
                                          • API String ID: 0-3111451658
                                          • Opcode ID: 1ebc942bd5f4aa00b382a683c8fb94bdb14edf977172afb731ffbb4a8a3d82c0
                                          • Instruction ID: fb369bf9102a880a6c21b606d087b55df18812b6873e2a1b75b3a829db664ce4
                                          • Opcode Fuzzy Hash: 1ebc942bd5f4aa00b382a683c8fb94bdb14edf977172afb731ffbb4a8a3d82c0
                                          • Instruction Fuzzy Hash: 493129717412008FDB889B6DD854A6E7BE7FFC6314328C56AE406CB366DE35DC0697A0
                                          Function 00BD4A68 Relevance: 2.0, Instructions: 1978COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 292 bd4a68-bd6bb8 call bd4938 call bd7b8f 682 bd6bbe-bd6bc6 292->682 684 bd6bc8-bd6bdf 682->684 685 bd6c30-bd6c33 682->685 688 bd6be1-bd6bea 684->688 689 bd6c00 684->689 691 bd6bec-bd6bef 688->691 692 bd6bf1-bd6bf4 688->692 690 bd6c03-bd6c13 689->690 695 bd6c15-bd6c1f 690->695 696 bd6c21 690->696 693 bd6bfe 691->693 692->693 693->690 697 bd6c28-bd6c2b 695->697 696->697 697->685
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a000ed52c8e869862b4e5b5da17f83d1885c507c88d7c9720a31c39418ef6e98
                                          • Instruction ID: d642529679a9a3660a7209be7d7b28b9ec51f6ec1f2aa6582eb3887e04820b5c
                                          • Opcode Fuzzy Hash: a000ed52c8e869862b4e5b5da17f83d1885c507c88d7c9720a31c39418ef6e98
                                          • Instruction Fuzzy Hash: 62236F39902344DFCB56BF61CA58659B732FB4A346B20C4AAED1696724CB7F8C42DF04
                                          Function 00BD4A67 Relevance: 2.0, Instructions: 1973COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 699 bd4a67-bd6b9d 1085 bd6ba5-bd6bb8 call bd4938 call bd7b8f 699->1085 1089 bd6bbe-bd6bc6 1085->1089 1091 bd6bc8-bd6bdf 1089->1091 1092 bd6c30-bd6c33 1089->1092 1095 bd6be1-bd6bea 1091->1095 1096 bd6c00 1091->1096 1098 bd6bec-bd6bef 1095->1098 1099 bd6bf1-bd6bf4 1095->1099 1097 bd6c03-bd6c13 1096->1097 1102 bd6c15-bd6c1f 1097->1102 1103 bd6c21 1097->1103 1100 bd6bfe 1098->1100 1099->1100 1100->1097 1104 bd6c28-bd6c2b 1102->1104 1103->1104 1104->1092
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6eb5bdb4ef4a2c33e9c22d9a46a705479dc251b14005654a05d1cabcef26e125
                                          • Instruction ID: c0ca3de0788b754acc52d55f2ffe7dd4bd7b31ffd54545c13dfa383b68b20437
                                          • Opcode Fuzzy Hash: 6eb5bdb4ef4a2c33e9c22d9a46a705479dc251b14005654a05d1cabcef26e125
                                          • Instruction Fuzzy Hash: E8236F39902344DFCB56BF61CA58659B732FB4A346B20C4AAED1696724CB7F8C42DF04
                                          Function 064BE8FC Relevance: 1.6, APIs: 1, Instructions: 96libraryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1106 64be8fc-64be905 1107 64be950-64be95f 1106->1107 1108 64be907-64be94a 1106->1108 1110 64be998-64be9e2 LoadLibraryA 1107->1110 1111 64be961-64be96b 1107->1111 1108->1107 1116 64be9eb-64bea1c 1110->1116 1117 64be9e4-64be9ea 1110->1117 1111->1110 1112 64be96d-64be96f 1111->1112 1114 64be992-64be995 1112->1114 1115 64be971-64be97b 1112->1115 1114->1110 1118 64be97f-64be98e 1115->1118 1119 64be97d 1115->1119 1123 64bea1e-64bea22 1116->1123 1124 64bea2c 1116->1124 1117->1116 1118->1118 1120 64be990 1118->1120 1119->1118 1120->1114 1123->1124 1125 64bea24 1123->1125 1126 64bea2d 1124->1126 1125->1124 1126->1126
                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312465348.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_64b0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: 72daf1670aa800f657ac716fdecd3de63f25d51895ebf056d527d9cfd87e606f
                                          • Instruction ID: 070216b64c6af49037bc4560cd17f4b717800a2c4156767fdc554e29cabd5d4d
                                          • Opcode Fuzzy Hash: 72daf1670aa800f657ac716fdecd3de63f25d51895ebf056d527d9cfd87e606f
                                          • Instruction Fuzzy Hash: 8F4167B4D00288CFDB94CFA8C845BDEBFF5AB88340F10952AE815A7341D7799489CFA5
                                          Function 064BB1F8 Relevance: 1.6, APIs: 1, Instructions: 89libraryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1127 64bb1f8-64be95f 1130 64be998-64be9e2 LoadLibraryA 1127->1130 1131 64be961-64be96b 1127->1131 1136 64be9eb-64bea1c 1130->1136 1137 64be9e4-64be9ea 1130->1137 1131->1130 1132 64be96d-64be96f 1131->1132 1134 64be992-64be995 1132->1134 1135 64be971-64be97b 1132->1135 1134->1130 1138 64be97f-64be98e 1135->1138 1139 64be97d 1135->1139 1143 64bea1e-64bea22 1136->1143 1144 64bea2c 1136->1144 1137->1136 1138->1138 1140 64be990 1138->1140 1139->1138 1140->1134 1143->1144 1145 64bea24 1143->1145 1146 64bea2d 1144->1146 1145->1144 1146->1146
                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312465348.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_64b0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: e886c6487d31bc897b30e63e275e33d7213202e904bb967e0fdb7db08567389d
                                          • Instruction ID: f2d94f117315caf455e09f6ce9e609b23acb51fc0c056e27494668e1e0c0124a
                                          • Opcode Fuzzy Hash: e886c6487d31bc897b30e63e275e33d7213202e904bb967e0fdb7db08567389d
                                          • Instruction Fuzzy Hash: 673144B0D04249CFDB94CFA9C845BDEBBF1BB88340F10952AE815AB341E7789845CFA1
                                          Function 0609A600 Relevance: 1.5, Strings: 1, Instructions: 293COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1768 609a600-609a612 1769 609a61e-609a652 1768->1769 1770 609a614-609a616 1768->1770 1772 609a658-609a65e 1769->1772 1773 609a83c-609a855 1769->1773 1770->1769 1774 609a664-609a66a 1772->1774 1775 609a707-609a70b 1772->1775 1789 609a82e-609a82f 1773->1789 1790 609a857-609a887 1773->1790 1774->1773 1778 609a670-609a67a 1774->1778 1776 609a70d-609a716 1775->1776 1777 609a72e-609a737 1775->1777 1776->1773 1780 609a71c-609a72c 1776->1780 1783 609a739-609a745 1777->1783 1784 609a75b-609a75e 1777->1784 1781 609a67c-609a685 1778->1781 1782 609a6e6-609a6ef 1778->1782 1786 609a761-609a767 1780->1786 1781->1773 1788 609a68b-609a6aa 1781->1788 1782->1773 1787 609a6f5-609a701 1782->1787 1796 609a74d-609a758 1783->1796 1784->1786 1786->1773 1791 609a76d-609a77d 1786->1791 1787->1774 1787->1775 1788->1782 1799 609a6ac-609a6b2 1788->1799 1794 609a832-609a839 1789->1794 1808 609a889 1790->1808 1809 609a89d-609a8a9 1790->1809 1791->1773 1793 609a783-609a793 1791->1793 1793->1773 1798 609a799-609a7a6 1793->1798 1796->1784 1798->1773 1802 609a7ac-609a7d1 1798->1802 1800 609a6be-609a6c4 1799->1800 1801 609a6b4 1799->1801 1800->1773 1803 609a6ca-609a6e3 1800->1803 1801->1800 1802->1773 1812 609a7d3-609a7eb 1802->1812 1811 609a88c-609a88e 1808->1811 1813 609a8ab 1809->1813 1814 609a8b5-609a8d1 1809->1814 1815 609a890-609a89b 1811->1815 1816 609a8d2-609a8e0 1811->1816 1812->1773 1820 609a7ed-609a7f8 1812->1820 1813->1814 1815->1809 1815->1811 1822 609a8e2-609a908 1816->1822 1823 609a946-609a94a 1816->1823 1820->1794 1824 609a7fa-609a804 1820->1824 1825 609a95a-609a95c 1823->1825 1826 609a94c-609a954 1823->1826 1824->1794 1834 609a806-609a82a 1824->1834 1830 609a988-609a98d 1825->1830 1831 609a95e-609a963 1825->1831 1826->1825 1829 609a956-609a958 1826->1829 1829->1830 1832 609a969-609a979 call 6094140 1831->1832 1833 609a965-609a967 1831->1833 1839 609a97b-609a97d 1832->1839 1840 609a97f-609a984 1832->1840 1833->1830 1834->1789 1839->1830 1840->1830 1841 609a986 1840->1841 1841->1830
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: d
                                          • API String ID: 0-2564639436
                                          • Opcode ID: 1e03e96b9e25a7c90e78a7ff066e0daa5d1d3b7a09a408edf73e706bbe84f055
                                          • Instruction ID: 073f068b5b380d57a7e64f2a07efcfe5e7a2ff5a5bbfcb57dfe94ee5494e59a8
                                          • Opcode Fuzzy Hash: 1e03e96b9e25a7c90e78a7ff066e0daa5d1d3b7a09a408edf73e706bbe84f055
                                          • Instruction Fuzzy Hash: 8FC17D357006028FCB54CF18C88496ABBF3FF84314B5ACA69D85A8B665DB71FC46DB90
                                          Function 06097D48 Relevance: 1.4, Strings: 1, Instructions: 140COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2465 6097d48-6097d9f 2509 6097da1 call 6097f58 2465->2509 2510 6097da1 call 6097f44 2465->2510 2470 6097da7-6097db9 2505 6097dbb call 60980a8 2470->2505 2506 6097dbb call 60980b8 2470->2506 2507 6097dbb call 60981ac 2470->2507 2508 6097dbb call 60982a0 2470->2508 2472 6097dc1-6097df3 2476 6097df5-6097e23 2472->2476 2477 6097e26-6097e55 2472->2477 2476->2477 2484 6097e5d-6097e6b 2477->2484 2486 6097f0a-6097f23 2484->2486 2487 6097e71-6097e9d 2484->2487 2490 6097f2e 2486->2490 2491 6097f25 2486->2491 2494 6097e9f-6097eb4 2487->2494 2495 6097eb6-6097ebc 2487->2495 2491->2490 2503 6097ef9-6097f04 2494->2503 2496 6097edf-6097ef2 2495->2496 2497 6097ebe-6097edd 2495->2497 2496->2503 2497->2496 2503->2486 2503->2487 2505->2472 2506->2472 2507->2472 2508->2472 2509->2470 2510->2470
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4<s
                                          • API String ID: 0-2457971119
                                          • Opcode ID: edbef1e291b544cf3883a466751c5fdcb51c3f07c6ef8cd827a334fcd4b0585f
                                          • Instruction ID: be7e1ed42f3548c99a2080ba239702e57d6561820c2700fe2db8faa871a770a0
                                          • Opcode Fuzzy Hash: edbef1e291b544cf3883a466751c5fdcb51c3f07c6ef8cd827a334fcd4b0585f
                                          • Instruction Fuzzy Hash: 94517031B60104DFDB44ABA5D8546ADBBF3FFC8244B248129E402AB351DF349D068B95
                                          Function 06097F44 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2615 6097f44-6097f64 2616 6097fa3-6097fd0 2615->2616 2617 6097f66-6097f8a 2615->2617 2626 6098013-6098029 2616->2626 2627 6097fd2-6097ff4 2616->2627 2624 6097f92-6097fa2 2617->2624 2635 609805b-609807e 2626->2635 2636 609802b-6098059 2626->2636 2628 6098099-609809e 2627->2628 2629 6097ffa-6098002 2627->2629 2631 6098009-609800c 2629->2631 2632 6098004-6098007 2629->2632 2634 609800f 2631->2634 2632->2634 2637 6098086-6098093 2634->2637 2635->2637 2636->2635 2637->2628 2642 6098011 2637->2642 2642->2626
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: l;s
                                          • API String ID: 0-3229417253
                                          • Opcode ID: 4d0a4edcc7a47bb449c0a69f6467a9ba980d6357150b9b017b65fc8ec133f947
                                          • Instruction ID: 72888b99a54117a0b8daaf9c2aa403a64fcc74200031afdbf8400ba6341d89ee
                                          • Opcode Fuzzy Hash: 4d0a4edcc7a47bb449c0a69f6467a9ba980d6357150b9b017b65fc8ec133f947
                                          • Instruction Fuzzy Hash: 3DF0B4B17492904FCB4A466D9864569AFA7AFCB62436900EFE409CB367DC268C079325
                                          Function 0693D787 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: {35l^
                                          • API String ID: 0-1142697716
                                          • Opcode ID: 73c73f0e3ea8502fb3b770ddc5f5da7236e2d504d0b02b8b51403f4b73bbdcd9
                                          • Instruction ID: 3eb0ed95e99898ef387596f54ea7c63318151f2ccffccb0fbc8627503ba80227
                                          • Opcode Fuzzy Hash: 73c73f0e3ea8502fb3b770ddc5f5da7236e2d504d0b02b8b51403f4b73bbdcd9
                                          • Instruction Fuzzy Hash: F5F0C8312043416BC3019729EC40C8BBBEAEFC1350714C525E14E8B625DF30AD09CBE4
                                          Function 0693D798 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: {35l^
                                          • API String ID: 0-1142697716
                                          • Opcode ID: cb982f6e81a187bb4ff59229b6c86c532154678a8519ee96cfc849c3cb9706a3
                                          • Instruction ID: 7532b32a0706cde96e6c10a61b7cb121691574a6ce9e7632239cc591f491c556
                                          • Opcode Fuzzy Hash: cb982f6e81a187bb4ff59229b6c86c532154678a8519ee96cfc849c3cb9706a3
                                          • Instruction Fuzzy Hash: 2AF082312006059BC301EB6EEC8098BBBD6FFC5360304C629E15E8B624DF70ED098BE4
                                          Function 00BD7250 Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: k9Y!0
                                          • API String ID: 0-1825060378
                                          • Opcode ID: b2505e46aeb6c3f00c707ff1c686a83fa3783fc4af3d2c4b071c300abc6e6497
                                          • Instruction ID: 0b108b7a21aa46a21a7610500c6203d47e7380c71c10c1f41d0316da7f99e05f
                                          • Opcode Fuzzy Hash: b2505e46aeb6c3f00c707ff1c686a83fa3783fc4af3d2c4b071c300abc6e6497
                                          • Instruction Fuzzy Hash: F4D022726042182B6B05EAAD58004CE7F9ECA800B0F00007BC008DB200EC702A4042ED
                                          Function 00BD724F Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: k9Y!0
                                          • API String ID: 0-1825060378
                                          • Opcode ID: e0e009168e4e1cfdc5e0cc8870ae9367c9ac067f2490f2a3c5f8c570b1a9032f
                                          • Instruction ID: 9d514a5be3cbb48826322bf59d4b7489e262489605e2d41e0fa3e342287529f2
                                          • Opcode Fuzzy Hash: e0e009168e4e1cfdc5e0cc8870ae9367c9ac067f2490f2a3c5f8c570b1a9032f
                                          • Instruction Fuzzy Hash: BAD022726042182B6B05EEA864400CE7FAACB800B0F00007BC00CDB200EC700A4143E9
                                          Function 06090377 Relevance: 1.1, Instructions: 1072COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 918566ec54699a94d7bea938209bc5ea35608335e6d420be7466dda96c41c86b
                                          • Instruction ID: 58b7c0e376752ac03588bb57637a3a4b2aea81ac4b01f7da5d7162705b4d9fdb
                                          • Opcode Fuzzy Hash: 918566ec54699a94d7bea938209bc5ea35608335e6d420be7466dda96c41c86b
                                          • Instruction Fuzzy Hash: B6C2A234911229DFDB659F64C855ADDBBB2BF89300F5045EAD40AAB360EF319E85CF80
                                          Function 06090448 Relevance: 1.0, Instructions: 1000COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1e6bd7cb7cfc8d1f5e6999a3799cb7edf2437c3173e6377d5fc9d666f2590b60
                                          • Instruction ID: ad4c3f04bfe3bd8d901df29101c11e78d6af995d0d8ceffaea60cfce8b1d802d
                                          • Opcode Fuzzy Hash: 1e6bd7cb7cfc8d1f5e6999a3799cb7edf2437c3173e6377d5fc9d666f2590b60
                                          • Instruction Fuzzy Hash: FEB2B234901229DFDB659F64C855ADDBBB2BF89301F5045EAE40AAB360EF319E85CF40
                                          Function 06092E18 Relevance: .5, Instructions: 520COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a910a6deddacbe33acad7f8908f6ebbf037d036363b7ccac93ee33bf2c676ea7
                                          • Instruction ID: 4a5bda382c558d451ad74c1ddd899f818ae3e66b8adc897433ebf22771318661
                                          • Opcode Fuzzy Hash: a910a6deddacbe33acad7f8908f6ebbf037d036363b7ccac93ee33bf2c676ea7
                                          • Instruction Fuzzy Hash: 9C02C030B501059FDB98DBADC454A6EBBE7AFC8344B18846AE406DB3A0DF31DD01DBA5
                                          Function 0609E180 Relevance: .4, Instructions: 424COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 69c431aecc92342d25fa9e91614c40f6da42aad295dc06f97e22066cc983125d
                                          • Instruction ID: 027c1be0a9d2b0240ad38f83776155293d10dde2880ac50f0ba2fd573948c6d4
                                          • Opcode Fuzzy Hash: 69c431aecc92342d25fa9e91614c40f6da42aad295dc06f97e22066cc983125d
                                          • Instruction Fuzzy Hash: 0B023834A001099FDB44DF68D994AAE7BF2FF88310F148469E816AB361DB35EC11CFA0
                                          Function 00BDE7F8 Relevance: .4, Instructions: 410COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2597dc3d92995ba0dc90282e3f0aac6026c30ca1b759a15e6ade71d93debf9c6
                                          • Instruction ID: 854400294d06b4f5a0632b9b864c4b1ca26a927ca5e1cc99f8434623bd5368d2
                                          • Opcode Fuzzy Hash: 2597dc3d92995ba0dc90282e3f0aac6026c30ca1b759a15e6ade71d93debf9c6
                                          • Instruction Fuzzy Hash: 18E15C747002119FD714EF68C895A2ABBE6FF89710F1584AAE516CB3A2DB35DC01CB91
                                          Function 060980B8 Relevance: .4, Instructions: 403COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b400c2ac473f5d1f1f7d88c74d5984eb78192455b77a660b95bc967d795d19ad
                                          • Instruction ID: 53498e379f32c7c672ce0200dba166b963427e192e1e2a2cf85ad9400e366966
                                          • Opcode Fuzzy Hash: b400c2ac473f5d1f1f7d88c74d5984eb78192455b77a660b95bc967d795d19ad
                                          • Instruction Fuzzy Hash: 6DE1A1347442048FCB859F68D85496EBFF2EF86310B15C86AE01ADB3A1DB30DC06DBA1
                                          Function 0609ACFE Relevance: .4, Instructions: 354COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a1e5ac368419a8f4fab718f8b98a2b9da2ca37812d37c7f5a517ad814024ed8a
                                          • Instruction ID: b75113a85506cd871b32239d2be5c2dcf93060c2aeba631e9a38d93fcab3e73b
                                          • Opcode Fuzzy Hash: a1e5ac368419a8f4fab718f8b98a2b9da2ca37812d37c7f5a517ad814024ed8a
                                          • Instruction Fuzzy Hash: F4D1B1307446008FEBA49B68D45576E7BE3FB84710F10481AE857C7791DBB9DCC19BA1
                                          Function 00BDD9E0 Relevance: .4, Instructions: 350COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 801a59fadf434a80557415f0ec16770369e6c3c8b07eecc6e085ec80a2ce31a5
                                          • Instruction ID: 6568cb9720ca952250f25aeb9fb327e3200a237fa82f06cb8174e52641837185
                                          • Opcode Fuzzy Hash: 801a59fadf434a80557415f0ec16770369e6c3c8b07eecc6e085ec80a2ce31a5
                                          • Instruction Fuzzy Hash: 56E10534A00209DFDB14EF69D894A9DBBB2FF88310F148569E8569B361DB34AD46CF90
                                          Function 0693A1C8 Relevance: .3, Instructions: 309COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8f1857d06cbf1563e66fc19eff2a2550aacc0519322a72aa1756ddb39c0b7f05
                                          • Instruction ID: e02d8be2e5487ff66c2a8d94d76e52808692c0c82327344eb25fa098515146b7
                                          • Opcode Fuzzy Hash: 8f1857d06cbf1563e66fc19eff2a2550aacc0519322a72aa1756ddb39c0b7f05
                                          • Instruction Fuzzy Hash: 0FB1BD317002119FEB09ABB4C45862E3BEBAFCA601B64446DD543CB795EF39DC46CB92
                                          Function 00BDF6F9 Relevance: .3, Instructions: 301COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f0cd4925db9631100a46cc431936dbe74487e3ffc77bbf58ba2c03931a2eef57
                                          • Instruction ID: 483f4dd856f89f96f3dadc6c20d37e1cfbd59f7bd3324cb3c5839dfb3ccabe77
                                          • Opcode Fuzzy Hash: f0cd4925db9631100a46cc431936dbe74487e3ffc77bbf58ba2c03931a2eef57
                                          • Instruction Fuzzy Hash: BDD11738A01219DFDB15DF64D858BADBBB2FF88301F1084AAE90AA7350DB359D81DF50
                                          Function 00BD178E Relevance: .3, Instructions: 301COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 16bff6b5b17ea593b4b07fe33d1a74147b03390f8f4634e3f55c752c1dcb480d
                                          • Instruction ID: d9d9d2164deac4cb5419abbddcd34f62268fecb87883329fb1e48e873bd70e12
                                          • Opcode Fuzzy Hash: 16bff6b5b17ea593b4b07fe33d1a74147b03390f8f4634e3f55c752c1dcb480d
                                          • Instruction Fuzzy Hash: 8EB10370B052959FDB05AB78846466EBBF6AF85300F2484ABC445DB392EB39CC46C791
                                          Function 069310CD Relevance: .3, Instructions: 281COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0aa83b19c682c3b6d1a5b5d50fbdfef5db26469cfc1ce4eecde63f07bccdb316
                                          • Instruction ID: d0702ffab9b8938df995d631c0078ef5b7083e97bcd0fc20bf930783c7c6935a
                                          • Opcode Fuzzy Hash: 0aa83b19c682c3b6d1a5b5d50fbdfef5db26469cfc1ce4eecde63f07bccdb316
                                          • Instruction Fuzzy Hash: 38B16D70E00229CFDB94CFA9C9857DEBBF6EF48304F248129D815E76A4DB749846CB91
                                          Function 06096BF8 Relevance: .3, Instructions: 275COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 449f26fc56eafcf8a0ccfbe33b180681f9209a4c88f626921e7d23c13644cab5
                                          • Instruction ID: 690c985addec98b2da47e29c0e8bd866c1c4856fb3607a4a5c580358c0158060
                                          • Opcode Fuzzy Hash: 449f26fc56eafcf8a0ccfbe33b180681f9209a4c88f626921e7d23c13644cab5
                                          • Instruction Fuzzy Hash: D9B10A74F1060A8FDB55CFA9C49099EBBF6FF89304B608469E806DB354EB31AD05CB51
                                          Function 0693E53F Relevance: .3, Instructions: 267COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3bd6054f544b614cf6a973b744f4b38eadcb2c6538d57f8e8c09f8b965a6f680
                                          • Instruction ID: f33a1d6cf3bf0dd295ffe5b6a0a39f3934afa3a107eb81da6f3a30230faf5b16
                                          • Opcode Fuzzy Hash: 3bd6054f544b614cf6a973b744f4b38eadcb2c6538d57f8e8c09f8b965a6f680
                                          • Instruction Fuzzy Hash: 0181A830F10218DFDBE49A79C81463A35DBABC870577548ABD507DBB65FE20CC01ABA6
                                          Function 0609BEEA Relevance: .3, Instructions: 265COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e179f096a3fd0a7d33e252fd587d421a845c3df06e1c28955e2223e6ed79b4cd
                                          • Instruction ID: aef492964aab8876827e01a424435bc7ab7ae1d067e0120bfdb0276d7d736f35
                                          • Opcode Fuzzy Hash: e179f096a3fd0a7d33e252fd587d421a845c3df06e1c28955e2223e6ed79b4cd
                                          • Instruction Fuzzy Hash: FAA16D34B402099FEF449F68D855AAE7FB3EB88350F148465F8069B391EF349C41CBA0
                                          Function 0693199C Relevance: .3, Instructions: 265COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cfd0905b3e72927455b8772df78a9c9c70efb3c6bb6e2492368568b0783da062
                                          • Instruction ID: be709620a4f1e5d818b0f85bb01d580cec2223309c8928fb37e8dc3f272e367e
                                          • Opcode Fuzzy Hash: cfd0905b3e72927455b8772df78a9c9c70efb3c6bb6e2492368568b0783da062
                                          • Instruction Fuzzy Hash: A0B15C70E002298FDF94CFA9C8817DDBBF6AF48314F248529D815EB7A4EB749845CB91
                                          Function 0609F500 Relevance: .2, Instructions: 232COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a7931002b98786b17c1741480ec81bb1126643c067705b731867cf4c7a9d462e
                                          • Instruction ID: 82801e5943168cad8c806a5d612297f39a662a0005ffe5207df78bd1758a9aef
                                          • Opcode Fuzzy Hash: a7931002b98786b17c1741480ec81bb1126643c067705b731867cf4c7a9d462e
                                          • Instruction Fuzzy Hash: 0F81C275A002099FCF55CF68D884AAEBFF6FF88300F14802AE915D7361DB309915DBA1
                                          Function 00BDB098 Relevance: .2, Instructions: 223COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: afbecfc8750d779241c8912d9351fae6cd769431471c634996a6595fe7872107
                                          • Instruction ID: 7da402aab4e22503461a0d7aa9c0bb56b84efb0eabfab41310d027ff1e110e18
                                          • Opcode Fuzzy Hash: afbecfc8750d779241c8912d9351fae6cd769431471c634996a6595fe7872107
                                          • Instruction Fuzzy Hash: F5910C34B00206CFDB04DBA8D994AAEBBF2FF89304F1585A5D405EB355EB349D42CBA5
                                          Function 06097A10 Relevance: .2, Instructions: 205COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1d8c1135b8387c830bcb748afcef83681b1cb340189262a18951d7c62d62d96b
                                          • Instruction ID: 94937f25c5d9bbcfff69e42f94cce328b725ec25306ee8b7f6450e17eed165c8
                                          • Opcode Fuzzy Hash: 1d8c1135b8387c830bcb748afcef83681b1cb340189262a18951d7c62d62d96b
                                          • Instruction Fuzzy Hash: 0E717C71E502098FDB94EFA9C85079EBBF3BF84304F248529D846AB351EF309946CB90
                                          Function 0609B238 Relevance: .2, Instructions: 204COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d0d629b869c10f7f768a5912dfb6a881d6577c5487297ba911a126a60ebb7f75
                                          • Instruction ID: fbeb24b4232d33fa0be1b8d2395f0f71dfb24b773162f786084973c2a2c5163a
                                          • Opcode Fuzzy Hash: d0d629b869c10f7f768a5912dfb6a881d6577c5487297ba911a126a60ebb7f75
                                          • Instruction Fuzzy Hash: D571E071605740CFEB64CB68E88076BBBF3FF85314F14842AD08287A51DB74E845EBA1
                                          Function 00BDB06A Relevance: .2, Instructions: 199COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 33af36eafe6bd298282aa66994217f603153d98253497bfe4335fb4c2659ae0c
                                          • Instruction ID: 602fc2bb83f44a315eb5f32100aeb6fdc5a6161da6eaa2d0cfc0d81104122fb0
                                          • Opcode Fuzzy Hash: 33af36eafe6bd298282aa66994217f603153d98253497bfe4335fb4c2659ae0c
                                          • Instruction Fuzzy Hash: 49812E74A00205CFDB05DF68C994AAEBBF2FF89304F1581A5D405AB365EB34DD46CBA4
                                          Function 0609BE3C Relevance: .2, Instructions: 198COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 018156aa0e805946897e14265bb6d0ec1bfdb054ffaf5a84847524805ae0fc64
                                          • Instruction ID: 6f5bc73bf8dac2e5772eb6c76a3c01554813ab6c3b6e25384a352bcbacd41316
                                          • Opcode Fuzzy Hash: 018156aa0e805946897e14265bb6d0ec1bfdb054ffaf5a84847524805ae0fc64
                                          • Instruction Fuzzy Hash: E9618D34B512149FEB049F68D459A6E3BA3EB88710B108469F906CB3A1EF34DC52CBA1
                                          Function 0693849E Relevance: .2, Instructions: 198COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d2d4f6cb7d0432e8ddd735d2b2e1a1da9a76c0d29dd21214fac211ac41564cf9
                                          • Instruction ID: 10aacda0592655d9c524fd37df5dd867eb0b4d7ad12d4680eb647e6be8ab56a0
                                          • Opcode Fuzzy Hash: d2d4f6cb7d0432e8ddd735d2b2e1a1da9a76c0d29dd21214fac211ac41564cf9
                                          • Instruction Fuzzy Hash: F871AE74A01385CFDB05EF78D88059EBBF2AF9530076444A9D841DB766EB30ED46CB91
                                          Function 06938858 Relevance: .2, Instructions: 198COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a05917e82fd612518292f9cfbd188e2b2255fcffd0d4bec9768772ed446d1f75
                                          • Instruction ID: a7631cad92678346cf8644fe31882d8765d463de5059d4faee1a58f954d0cd0c
                                          • Opcode Fuzzy Hash: a05917e82fd612518292f9cfbd188e2b2255fcffd0d4bec9768772ed446d1f75
                                          • Instruction Fuzzy Hash: 3671BF75B002049FDB54EF79DA54BAEB7F6AF88210F148429E406D7795DB38EC41CB90
                                          Function 06932880 Relevance: .2, Instructions: 196COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e75a59665c57c6c491fc292e3310374b85b80d951ae56a8463528e85af604333
                                          • Instruction ID: 1cbe7f7eb3d4db359930927ddaed13d56f9ac999b48315353a4240795f0e1088
                                          • Opcode Fuzzy Hash: e75a59665c57c6c491fc292e3310374b85b80d951ae56a8463528e85af604333
                                          • Instruction Fuzzy Hash: 2671A131A00214CFCB55DFA9C944A9DBBF2EF89320F1484AED406AB761DB35DD45CBA0
                                          Function 06938848 Relevance: .2, Instructions: 194COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cadd024de9b2d0a2d350798b13b689b53567721c751e0d4f8b5515e6d5d4a69e
                                          • Instruction ID: 85659696ba5e29b606256421df436e120d9343b0a4ce3ad7b9e84fffc58c7f3c
                                          • Opcode Fuzzy Hash: cadd024de9b2d0a2d350798b13b689b53567721c751e0d4f8b5515e6d5d4a69e
                                          • Instruction Fuzzy Hash: A561D175B002049FDB54DF75DA84AAEB7FABF88210F248429E406E7755EB34EC41CB90
                                          Function 00BDD9D8 Relevance: .2, Instructions: 185COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a9d797f6a80fb77e64496307327a806670fef5fe03ca58fc6c4940467e31df2b
                                          • Instruction ID: 8b59d597ceaed3aedccece897a7ff6af2048ab268e859b14f09c3820f2394d56
                                          • Opcode Fuzzy Hash: a9d797f6a80fb77e64496307327a806670fef5fe03ca58fc6c4940467e31df2b
                                          • Instruction Fuzzy Hash: 8A81E734A00209DFCB14DF68D894A9DBBF2FF88310B148569E856AB361DB34EC46CF90
                                          Function 06936248 Relevance: .2, Instructions: 185COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 01728102a68d385de373a6a6e595007da6e7513ff2f8ddbcfb77a85e4a7f081f
                                          • Instruction ID: 6b650ab07655ae8a5354919d161eeaa2d3ab987ecd4b0e32da19793bfd13ac94
                                          • Opcode Fuzzy Hash: 01728102a68d385de373a6a6e595007da6e7513ff2f8ddbcfb77a85e4a7f081f
                                          • Instruction Fuzzy Hash: 3751C030B002119FC745DB29D85896EBFF6EF89310B1985AAE145CB3B2DB30DD06CBA0
                                          Function 06931714 Relevance: .2, Instructions: 182COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 206723b0b8c1f4af08d72765d60162ad0407ad606dac7102cefba07218a99900
                                          • Instruction ID: f751536705c09e8990222877b20f0cf5cc997fd55741b62c83166d4d1daca35e
                                          • Opcode Fuzzy Hash: 206723b0b8c1f4af08d72765d60162ad0407ad606dac7102cefba07218a99900
                                          • Instruction Fuzzy Hash: 2A719BB0E002598FDF54CFA9C8807DEBBF6EF88314F248129E815A7660DB749841CB95
                                          Function 0609E172 Relevance: .2, Instructions: 181COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1ea0b637ce78d3bea926499acc1ee7a8902bc6f50c66912d9df6c15eaf41f888
                                          • Instruction ID: b3065472982f6a925871427e1dd495d235376db2984745bc9b1d3f565c1be290
                                          • Opcode Fuzzy Hash: 1ea0b637ce78d3bea926499acc1ee7a8902bc6f50c66912d9df6c15eaf41f888
                                          • Instruction Fuzzy Hash: 7A81D279A10209DFCB54CFA8D984A9EBBB2FF48310F108169E915A7361DB31EC51DF60
                                          Function 00BDB047 Relevance: .2, Instructions: 181COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b04ab605fdb51560e18780ce4ec3de8e1a223a293b7f3c02b78c6816b2826a20
                                          • Instruction ID: c681ffc2a5c43b9d2f4a2ca581a90b8c3b8e720198388d929bcb6e459166b24f
                                          • Opcode Fuzzy Hash: b04ab605fdb51560e18780ce4ec3de8e1a223a293b7f3c02b78c6816b2826a20
                                          • Instruction Fuzzy Hash: 2171ED74A0010ACFDB04DFA5C594AAEB7F2FF88304F1585A5D405AB365EB34DD42CB94
                                          Function 06931720 Relevance: .2, Instructions: 180COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bc87a025143bb846a81fcdb6ba84abae188044b37bfaa748e2be8020ac6b0b6a
                                          • Instruction ID: c270c3435d2c592644ced007dd8e5518760d6e6a86f28338715facde7946af8a
                                          • Opcode Fuzzy Hash: bc87a025143bb846a81fcdb6ba84abae188044b37bfaa748e2be8020ac6b0b6a
                                          • Instruction Fuzzy Hash: 86719BB0E002598FDF54CFA9C8807DEBBF6EF88314F248129E815A77A0DB749841CB95
                                          Function 0609FCC0 Relevance: .2, Instructions: 176COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a42c7cc7e788f8b8f87eadc0ed20427af21374e40be24175438a4676e9cea838
                                          • Instruction ID: 945949ddeb777b10fa1f7da6376d672824bef2c034369664de4f673270568ee3
                                          • Opcode Fuzzy Hash: a42c7cc7e788f8b8f87eadc0ed20427af21374e40be24175438a4676e9cea838
                                          • Instruction Fuzzy Hash: 97517F71B102158FCB44EBADC854A6EBBEBEFC9710714806AE50ADB395DE70DD0187E1
                                          Function 0609C46A Relevance: .2, Instructions: 172COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5e978d17234bbd0cacb17e3b83c3c9de0e4fe35440b0388e3e860e072e6f7461
                                          • Instruction ID: 99552121f6dbe1349d1a56ef2eed0c64b23ec52e3cc581dd82f2fa602367cb86
                                          • Opcode Fuzzy Hash: 5e978d17234bbd0cacb17e3b83c3c9de0e4fe35440b0388e3e860e072e6f7461
                                          • Instruction Fuzzy Hash: 0451CC34B107108FDB599B69C55492EBBE3EFC8300715C85AE40AC77A5EE74EC82DBA4
                                          Function 00BD9F30 Relevance: .2, Instructions: 172COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 646c4018f9630b2bb021611922364a0a2ef692193ce9bc6ef3b273b6c302ce42
                                          • Instruction ID: af277eaf95075b31d23257342e0e15903f189b15a3e79528626405741bcd53e1
                                          • Opcode Fuzzy Hash: 646c4018f9630b2bb021611922364a0a2ef692193ce9bc6ef3b273b6c302ce42
                                          • Instruction Fuzzy Hash: 0951A035A002059FD714DF69C494AAEFBF6EF89304F1980AAE405EB351EB70EC41CB91
                                          Function 060979C8 Relevance: .2, Instructions: 166COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 855c5b1f07cb68f04d623e37ea4031f41a6d233a88981ad20921f8595834b35a
                                          • Instruction ID: 91d932e7daa598e81cf0596e7c30491d7d91840728ce490710f8a370cf105889
                                          • Opcode Fuzzy Hash: 855c5b1f07cb68f04d623e37ea4031f41a6d233a88981ad20921f8595834b35a
                                          • Instruction Fuzzy Hash: 4851D071A113089FDB95EF69C85069E7FF2FF85300F24846AD8469F352EB309946CB90
                                          Function 00BDCD58 Relevance: .2, Instructions: 161COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 906844407009d6ca0d2cd564b6efd8b6b0036877ceb05efde120bd270b00adaa
                                          • Instruction ID: cb8ee81a70bf87a8405679b6d713aacae2c09439986e57444c62f9bcd6add866
                                          • Opcode Fuzzy Hash: 906844407009d6ca0d2cd564b6efd8b6b0036877ceb05efde120bd270b00adaa
                                          • Instruction Fuzzy Hash: 0241F2357052114FD319A739E82472ABBD7EFC5364F1888BAE90ACB791EE359C06C790
                                          Function 00BDD320 Relevance: .2, Instructions: 153COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8cbf6dce34c21b84833b0ddf4e22ccff955d2c6d57ee5102cbc471792412a56b
                                          • Instruction ID: 8ae7eee97eaa620dc8e248e72498018a8dc30f1cafa4a0946b5dffc7d6d5bdbd
                                          • Opcode Fuzzy Hash: 8cbf6dce34c21b84833b0ddf4e22ccff955d2c6d57ee5102cbc471792412a56b
                                          • Instruction Fuzzy Hash: 72510934A01219EFDF14DFA4E894AADBBB6FF88314F108169E812A7360DB34AD01CF51
                                          Function 06093EE0 Relevance: .2, Instructions: 151COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bbf2c474884748f66c0239e52da8cbe88a99739ea6a9cd8073fcaa47baff26c8
                                          • Instruction ID: 77b6df6fde3f7b9f58beaa79f27bb11fb6ae734a3826dc61216802a18ca9205f
                                          • Opcode Fuzzy Hash: bbf2c474884748f66c0239e52da8cbe88a99739ea6a9cd8073fcaa47baff26c8
                                          • Instruction Fuzzy Hash: 415124313457418FDB69CB39D854A2ABFF7BFC52047088569E08ACB362DA31EC02CB90
                                          Function 06092778 Relevance: .1, Instructions: 144COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3d8a344034b0127774922b6e74229022396a0138bd4dd461755ea31bb11f6180
                                          • Instruction ID: f2615826f2277372fa7668ed5ff3ec8f94874fc4e99f482bf22a1fc323b36d93
                                          • Opcode Fuzzy Hash: 3d8a344034b0127774922b6e74229022396a0138bd4dd461755ea31bb11f6180
                                          • Instruction Fuzzy Hash: B341BD35B112169FCB44CB69C4809AAFBF6FF89324B1582A9D429EB351D730ED52CBD0
                                          Function 06097A00 Relevance: .1, Instructions: 143COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f45ee750f115b297298bd8ad3617da8d61e2853bd2fb491ac50ada4f6c0848b5
                                          • Instruction ID: eae115567e15b334308e4f02cea91c9d80ec202ad723697493e96a96d3a516db
                                          • Opcode Fuzzy Hash: f45ee750f115b297298bd8ad3617da8d61e2853bd2fb491ac50ada4f6c0848b5
                                          • Instruction Fuzzy Hash: 39517A71A103089FDB95EFA9C85069EBBF3BF85304F248529D846AF351EB349946CF90
                                          Function 00BDDDA7 Relevance: .1, Instructions: 140COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fd30fc27137be74d5e550dec83847727883d5bd8f9cca460a167aa04f0f20706
                                          • Instruction ID: 05bbd7d6004561bc4a187d6317c3b3e5acc7ce8910551626760bd0c6fcf6db02
                                          • Opcode Fuzzy Hash: fd30fc27137be74d5e550dec83847727883d5bd8f9cca460a167aa04f0f20706
                                          • Instruction Fuzzy Hash: 8351C638A00209DFDB14DFA4E984AADBBB2FF88350F158555E856AB360DB31EC42CF50
                                          Function 06937DC0 Relevance: .1, Instructions: 136COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 95971f51bad936fc2e404417d777a087d306c8eae27afc7de697559e04fe154f
                                          • Instruction ID: 91c2de47cf096f978155a9f2200bc054737444bfb9799d11130e73ec8c32cb6f
                                          • Opcode Fuzzy Hash: 95971f51bad936fc2e404417d777a087d306c8eae27afc7de697559e04fe154f
                                          • Instruction Fuzzy Hash: B5411571B043549FEB55EB788C507EE7BE5AF8A300F18805AE444CF292DB388D05CBA5
                                          Function 00BD32A8 Relevance: .1, Instructions: 134COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2687daaa938b2149aaf815fd11552647f19552b9af8902921e2d12b487e42e23
                                          • Instruction ID: 3e508334580003288e2d5c7dba88145da7f4436fb06c636c1aa7d94ccdb0dd9c
                                          • Opcode Fuzzy Hash: 2687daaa938b2149aaf815fd11552647f19552b9af8902921e2d12b487e42e23
                                          • Instruction Fuzzy Hash: 78417C707002059FD718EF74D89576EBAE3EF89700F14886DE542AB3A1DE34AD0ACB95
                                          Function 06937DD0 Relevance: .1, Instructions: 134COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1a361ea629cce93333388925dde23828d9c7db59c706373ebdb634ba6550b97d
                                          • Instruction ID: 52c98a3b3ea6dd877029775dd1286d2009c8ccb0c22f645b59fffbf7aa04361d
                                          • Opcode Fuzzy Hash: 1a361ea629cce93333388925dde23828d9c7db59c706373ebdb634ba6550b97d
                                          • Instruction Fuzzy Hash: 0A41C0B4700211AFEB54EBA59C50B7E7BE6EB88700F148429E506DB291DB79DD41CBA0
                                          Function 00BDA180 Relevance: .1, Instructions: 133COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f41dcd4658beee3da481344187cb3260f775ba0e92602d308a5f4db1ebdee149
                                          • Instruction ID: e9be811cc838d025759ab5c02dfef54a82f106f8cc742a15304f73c198297135
                                          • Opcode Fuzzy Hash: f41dcd4658beee3da481344187cb3260f775ba0e92602d308a5f4db1ebdee149
                                          • Instruction Fuzzy Hash: F14124367002405FDB259A78A4547AE7BE3EBC5310F1488BBE906CB782EE348C47C791
                                          Function 06933A68 Relevance: .1, Instructions: 131COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1bc766382b6a4e53c80fbf34af4516ac8f07c8a888bafe528fb59b6421cfc61b
                                          • Instruction ID: e7b7eb9e9d683fd4df8bb4a3a1a9ca541d6d15f8409361fa75502b65e5e1f9cd
                                          • Opcode Fuzzy Hash: 1bc766382b6a4e53c80fbf34af4516ac8f07c8a888bafe528fb59b6421cfc61b
                                          • Instruction Fuzzy Hash: 254103313006106FCB84EB6DD840A6EBBDBEFC9610B14852AE90ACB755CF75DD05CBA0
                                          Function 06099390 Relevance: .1, Instructions: 127COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7c3258fece42625a92b6f303fec4bc6ec11b35b780ca032bb61e2fb1aa4d5a25
                                          • Instruction ID: 38ce015a4c42d4bf088c2f8a965b54f0467d68fd3d2dbb1c660253e20a6965b7
                                          • Opcode Fuzzy Hash: 7c3258fece42625a92b6f303fec4bc6ec11b35b780ca032bb61e2fb1aa4d5a25
                                          • Instruction Fuzzy Hash: 93418D75B401058FCF91DBA8D980AAEBBF6FF88220B14806AD919D7351DB31E941DBB1
                                          Function 060935C0 Relevance: .1, Instructions: 125COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 63f90ae12bdc1506630fc28b4172c24b3170025c08de4a2b6a4f2a0b3c3e2f12
                                          • Instruction ID: adda95e2a55a4987293f664a248f7757e2e3f533ca4912b06aafb937b53f2d0c
                                          • Opcode Fuzzy Hash: 63f90ae12bdc1506630fc28b4172c24b3170025c08de4a2b6a4f2a0b3c3e2f12
                                          • Instruction Fuzzy Hash: A2417F347407058FCB699F29D89896ABFF2FF88605B148969E8568B361DF30ED05CF90
                                          Function 06092120 Relevance: .1, Instructions: 122COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6d747f79208cba268d41644257827bca116898b6d52ed834e18608d90a2314ef
                                          • Instruction ID: 18796bca80a30e328a800d2f78f9f72715e8ecb73070e3742460c933073b5050
                                          • Opcode Fuzzy Hash: 6d747f79208cba268d41644257827bca116898b6d52ed834e18608d90a2314ef
                                          • Instruction Fuzzy Hash: 464159352143405FCB52AB78D8A065E7FE3EFC6710728856DE1868B311DF359E06D7A4
                                          Function 06935D02 Relevance: .1, Instructions: 122COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2f7158877b82d7be35051191e60be1d54750027855a1d5045481f2fa60062154
                                          • Instruction ID: f8dadd3cb852995bc6e69da070efa5c099989d51db8593825e0fb8462d1535a2
                                          • Opcode Fuzzy Hash: 2f7158877b82d7be35051191e60be1d54750027855a1d5045481f2fa60062154
                                          • Instruction Fuzzy Hash: 183136307042105FD795ABA8C859BEE3BEAEF89710F18046EE502AB781CF759D0687A1
                                          Function 0609D828 Relevance: .1, Instructions: 119COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 27ba82f9c581538621381c4c37013e6f80e051cd5b5599944b871bef12545d0b
                                          • Instruction ID: 6d829e89f91668d56c2ec9775f466cce89c64913849b061d7affc91df0ab4eea
                                          • Opcode Fuzzy Hash: 27ba82f9c581538621381c4c37013e6f80e051cd5b5599944b871bef12545d0b
                                          • Instruction Fuzzy Hash: BA419535750600DFDB559F28D858B66BFE2EF89310F04846AE5468B3E2CB75E841DB60
                                          Function 00BD97F1 Relevance: .1, Instructions: 118COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a63bca70b3b291b6cb2cad781e8c48c5423b977ccfcd3336d693c1e7d6b2cc57
                                          • Instruction ID: de3821a2ba960ccb5f752f1223368a886d1b0aeb9ed62beed8ed61fa4facbd02
                                          • Opcode Fuzzy Hash: a63bca70b3b291b6cb2cad781e8c48c5423b977ccfcd3336d693c1e7d6b2cc57
                                          • Instruction Fuzzy Hash: F841F235A042408FCB19DB78C89599DBFF2EF4A314F1541EAD441EB3A2DB649C06CBA0
                                          Function 06096A8F Relevance: .1, Instructions: 111COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4b2351cca22a293a05e3c458c4a76b641a5a607b6eb0e535273ba804fe45dbc4
                                          • Instruction ID: acb01b899cdc7b41d0dbd1c65320c172f65966ec4c60aedb279c11c5265b1e31
                                          • Opcode Fuzzy Hash: 4b2351cca22a293a05e3c458c4a76b641a5a607b6eb0e535273ba804fe45dbc4
                                          • Instruction Fuzzy Hash: 4D41D332A502058FDBA5DB94C845BEFBBF7EF80301F149929D1435B190DB74A989CBA1
                                          Function 06936238 Relevance: .1, Instructions: 110COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 10a2e8955651c7eda3f310122358fd40b632cfab2d27986ef8eb0672c02fc70e
                                          • Instruction ID: 8647d216b5bc1a329258a24d3bee7916fabef2445e7c255d478129f3df21e8ba
                                          • Opcode Fuzzy Hash: 10a2e8955651c7eda3f310122358fd40b632cfab2d27986ef8eb0672c02fc70e
                                          • Instruction Fuzzy Hash: 704147347101119FCB44DF68D888AADBBF6AF89310B2985A9E146CB376DB70DD05CB90
                                          Function 00BD3CD0 Relevance: .1, Instructions: 109COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ce79cee6524bab6aa8457ea23e8fa8dbf821716e147d3d00f8bc856f8db10e74
                                          • Instruction ID: 5fab151c9f679a0736f9d8b50ae0d1ca86d6c61b16c3d554004389c8ced3e10d
                                          • Opcode Fuzzy Hash: ce79cee6524bab6aa8457ea23e8fa8dbf821716e147d3d00f8bc856f8db10e74
                                          • Instruction Fuzzy Hash: 7331BF347002049FD708AB79C85976EBBE7EFC8700F1444BAE406E7392DE388D068B92
                                          Function 0693E2E8 Relevance: .1, Instructions: 109COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 545f258f1f3504c2b9ebd0802314eb25cd5ed21988977d8407841d50cd7e9156
                                          • Instruction ID: 873cc79dea628302326a86009057f46683e2dcf9f7ce5f66ab21db277526a2a5
                                          • Opcode Fuzzy Hash: 545f258f1f3504c2b9ebd0802314eb25cd5ed21988977d8407841d50cd7e9156
                                          • Instruction Fuzzy Hash: D741C474A012049FEB41DF28D8447AEBBF2FB84304F14859AD5068F765DB719906CFD1
                                          Function 06092BC8 Relevance: .1, Instructions: 108COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6dfcb4a8c7d81df9c0c80644689b78b3c4902571bbae8776ccfafb8f6cfc1300
                                          • Instruction ID: ba0e7f7b4f514a01f1d1fe4785a0c1ccc58d14028c85b866a254294d888624da
                                          • Opcode Fuzzy Hash: 6dfcb4a8c7d81df9c0c80644689b78b3c4902571bbae8776ccfafb8f6cfc1300
                                          • Instruction Fuzzy Hash: 1831C671B501049FCFA0DFA8E840AAABFEAFF84210B148467D51DC7315EB31D901DBA1
                                          Function 060928F0 Relevance: .1, Instructions: 108COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 735c0d95c02b7d77c846ddb330f8bb38ed65893266a720ebe37c390a9f4803b0
                                          • Instruction ID: e8cd9efa57cc5feca854789f1d0bcc838ea974917dc7706802d96ad594e0b495
                                          • Opcode Fuzzy Hash: 735c0d95c02b7d77c846ddb330f8bb38ed65893266a720ebe37c390a9f4803b0
                                          • Instruction Fuzzy Hash: BB412C30B502099FDB44DFA9C490B9EBBF6EF88710F188069E805AB361DB71ED45DB90
                                          Function 00BD96F8 Relevance: .1, Instructions: 108COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a2e5eda3ab54b3561749d18829f2e574fa3f004f80bc59d14074344e369419de
                                          • Instruction ID: 482451e7881b0e83d807f0fdcf6911d70e97a600387c30bd081731416c851c68
                                          • Opcode Fuzzy Hash: a2e5eda3ab54b3561749d18829f2e574fa3f004f80bc59d14074344e369419de
                                          • Instruction Fuzzy Hash: C73134323046118FC7169F78E89555A7BE6EF8931071486BAD409CB752EB24DC078BC0
                                          Function 0609AB42 Relevance: .1, Instructions: 107COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9e1891118a807e2c728b0ba4540d0810fb3490e1157f2ddea7a8d04f88a1f1d6
                                          • Instruction ID: 641c97b3a665afafd0b84e56729f357a40ed3f364eaed061dfb5cb12d183f508
                                          • Opcode Fuzzy Hash: 9e1891118a807e2c728b0ba4540d0810fb3490e1157f2ddea7a8d04f88a1f1d6
                                          • Instruction Fuzzy Hash: BA419F747506088FDB55DF68D45562EBFF3EB88704F00885AE406CB381DB38E941DBA1
                                          Function 06096AA0 Relevance: .1, Instructions: 104COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8140de81228109c153ac7a23159f1b0118b9e41df83dbeb6a46e124250a8e3d7
                                          • Instruction ID: 9597c5a5505f70c1f5746ca22e1f0141f358d96999e55ead1e3a3456a265761a
                                          • Opcode Fuzzy Hash: 8140de81228109c153ac7a23159f1b0118b9e41df83dbeb6a46e124250a8e3d7
                                          • Instruction Fuzzy Hash: FA41B232A502058FDB65DB94C844BEFBBF7EF80301F149929D1435B290DB74AD89CBA1
                                          Function 0609A9C0 Relevance: .1, Instructions: 104COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c673e146e6611bec737ecfad8038f6904314c1e96a9b34252a344bea80fe3ebd
                                          • Instruction ID: a07506ceae4f7efe6359e5907ceed3f25c2e88b80cfc190551fcea7edad14d66
                                          • Opcode Fuzzy Hash: c673e146e6611bec737ecfad8038f6904314c1e96a9b34252a344bea80fe3ebd
                                          • Instruction Fuzzy Hash: A33132357A0024CFCB88DB28D6948AC7BF6FF49A14721819AE546CB272DB31ED54DB90
                                          Function 0693EF90 Relevance: .1, Instructions: 101COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dbd2b4c75047b98c639b7435df1d88b4df1471115e4f2f10e0c1ed4e39e34af6
                                          • Instruction ID: 69a4626b4689ba0c22dce1624b03d632ec565ee66f34452003a806f4c873bc15
                                          • Opcode Fuzzy Hash: dbd2b4c75047b98c639b7435df1d88b4df1471115e4f2f10e0c1ed4e39e34af6
                                          • Instruction Fuzzy Hash: 2E419F70B01304AFEB41EF28E8447AEBBB2FB85300F10856AD5069F355DB769D468BD1
                                          Function 06091DF7 Relevance: .1, Instructions: 100COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e71888b1a63660da2a967ac1c7d52f647bc1fe06a9b6af2c034f605106b3d079
                                          • Instruction ID: 4d3d0498e4eff75cafba741269726d7339755028dc7ae5b0829bf967c78fdff4
                                          • Opcode Fuzzy Hash: e71888b1a63660da2a967ac1c7d52f647bc1fe06a9b6af2c034f605106b3d079
                                          • Instruction Fuzzy Hash: A821E22356E3E00EF786A67C9C713CA2F51CFA3265F0941E7C4D8CA592F504485AE2BA
                                          Function 0609ECF6 Relevance: .1, Instructions: 99COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 78559eb8ad21e514e63c8eb29685d677a6a08a8887d5fb726af156434f805ead
                                          • Instruction ID: 7e6523d8ecc4e04ec6347bfe12b016f20c4f657d4fef45c527e7d2e41909a715
                                          • Opcode Fuzzy Hash: 78559eb8ad21e514e63c8eb29685d677a6a08a8887d5fb726af156434f805ead
                                          • Instruction Fuzzy Hash: DF310F323029158FCB51DF48D8809A9FFE2FF80320309826AD569CB660C731FC19DBA0
                                          Function 06097478 Relevance: .1, Instructions: 96COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 08e74e8d9eddd8f9e66ac92b218c9328f0e7fc66b8b4c5879f46523d60e42507
                                          • Instruction ID: ff48b2c0926af2affd537669ef7d4be3a16b75f1802b8a986f60a88ccac2d49f
                                          • Opcode Fuzzy Hash: 08e74e8d9eddd8f9e66ac92b218c9328f0e7fc66b8b4c5879f46523d60e42507
                                          • Instruction Fuzzy Hash: 18315E31E106199FCF55DFA9C45499EBFF2AF89300B14846AE405EB361EB70E906CB61
                                          Function 06936220 Relevance: .1, Instructions: 96COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 52b9bde73e9d25674d459de231ccdbb85d22a43e514a0bd7451f2d415c2f0190
                                          • Instruction ID: fba35929200dd48f50760775181e21a4bcd73a7a3bb955e7c7bcbb27d37ec672
                                          • Opcode Fuzzy Hash: 52b9bde73e9d25674d459de231ccdbb85d22a43e514a0bd7451f2d415c2f0190
                                          • Instruction Fuzzy Hash: C8313634B001169FCB51DB68C889AADBBB5FF88304B2581A9E146CF7B2DB70DD45CB91
                                          Function 00BD4381 Relevance: .1, Instructions: 93COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0202a8cd9a0942a26aa313b7cfc2518e618adf1dc0ebcaa2680afe0df5869803
                                          • Instruction ID: 07755772b441b6ca63fd932b85c7a4bf3858aa2dc53be0a8a62dfe0fd8961e67
                                          • Opcode Fuzzy Hash: 0202a8cd9a0942a26aa313b7cfc2518e618adf1dc0ebcaa2680afe0df5869803
                                          • Instruction Fuzzy Hash: 6531B0752006019FD705AB2AE854A9EBBE3EFD4300B14C929D0868B775DF35BD4ACBC4
                                          Function 00BD77D8 Relevance: .1, Instructions: 93COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5c9a9dc1166aa17a4b59d0c53d4f054b7fa5c13410d64d15f3e106fa034925b6
                                          • Instruction ID: 183c5e52affa5a2d22b6e46c1433e907615666ff5c8e096dcd92933bfed687ea
                                          • Opcode Fuzzy Hash: 5c9a9dc1166aa17a4b59d0c53d4f054b7fa5c13410d64d15f3e106fa034925b6
                                          • Instruction Fuzzy Hash: 7031AA32D00746DADB10ABB9DC402D9B770FF99320F26C71AE549BB241EB34B594CB80
                                          Function 06938728 Relevance: .1, Instructions: 92COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 634ff9813f9a20e29b10c00a55b655a2b30e8a9a23fd782e966c9de1babdd57b
                                          • Instruction ID: 83060a8b37cc3189ce5611ee5bfb73ec957326cd815475c07b4a22262ecaa51d
                                          • Opcode Fuzzy Hash: 634ff9813f9a20e29b10c00a55b655a2b30e8a9a23fd782e966c9de1babdd57b
                                          • Instruction Fuzzy Hash: DE31C178B013519FDB18FB78954052EBBF6ABC5300B6048AAD85287755EF30EC06CB91
                                          Function 06938387 Relevance: .1, Instructions: 91COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2c3903c61815279e1e51c508481231e197e88530be9e47eb16657ed577bc4522
                                          • Instruction ID: 6ce27ea05ac6de159fd737aee1db34e2fbe6960c8c0672abdb90f4d5cc196d17
                                          • Opcode Fuzzy Hash: 2c3903c61815279e1e51c508481231e197e88530be9e47eb16657ed577bc4522
                                          • Instruction Fuzzy Hash: EE31C471A001159FDB00EB68D9809AEBBBAFF89310B24C559E4489B745DB31ED46CBE1
                                          Function 06934180 Relevance: .1, Instructions: 91COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dd5328454a0941e26cec55bdbf3e3978fbb0ec5d1c32a7001952453912ea272c
                                          • Instruction ID: 6cbf07a24ed536bec2cd2244b6e91429802b5c87dd785245588c16c026982231
                                          • Opcode Fuzzy Hash: dd5328454a0941e26cec55bdbf3e3978fbb0ec5d1c32a7001952453912ea272c
                                          • Instruction Fuzzy Hash: 7631B1313146108FC7059B78D818A597BEAEF86B15B1980EAE10ACF762CF71DC05C791
                                          Function 06932872 Relevance: .1, Instructions: 91COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8d0eadde9b6d8da23d5caf1ff151357599822c55f34617e89392172279bc5d89
                                          • Instruction ID: 71e02075122ab4eb7d68a101d6dc62c0cd05246b1c594542a38131c03f45a502
                                          • Opcode Fuzzy Hash: 8d0eadde9b6d8da23d5caf1ff151357599822c55f34617e89392172279bc5d89
                                          • Instruction Fuzzy Hash: F031A171E002248FDB00CF68C904ADDBBF6EF88320F1885A9D446AB365DB71ED45CBA0
                                          Function 06094B90 Relevance: .1, Instructions: 90COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fe5a553d6859b5c4d791fbcb8c3fa489c5c9ffec2b5580df7c372a27fe54c1d1
                                          • Instruction ID: 60fb7f2285fedb6846cb57e1bddae4cb1cd5a3db7d1ac70ec0fb83b8eb130d5b
                                          • Opcode Fuzzy Hash: fe5a553d6859b5c4d791fbcb8c3fa489c5c9ffec2b5580df7c372a27fe54c1d1
                                          • Instruction Fuzzy Hash: B84147B0C81248DFDF98DFA5D548BDDBFF6AB48304F108819D505AA290D7BA9889CB61
                                          Function 00BD9891 Relevance: .1, Instructions: 90COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e9097dc1b545a501ceca500af6957df92f5a1d64a0c1a8c76b0b70146015aab9
                                          • Instruction ID: 07bde99bb21228295e1c524a8725b69bc6aac9bbf796f05ef5821bfa4c3564a1
                                          • Opcode Fuzzy Hash: e9097dc1b545a501ceca500af6957df92f5a1d64a0c1a8c76b0b70146015aab9
                                          • Instruction Fuzzy Hash: 7131E435A002148FCB14DB65C4589DEBFF5EF8A750F1540AAD805B7351EA799C02CBA0
                                          Function 060935B0 Relevance: .1, Instructions: 88COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9397ef9952b3bbb42b825e7643964f304d441cec99e31e4443cbf1649c55d952
                                          • Instruction ID: fdb162baaa7bf33a111f8131bd89c9e013e8e95434b63a4272952dfeeda8e01c
                                          • Opcode Fuzzy Hash: 9397ef9952b3bbb42b825e7643964f304d441cec99e31e4443cbf1649c55d952
                                          • Instruction Fuzzy Hash: A1318C347407408FCB599F68D99886ABFF6FF89601714C46AE9868B361EB70EC01CF61
                                          Function 06938B20 Relevance: .1, Instructions: 88COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e8a40d5554d6e49dbcb337d40c14ea891786a3b97601d0cee3105f9eaf491323
                                          • Instruction ID: 9439b88deee279325590b8f2d112e6bd27ac8a99436e36d42918d738e4ec3a48
                                          • Opcode Fuzzy Hash: e8a40d5554d6e49dbcb337d40c14ea891786a3b97601d0cee3105f9eaf491323
                                          • Instruction Fuzzy Hash: BA21B372B062929FEF086B74655406E7FEB9FCA211368446ED845CB702EE35DC46C782
                                          Function 06098671 Relevance: .1, Instructions: 87COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 295217f50ce7b10eec3103517631acef014e9e7e75d29cbf129c682760edabb4
                                          • Instruction ID: 056215fe8d311ae4f014359a00da2113cd4b2c60ef86f61551e82976c553fc38
                                          • Opcode Fuzzy Hash: 295217f50ce7b10eec3103517631acef014e9e7e75d29cbf129c682760edabb4
                                          • Instruction Fuzzy Hash: 19318F713042559FCB55DB2DD89887EBFFAEF9920130885AAF046CB372DA309D06DB61
                                          Function 00B7E78C Relevance: .1, Instructions: 87COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301085566.0000000000B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B7D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_b7d000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 264903ca9247b5777c9eafe850394ff76d764f6af55636820490c09ba1d4a878
                                          • Instruction ID: eee381e49083d81782e14f3488d30e508fae9c359a8abc4527935aff352ef34c
                                          • Opcode Fuzzy Hash: 264903ca9247b5777c9eafe850394ff76d764f6af55636820490c09ba1d4a878
                                          • Instruction Fuzzy Hash: 13316B72504200EFDF569F54D9C0A167FA6FF8C314F24C5E9EE190A26AC336D861DBA2
                                          Function 00BD77E8 Relevance: .1, Instructions: 85COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 542f3490397f7dc2ce068e4c0b30d0b22720cbe5ecd767327de9e23bdb3ae738
                                          • Instruction ID: d847cfbce2400c60bb4bf53f0ddbaf7d3fe5a041f8dec467d02e9234a6e4fa1b
                                          • Opcode Fuzzy Hash: 542f3490397f7dc2ce068e4c0b30d0b22720cbe5ecd767327de9e23bdb3ae738
                                          • Instruction Fuzzy Hash: CF316932D00746DADB10ABB9DC40299B771FF99320F26C716E549BB640EB74B9D0CB80
                                          Function 06097468 Relevance: .1, Instructions: 84COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c18f67304e253197fed8c31c9f8fa93af6a1d6dc32fa0c3f3708cf6ab4e5ca9c
                                          • Instruction ID: 45516a321ddb6dbf1077b14e5c021a8cc03d61f46b1d52dfd34574ab9e8e0493
                                          • Opcode Fuzzy Hash: c18f67304e253197fed8c31c9f8fa93af6a1d6dc32fa0c3f3708cf6ab4e5ca9c
                                          • Instruction Fuzzy Hash: 3A316B31E1060A9FCF95CFA5C88099EBFF2BF89314F144029E405AB360EB70A946CF90
                                          Function 06931FB8 Relevance: .1, Instructions: 84COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 770d452a55b18efb27516089322c5ef1dbead368a1c6b91466df70e0ee692458
                                          • Instruction ID: 30899315541bb1d9c0ad30f8bdbf19b2ead4299cfed5a9a8d73b3b5fa4a0cf44
                                          • Opcode Fuzzy Hash: 770d452a55b18efb27516089322c5ef1dbead368a1c6b91466df70e0ee692458
                                          • Instruction Fuzzy Hash: A131F630900209DFD714DFA9C955AAEBBF6EF89314F68859ED001AB351DB315A45CBE0
                                          Function 06093ED1 Relevance: .1, Instructions: 83COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 73c3a29ca0bf2c32293d6a8cdd4bd8d2c5af759fa603f609ed71c285a4802e03
                                          • Instruction ID: a01d1468e44c58ac87510cda8fb8d6c7dc21764c3b735250300e04c74f40819d
                                          • Opcode Fuzzy Hash: 73c3a29ca0bf2c32293d6a8cdd4bd8d2c5af759fa603f609ed71c285a4802e03
                                          • Instruction Fuzzy Hash: AB31AF353456818FC765DB38D894926BFF2BF8930470886A9E48A8B762DB30EC05DF90
                                          Function 00B7F154 Relevance: .1, Instructions: 83COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301085566.0000000000B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B7D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_b7d000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f49806d8dce8a6db0530509ce3d655fd6aea0ffc4f1cb8f0e846f1fab4dc6533
                                          • Instruction ID: 260dd95af21451050bed5b4054b465b297c1f8d831e04bdd9b05898dd7141dea
                                          • Opcode Fuzzy Hash: f49806d8dce8a6db0530509ce3d655fd6aea0ffc4f1cb8f0e846f1fab4dc6533
                                          • Instruction Fuzzy Hash: A531C376504201EFDF059F54D9C0B267FA6FB88320F24C1A9FD095A25AC336D851DBA5
                                          Function 06098680 Relevance: .1, Instructions: 82COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2d2429a0bc58951d45b5db868020ad309de35293824d489936810d3c8469c4d3
                                          • Instruction ID: e087424824fdbb06d22a2484e4334397f64a76cbac93633c1d544c826ec1f015
                                          • Opcode Fuzzy Hash: 2d2429a0bc58951d45b5db868020ad309de35293824d489936810d3c8469c4d3
                                          • Instruction Fuzzy Hash: 9021BF313042558FC754DB2DD88896EBFFAEF99205708446AF086C7372DA70EC06CB60
                                          Function 00BDBA3F Relevance: .1, Instructions: 82COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a84bc96a78436f5ec572d77d801cf01529e9039457397c36e9e127f9f1834342
                                          • Instruction ID: 2c6b3406a0273d7f49b9496354b4ab32d079abfa80e915502515685a4e4cea1d
                                          • Opcode Fuzzy Hash: a84bc96a78436f5ec572d77d801cf01529e9039457397c36e9e127f9f1834342
                                          • Instruction Fuzzy Hash: 9A217C30700201CBDB14DA798991A7EF7E6EF89340B1584BEE845DB355EB31DC06C791
                                          Function 00BDDE45 Relevance: .1, Instructions: 82COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9aeba818778b815a12e99474b1d7633e98d7a329b1566ff8a716d422227c9826
                                          • Instruction ID: 79d7956fa3336882a971000ec5555610c7bf4ad019cba7f8495f236421497f8e
                                          • Opcode Fuzzy Hash: 9aeba818778b815a12e99474b1d7633e98d7a329b1566ff8a716d422227c9826
                                          • Instruction Fuzzy Hash: 0D21D635701205DFDB11EB69EC90A9DBBB3EF95310B14816BE5859B361EB31AC06CB50
                                          Function 00BDB8C8 Relevance: .1, Instructions: 81COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 236b1506af5fe76061fe795134893c8ec50f5b7cd5642efd5d003dd59c981d78
                                          • Instruction ID: 1180a841549427b392bf14b1e35198cbc0b42a9d08569ac0ceac33d6e77e2ba9
                                          • Opcode Fuzzy Hash: 236b1506af5fe76061fe795134893c8ec50f5b7cd5642efd5d003dd59c981d78
                                          • Instruction Fuzzy Hash: FA314974300205DFDB04DF28D898A6AB7F5FF84314F1485A9E50A8B365EB79ED46CB90
                                          Function 00BD3CC0 Relevance: .1, Instructions: 81COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 077a55253941a8c91cb2fb9569b094d1665e3a3b214909919c3598463182e3a7
                                          • Instruction ID: 2230518eb8645924314659861247c7add5a0c27f1b2ac048f486990aea37f128
                                          • Opcode Fuzzy Hash: 077a55253941a8c91cb2fb9569b094d1665e3a3b214909919c3598463182e3a7
                                          • Instruction Fuzzy Hash: C0218E357002049BDB08AB75C8987AEBBF7EBCC710F248479E406E7395EE759D068B91
                                          Function 06938398 Relevance: .1, Instructions: 81COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 30c5f3bfceb2a86b6562d3e248050ce1520d23ca216898415eb81ceb002012a9
                                          • Instruction ID: 6cd6d641ce368bac3db0f3d243bf9a372d45f104a5208c2964176fab3c01b194
                                          • Opcode Fuzzy Hash: 30c5f3bfceb2a86b6562d3e248050ce1520d23ca216898415eb81ceb002012a9
                                          • Instruction Fuzzy Hash: 5431C171A001099FCB04EB68D88196EBBBAFB88300B24C569E4489B745DB31FD46CBD0
                                          Function 06938B10 Relevance: .1, Instructions: 81COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d1c99f6cef24e9e147b0f5eb312592ef564dc6890af3e0e0391388e1d035d8a1
                                          • Instruction ID: 8f015ccff93e6d1984e96aca836ec060e8f4fef09cd3fae4b62d8eba1e33011f
                                          • Opcode Fuzzy Hash: d1c99f6cef24e9e147b0f5eb312592ef564dc6890af3e0e0391388e1d035d8a1
                                          • Instruction Fuzzy Hash: D721C271B062929FEF096B74545442E7FFB8FCA21036844AED885CB346EE35DC46C782
                                          Function 00B7F058 Relevance: .1, Instructions: 80COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301085566.0000000000B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B7D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_b7d000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a21b741a2acf506a610a71ddf68ca9555b205a50b58a1ade977db26011d9f168
                                          • Instruction ID: 220f36000e53c496293682783d8f4b4ea85f72c946209fec62eb42635b63154c
                                          • Opcode Fuzzy Hash: a21b741a2acf506a610a71ddf68ca9555b205a50b58a1ade977db26011d9f168
                                          • Instruction Fuzzy Hash: 00210272504201EFCF068F54D8C0B26BFA6FB88314F24C2E9ED1D1A256C336D816DBA1
                                          Function 00BD4938 Relevance: .1, Instructions: 80COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6edeaa844fed3f234a1d2e0c0cee07e5238e56798623a045ec1f7c301021b024
                                          • Instruction ID: f8e8365f0416d3384292cfeb13fa41dea5afd87784eb3fb09447527434ee980c
                                          • Opcode Fuzzy Hash: 6edeaa844fed3f234a1d2e0c0cee07e5238e56798623a045ec1f7c301021b024
                                          • Instruction Fuzzy Hash: E5317131E0060A8BDB15AFB9D4142AEF3B6EF85304F10862AD456A7741EB78BD45CBD1
                                          Function 0609679F Relevance: .1, Instructions: 79COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f6358890ecba68f76a6a72ca5ff5afc83c49d032770951a4b2663183e3b838f0
                                          • Instruction ID: f8444e15234911bce7604507e7b6fd953b0abc822951235164f1614851691d35
                                          • Opcode Fuzzy Hash: f6358890ecba68f76a6a72ca5ff5afc83c49d032770951a4b2663183e3b838f0
                                          • Instruction Fuzzy Hash: 30219E30F002058FCB59DBA9C49096EBFE6AF89310B01446AD8499B361DA359C01CBA1
                                          Function 00BD1272 Relevance: .1, Instructions: 79COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 19aa02db833f4bc580c7e3f913b1f2752ae86721f0b1d5aa244ace5f27d13fd8
                                          • Instruction ID: b8de4f9be578e192e0fcc7de032592265006a9dfc1d5fb91f260b5b5da681b24
                                          • Opcode Fuzzy Hash: 19aa02db833f4bc580c7e3f913b1f2752ae86721f0b1d5aa244ace5f27d13fd8
                                          • Instruction Fuzzy Hash: 22314B75A00205DFCB44EBB8E85855DBBB2FF89305B1089A9D0069B365EF35DC44CB51
                                          Function 00BD4937 Relevance: .1, Instructions: 77COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b623be3a77f2425d842ede1f210e5a9926561eae9ce6cc782c96c472a0a6ec05
                                          • Instruction ID: 7bcadd78e400164f2a1dd19b38a68e5d1ad58c5e45e9d7d5f117a51b4e1e4468
                                          • Opcode Fuzzy Hash: b623be3a77f2425d842ede1f210e5a9926561eae9ce6cc782c96c472a0a6ec05
                                          • Instruction Fuzzy Hash: 5F319331E006068BDB15AFB9D4102AEF3B5FF85304F10862AD456B7741EB78AD85CBD1
                                          Function 00BD91F8 Relevance: .1, Instructions: 77COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8c06e90473027717e0da0c48d9fd290e898d2fad26cbcbfd46eebf72d8b228d1
                                          • Instruction ID: 55116c1ee205c1101532cbfa0d31f607aaf47b1735049b650e528e91abefff4c
                                          • Opcode Fuzzy Hash: 8c06e90473027717e0da0c48d9fd290e898d2fad26cbcbfd46eebf72d8b228d1
                                          • Instruction Fuzzy Hash: 56315C31A001099FDB05DFA9C980AEDFBF2FB88314F1485AAD404BB355EB75AD05CBA0
                                          Function 00BDB8C7 Relevance: .1, Instructions: 77COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8677d8b9807ecba44c0003d2bd90d2561e769076e3954eedba4e53ed0980dc9c
                                          • Instruction ID: 97b4c0c4ba7758c1e44a2583145a2a001627334aa4e1ad25b08e122578c44c86
                                          • Opcode Fuzzy Hash: 8677d8b9807ecba44c0003d2bd90d2561e769076e3954eedba4e53ed0980dc9c
                                          • Instruction Fuzzy Hash: 9B216B74300205DFDB04DF28D898B6ABBF1FF84314B1485A9E5098B365EB78ED46CB90
                                          Function 00BDBA50 Relevance: .1, Instructions: 77COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d61e6cb751d88a136fe52ac9cba661fbb7c5c2e154671546f5b35e6a0a259f0a
                                          • Instruction ID: ca76db5cfa52c9e934720aacc9286e21b7b264a5bb44f1b1f1ddb94a7188f9db
                                          • Opcode Fuzzy Hash: d61e6cb751d88a136fe52ac9cba661fbb7c5c2e154671546f5b35e6a0a259f0a
                                          • Instruction Fuzzy Hash: 9B214930B00206CBDB14DABA8890A7EB7E6EF89750B15846AE806DB344EF31DD02C791
                                          Function 00B6D7EC Relevance: .1, Instructions: 77COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2300923352.0000000000B6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B6D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_b6d000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b5cd6c6775c81eaba594a5deb1f13fef4e6742b6dfc4a5c280a7019970a9d7ef
                                          • Instruction ID: 3924b95ee0d12da1bf81dd63910d8c2cf73d4b1db6d96acc7ba99bfc6f409849
                                          • Opcode Fuzzy Hash: b5cd6c6775c81eaba594a5deb1f13fef4e6742b6dfc4a5c280a7019970a9d7ef
                                          • Instruction Fuzzy Hash: 93210872A04240DFDF059F14D9C4B16BFE5FB88314F2486A9E9494B256C33AD815CBA1
                                          Function 060982A0 Relevance: .1, Instructions: 76COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4c494f053c1aac934e472cf715986cfaf3c9657cb358e813cf4a56a2fe27b9c9
                                          • Instruction ID: b9cbd4b465f056eb63a80b43f5a5a1afc15883ef77a78eeb8fd9d1d371d66885
                                          • Opcode Fuzzy Hash: 4c494f053c1aac934e472cf715986cfaf3c9657cb358e813cf4a56a2fe27b9c9
                                          • Instruction Fuzzy Hash: EF213B757002149FCB94DB69C884A2EBBF7FB85711B15C869E05A8B361CB30EC42DBA0
                                          Function 06932698 Relevance: .1, Instructions: 76COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 354976deaead46a03f7c6f6fc7a90cdbae630a072f78f8f2d8b6ba2122225137
                                          • Instruction ID: df059b7e7e20195084570d2599ef08238e44e0a6eab4942bcdf6e188e8eed658
                                          • Opcode Fuzzy Hash: 354976deaead46a03f7c6f6fc7a90cdbae630a072f78f8f2d8b6ba2122225137
                                          • Instruction Fuzzy Hash: E4318231900215DFCB55DFA9C88099ABBB2FF49300B20446EE5199B761D732E951CBA0
                                          Function 00BDE880 Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 02180cf53b20c04d4d17006f0ae17ebcab74106d2d64a580fcc0d0f28df21f39
                                          • Instruction ID: 2e0adf4554216f3a5583c6937f0796a0f28ef631113bebea2c0e92deff199a37
                                          • Opcode Fuzzy Hash: 02180cf53b20c04d4d17006f0ae17ebcab74106d2d64a580fcc0d0f28df21f39
                                          • Instruction Fuzzy Hash: 06217134A01206DFDB10DF64C854AAABBB1FF84350F1480AAE9158F361D735DD41DB51
                                          Function 060967B0 Relevance: .1, Instructions: 74COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 05077e54b5f4a1ab09bf6b8b0de47947a941c651d64c30dfbcb6f39144acc0e7
                                          • Instruction ID: a257ca4c3e4ad203263797708829f9f70e79303513eb115c696b290a498e208f
                                          • Opcode Fuzzy Hash: 05077e54b5f4a1ab09bf6b8b0de47947a941c651d64c30dfbcb6f39144acc0e7
                                          • Instruction Fuzzy Hash: 94214C34F501058FCB48DBA9C49096EBBE6BF89310B10406AD90ADB365DF75DC018BA0
                                          Function 00BD7B8F Relevance: .1, Instructions: 74COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b3e7f5e93c48a1ac3e23ae367f9fc1b32c091b880ddbeee06d9907d9837e6ff1
                                          • Instruction ID: 514f0c0fc493733adfaca537b88020e79b55820b5d4bb4ffecca3447cb3f1672
                                          • Opcode Fuzzy Hash: b3e7f5e93c48a1ac3e23ae367f9fc1b32c091b880ddbeee06d9907d9837e6ff1
                                          • Instruction Fuzzy Hash: D1218E387682509FD71A6B30A0683BE7BE6DB45746F1840AEE483CA781FE2D8D41C7D1
                                          Function 060928E0 Relevance: .1, Instructions: 73COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 71375452439e44ab4df55a90b4fd8e015997ff585eb1565d62d294566800862b
                                          • Instruction ID: a2744044211c1bcbc7460121fff8578c4f4e28f961e3c3e8a3fc11758fc43403
                                          • Opcode Fuzzy Hash: 71375452439e44ab4df55a90b4fd8e015997ff585eb1565d62d294566800862b
                                          • Instruction Fuzzy Hash: 9E214C74B102049FCB55CFA8D490A9DBBF2AF8D720F189459E845FB351DB31ED419B90
                                          Function 00BDB377 Relevance: .1, Instructions: 73COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c7073276262793ee7a6885e155132ff5bb7c7f9a7841d47ff8d8075bdae2047c
                                          • Instruction ID: 7cf9afcb45a2ade87a01800d6d470e7c74a8a6ba1327ac17f0bee1b74cc89310
                                          • Opcode Fuzzy Hash: c7073276262793ee7a6885e155132ff5bb7c7f9a7841d47ff8d8075bdae2047c
                                          • Instruction Fuzzy Hash: 411106393002109BCB196B78681962E7BD7EBC5756B0488BDE906CB781EE38CD078BD1
                                          Function 06936020 Relevance: .1, Instructions: 73COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 07ae61b8ce0e18cee48cba4370a7b5d86e774481d8361c9b7829ee5ed6f1054a
                                          • Instruction ID: df1812f94340f6ccc4c434e25f802ade2987afb102ec816ecf8fec266000e7d7
                                          • Opcode Fuzzy Hash: 07ae61b8ce0e18cee48cba4370a7b5d86e774481d8361c9b7829ee5ed6f1054a
                                          • Instruction Fuzzy Hash: 0421D431B101049FCB54DB6AD859AAEB7FAEFC8350F248029E506D7764CF719D05CB90
                                          Function 06937F98 Relevance: .1, Instructions: 73COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5be783059a9aeea11ebfe2876ff2853f420210a19f5dae867a4e7cac384afd5f
                                          • Instruction ID: 29f4827f1260d2b3c3a7fd221b6ec9caf29eafdf5b2bfbc8044828449ab07cca
                                          • Opcode Fuzzy Hash: 5be783059a9aeea11ebfe2876ff2853f420210a19f5dae867a4e7cac384afd5f
                                          • Instruction Fuzzy Hash: ED21D531200B869FD751DF2DED8098ABBF5FF543147009A2AE09A8BA21D770F9198FD4
                                          Function 00B7D5E0 Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301085566.0000000000B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B7D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_b7d000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a2c510092de289245b2e5c3fc8f73f0a75c76af52d571846f9ab7600e9f07647
                                          • Instruction ID: 1800379937a45fe494c551607db362e398935bd1b1f1ed02c5acd23c3b9ee7df
                                          • Opcode Fuzzy Hash: a2c510092de289245b2e5c3fc8f73f0a75c76af52d571846f9ab7600e9f07647
                                          • Instruction Fuzzy Hash: 8021F2B5604200DFDB04DF14D9C0B26BBB5FF84354F24C6A9E94E4B296C33AD856CA61
                                          Function 06092A68 Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 807ff53ca1f31386b9c00b44d170e547a4d853dd10d9092e3dee10b4085cbc98
                                          • Instruction ID: 3a7da3b153a836d320be83d9c7a7c7d8d4ea5d90f6bdd7ff46f924b08f43e511
                                          • Opcode Fuzzy Hash: 807ff53ca1f31386b9c00b44d170e547a4d853dd10d9092e3dee10b4085cbc98
                                          • Instruction Fuzzy Hash: 9B11A0323542045F9BA486AEA890A5BFBDFEFC4665324807BE50AC7755EE71DC0143A0
                                          Function 00BD91F7 Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 51434a8a2eb06459627da48e37200776bdf5ceddf7e2ec0058bb5509397c6db1
                                          • Instruction ID: 9cb51087416a7e90a97cf0b0f0ee8badd5095181469abcb3609b321c46f35885
                                          • Opcode Fuzzy Hash: 51434a8a2eb06459627da48e37200776bdf5ceddf7e2ec0058bb5509397c6db1
                                          • Instruction Fuzzy Hash: 7F216B71A001099FDB05DFA9C990BEDBBF2FB88310F1485AAD405BB355EB759D05CBA0
                                          Function 069326A8 Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7ae6839f67ca3986b7f227241cc12b8835eaef93e01b17181d52e29e9fd6f80e
                                          • Instruction ID: e556c0d032cc2e5fc3c53adff792f33ebeb51522a172e4ca86ed0aefecfe5026
                                          • Opcode Fuzzy Hash: 7ae6839f67ca3986b7f227241cc12b8835eaef93e01b17181d52e29e9fd6f80e
                                          • Instruction Fuzzy Hash: BD212F31A00225DFCB55DFA9C88099ABBF2FF8C310B20846DD51A9B761D776E951CFA0
                                          Function 06935F38 Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 49538ed1314c5ae40ee25c1c3d5ef02bed9c712336fbd034cce31f99b5fc81f9
                                          • Instruction ID: 757295366fd0825e39a09f13f0fd60d5b865a0823143557efe5c753311bf0c5c
                                          • Opcode Fuzzy Hash: 49538ed1314c5ae40ee25c1c3d5ef02bed9c712336fbd034cce31f99b5fc81f9
                                          • Instruction Fuzzy Hash: FB1126313092505FC316A73CA81898E7FE6DFC671031844AAE046CB6A7DE319C06C7A1
                                          Function 06933B28 Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 80553eb28ad58c1bba6011f41ef650fb98781910e1c7b4cc8c8f0c3582e04579
                                          • Instruction ID: 96dbf477c3b9c2b3108cc375880695c9ed95146e9db9d05d885a02756f79591e
                                          • Opcode Fuzzy Hash: 80553eb28ad58c1bba6011f41ef650fb98781910e1c7b4cc8c8f0c3582e04579
                                          • Instruction Fuzzy Hash: 6411DD30740A105BCB88AB7D88016AEAADBEFDA640714892EE11BCB754DF74DD058BE0
                                          Function 00BD98A0 Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 443d042e88ecb81de4f3055fe12c7cf7ee581287f69dd79041a9daf5580b8d5a
                                          • Instruction ID: 439b33b86c5326d383c62f1d31d3579ea7084b51569a8970224855d3f9733789
                                          • Opcode Fuzzy Hash: 443d042e88ecb81de4f3055fe12c7cf7ee581287f69dd79041a9daf5580b8d5a
                                          • Instruction Fuzzy Hash: B611C1397012008FC709AB39985862F7BDBEBCA751724847DE90AD7745EE39CC028791
                                          Function 0609FEB0 Relevance: .1, Instructions: 66COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 31e3055faa1b31feec774e179bb8de769d0b2bd497351a018a6558248d7cca76
                                          • Instruction ID: bc08d9397c4a3c9048bdfb14a7cc368d08912b4cfae6de46c0e9334171fffcad
                                          • Opcode Fuzzy Hash: 31e3055faa1b31feec774e179bb8de769d0b2bd497351a018a6558248d7cca76
                                          • Instruction Fuzzy Hash: 552117353500009FCB899F29D848E59BBE6FF9D72530A80A9E60ACB372CA72DC01DB50
                                          Function 00B7E78B Relevance: .1, Instructions: 66COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301085566.0000000000B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B7D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_b7d000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cce4746b1224d499dea95123fe5b3981367ce91eb437616cabc916d075cc1ab9
                                          • Instruction ID: e659ac165394e138c6ac6ce366a09b9c577d4b7fb95146f55d3e8252f6ac49aa
                                          • Opcode Fuzzy Hash: cce4746b1224d499dea95123fe5b3981367ce91eb437616cabc916d075cc1ab9
                                          • Instruction Fuzzy Hash: 4F212A76500140EFCF568F54D9C0B55BF72FF48314F2486E9EE190A26AC336D466DB91
                                          Function 0693A8E9 Relevance: .1, Instructions: 65COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fe2d55f566d4dc665c2d5e6e23e87b7ec7bf97c5b53d9f65d007794b9f476746
                                          • Instruction ID: 128c41710e79ed2297b9ee71ffd3cf58597f5e9bb8d6538a4f515bf59e7a6d55
                                          • Opcode Fuzzy Hash: fe2d55f566d4dc665c2d5e6e23e87b7ec7bf97c5b53d9f65d007794b9f476746
                                          • Instruction Fuzzy Hash: C41133317046609FCB06AB78E448AAFBBFBEFC9201B004559E5068B745CF396D0AC7D2
                                          Function 00B7F14F Relevance: .1, Instructions: 64COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301085566.0000000000B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B7D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_b7d000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dc9dcd8a821203a1bd19814fe54a57aa9b463fdb0c93c74936c5b16d84cde03a
                                          • Instruction ID: eb121672c318278c2368a9c8f06f12f416ba6e965c4803ad2d8cde7fa6f03c4f
                                          • Opcode Fuzzy Hash: dc9dcd8a821203a1bd19814fe54a57aa9b463fdb0c93c74936c5b16d84cde03a
                                          • Instruction Fuzzy Hash: 5E216076404240DFDF068F54D9C0B65BFB2FB48310F24C2A9ED094A26BC336D866DB91
                                          Function 00BD87A0 Relevance: .1, Instructions: 64COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 27cb60d32670f87125b4ea2bfc6a3d217f180cc0eec76ec09985c7e38817bc3c
                                          • Instruction ID: ba6c6a51efcf3bba2b025fcd38097d5ea7267ae0de1139dc85bd749314a4f46c
                                          • Opcode Fuzzy Hash: 27cb60d32670f87125b4ea2bfc6a3d217f180cc0eec76ec09985c7e38817bc3c
                                          • Instruction Fuzzy Hash: ED1102353053414FD3119779A895A1A7FDBEFC9300B1888BAE14ADB752EE34DC068751
                                          Function 06938C10 Relevance: .1, Instructions: 63COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d799a0bfd1a38e83b3d945d509bd10fe08c3a583bd90ce4d404e0691eac0e6a1
                                          • Instruction ID: 53df208a056ff21e184d73c1cfda7df28d8e8f172dd626160e1c1bacfba3abb3
                                          • Opcode Fuzzy Hash: d799a0bfd1a38e83b3d945d509bd10fe08c3a583bd90ce4d404e0691eac0e6a1
                                          • Instruction Fuzzy Hash: C711A230A02114DFDB14EB68CA55AEEB3FAFF88301F248669E401A7355CB755C01CBA0
                                          Function 00BD8D30 Relevance: .1, Instructions: 62COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e1664fbfb6b4fea52c2e62adfbdf7e30c6400fe18acfece1cda21ae95ac4624f
                                          • Instruction ID: 771a95d030c90363f26eb5cb49ea93700676d02a92699217c7026ef1dd99ff4a
                                          • Opcode Fuzzy Hash: e1664fbfb6b4fea52c2e62adfbdf7e30c6400fe18acfece1cda21ae95ac4624f
                                          • Instruction Fuzzy Hash: 6F1127796007008FD3159B79E01829A7FE2EB85705F14497AD446CB781EF38DC06CBC2
                                          Function 06936EB0 Relevance: .1, Instructions: 62COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 071a9018fb6e02d04bbd6830a859b5fa3c75a1f94e1b45c7676a48436a031a16
                                          • Instruction ID: 8024b252ec94e3683a35ede72a1f125aa452d65a9fe9cc01f26d9dc6b3ebceeb
                                          • Opcode Fuzzy Hash: 071a9018fb6e02d04bbd6830a859b5fa3c75a1f94e1b45c7676a48436a031a16
                                          • Instruction Fuzzy Hash: 24112930606244AFC345DB78DD129BE7BF6EF86600B1041D9E40ADB762DA305E05C791
                                          Function 0609B380 Relevance: .1, Instructions: 61COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: da185a251780479c7d25f52dd320f018fc83995ef455db99f7d08a90e036c9e6
                                          • Instruction ID: 599c06d02749bd89041717175dc59e487849640a9b2a205b8e9568b4fe3319c5
                                          • Opcode Fuzzy Hash: da185a251780479c7d25f52dd320f018fc83995ef455db99f7d08a90e036c9e6
                                          • Instruction Fuzzy Hash: 2C118170256640CBEBA44F58E04832B7EE7FB45721F44452AD08386A91DFB49A84EFE2
                                          Function 00B7F053 Relevance: .1, Instructions: 61COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301085566.0000000000B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B7D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_b7d000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 94d976c543fb1643bdbe8b5e3b6992184e4cbb3c6ad9218d786fd491f05bc371
                                          • Instruction ID: 7d0bcce85cf166369b5dd890308f467aea944709708fc1326c548e839fe3069d
                                          • Opcode Fuzzy Hash: 94d976c543fb1643bdbe8b5e3b6992184e4cbb3c6ad9218d786fd491f05bc371
                                          • Instruction Fuzzy Hash: 05218B76504240DFCF06CF54D9C0B66BFB2FB88314F24C6A9ED085A65AC33AD826DB91
                                          Function 00BD706F Relevance: .1, Instructions: 61COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e6b364ae82dbdbbf588e723f0264238e1eb6ae578cf41194472cd9559fb94ac5
                                          • Instruction ID: 0975e1f301a72aa4bbaf6d32def5565c2e74c94eb6eb19b5e26adb03039832ff
                                          • Opcode Fuzzy Hash: e6b364ae82dbdbbf588e723f0264238e1eb6ae578cf41194472cd9559fb94ac5
                                          • Instruction Fuzzy Hash: 3F115E34B41200AFD7059B74981AB6E3FB2AF85B01F6480A9E505DB796EE78CD068791
                                          Function 069339A8 Relevance: .1, Instructions: 61COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8252b39de25dc4e7ca8d23d7f206479256875e6999feced93a6233708b861830
                                          • Instruction ID: 9c90c7a735e73d7f008257d4deb8a4b38eddef750d6ecf84c5bbae12520f0574
                                          • Opcode Fuzzy Hash: 8252b39de25dc4e7ca8d23d7f206479256875e6999feced93a6233708b861830
                                          • Instruction Fuzzy Hash: 0911B231E00628AF8F54DBA9C94089EBBF6BF84315B18C16AD805D7714EB30DE41CB80
                                          Function 06931EA8 Relevance: .1, Instructions: 60COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3bd73730fcac47e5e3484e9a5dded0cdbe0c6c095d4103eac846ab37e0b91d12
                                          • Instruction ID: c6bea378415a83551326ae9d4ec2be9539c89cea646756dd4dfc5c520918a86a
                                          • Opcode Fuzzy Hash: 3bd73730fcac47e5e3484e9a5dded0cdbe0c6c095d4103eac846ab37e0b91d12
                                          • Instruction Fuzzy Hash: 1811E330F502188BDF50DBA9E8003AF77BAFB84304F104936E611E76A1DB78DA45DBA1
                                          Function 0693399A Relevance: .1, Instructions: 60COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cd8ce1b6c74e29573b9dca6f84fa3ee6071f4c945b30991649fd0804711759eb
                                          • Instruction ID: c1a19998ad97e881895b7ca7f9099ae4ccc7664d7ea0c9d4951bc5018e232d3d
                                          • Opcode Fuzzy Hash: cd8ce1b6c74e29573b9dca6f84fa3ee6071f4c945b30991649fd0804711759eb
                                          • Instruction Fuzzy Hash: 8711C131E00658AFCB01CBA9C9405DEBBFABF85325F18C2AAE405D7250E7308A40CB90
                                          Function 00BD877F Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 85e010af24c6e8c5293a25d703697915ffc8d32004291e9f4f5a88ef007e5a0e
                                          • Instruction ID: 204a6058700ff2c5bc683b888aec1470a9a41569ed277ffa9df665195c416f0a
                                          • Opcode Fuzzy Hash: 85e010af24c6e8c5293a25d703697915ffc8d32004291e9f4f5a88ef007e5a0e
                                          • Instruction Fuzzy Hash: A2115E7520D3C04FD3139779A892855BFB5DE9720135A48EBD0888F663E9189C4B8762
                                          Function 0609FEC0 Relevance: .1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1153769e8ea66d87dcbd3014f2b99b8353ba71759b2f84cfca744b7929043157
                                          • Instruction ID: 9d73a53f934948ec274aa98cd9e00d164a6aef2888662590d3ebfc8613c440f5
                                          • Opcode Fuzzy Hash: 1153769e8ea66d87dcbd3014f2b99b8353ba71759b2f84cfca744b7929043157
                                          • Instruction Fuzzy Hash: AE11D2363500109FCB499F69D848D59BBA6FF8C72531A80A9E60ACB372CB72DC11DB54
                                          Function 00B6D7E7 Relevance: .1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2300923352.0000000000B6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B6D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_b6d000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 86e2d0ad5966b4908552e02efda348fb7df0361686de0292c4c6c9527de2ff27
                                          • Instruction ID: a2f55081d26377aba00913cc69e876fc08208e9a3c10f836b1efdf8b18919611
                                          • Opcode Fuzzy Hash: 86e2d0ad5966b4908552e02efda348fb7df0361686de0292c4c6c9527de2ff27
                                          • Instruction Fuzzy Hash: 7221A276904284DFCF06CF14D9C4B16BFB2FB88314F28C6A9D9494B256C33AD416CB91
                                          Function 00BD0DD0 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8d72b85e39ab82d2584fb9d7c8f1d68477ccf4a1fcde0187f255d54f861a45b9
                                          • Instruction ID: 1877f7626a5f823567aff30eb48adb547946fd51392f7c3d579929930745849f
                                          • Opcode Fuzzy Hash: 8d72b85e39ab82d2584fb9d7c8f1d68477ccf4a1fcde0187f255d54f861a45b9
                                          • Instruction Fuzzy Hash: 66114832A083505FC7026B74684465DBBE5DF41311F0444EBE505E7293EE319C498BE2
                                          Function 06092D88 Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6d4f4379b1b2329b58decdee9d61cc7f0da5ca40be227f8bef8311dfdef45da7
                                          • Instruction ID: 1605efd11d841a6a9b20e32455eac947fda19ab368e3caf9fd25bad6b2a53160
                                          • Opcode Fuzzy Hash: 6d4f4379b1b2329b58decdee9d61cc7f0da5ca40be227f8bef8311dfdef45da7
                                          • Instruction Fuzzy Hash: 9C0128763682409FEB41CBACF850A6BBFEAEFD81A03188067E449C7701DB30EC009764
                                          Function 060937A8 Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 620b66c64b2abb2082045117cee1f01f8bb58239de726895ea2c911d12edd11d
                                          • Instruction ID: 2c4f37b1c8e7c3a3eb6878593faedaa2c5d697c456af314350bfec183f85ff0f
                                          • Opcode Fuzzy Hash: 620b66c64b2abb2082045117cee1f01f8bb58239de726895ea2c911d12edd11d
                                          • Instruction Fuzzy Hash: 5211C4716097D28FC7068F3494904A1FFB2BEC620031DCADAC4994B202C670D446DFA0
                                          Function 00B7D5DB Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301085566.0000000000B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B7D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_b7d000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 72f31758580e09dbfc95d14a71d78f444649c9c869c0fd5114a31a9b883b897b
                                          • Instruction ID: a6485bef06f791bf06124100ffb650a1f90cce36edad684d3a84a28e84c1cad5
                                          • Opcode Fuzzy Hash: 72f31758580e09dbfc95d14a71d78f444649c9c869c0fd5114a31a9b883b897b
                                          • Instruction Fuzzy Hash: 69118B75504280DFDB15CF14D5C4B15BBB2FB84314F28C6AAD84D4B696C33AD85ACBA1
                                          Function 06931E98 Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a9223666aeaf760864785cc37550599c64190d6d83f39f7ed809fcce27984d33
                                          • Instruction ID: ff34b6cf255e9537e379581259ef1fc7704703d5662607125d4f796643867761
                                          • Opcode Fuzzy Hash: a9223666aeaf760864785cc37550599c64190d6d83f39f7ed809fcce27984d33
                                          • Instruction Fuzzy Hash: AC110470E502298BDB50DBA9D8047AF7ABAFB45310F504525E510AA2A1DFB88501DBB0
                                          Function 0693DE18 Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f77ed97280356d7cccdb6e5c50d74389e8ac389009db41933e1c10424cfae295
                                          • Instruction ID: 40943adbfc28b6815480577c334caf5e8312fd67398a0cb2a58295ee11ffa935
                                          • Opcode Fuzzy Hash: f77ed97280356d7cccdb6e5c50d74389e8ac389009db41933e1c10424cfae295
                                          • Instruction Fuzzy Hash: EF115B74E00208EFDB40EFE8C8447AEBBF2EF88700F1084A9D506AB795DA345E019F51
                                          Function 00BDB9C2 Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a74cf82ef00ca2ef423c1b46a258c0f0e5332989119cba34680d1df24ee695b8
                                          • Instruction ID: 7ef7ed22689c809fd710b237791f5e759c97f75120e1fec25b13de11e9191718
                                          • Opcode Fuzzy Hash: a74cf82ef00ca2ef423c1b46a258c0f0e5332989119cba34680d1df24ee695b8
                                          • Instruction Fuzzy Hash: B00175367042159FD744CA6AC490D6AFBFAEF99364715C16BE905D7321EF70DC028790
                                          Function 069334C8 Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1a908527e56f6a887921aa711cd076db5d930a2086f26f51c5bc36ce4e120696
                                          • Instruction ID: 3a231b7c65beb99764a3f1d9cba3a7625235bb2620ef9c582137bdc5bd3fd3c2
                                          • Opcode Fuzzy Hash: 1a908527e56f6a887921aa711cd076db5d930a2086f26f51c5bc36ce4e120696
                                          • Instruction Fuzzy Hash: FA11E370A452849FD745EB64C46562DBFA1EF82300B1585DAC44B8B762CB34ED45CB91
                                          Function 0609BA30 Relevance: .0, Instructions: 49COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: abb87866f49db32df8be64d95619f9f3449d848f19cf4a1e59b8182a952d6ca6
                                          • Instruction ID: a73e67392038ab9eac0bac2798f943eaa3362364f638f0afb4f4a3a7495d2210
                                          • Opcode Fuzzy Hash: abb87866f49db32df8be64d95619f9f3449d848f19cf4a1e59b8182a952d6ca6
                                          • Instruction Fuzzy Hash: 5801F2B27442149FDF8D8E88E85586B7FAFAB842347094017F506C7221DB318D42E7B0
                                          Function 0693DE28 Relevance: .0, Instructions: 48COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 20adb3fa8408b6a1d95bbc612b0c10874e842be30d9dace07ae092445c80792c
                                          • Instruction ID: dc01cc9a38f13a6c4ed00973aa7cf567a927ca1b685bf7b15865c776904d5466
                                          • Opcode Fuzzy Hash: 20adb3fa8408b6a1d95bbc612b0c10874e842be30d9dace07ae092445c80792c
                                          • Instruction Fuzzy Hash: DD111874E00208EFDB44EFE8D8557AEBBF2EF88700F1084A9D50AA7755DA345E019F51
                                          Function 060937B8 Relevance: .0, Instructions: 47COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5baaedf9f81eeac075f674ea7350d7d71333447498cba003b0e44bf865258624
                                          • Instruction ID: 95ed773c12c63f0fa51a51bfc31ec48a7a6cbcca04bed9b6912b9d202d813443
                                          • Opcode Fuzzy Hash: 5baaedf9f81eeac075f674ea7350d7d71333447498cba003b0e44bf865258624
                                          • Instruction Fuzzy Hash: 9311AD756067928BC30A8F29D490462FFB2BFC6215309CB9AD4594B302DA70E985CFE0
                                          Function 0609BD2A Relevance: .0, Instructions: 47COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 73004b154cc974054032d9aca8eb5a460eff1b36d383f1f948c6014cda993b0a
                                          • Instruction ID: 83a4e8bf6073f68852538dadc3975bc16915d90eca4e1cf28c6672ca336f6d50
                                          • Opcode Fuzzy Hash: 73004b154cc974054032d9aca8eb5a460eff1b36d383f1f948c6014cda993b0a
                                          • Instruction Fuzzy Hash: 89012172A0010E9F8F85DFA9D9419EFBFBABF48210B044027F515E2211E7319A15DBA1
                                          Function 0609BDC4 Relevance: .0, Instructions: 47COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d387044308e376ee171524f0cd4b682050d7624d72da8110ef255c80f5e0c561
                                          • Instruction ID: 43ada560e255a8a665608937b484395355f4dfd06f37257f9290305e41c88d41
                                          • Opcode Fuzzy Hash: d387044308e376ee171524f0cd4b682050d7624d72da8110ef255c80f5e0c561
                                          • Instruction Fuzzy Hash: 6B011B31A4410EEFDF85CE49E885ABF7FB7AB98290F104012E91196250E73189A1EBE0
                                          Function 00BDB9D0 Relevance: .0, Instructions: 47COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5c68d3fc124174969cb7801086f47b26294549d13cb71b22add7ddacf40dae0a
                                          • Instruction ID: 64e5c88772f5cd7db46d3481561bef5fe2cab424a430eb1d1ec550a2460b66e7
                                          • Opcode Fuzzy Hash: 5c68d3fc124174969cb7801086f47b26294549d13cb71b22add7ddacf40dae0a
                                          • Instruction Fuzzy Hash: 8B014F357002199F9744CA6AC840D6AFBEAEFD83A0715C16AE909C7310EF71EC028790
                                          Function 06935EE0 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 82c4f452e4a7b9ab3267e27f1c52f229a71fd11f80a211de374bc8ba63d044df
                                          • Instruction ID: 277e49ecc033c89ed97468f9c735083f235f488c4e9f1604b12dfe02c68d83ec
                                          • Opcode Fuzzy Hash: 82c4f452e4a7b9ab3267e27f1c52f229a71fd11f80a211de374bc8ba63d044df
                                          • Instruction Fuzzy Hash: 8EF0C8363053106FC705ABB9A9448AB7FAFDBCA62171540ABE10ACBB13CD71AC0587A1
                                          Function 06094140 Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0b96ea94684cd016fda8c0d9230b02430f032003de1fbd28b48e8ee048f2a6cc
                                          • Instruction ID: 2e7a047ae9f7681ac162a17030ce7d4f915a499cc38139371a971b5c96e306c5
                                          • Opcode Fuzzy Hash: 0b96ea94684cd016fda8c0d9230b02430f032003de1fbd28b48e8ee048f2a6cc
                                          • Instruction Fuzzy Hash: 1FF06D36B541244F5B859A6DBC8496EBBEAFBC5565324023AE409C3360DE61DC0697A0
                                          Function 00B6DBFD Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2300923352.0000000000B6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B6D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_b6d000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ec562588c717faf3b44bc289c662d11b8f0c7dab28d349e6a36bc98ad66190a1
                                          • Instruction ID: 8c2e9b8cf1b1898b726de7d2c4fb61348780d7603f80dcde0800087e074ce149
                                          • Opcode Fuzzy Hash: ec562588c717faf3b44bc289c662d11b8f0c7dab28d349e6a36bc98ad66190a1
                                          • Instruction Fuzzy Hash: 2C01DB32A04748DAE7145B19CDC4766FFDCEF91724F14C4AAED455B282D2BC9840C675
                                          Function 0609EC88 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 58389d25cfcf68c349474244be1223996b3f958f9cfbf45756d097fc0e926a4b
                                          • Instruction ID: df2833541976233f6f520a6e995165e52f35ae787ede82523e62f5949adf9109
                                          • Opcode Fuzzy Hash: 58389d25cfcf68c349474244be1223996b3f958f9cfbf45756d097fc0e926a4b
                                          • Instruction Fuzzy Hash: 0B0126362082464FC712DB59D844C86BFABEFC2310B19C577E549CB266DB30D819CBA0
                                          Function 06096898 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 51717a4062277c5f925336a67a662f43dfd2ee2ed55714c0742c0803e6d1f1e2
                                          • Instruction ID: 1480c07e23e1ce573cf222c5dfe4a860adddc186fdb2c473b44bb0e437c8473c
                                          • Opcode Fuzzy Hash: 51717a4062277c5f925336a67a662f43dfd2ee2ed55714c0742c0803e6d1f1e2
                                          • Instruction Fuzzy Hash: 03F04431701104BFDB145E9ADC9496B7B9BEF86768B14443AF9098B351CA72DC45C7A0
                                          Function 06092CD0 Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 04999dfae17a33dba7ed69b75f658afb1ddf90bcfff010ad20a4f73d83ece021
                                          • Instruction ID: eb85b91910ce30b49f15c1ced36958f8183b0da5f5bf86543d1b6a77572110fa
                                          • Opcode Fuzzy Hash: 04999dfae17a33dba7ed69b75f658afb1ddf90bcfff010ad20a4f73d83ece021
                                          • Instruction Fuzzy Hash: 01F0F631B701299FDB9067BDA40C6693BEBDF8426634088A7E80ACB320FE70CD044791
                                          Function 00BD9800 Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fc74fb029c4287e9e894a6cdd4d53f135ed8c14d365f579fc62e455862964573
                                          • Instruction ID: 8ee8f63f0e42594c53b4f61b5d5ed889d48b1fea68ba968a1c9a6d4bf8761190
                                          • Opcode Fuzzy Hash: fc74fb029c4287e9e894a6cdd4d53f135ed8c14d365f579fc62e455862964573
                                          • Instruction Fuzzy Hash: 08014C35E002188FDB14CB99C994AEDFBF5AF4D710F158099D405BB361DB75AD40DBA0
                                          Function 00B6DB0B Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2300923352.0000000000B6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B6D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_b6d000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 27a4c2dad79a31de883aad6ab25b10312b8454f88430a1085f49ffbf8b6d08f8
                                          • Instruction ID: 215368179bc6360d61a3d1e7d85886a2f097d2995663b1a60262bd64ddf61c35
                                          • Opcode Fuzzy Hash: 27a4c2dad79a31de883aad6ab25b10312b8454f88430a1085f49ffbf8b6d08f8
                                          • Instruction Fuzzy Hash: 37011A76600A40AFC7619F46C980C23FBFAFF88720319845DE98A4BA21C372F811DF60
                                          Function 0609FCAF Relevance: .0, Instructions: 42COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7e40994dacca9029995e59962df6a6c14205bb3bb73cbd79d078ec1f678004f9
                                          • Instruction ID: 9bf56eb446889da4820b101d305f3af775ed3030c1bd387585f9301ef23c7b05
                                          • Opcode Fuzzy Hash: 7e40994dacca9029995e59962df6a6c14205bb3bb73cbd79d078ec1f678004f9
                                          • Instruction Fuzzy Hash: EC018171B052055BCB44DB9DD85099BFFEAEFD9260B248167E845DB305DA30DD04CBB1
                                          Function 00BDC448 Relevance: .0, Instructions: 41COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cd6559944d8d757a4a622d19972442a4d735d61f8bda273c8036e778ca313878
                                          • Instruction ID: 2f9ce1334d905856ea2ba2214a213ba1ad01e57cc739e53c8d757b8c90c8d828
                                          • Opcode Fuzzy Hash: cd6559944d8d757a4a622d19972442a4d735d61f8bda273c8036e778ca313878
                                          • Instruction Fuzzy Hash: A4F02B367021204B47349A65649457BFFD5EEC972131501BFE908C7341DE30CC02CAD4
                                          Function 00B6DAFC Relevance: .0, Instructions: 41COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2300923352.0000000000B6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B6D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_b6d000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 273abce76b50d6e18f9137a2a2f518972bd7fb1ff880843c7d63b3a99e1e87f8
                                          • Instruction ID: 7532be897144d0df748df0e63522aaf5a32cd8c3c5111752f851c9e40a0bc297
                                          • Opcode Fuzzy Hash: 273abce76b50d6e18f9137a2a2f518972bd7fb1ff880843c7d63b3a99e1e87f8
                                          • Instruction Fuzzy Hash: 14010C75104B80AFD7228F55C940C62BFFAFF89720719848DE9864BA22C232F812DB60
                                          Function 06938CF8 Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 88eb0e1ca2edbf85db899945fc926427060e1d411c734b41bf1876917fb0a6b0
                                          • Instruction ID: 22ade1dd83d42cf116f5ad15ef201f4a8365a633e24faff62e6ef4642d09729c
                                          • Opcode Fuzzy Hash: 88eb0e1ca2edbf85db899945fc926427060e1d411c734b41bf1876917fb0a6b0
                                          • Instruction Fuzzy Hash: E1F0F631700A2057E606A37DA4057AEB7C7EFD2624F28406BF019CBB80CFB5AD0687D5
                                          Function 06095461 Relevance: .0, Instructions: 39COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d6ee6a6fa7e378ccdc363e75bd8591b899926d4a959da25187d90657d849c538
                                          • Instruction ID: 225e6881112ec39c88ee3ba4679bb27a5d69ba0cc3010c1850f67042c8bc8b08
                                          • Opcode Fuzzy Hash: d6ee6a6fa7e378ccdc363e75bd8591b899926d4a959da25187d90657d849c538
                                          • Instruction Fuzzy Hash: B1F0C27058A3881FDB876B369C1148A3FB6BB93214359D1C7D0918F167CA35880B9BB2
                                          Function 0693D7F8 Relevance: .0, Instructions: 39COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0b3d22b05312f4cfb9f7eb543051368e24551a4523b56e0da29a5bf153641bcd
                                          • Instruction ID: e877ea5bd0d056c13a485d26d7d205443cb95915e1696497c924ac5a89ad9a3b
                                          • Opcode Fuzzy Hash: 0b3d22b05312f4cfb9f7eb543051368e24551a4523b56e0da29a5bf153641bcd
                                          • Instruction Fuzzy Hash: 0AF0E5367051502BE720555AFCA1B5BFB5EEBC2635F24407BE28887B91C9529C4382E2
                                          Function 0609412F Relevance: .0, Instructions: 38COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3e236722ba5e9dbb130552859013a5d8db88edd0fb41d5d0ea0b9beb1aa3a82f
                                          • Instruction ID: 080706d96d51404585d004df183b10c4ebd2f7f3e69e6acd64f53da7f7db9e51
                                          • Opcode Fuzzy Hash: 3e236722ba5e9dbb130552859013a5d8db88edd0fb41d5d0ea0b9beb1aa3a82f
                                          • Instruction Fuzzy Hash: 83F0B47AB442114FC7868F69AC9466EBFEAAFC6155319016BD408C7372DE30CC06C7A0
                                          Function 00BDDE60 Relevance: .0, Instructions: 38COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 39ed4e58a649533e2f4471cf78570c130c11ff2729273e63b4b8212040beca0b
                                          • Instruction ID: a6fb08d2119af2b41eb0dcdcd2f91fc19de026428514ffaaea9398ffe0bc08f0
                                          • Opcode Fuzzy Hash: 39ed4e58a649533e2f4471cf78570c130c11ff2729273e63b4b8212040beca0b
                                          • Instruction Fuzzy Hash: 0BF096753002019BD710AB5AE894A5BB7E6EBE4351B14C53AE5898B310EF35AC45C7A4
                                          Function 00BD7F18 Relevance: .0, Instructions: 38COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 507e2e6a01ec993299f0b4c8c9a9e0a436aecfd467d43998e39939d1c17fef5d
                                          • Instruction ID: 408ef4b660318a76bbdb8deb6b965bb949359c26d8193d82fcecb2e7753f016a
                                          • Opcode Fuzzy Hash: 507e2e6a01ec993299f0b4c8c9a9e0a436aecfd467d43998e39939d1c17fef5d
                                          • Instruction Fuzzy Hash: ED016D75E006248BDB14DF58D8055DEBBF0EB48310F00412AD849E7310EB78AE068BD0
                                          Function 0693FCCA Relevance: .0, Instructions: 38COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 99f38eb832016ea590a7252bfdac6ec0b2cb825a20fe5f06790a4f90ea541cb8
                                          • Instruction ID: a28e4986fd409387af669ec6b3637953d6997ec66c5fde8e9a80933944218bdf
                                          • Opcode Fuzzy Hash: 99f38eb832016ea590a7252bfdac6ec0b2cb825a20fe5f06790a4f90ea541cb8
                                          • Instruction Fuzzy Hash: 07F02731508348AFDB1A9AF498000CF3FA6DB46201F2449AAD242CFF41DD351C06C3A3
                                          Function 06092A59 Relevance: .0, Instructions: 37COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9111847babf5a09e1313047c2d9f61f22c551209256d9497890d7ccea5c85968
                                          • Instruction ID: d2a4e7b4b9b3f5b11be11c71fcfb41576359a5767324e0e4df3345f897d85c0d
                                          • Opcode Fuzzy Hash: 9111847babf5a09e1313047c2d9f61f22c551209256d9497890d7ccea5c85968
                                          • Instruction Fuzzy Hash: FCF027327183041FC79587FDA85095BAFDEEFC9164328807BE489C7316EE21CC018360
                                          Function 0609FBE1 Relevance: .0, Instructions: 37COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 37bff577870a9278d5d7fc02490a0b53f9334707c3f778f0610ca2b08301f5d0
                                          • Instruction ID: 6bfd104751b1c7381c63004cd73916c0330122afee8d621958312083c8a30efb
                                          • Opcode Fuzzy Hash: 37bff577870a9278d5d7fc02490a0b53f9334707c3f778f0610ca2b08301f5d0
                                          • Instruction Fuzzy Hash: D2012870A40209DFCB54DFA8D9409DEBBF2FF88354F20C969E599A7200D335A902CF90
                                          Function 00BDBB30 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b91344a0e2ef268b8b8f5fa0a5d1314e62909170a40ae271559c4af5283cc7aa
                                          • Instruction ID: e9969e4efb9f2ba7029eefb1b1eb9c5ab278d689d56679e6fa751c2e528d1bf6
                                          • Opcode Fuzzy Hash: b91344a0e2ef268b8b8f5fa0a5d1314e62909170a40ae271559c4af5283cc7aa
                                          • Instruction Fuzzy Hash: 98F082727006219BE7145EAD984092BFBDAEBC8760B15413AE509C7348EF71DC4287D5
                                          Function 00BDBB2F Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5483b9569b454f79756eb2f4a271931bf0ad5f455a711007883d3e2cfabb1626
                                          • Instruction ID: 9c9b895cc2a697c8d38d98b0ba1918f3a53fa818880b269296a6ab38cf62db8b
                                          • Opcode Fuzzy Hash: 5483b9569b454f79756eb2f4a271931bf0ad5f455a711007883d3e2cfabb1626
                                          • Instruction Fuzzy Hash: 7CF082727006219BE7145EAD984092BEBEAEBC8760B15413AE509C7348EF71DC4287D5
                                          Function 00B6DBFC Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2300923352.0000000000B6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B6D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_b6d000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 753c5688e09945894078e8e8dbae210936f80de7cbcd0b93766278f99ad48102
                                          • Instruction ID: f8b54c1583b2fe0ccdf7bef4b28eea57f21251a83ff70bce4763c5ea4daedb38
                                          • Opcode Fuzzy Hash: 753c5688e09945894078e8e8dbae210936f80de7cbcd0b93766278f99ad48102
                                          • Instruction Fuzzy Hash: 5AF06271505788AEE7148A15CCC4B62FFD8EB91724F18C09AED485B286C2799C44CAB1
                                          Function 00BD8F67 Relevance: .0, Instructions: 35COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3259e252f876c895ef89da134a48611701e22846c10ab4f89ae0c342d4a22e3a
                                          • Instruction ID: 02d3d8028efa6440d661ed3f7a387d5f5a44443f2025ebae3921e7e7d17dbea5
                                          • Opcode Fuzzy Hash: 3259e252f876c895ef89da134a48611701e22846c10ab4f89ae0c342d4a22e3a
                                          • Instruction Fuzzy Hash: C5F06D79300510CFC7189B19E058A697BB6EBC8722B104069F406C7761CF39DD42CBC0
                                          Function 06936F70 Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2c99703cd7e2f7e7bb363321f4be7d8fe7829a0ef2e64d0f7269cff273e7c04d
                                          • Instruction ID: 0b935915ce293640bbf9f64fd3ea41c0259c11f2ff956c39e01025b6bd0b834e
                                          • Opcode Fuzzy Hash: 2c99703cd7e2f7e7bb363321f4be7d8fe7829a0ef2e64d0f7269cff273e7c04d
                                          • Instruction Fuzzy Hash: E0F08C753412105FC755AA6DEC49D2A3FEEDFC9A2030500A6F508CB772DE61DC0197A0
                                          Function 0609EC78 Relevance: .0, Instructions: 33COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0da07c729de251e9803b8756cac841f3108a39ef592565fbf483aeb03e9c1e53
                                          • Instruction ID: b05bed925b98d4fa2d87152a1dd4f27bba65098bff700622abf0ab8d953d55f8
                                          • Opcode Fuzzy Hash: 0da07c729de251e9803b8756cac841f3108a39ef592565fbf483aeb03e9c1e53
                                          • Instruction Fuzzy Hash: 5CF0B47A2001028FDB06CB58C8448C87FB7BF9630071AC4A6E485DB266DB31E956D790
                                          Function 0693D8DA Relevance: .0, Instructions: 33COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c6515ee382c5566e79b648e3cb83db27be4e6d51605129de513daa82d65df827
                                          • Instruction ID: 895a1427d283acaa3ba809369626f52ad11ef9c0a074232b5dc549142ad5c4c2
                                          • Opcode Fuzzy Hash: c6515ee382c5566e79b648e3cb83db27be4e6d51605129de513daa82d65df827
                                          • Instruction Fuzzy Hash: 2EF02E3430031057C609B734A412BAF779ACF84714B10856EE5038F754DF396D0A07DA
                                          Function 06092260 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8e1b103782109f5f7dc35f899f2e97a4325322d20c6d64496d948dcfc1cfc50c
                                          • Instruction ID: ed91cdad751e18f708eb8093173377f4a38c065f524f63b0fd4631f72d026d9a
                                          • Opcode Fuzzy Hash: 8e1b103782109f5f7dc35f899f2e97a4325322d20c6d64496d948dcfc1cfc50c
                                          • Instruction Fuzzy Hash: 7CF0656680E7C00FC7171B24AD632A57F719D0324170E98CBD4C8CA563E1194E6997B6
                                          Function 06092D98 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f016a664526c305149918bd73b59a151f940d6bbaff0fca86bafef9b98ac43bd
                                          • Instruction ID: 0487940efcc95628ba522b19ada3c6d62b5a39d8f2d45bc656b357c5096e36c6
                                          • Opcode Fuzzy Hash: f016a664526c305149918bd73b59a151f940d6bbaff0fca86bafef9b98ac43bd
                                          • Instruction Fuzzy Hash: 77F065763542146F5B54CA5DE84496BBFEEDFC92B03158027F848C3300EA30ED019664
                                          Function 0609FBF0 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a44e51976613c162bf2aa0ae95d842af3b44ea42a68e959be24a778e30d3f06e
                                          • Instruction ID: 39bf22eb0203195c61ddc35fdf8b85eac8d85007c4c861956f98a3acff1856cf
                                          • Opcode Fuzzy Hash: a44e51976613c162bf2aa0ae95d842af3b44ea42a68e959be24a778e30d3f06e
                                          • Instruction Fuzzy Hash: 5F01F270D4020ADFCB44DFA8D8409EEBBB2FF48350F10C929D95AA7201D335AA02CF90
                                          Function 0693C5DB Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4699284f04a6fc4f5877d29961667e3981b812157fd062431e7db84e0abef9a3
                                          • Instruction ID: 6bdb284f5ac8540c3d44e7d784f1afb1b5254a73c4b82ec6decd29ec549e183f
                                          • Opcode Fuzzy Hash: 4699284f04a6fc4f5877d29961667e3981b812157fd062431e7db84e0abef9a3
                                          • Instruction Fuzzy Hash: 9EE02B123083601BD32611787406FFF7BAA87C2554F1C40BBE149C7782C9991C0AD3B1
                                          Function 069361D8 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5d96c34daa46daae30ef544bb498d1910e7535d08a91edd8d61f17d6ccc85417
                                          • Instruction ID: 3903593a4a3ec84f7d694aee223664ed34656964cacaedea9298dca2b1875f71
                                          • Opcode Fuzzy Hash: 5d96c34daa46daae30ef544bb498d1910e7535d08a91edd8d61f17d6ccc85417
                                          • Instruction Fuzzy Hash: F7E092333040246F47149A8FE8C4CAABBADFBD92313544137F60CCB621CA61DC45C7A0
                                          Function 06936F80 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e18281b7f1d628b5c19e0e2054b2842bf61b352f5a9ce7783167c59d5791cb41
                                          • Instruction ID: 3ca711a82d58310c6056778ab47824ac657a1b46665cffb3e2921d2a3014ca27
                                          • Opcode Fuzzy Hash: e18281b7f1d628b5c19e0e2054b2842bf61b352f5a9ce7783167c59d5791cb41
                                          • Instruction Fuzzy Hash: E5F06D363500109FD744DA6EE848D6A7BEEEFC8A2170540B6F60DCB732DA71DC029B90
                                          Function 0693FC70 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4cb16e25de14e7abeda474b6b8b5931950df4de4c848d0804a493f314a4db173
                                          • Instruction ID: e2c98e5e3b97a6e3939a23daeeeb8d6d2866c55fef33226d3da2fe99f8e25fb5
                                          • Opcode Fuzzy Hash: 4cb16e25de14e7abeda474b6b8b5931950df4de4c848d0804a493f314a4db173
                                          • Instruction Fuzzy Hash: 92E06D367800384BCF88A6A8F91469A7799E789362B1140A6E909C3FA4DD298C018B91
                                          Function 00BDD4F5 Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c8726dc0bbc230926d475f05268d53f7bf42708e876f45a506970a3cde9c0042
                                          • Instruction ID: 3ae9087c1fadf4c07f77620d57d2254dd8f66c1ef96caaa38a4f40108132519c
                                          • Opcode Fuzzy Hash: c8726dc0bbc230926d475f05268d53f7bf42708e876f45a506970a3cde9c0042
                                          • Instruction Fuzzy Hash: 5601F674A01259AFDF10CB94D894FADBBB2BF48308F208056E842B63A0CB35A940DF60
                                          Function 0693D8E0 Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fc2998dc1e00a5f2b8841088b3d3a29953720fa9408e8fadd9c9f6f299155ec9
                                          • Instruction ID: cc0f4851c685d825c33473a94fc1086a3078051c0c9088174c1aa6e27d4ebfcd
                                          • Opcode Fuzzy Hash: fc2998dc1e00a5f2b8841088b3d3a29953720fa9408e8fadd9c9f6f299155ec9
                                          • Instruction Fuzzy Hash: 5BF0A7313043105BD609B7249412BAF779ACF85614B10856EEA038F754DF796D0A4BDA
                                          Function 06093740 Relevance: .0, Instructions: 30COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ae00d8b7c13c937a154cd0116736d53c722f23360a85e251be86a02164dae897
                                          • Instruction ID: dce69e3643e95c5bb7c0bf57132a7c49b89529af3c4b42a0fa10a568a9f9509a
                                          • Opcode Fuzzy Hash: ae00d8b7c13c937a154cd0116736d53c722f23360a85e251be86a02164dae897
                                          • Instruction Fuzzy Hash: CEF02E7030434A4FCB21AB38D5422AE7FF29FC4300B08491FE4868B311DE31680A8B99
                                          Function 06092334 Relevance: .0, Instructions: 30COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 091790b9eec21bad71a9991edc15fd4ae27fb69d7b044ae59cb2801753231a4c
                                          • Instruction ID: 75cfbc6430ad330eaab546064af50606572a6b79e3b9255c6ccf745661e1540c
                                          • Opcode Fuzzy Hash: 091790b9eec21bad71a9991edc15fd4ae27fb69d7b044ae59cb2801753231a4c
                                          • Instruction Fuzzy Hash: 66E0EC2176510DFE6FD49278540002D6DD3A7C5215724801BD54DCE344EA214946B7F3
                                          Function 06094845 Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fc049659b8e9e02d2260e507827bcb252edfafe30f52cff671b997157833f597
                                          • Instruction ID: 4331a5ff08917c4d3d53f2e1dc3baa8b2593b768e4b78deae56b960a3940d0bd
                                          • Opcode Fuzzy Hash: fc049659b8e9e02d2260e507827bcb252edfafe30f52cff671b997157833f597
                                          • Instruction Fuzzy Hash: A6F030395482889FCB8D9F68D8168FE7F35EF52205F0150AAEA4762592DE201546CFE1
                                          Function 00BDC447 Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 59b23b8a123d29c348069f6ddbc4896cfacb9670b21b2d8ebcd9c945f295d2a4
                                          • Instruction ID: 1a4cbd594a715ccaecfb74fd730fa46fab95af96e35b6a277c14b2463d814af6
                                          • Opcode Fuzzy Hash: 59b23b8a123d29c348069f6ddbc4896cfacb9670b21b2d8ebcd9c945f295d2a4
                                          • Instruction Fuzzy Hash: 62E022367022105B47349F76A49457AFFE5EA8936131901BAE808C7341EE30CC02CBD0
                                          Function 00BDBB89 Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1092a47b2f09c45652499cb144666908917d7d2619ef41def866c68372379a84
                                          • Instruction ID: eaf2c19b4fddf29539fd96c7396dd2e612e06c98c397c925700a3624e934fb51
                                          • Opcode Fuzzy Hash: 1092a47b2f09c45652499cb144666908917d7d2619ef41def866c68372379a84
                                          • Instruction Fuzzy Hash: 7FF015B5C142098FCB84DFA894821AEBFF4EB58202F1081BAD418E3610E234464BCB92
                                          Function 0609C290 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 447d596bf14464880269eb1aa5890409e9da9c20c95ada8dfd423470b1aa5d21
                                          • Instruction ID: 9b6d5af769596b50e59f07b4adc9f2aa5a77654bfea95b31f3da3ff47ddedaab
                                          • Opcode Fuzzy Hash: 447d596bf14464880269eb1aa5890409e9da9c20c95ada8dfd423470b1aa5d21
                                          • Instruction Fuzzy Hash: C3E06832E812645FEB509F74D4064997FFBAF5652032658EAE8C9DB322E2318D41C7F0
                                          Function 00BD8D2F Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0bafb7b629fe3f0ea9706bd4eb60af16c823c091cfbd444796a643241a763267
                                          • Instruction ID: 790da779d766628cce678b6711ed7bfb9939f05f3be714d826be303085d94eed
                                          • Opcode Fuzzy Hash: 0bafb7b629fe3f0ea9706bd4eb60af16c823c091cfbd444796a643241a763267
                                          • Instruction Fuzzy Hash: 93F0A039200A004BC325AB19E41069FB7F3EFC4751F144629E98647385DF799D0A8AD6
                                          Function 069334BA Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fccfd597c835fa1c97b29b7e5411de81b666b13b556df491d42f5cd0dd3b7e34
                                          • Instruction ID: 3f72995a3ee133df11f818f220ea8ea83811efc670d1249e0cca28a84e5e4e1c
                                          • Opcode Fuzzy Hash: fccfd597c835fa1c97b29b7e5411de81b666b13b556df491d42f5cd0dd3b7e34
                                          • Instruction Fuzzy Hash: 35F0EC306463855FC309DF24D844E62BF6A7F43311B1642C9D8498B253C721ECD4C7E1
                                          Function 0693FC60 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f72abe549f612e957a80808ff160196f0d8a1eb1471a5ee61339b31b9ce257df
                                          • Instruction ID: 7139d7928d2372be2ddf47ab535f97d798f7c4726ef5666add564b46e75f3d13
                                          • Opcode Fuzzy Hash: f72abe549f612e957a80808ff160196f0d8a1eb1471a5ee61339b31b9ce257df
                                          • Instruction Fuzzy Hash: 62E092757401245FCB989A28D91474A37D6DB89321F2140659C05D3FA4DD25CC0287A2
                                          Function 0693D95A Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1f4f383355e14bcb5d21e3afd1a42e5fe811fd14ec9d217f780fad90da70a1e5
                                          • Instruction ID: 912777c6fd8fcb492667f11f1f07c17009a3676ffd5b6b8f669bb152ebc634bf
                                          • Opcode Fuzzy Hash: 1f4f383355e14bcb5d21e3afd1a42e5fe811fd14ec9d217f780fad90da70a1e5
                                          • Instruction Fuzzy Hash: 8DE0D82630422426C22421787416FFF7ADA8BC1568F1C007BE14947B82CA96584A93A1
                                          Function 06094A47 Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d2e4a707e7d27b10c8561a2c42d5c71e169fb0d4f79b912bbb73e02280ae78b6
                                          • Instruction ID: 83ae17ff9ebfac1547bff1ced740f4ca9a68d93cdd18c5182fac2552c00c25fc
                                          • Opcode Fuzzy Hash: d2e4a707e7d27b10c8561a2c42d5c71e169fb0d4f79b912bbb73e02280ae78b6
                                          • Instruction Fuzzy Hash: 55F09A74C1020A9FDB25EFA9C4193AEBFF1AB44300F00C82AC815A7345DB7864079F90
                                          Function 00BD34B4 Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4708123c50915f881714963390ffca052861c4cd76f37004b2f3d76f8e27a815
                                          • Instruction ID: 8db75b479df7a510f8294eacf725db320a169dcded3871cafa9225ab16c6b3aa
                                          • Opcode Fuzzy Hash: 4708123c50915f881714963390ffca052861c4cd76f37004b2f3d76f8e27a815
                                          • Instruction Fuzzy Hash: EBE022B2D091508FD7124A69A8910F4BBF0DA6279078581C7D0809B223F2198A0ACB92
                                          Function 069349BA Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: eb36374c5637358f186114bdf675f25edebe710ef7aad785ff3fc99d7fb6194c
                                          • Instruction ID: 35e4fa25d001f79270b1414842885d656db2d4a58c9c1bbde8784a482f654602
                                          • Opcode Fuzzy Hash: eb36374c5637358f186114bdf675f25edebe710ef7aad785ff3fc99d7fb6194c
                                          • Instruction Fuzzy Hash: 8FE092352097608FD7119B64A5145AABBA69BC521030A839AEC99C3A82CA298E06C3E1
                                          Function 06932942 Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 844205ddef36f4aaba8a69f57260aab01e409cb29341fab5385c40006be81592
                                          • Instruction ID: f1b77b4a3f7233e0ab1237bc77b183bda71210b274a75541c3f9481c7f2d791c
                                          • Opcode Fuzzy Hash: 844205ddef36f4aaba8a69f57260aab01e409cb29341fab5385c40006be81592
                                          • Instruction Fuzzy Hash: 58E06572F00518CBDF549BB8E9581EC7777EBD4325B144125D642E3754EA318E518790
                                          Function 06092D40 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8e08ff00bc36269c5f9e3aea28631ce4d51c596c39ffda55669c55f8a2934372
                                          • Instruction ID: ca634dd254957dd2e9881d507792f954956feb87d6ad2825364af00a24c6a73d
                                          • Opcode Fuzzy Hash: 8e08ff00bc36269c5f9e3aea28631ce4d51c596c39ffda55669c55f8a2934372
                                          • Instruction Fuzzy Hash: 7EE0D8B210A2C86EEB529774BD900987FB5FF462007194A87C4C8C6653D6288608D221
                                          Function 00BDA361 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d44fcf34e7ab78ce5d06f70518f4fe050cf923fd297f59f08ea2eabe05a83476
                                          • Instruction ID: 9ec2f0b4361391441ed22fa1aaeaa2adebd101540d117c76c9c149a811d004e6
                                          • Opcode Fuzzy Hash: d44fcf34e7ab78ce5d06f70518f4fe050cf923fd297f59f08ea2eabe05a83476
                                          • Instruction Fuzzy Hash: D7F04D38A001098FCB45DF99D9849CCB7F1FF88315B2191A5E905AB365D772AE05CFA0
                                          Function 00BD7EC8 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c2abf309d8b6d05b745e285e0f985f45d7fa11b4348fd5983e18a73fb4e80480
                                          • Instruction ID: c8749c77dfc5b491b062afbd65d11ce4a3df9bb02f9383250dc9a65b231bc0c1
                                          • Opcode Fuzzy Hash: c2abf309d8b6d05b745e285e0f985f45d7fa11b4348fd5983e18a73fb4e80480
                                          • Instruction Fuzzy Hash: 2BE04F353001146BE31466AAB854A9BBBDEEBC9764B40847AF54983315CE7A9C0586E1
                                          Function 00BD7EC7 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8fc8d61c5957ab16d0d6928f60380a938705887f40f065e79300af517a6ce7c7
                                          • Instruction ID: 09a2bbf494c69a42f35c6ebd259f06eda33dbda4715f44481acd00bcd02beb36
                                          • Opcode Fuzzy Hash: 8fc8d61c5957ab16d0d6928f60380a938705887f40f065e79300af517a6ce7c7
                                          • Instruction Fuzzy Hash: 2EE026353001006BF30076AAB844A9BBBDEEBC9724F00803EF549C3315CE7A8C0187E0
                                          Function 0693B5D8 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d60502c7e815b73f5c381339ab2e43e2e9e7f52b3746f1a96caeb7cb09fe5ed5
                                          • Instruction ID: 7e1e27f3e6832b5797ee728e9a823cfe8fd71c47cb7d7f7e60007666dcc81ef5
                                          • Opcode Fuzzy Hash: d60502c7e815b73f5c381339ab2e43e2e9e7f52b3746f1a96caeb7cb09fe5ed5
                                          • Instruction Fuzzy Hash: 24E0262230026417C2156179B8057FF37CE87C2768F1C406FE60887781CA996846C7E1
                                          Function 06935EF0 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bec5d30bb14c39a34de81faf9416987834d445a4921e2b25fa6681fc21b48f4f
                                          • Instruction ID: 51b1ad3f3c704063daaff08c75d23172407bad835dc4951b69d592c56c0b79cc
                                          • Opcode Fuzzy Hash: bec5d30bb14c39a34de81faf9416987834d445a4921e2b25fa6681fc21b48f4f
                                          • Instruction Fuzzy Hash: 78E08C323103102B825477AEA88456FBACFDBC9621B98813FE20AC7744CCB4AD0603E4
                                          Function 060928A0 Relevance: .0, Instructions: 25COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c292cf4cd19fbbd86efdacc8588791443bb1e07c2e60e36034d32a51742bb498
                                          • Instruction ID: 5f432ee4681c263680088283f3278436491ad6bc898c83bd21b521e14c007f9d
                                          • Opcode Fuzzy Hash: c292cf4cd19fbbd86efdacc8588791443bb1e07c2e60e36034d32a51742bb498
                                          • Instruction Fuzzy Hash: 21E08632B14209AB4754C6AA980189F7BEEDBC8165710807AE10CC3240EE31D8028750
                                          Function 06096139 Relevance: .0, Instructions: 24COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5d052e21fd0051d36a8be374b10adccb18287f3eb890a958b6293f06cb0e530d
                                          • Instruction ID: d79df17f522c2220aae21ad4b3b26a06edb7d7d8ae670fab66555c85c8797dfe
                                          • Opcode Fuzzy Hash: 5d052e21fd0051d36a8be374b10adccb18287f3eb890a958b6293f06cb0e530d
                                          • Instruction Fuzzy Hash: 7AD02B677153100BD78621B818150FB1F9A8ADA57130994A3D406D7B01DCB48C071362
                                          Function 00BD1F1A Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d6c7cd0134489d63e22c05fed4b0709194b069c6895db48e22b7df980b4bd0f9
                                          • Instruction ID: 65108d7781c775613258bb72424d9ac52da9985babc20d5dca6766f8d7211530
                                          • Opcode Fuzzy Hash: d6c7cd0134489d63e22c05fed4b0709194b069c6895db48e22b7df980b4bd0f9
                                          • Instruction Fuzzy Hash: BCE022B5D08348DFDF019BB4D4183EEBBB6AF88304F2000ADC501A7281DBB40A28C7A3
                                          Function 0693D88A Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ba0cb99e4226596dbb5a585fdcecfbefcb07a77257b105d776ddb4b57704a549
                                          • Instruction ID: f04f1fbc149c06149a7fcb62c403cd5b3a72d3e3c5777164a0f031901be4c3fe
                                          • Opcode Fuzzy Hash: ba0cb99e4226596dbb5a585fdcecfbefcb07a77257b105d776ddb4b57704a549
                                          • Instruction Fuzzy Hash: FAE0CDB57051106BD7146528FCC4E5B77DAFFCC3A4B14816DF006C7218CA744C498BB0
                                          Function 06933962 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c5df05d0359141a214c786f568e14f96b0afbd345982d01bae18aa851c807645
                                          • Instruction ID: 384dfd98e23435e8bab9fe009ab70cafd02b1159303c0c74d0c4c536c5063748
                                          • Opcode Fuzzy Hash: c5df05d0359141a214c786f568e14f96b0afbd345982d01bae18aa851c807645
                                          • Instruction Fuzzy Hash: B4E0EC327890609B47595A6E641C5BE6B5FAAEA611318556BE106C7A40CFA54C0283A1
                                          Function 06094CA6 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f171a8b6b22643b6a1bfb05f4449889b60d9051c9d3b6b65888a246bbf32444f
                                          • Instruction ID: 3b464cc8c4bbd17f0de7c9c63cdcc7385e03ff8697db09b37eaf8c410da87c9b
                                          • Opcode Fuzzy Hash: f171a8b6b22643b6a1bfb05f4449889b60d9051c9d3b6b65888a246bbf32444f
                                          • Instruction Fuzzy Hash: 14E03960DC11098FEB9CCB50D968BED7FF3AB84245F115855C002662A4CB79488ADBA1
                                          Function 06935E80 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9116af27bb0a624e70d5e9be10df6e8c6c92311a57ea70503d9ae65be56b886e
                                          • Instruction ID: 53b2727aed8882bf2f2cb7ea0f0bc7dd5c11595df2ffa2da8874717067708b8c
                                          • Opcode Fuzzy Hash: 9116af27bb0a624e70d5e9be10df6e8c6c92311a57ea70503d9ae65be56b886e
                                          • Instruction Fuzzy Hash: B1E01271149754AFC70287B8AE04CD3BB7DAA0732032640D2F400CF967C661E916D2B1
                                          Function 06094A58 Relevance: .0, Instructions: 21COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 03f69ddbc4559e9b82696571328cf88faa189fa21480c88202e4cd6aecaccb95
                                          • Instruction ID: af7aa7dec17eebfbb002bad84df8cbe00c00ff957bde0fd6b84d111fd518b7ad
                                          • Opcode Fuzzy Hash: 03f69ddbc4559e9b82696571328cf88faa189fa21480c88202e4cd6aecaccb95
                                          • Instruction Fuzzy Hash: F5E03970C5020A9FDB04EFA9C4197AEBFF1AB84300F00C82AC811A7340DB7845469FC0
                                          Function 06935E90 Relevance: .0, Instructions: 21COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 46d991f141d87e16202528beb48204a0103d60db566feaf2c54c06c901eaa902
                                          • Instruction ID: 1e94b83a7aa87e7864db63ec44cb428246fd52290f3b6a80ec6da2428031e5e1
                                          • Opcode Fuzzy Hash: 46d991f141d87e16202528beb48204a0103d60db566feaf2c54c06c901eaa902
                                          • Instruction Fuzzy Hash: 98E0C2323047209BD7299A29E80086A77BAFEC8361310483EE54A87A14DA71AC028B84
                                          Function 0609AAF0 Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 99335d86e09f0808e7736a70d03bec4134d130920bc6ee449db6e6c97b1f266b
                                          • Instruction ID: 119885aa9d6aab9f46b2d20d12ec4da34697eb545d6c8c97ff4bccdc7d8eed63
                                          • Opcode Fuzzy Hash: 99335d86e09f0808e7736a70d03bec4134d130920bc6ee449db6e6c97b1f266b
                                          • Instruction Fuzzy Hash: EED012317646145BD718DF6AD855A16B7EEAF88A11B45806EE105C7271EA61D80047C0
                                          Function 0693C5A3 Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d6e2eedad7852765615f9c5a62db7afebd9715b9fa3b31412c4146ade591525d
                                          • Instruction ID: 7ad9cb509718d905fbcf3e18a7ce8e6a1e06fdbaf61370fff07ce4ecd7a7512d
                                          • Opcode Fuzzy Hash: d6e2eedad7852765615f9c5a62db7afebd9715b9fa3b31412c4146ade591525d
                                          • Instruction Fuzzy Hash: 91D05B3130D3541BC706166468194DF3BA9DF4765575040A6F10BD7745CD1D0D4687E6
                                          Function 06094F38 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a347340d2ec2ecde2edc6db5fbef452b9dede5aa5560cec7ad832b14d378f8ab
                                          • Instruction ID: 494fdcff9190405b0f41368ab2b289e6250c0baa7b578660319dde0444908d93
                                          • Opcode Fuzzy Hash: a347340d2ec2ecde2edc6db5fbef452b9dede5aa5560cec7ad832b14d378f8ab
                                          • Instruction Fuzzy Hash: C3E0D8700983C44FC3829B50D8843857FE26B97304F95444DD4984B292C7FE1486C7A2
                                          Function 06092CC0 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 497abbfba42df142b14b01043a1286b24f8ca674339ef92edc4a3b6b5e390c8e
                                          • Instruction ID: c90790b7ceb6f2373d2f41fb9dd586d5a67c1ad8f3afddbd76c023b417f32560
                                          • Opcode Fuzzy Hash: 497abbfba42df142b14b01043a1286b24f8ca674339ef92edc4a3b6b5e390c8e
                                          • Instruction Fuzzy Hash: C7D0A722B1A3C41ECB6307B424250E3BFB29E9321131E5CE7C4C4C6216EC20C9055351
                                          Function 06094D08 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: aef8f8efd23d7d1fa7f0b63e23675ba78a71807e5ffa0a04bfd84622af0a206f
                                          • Instruction ID: 22cb2c7a076172bb1725cc056bfb007263132ff61a8a1c57c499603eb4467bda
                                          • Opcode Fuzzy Hash: aef8f8efd23d7d1fa7f0b63e23675ba78a71807e5ffa0a04bfd84622af0a206f
                                          • Instruction Fuzzy Hash: 74E0523AD81108CFDB18DF94E559ADCBBB2FB98325F109055D91663390C7362D45CF60
                                          Function 00BDBB98 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 56509278a1efd7e96bb60bee674a17049d4afa439b06d56e8fe3341f4ee99335
                                          • Instruction ID: 41bb2a1888854b185af80ed1fc6733a93fbf5a30af71d3e629e3f5b911df4b4c
                                          • Opcode Fuzzy Hash: 56509278a1efd7e96bb60bee674a17049d4afa439b06d56e8fe3341f4ee99335
                                          • Instruction Fuzzy Hash: 5FE07EB4D0420D9F8B84EFA9D8416AEBFF4AB48200F20816AE918E2250E7345A51CFD5
                                          Function 06096148 Relevance: .0, Instructions: 18COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 624ffc51f0bf377029f5d9535f0a8ac0a813e63d2430b57a015fcdf523ca018c
                                          • Instruction ID: 64afc668a8645341a60c21e9097ccc685a36d0f15556adf465157788473c9999
                                          • Opcode Fuzzy Hash: 624ffc51f0bf377029f5d9535f0a8ac0a813e63d2430b57a015fcdf523ca018c
                                          • Instruction Fuzzy Hash: A3D0122635422817555421AD68058BF7FDEC6C99B23149427E916D7700DCF48C0213E5
                                          Function 00BD3460 Relevance: .0, Instructions: 18COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2c58e059aab794bf1c94f171ded7328f0a43d2adc574aa00ff5ecf74095d3c42
                                          • Instruction ID: 9a2373d57ba5c4c101ef047c977087b9086c5776261cf0641e46031916e5af7f
                                          • Opcode Fuzzy Hash: 2c58e059aab794bf1c94f171ded7328f0a43d2adc574aa00ff5ecf74095d3c42
                                          • Instruction Fuzzy Hash: 16E09A36900508CFCB04DBA8E4948DCB7B0EF89325B144156D51577221EB30A999CF91
                                          Function 06937998 Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1015ddf1b737f0371cb8c9cca727a5d64d724b2ae5447e46c11bea1842641241
                                          • Instruction ID: 33cb0a8e2735872a09edc1d324103ca906addeca38a45806f0f41d7b09e75b74
                                          • Opcode Fuzzy Hash: 1015ddf1b737f0371cb8c9cca727a5d64d724b2ae5447e46c11bea1842641241
                                          • Instruction Fuzzy Hash: 3BD0C9312862406FEB02A6688D51BCA3B3BAB47720F258181E2458F2E3CB965902E791
                                          Function 06095490 Relevance: .0, Instructions: 15COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e3604131a40ac24b609bf92c3926ff79feeb9283c9783566c509b6cb883b88b5
                                          • Instruction ID: 920e621f5eaa3e45ccc629dd0e9b3438dbe8fbe869397fd90f7eba7c8822adff
                                          • Opcode Fuzzy Hash: e3604131a40ac24b609bf92c3926ff79feeb9283c9783566c509b6cb883b88b5
                                          • Instruction Fuzzy Hash: CBD05E3154030897CB85BF68E91409E7BE7FBC6208364C999D02A5F216DF76E9078FD4
                                          Function 060940E0 Relevance: .0, Instructions: 15COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 50ae95749f3b64746119ce1550efbbfdec3f04c3c7defa25040955c6b1a157f5
                                          • Instruction ID: 719314841e2ac0a9dcbe8cba74b8c5069b6358c5966fc42c8ce77f2644931096
                                          • Opcode Fuzzy Hash: 50ae95749f3b64746119ce1550efbbfdec3f04c3c7defa25040955c6b1a157f5
                                          • Instruction Fuzzy Hash: 91D012317A63098BDF88AAB4B9040673BDBAB846093908479E50EC2241EE3AEC11D660
                                          Function 06094108 Relevance: .0, Instructions: 15COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c39d0d20a9cf6294f634214557fc55f07a299ceb1ce764a70c2973363ec77676
                                          • Instruction ID: 4fbfaa2f2765256aeb4d436afd2b9448181fc51ebf4a6dd08935a1159b88de16
                                          • Opcode Fuzzy Hash: c39d0d20a9cf6294f634214557fc55f07a299ceb1ce764a70c2973363ec77676
                                          • Instruction Fuzzy Hash: 2FD0C92476A2D15ECFA7077508201E96FE68D1391170915EEC4D0C6557F640451AE767
                                          Function 06094860 Relevance: .0, Instructions: 15COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 302747077435cd320ebaaaa35816cab268307482250a5c23d482e9577c889cb3
                                          • Instruction ID: 9428a28470e5170482aa9553620561687de8a26d98797a3c9af267615c10cfd7
                                          • Opcode Fuzzy Hash: 302747077435cd320ebaaaa35816cab268307482250a5c23d482e9577c889cb3
                                          • Instruction Fuzzy Hash: 67D017308441098BCB0CEBA4E85A8FEBF35EB60201F4080A9DE07622C0EA341946CFD1
                                          Function 06935EC0 Relevance: .0, Instructions: 15COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7f54b76490d695cb118e49a342f249ee4e6138a299f4677f1bd2f915d4ccc9c0
                                          • Instruction ID: 26b0f458c1a5d7e77f4d52bb866240f8ac01fb0d60b05c46293b629c0c7bca1f
                                          • Opcode Fuzzy Hash: 7f54b76490d695cb118e49a342f249ee4e6138a299f4677f1bd2f915d4ccc9c0
                                          • Instruction Fuzzy Hash: 32D0A93208A2908FC3008BA8EA0AC827B7CAF1B72030400C6F5008F163CA60E8148376
                                          Function 0609A249 Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2a7ac0277fb8bac55e7934a5670cf33d2d7251d20d90f55db42cbd4275e7970d
                                          • Instruction ID: b4ec9e9f1f15a98f07d3e2750d37dd471a379fc6230a595ea76cbd9b8a3dc16f
                                          • Opcode Fuzzy Hash: 2a7ac0277fb8bac55e7934a5670cf33d2d7251d20d90f55db42cbd4275e7970d
                                          • Instruction Fuzzy Hash: 85D0A9310493C95EC3029B64EC006447FA8EB02304B01818BE098CB053E268280A8B45
                                          Function 00BD7E7F Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9edf96cd7c204a9213aee0efc3c03feac8613aed3a4de37fb6746b2818a9c04e
                                          • Instruction ID: 1bff01470453f5d6817115a540ed5a20e2cf846599545e33a509a5678d98c9e8
                                          • Opcode Fuzzy Hash: 9edf96cd7c204a9213aee0efc3c03feac8613aed3a4de37fb6746b2818a9c04e
                                          • Instruction Fuzzy Hash: 9CD05E30A041448BFB18EA25D141746BBD6E78C718F01D4AAD0068BB49DA39FCC19740
                                          Function 0693C5B0 Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e75d2639054cbf86d0219a908a01c634cdcde3b4b0ac8213e9bd11be0a28d8d4
                                          • Instruction ID: 5554ed0fb5f3e3357b00ca5cd9581d499087ca7dce15cff7a293562cd3104b83
                                          • Opcode Fuzzy Hash: e75d2639054cbf86d0219a908a01c634cdcde3b4b0ac8213e9bd11be0a28d8d4
                                          • Instruction Fuzzy Hash: 13C08031308624534709379CA41E0AE77CEDF86B55B504079F61FD3744CE6C1D4587DA
                                          Function 06934150 Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9a9981e5e631eefdcbec6362341a417706480b741fbc9d8562a8d897d22a82c8
                                          • Instruction ID: 85ba6461caddd4c9c391e3d4791af16f7554cfc39e08740f766a644515aa9902
                                          • Opcode Fuzzy Hash: 9a9981e5e631eefdcbec6362341a417706480b741fbc9d8562a8d897d22a82c8
                                          • Instruction Fuzzy Hash: 89D0127508E7E06FC743577408615523FB81C03004B9747D79081C9153C21F45168762
                                          Function 06933C0A Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: aa5be5a9c8514d9f1b58589210c73424cd3d069d44b4ce7beb2e3943b59e2035
                                          • Instruction ID: 648a8d68a81d32f1aae6e5781d4485905fcb354216fe4297b0683e2f8fc1f0a6
                                          • Opcode Fuzzy Hash: aa5be5a9c8514d9f1b58589210c73424cd3d069d44b4ce7beb2e3943b59e2035
                                          • Instruction Fuzzy Hash: 6FD012F8841A006FDB4CDF1A88404B2BAF9FEC83183B0C4ADE01849212E775CA039EE0
                                          Function 0609C2B8 Relevance: .0, Instructions: 13COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6b3b169795840201e06a552433299b35da267350d843fafecbee9288a2454ad6
                                          • Instruction ID: 5150074e50ae7a3a894dabbdd6f3ede4f557568b121fc0af3466bb6b997a3377
                                          • Opcode Fuzzy Hash: 6b3b169795840201e06a552433299b35da267350d843fafecbee9288a2454ad6
                                          • Instruction Fuzzy Hash: 3DC08C327A01244F8B849BAEE804C55B7ECAF8997030580E6E50CCB332DA61EC0087E0
                                          Function 06094F48 Relevance: .0, Instructions: 13COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bdc0dcf43f92633a7e29bbd08f4f6fbb7d9a8b95a464b88e73ce4c3546d146ac
                                          • Instruction ID: c8ed9a5fed0174cc41d64340b72e8def5c97420aadce30ae9cda0bea47910ad2
                                          • Opcode Fuzzy Hash: bdc0dcf43f92633a7e29bbd08f4f6fbb7d9a8b95a464b88e73ce4c3546d146ac
                                          • Instruction Fuzzy Hash: C7D05E740D42888BC7C4EB50E8897887FA6B7D6308F948018D5280B282CBFF6886C7A1
                                          Function 00BD1F68 Relevance: .0, Instructions: 13COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 494fb5a8c30f042ba3773d3b9d8acef8c238cac7bb62e68b42eb0ee203765218
                                          • Instruction ID: 7c1d396685ecfd4edb60e18e7f4d08383ad654693f34a89b95444f1901f0facb
                                          • Opcode Fuzzy Hash: 494fb5a8c30f042ba3773d3b9d8acef8c238cac7bb62e68b42eb0ee203765218
                                          • Instruction Fuzzy Hash: D5D0A930A04A09DAEBC0A7E884013EC7BB9FF84300F2000AAC686821828F700230CAB7
                                          Function 00BD1F55 Relevance: .0, Instructions: 13COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 966ea67a05e5d1ac342359a39a5e8a19e1638972fda6fd9eb5172247df7542b6
                                          • Instruction ID: 66629bfa31397ffbd9c156391fc3595bcee186c86e86be057fe24eba6d815128
                                          • Opcode Fuzzy Hash: 966ea67a05e5d1ac342359a39a5e8a19e1638972fda6fd9eb5172247df7542b6
                                          • Instruction Fuzzy Hash: 1BD0A734A04209DEEB84D7D8D0527EC77B5FF84300F2010AAC14693181CF301620C672
                                          Function 069334A0 Relevance: .0, Instructions: 13COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ddf2b38f29fa028fdcf050c4f20fa3a82713f59f56908624fade7bc765d00c22
                                          • Instruction ID: 78fada58afc5994721d43a8ee94ac53a38bf0815772ad8b74d59e4929340bfe3
                                          • Opcode Fuzzy Hash: ddf2b38f29fa028fdcf050c4f20fa3a82713f59f56908624fade7bc765d00c22
                                          • Instruction Fuzzy Hash: 03C0921209F3803FCB0602B44E299D63F7FA92373372580C7F18BD74A39255054EAAB6
                                          Function 0693E518 Relevance: .0, Instructions: 13COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2a4a9575eb43025e3fa9ad01f8b7d5dc6e0f5ab07cfe8c01037e83e18c7406a7
                                          • Instruction ID: d9ae8e1b2cb4e4482ccafc6490c50d70efb49c29cfbdff120b43e2eee974aeae
                                          • Opcode Fuzzy Hash: 2a4a9575eb43025e3fa9ad01f8b7d5dc6e0f5ab07cfe8c01037e83e18c7406a7
                                          • Instruction Fuzzy Hash: 6ED0123504E3C50FC31257A8BC184553F7ADA463043449082E088CB967E958184ACBAB
                                          Function 06932F94 Relevance: .0, Instructions: 13COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 997d250a3dbac4c5e9cc28002568997046ed01732b8fc5f6e9c7c4da296d4793
                                          • Instruction ID: 0f784136957a85a2aec3b28cc2cb5850ce75453142ddd98868e7f305affba6d9
                                          • Opcode Fuzzy Hash: 997d250a3dbac4c5e9cc28002568997046ed01732b8fc5f6e9c7c4da296d4793
                                          • Instruction Fuzzy Hash: BAD0C9B4840A109FAB8CDF2A484043279E1EFC5708370CCAE50088A611D636C9039AA1
                                          Function 06932850 Relevance: .0, Instructions: 13COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cf2c071898ca9fd826eaf9e06dc61ed7d4081b11931a2f33822c5f5e4421fdfe
                                          • Instruction ID: 49dfd48be0803da4c79dba3fd6080e837c5bb4ea2ad01132e7a5f61c44198f6d
                                          • Opcode Fuzzy Hash: cf2c071898ca9fd826eaf9e06dc61ed7d4081b11931a2f33822c5f5e4421fdfe
                                          • Instruction Fuzzy Hash: 10C0482109A2942ECB0246A46A59AD22F2BEA13A2832609CAE1428A49396950D4AD7B1
                                          Function 060917C0 Relevance: .0, Instructions: 12COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 64d2d1c68ea097ec5d48abf2af7a9aa5571b140a8283f7eba2053f712979e454
                                          • Instruction ID: 6a4b492437c896c74ad89bdc731438f4c09240144e23a6045c926073fbed6cdb
                                          • Opcode Fuzzy Hash: 64d2d1c68ea097ec5d48abf2af7a9aa5571b140a8283f7eba2053f712979e454
                                          • Instruction Fuzzy Hash: A7D0126011DBC85EEB239B740829791BFB04F23714B1908DBE6E3CA083E8801462C331
                                          Function 00BD3491 Relevance: .0, Instructions: 12COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 94a91cd5dde0de5afb9a3271cbe6af7223bd34dd82895fc5b31939d7aacd6fc7
                                          • Instruction ID: c2c6ff99620756d62086cb8b1f9a4c5137fd9cd8617d7f345233203b67d25a91
                                          • Opcode Fuzzy Hash: 94a91cd5dde0de5afb9a3271cbe6af7223bd34dd82895fc5b31939d7aacd6fc7
                                          • Instruction Fuzzy Hash: 86C08C37B000088EEE84F3F8FC510ACB359EBC4324B004832D108C7001DF3419248680
                                          Function 00BD1F78 Relevance: .0, Instructions: 12COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1c3320bbfc68dc861cb77db4358e22fe87b92e0ec70b7161135c423f1f736509
                                          • Instruction ID: bee547c120a6c0b5aa029cf4ade2cb00e486e849af5aace8ce2d98f0661dfef1
                                          • Opcode Fuzzy Hash: 1c3320bbfc68dc861cb77db4358e22fe87b92e0ec70b7161135c423f1f736509
                                          • Instruction Fuzzy Hash: A0C01235604E19DAEFC0B7FC98043AC3A69DFD5300F1000B8D944861438FA407348ABB
                                          Function 060916E0 Relevance: .0, Instructions: 11COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5ba60b15d886433336ace3638a48220f278e0a964f7f0a061fb7fd0ef4f9110f
                                          • Instruction ID: b3edc65986d2ca5c1bf6383cf65752516215fa599332fd5e91fd1b28d96fb6b1
                                          • Opcode Fuzzy Hash: 5ba60b15d886433336ace3638a48220f278e0a964f7f0a061fb7fd0ef4f9110f
                                          • Instruction Fuzzy Hash: 9FC0122080E3C4AEEB02AB7019694A53FB64E8320130A84C3E4D0C9013E9240216D720
                                          Function 0693F193 Relevance: .0, Instructions: 11COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d5611c591a6b2b60a836caecda4788e37ab7637b012b3e8d5d071cba6bd6fcab
                                          • Instruction ID: dedc2b93c705baa42a24c81ce90edb7c8edc510442dea958dd0df71ea1235364
                                          • Opcode Fuzzy Hash: d5611c591a6b2b60a836caecda4788e37ab7637b012b3e8d5d071cba6bd6fcab
                                          • Instruction Fuzzy Hash: 1DC0805570F1404FD70256719D105532F69C7C1340B1188D790445B36BD52D4C0587F1
                                          Function 0693E4F2 Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 88cd2c266280e002e58a366d247da0224dc0fc4a95c9786324f14763a9f4ef31
                                          • Instruction ID: 7948ccac8cd39a72699434d4e1698f8f14236a549e1d65a3422ebdb05a0bc108
                                          • Opcode Fuzzy Hash: 88cd2c266280e002e58a366d247da0224dc0fc4a95c9786324f14763a9f4ef31
                                          • Instruction Fuzzy Hash: 60C08C266020400FEB02D2249C00B432F82D3C8302F00809180084B2DEDA698C0782A2
                                          Function 0693F1C3 Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: abf2bbeff3065b2692d748b92d9b9ec1124f6d9962a8af13052e0aac86a1410b
                                          • Instruction ID: d500b231ae61410d944b276c9277d9f95997ff1630c312f212a890a8358a4d23
                                          • Opcode Fuzzy Hash: abf2bbeff3065b2692d748b92d9b9ec1124f6d9962a8af13052e0aac86a1410b
                                          • Instruction Fuzzy Hash: E3C09B300011099FC7007F94FC559957B7DFF547087908555E5CD0E2559E74186DCFA4
                                          Function 069360F8 Relevance: .0, Instructions: 8COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 462f806103f530d795e63e7cd30240698a3559f3884ee21002b46cc62c982ebf
                                          • Instruction ID: 76f0879cf54d7190f1c43317ec2ffdc1c7429d88b924ba49c161b4604ee2149c
                                          • Opcode Fuzzy Hash: 462f806103f530d795e63e7cd30240698a3559f3884ee21002b46cc62c982ebf
                                          • Instruction Fuzzy Hash: 7AB09237A0402899EB409A85B4423EDFB20F790225F108027C250A2400C272017887D1
                                          Function 0609A22D Relevance: .0, Instructions: 7COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8d2ac23af8483c56c0feb6e78b39439900191e012805914ab3e7f1913b6eae9f
                                          • Instruction ID: 84cba6bdcf3c601aeeabbdfaf050061f055959540a954db7b1311259c03644b9
                                          • Opcode Fuzzy Hash: 8d2ac23af8483c56c0feb6e78b39439900191e012805914ab3e7f1913b6eae9f
                                          • Instruction Fuzzy Hash: 83B092302000408BEA04DA18E240A063791D789301F5058098144AB388C679FC028B90
                                          Function 0609A258 Relevance: .0, Instructions: 7COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 408703202fe6e0f6c99d5b845edb2e7295c8e02cad2fdbc295143e687a945bba
                                          • Instruction ID: 819e78202800547f70fbbb9a4c52490435099475b6f0fc9e578a70771138da5d
                                          • Opcode Fuzzy Hash: 408703202fe6e0f6c99d5b845edb2e7295c8e02cad2fdbc295143e687a945bba
                                          • Instruction Fuzzy Hash: 1BB0123004128E9BC6047B58FC045443B2DD750305780D110B11CCA115596C2D424A88
                                          Function 06092298 Relevance: .0, Instructions: 7COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b355017c680569f53aeb35b7837278172f88eb955f793e32db798dae1bdb46dc
                                          • Instruction ID: 26df368754345ba637cfa2d5e9690a9b8f3a78a804a443ba6cd465f6c9a81434
                                          • Opcode Fuzzy Hash: b355017c680569f53aeb35b7837278172f88eb955f793e32db798dae1bdb46dc
                                          • Instruction Fuzzy Hash: D0B0123001034DCBC5007B5CFC075553B2DEA40205B404991B00C0A3156DA82D114AD9
                                          Function 0693E528 Relevance: .0, Instructions: 7COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 01aad05b5d8609bfbdcade152e3e293e15c552cb4cbc4d88e89c929c3af9a1f8
                                          • Instruction ID: 816a972b6ea973db7d001f986a0dccfcd138be8d2577f466bf79475815d9e2a8
                                          • Opcode Fuzzy Hash: 01aad05b5d8609bfbdcade152e3e293e15c552cb4cbc4d88e89c929c3af9a1f8
                                          • Instruction Fuzzy Hash: 8BB0123000430D4FC5407B5CF8085543B6EE640304740C110A10C87A1AED6828458E8C
                                          Function 0693F1C8 Relevance: .0, Instructions: 7COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 20cade46b5756931cc14c09cc400d036632b83d269ff43968196feae1bc9a113
                                          • Instruction ID: 5e79387b0085204e81ef4303686da5774c1a3f283a8360195bd6c1c5c2034217
                                          • Opcode Fuzzy Hash: 20cade46b5756931cc14c09cc400d036632b83d269ff43968196feae1bc9a113
                                          • Instruction Fuzzy Hash: 72B0123000020D4FC50077A8F805544377EEA9030C7408550A14C0A3165D7828108A98
                                          Function 06935ED0 Relevance: .0, Instructions: 7COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2312895530.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6930000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 99c5e80e5d161c6cd17717d7e90366d7df6c86bdedef1d8d57fbaaa881c347e6
                                          • Instruction ID: 1485e72821faeb6dd9078d765896f2924cff3babc4a0a417e0ffd36dedc08b16
                                          • Opcode Fuzzy Hash: 99c5e80e5d161c6cd17717d7e90366d7df6c86bdedef1d8d57fbaaa881c347e6
                                          • Instruction Fuzzy Hash: 69B092721502088F8300DB68E548C0277A8AB18A1031140A1E2048B232C621F8108A65
                                          Function 06094AAA Relevance: .0, Instructions: 6COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2311771004.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_6090000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b764fb05509f3c0c8b7f8232ff431a0ac4ca053d8257159e50c28d1c260a6d30
                                          • Instruction ID: 838d56c5166aac7b794f4c981bf8921960f95198ddeaeb30274ad2b5207f2bd4
                                          • Opcode Fuzzy Hash: b764fb05509f3c0c8b7f8232ff431a0ac4ca053d8257159e50c28d1c260a6d30
                                          • Instruction Fuzzy Hash: 4AB012305840088B8B088A40F41567DFB32D780205B000184DA0A125508A310C91CBC0
                                          Function 00BD7230 Relevance: .0, Instructions: 3COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000F.00000002.2301540847.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_15_2_bd0000_WebCompanion-Installer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 49147d9ee1919537a3012c1c485620e76e33257a9e561b2122a0aad8420c689c
                                          • Instruction ID: ace22343e0a0f529f1e90deebb005910f787290c50a5de9bb336e02f791f5935
                                          • Opcode Fuzzy Hash: 49147d9ee1919537a3012c1c485620e76e33257a9e561b2122a0aad8420c689c
                                          • Instruction Fuzzy Hash: