Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://home45insurance.blogspot.com

Overview

General Information

Sample URL:http://home45insurance.blogspot.com
Analysis ID:1574657
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
AI detected suspicious Javascript
Monitors registry run keys for changes
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Connects to several IPs in different countries
Contains capabilities to detect virtual machines
Drops PE files
Enables debug privileges
Found dropped PE file which has not been started or loaded
HTML page contains hidden javascript code
HTTP GET or POST without a user agent
Queries the volume information (name, serial number etc) of a device
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 7060 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6500 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=1792,i,3450301605649661120,10581159794932868555,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 7108 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6336 --field-trial-handle=1792,i,3450301605649661120,10581159794932868555,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • Setup.exe (PID: 7872 cmdline: "C:\Users\user\Downloads\Setup.exe" MD5: A174920F996D10D14AC12E57A3EBC5D9)
      • WebCompanion-Installer.exe (PID: 7860 cmdline: .\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN230901 --nonadmin --direct --tych --campaign=20731534003 --version=13.901.1.1179 MD5: DE5D4C055629B8240881719DB2CD097E)
    • Setup.exe (PID: 6228 cmdline: "C:\Users\user\Downloads\Setup.exe" MD5: A174920F996D10D14AC12E57A3EBC5D9)
      • WebCompanion-Installer.exe (PID: 3736 cmdline: .\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN230901 --nonadmin --direct --tych --campaign=20731534003 --version=13.901.1.1179 MD5: DE5D4C055629B8240881719DB2CD097E)
  • chrome.exe (PID: 5688 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://home45insurance.blogspot.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • Taskmgr.exe (PID: 7708 cmdline: "C:\Windows\system32\taskmgr.exe" /4 MD5: 58D5BC7895F7F32EE308E34F06F25DD5)
  • Taskmgr.exe (PID: 1228 cmdline: "C:\Windows\system32\taskmgr.exe" /4 MD5: 58D5BC7895F7F32EE308E34F06F25DD5)
  • rundll32.exe (PID: 7788 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • cleanup

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Multi AV Scanner detection for dropped file
    Source: C:\Users\user\Downloads\Unconfirmed 728685.crdownloadReversingLabs: Detection: 30%
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeReversingLabs: Detection: 20%

    Phishing

    barindex
    AI detected suspicious Javascript
    Source: 0.4.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://ald.my.id/... This script exhibits several high-risk behaviors, including redirecting users to potentially malicious domains after a delay, and modifying all links on the page to include a 'redirected' parameter. These behaviors are highly suspicious and indicate a potential phishing or malware attempt.
    Source: https://ald.my.id/HTTP Parser: Base64 decoded: ai=COPzLaCNcZ-28C4aE2fcPisPOoQLr7KrMe4Gpnf3MEmQQASCrr9iQAWDJBqAByMe18gLIAQmoAwGqBJsCT9BCM3alWZW9CZjtSvaea0cvPi3IZtHP8NSmcSm0rL1QLBtrOyGoN6fp7o7So6wGjI83a70LAmu_EmSDxHRJhrrNzxaQPAlZ2rZ4FtsCbxQ9z8eO3wiIzu5cqX9er74XE039yQn0erzTg-HchA1SfUP7vEMHgNcR8B5zyvch61U...
    Source: https://ald.my.id/HTTP Parser: No favicon
    Source: https://ald.my.id/HTTP Parser: No favicon
    Source: https://ald.my.id/HTTP Parser: No favicon
    Source: https://ald.my.id/HTTP Parser: No favicon
    Source: https://ald.my.id/HTTP Parser: No favicon
    Source: https://ald.my.id/HTTP Parser: No favicon
    Source: https://ald.my.id/HTTP Parser: No favicon
    Source: https://ald.my.id/HTTP Parser: No favicon
    Source: https://ald.my.id/HTTP Parser: No favicon
    Source: https://ald.my.id/HTTP Parser: No favicon
    Source: https://ald.my.id/HTTP Parser: No favicon
    Source: https://free.webcompanion.com/minime/?campaign=20731534003&gad_source=5&gclid=EAIaIQobChMIrp6S2tqkigMVukP2CB1fOTF2EAEYASAAEgITOvD_BwEHTTP Parser: No favicon
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\WcInstaller.log
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\71e955b6-ff35-4258-86ee-9f217e1c9a66WcInstaller.log
    Source: unknownHTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49713 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49716 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49718 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49971 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.16.148.130:443 -> 192.168.2.16:50046 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.18.26.149:443 -> 192.168.2.16:50048 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.16.148.130:443 -> 192.168.2.16:50052 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.18.26.149:443 -> 192.168.2.16:50054 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:50061 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:50062 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 13.107.4.254:443 -> 192.168.2.16:50063 version: TLS 1.2

    Networking

    barindex
    Yara detected Generic Downloader
    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exe, type: DROPPED
    Source: unknownNetwork traffic detected: IP country count 10
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: geo.lavasoft.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: geo.lavasoft.comConnection: Keep-Alive
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
    Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
    Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
    Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
    Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
    Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
    Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
    Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
    Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
    Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
    Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
    Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
    Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
    Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
    Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
    Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
    Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
    Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
    Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
    Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: home45insurance.blogspot.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: geo.lavasoft.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: geo.lavasoft.comConnection: Keep-Alive
    Source: global trafficDNS traffic detected: DNS query: home45insurance.blogspot.com
    Source: global trafficDNS traffic detected: DNS query: www.google.com
    Source: global trafficDNS traffic detected: DNS query: ald.my.id
    Source: global trafficDNS traffic detected: DNS query: blogger.googleusercontent.com
    Source: global trafficDNS traffic detected: DNS query: s10.histats.com
    Source: global trafficDNS traffic detected: DNS query: cdn.rawgit.com
    Source: global trafficDNS traffic detected: DNS query: googleads.g.doubleclick.net
    Source: global trafficDNS traffic detected: DNS query: s4.histats.com
    Source: global trafficDNS traffic detected: DNS query: e.dtscout.com
    Source: global trafficDNS traffic detected: DNS query: pxdrop.lijit.com
    Source: global trafficDNS traffic detected: DNS query: t.dtscout.com
    Source: global trafficDNS traffic detected: DNS query: pd.sharethis.com
    Source: global trafficDNS traffic detected: DNS query: cdn.tynt.com
    Source: global trafficDNS traffic detected: DNS query: p.dtsan.net
    Source: global trafficDNS traffic detected: DNS query: tags.crwdcntrl.net
    Source: global trafficDNS traffic detected: DNS query: t.dtscdn.com
    Source: global trafficDNS traffic detected: DNS query: pixel.onaudience.com
    Source: global trafficDNS traffic detected: DNS query: ic.tynt.com
    Source: global trafficDNS traffic detected: DNS query: de.tynt.com
    Source: global trafficDNS traffic detected: DNS query: cdn.jsdelivr.net
    Source: global trafficDNS traffic detected: DNS query: fundingchoicesmessages.google.com
    Source: global trafficDNS traffic detected: DNS query: s0.2mdn.net
    Source: global trafficDNS traffic detected: DNS query: t.sharethis.com
    Source: global trafficDNS traffic detected: DNS query: i.simpli.fi
    Source: global trafficDNS traffic detected: DNS query: ps.eyeota.net
    Source: global trafficDNS traffic detected: DNS query: cm.g.doubleclick.net
    Source: global trafficDNS traffic detected: DNS query: dsum-sec.casalemedia.com
    Source: global trafficDNS traffic detected: DNS query: ib.adnxs.com
    Source: global trafficDNS traffic detected: DNS query: ad.doubleclick.net
    Source: global trafficDNS traffic detected: DNS query: match.adsrvr.org
    Source: global trafficDNS traffic detected: DNS query: idsync.rlcdn.com
    Source: global trafficDNS traffic detected: DNS query: ml314.com
    Source: global trafficDNS traffic detected: DNS query: sync.sharethis.com
    Source: global trafficDNS traffic detected: DNS query: cdn.somplo.com
    Source: global trafficDNS traffic detected: DNS query: adserve.somplo.com
    Source: global trafficDNS traffic detected: DNS query: video.somplo.com
    Source: global trafficDNS traffic detected: DNS query: free.webcompanion.com
    Source: global trafficDNS traffic detected: DNS query: pippio.com
    Source: global trafficDNS traffic detected: DNS query: d.turn.com
    Source: global trafficDNS traffic detected: DNS query: px.ads.linkedin.com
    Source: global trafficDNS traffic detected: DNS query: aqfer.lijit.com
    Source: global trafficDNS traffic detected: DNS query: bcp.crwdcntrl.net
    Source: global trafficDNS traffic detected: DNS query: idpix.media6degrees.com
    Source: global trafficDNS traffic detected: DNS query: track2.securedvisit.com
    Source: global trafficDNS traffic detected: DNS query: i.liadm.com
    Source: global trafficDNS traffic detected: DNS query: thrtle.com
    Source: global trafficDNS traffic detected: DNS query: api.intentiq.com
    Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
    Source: global trafficDNS traffic detected: DNS query: a.dtsan.net
    Source: global trafficDNS traffic detected: DNS query: cdn.cookielaw.org
    Source: global trafficDNS traffic detected: DNS query: td.doubleclick.net
    Source: global trafficDNS traffic detected: DNS query: cloud.webcompanion.com
    Source: global trafficDNS traffic detected: DNS query: www.clarity.ms
    Source: global trafficDNS traffic detected: DNS query: geolocation.onetrust.com
    Source: global trafficDNS traffic detected: DNS query: z.clarity.ms
    Source: global trafficDNS traffic detected: DNS query: publickeyservice.aws.privacysandboxservices.com
    Source: global trafficDNS traffic detected: DNS query: c.clarity.ms
    Source: global trafficDNS traffic detected: DNS query: privacyportal-eu.onetrust.com
    Source: global trafficDNS traffic detected: DNS query: webcompanion.com
    Source: global trafficDNS traffic detected: DNS query: geo.lavasoft.com
    Source: global trafficDNS traffic detected: DNS query: featureflags.lavasoft.com
    Source: global trafficDNS traffic detected: DNS query: flwadw.com
    Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
    Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
    Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
    Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
    Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
    Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
    Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
    Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
    Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
    Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
    Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
    Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
    Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
    Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
    Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
    Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
    Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
    Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
    Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
    Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
    Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
    Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
    Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
    Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
    Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
    Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
    Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
    Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
    Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
    Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
    Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
    Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
    Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49683 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
    Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
    Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
    Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50061
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50063
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50062
    Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50065
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50064
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50067
    Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
    Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
    Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
    Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
    Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
    Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50048
    Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
    Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50065 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
    Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
    Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
    Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
    Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50064 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49960 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
    Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
    Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
    Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49993 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
    Source: unknownHTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49713 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49716 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49718 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49971 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.16.148.130:443 -> 192.168.2.16:50046 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.18.26.149:443 -> 192.168.2.16:50048 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.16.148.130:443 -> 192.168.2.16:50052 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.18.26.149:443 -> 192.168.2.16:50054 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:50061 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:50062 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 13.107.4.254:443 -> 192.168.2.16:50063 version: TLS 1.2
    Source: classification engineClassification label: mal60.troj.win@45/26@218/815
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeMutant created: NULL
    Source: C:\Windows\System32\Taskmgr.exeMutant created: \Sessions\1\BaseNamedObjects\Local\TM.750ce7b0-e5fd-454f-9fad-2f66513dfa1b
    Source: C:\Users\user\Downloads\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF
    Source: C:\Windows\System32\Taskmgr.exeFile read: C:\Users\desktop.ini
    Source: C:\Users\user\Downloads\Setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
    Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=1792,i,3450301605649661120,10581159794932868555,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://home45insurance.blogspot.com"
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=1792,i,3450301605649661120,10581159794932868555,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6336 --field-trial-handle=1792,i,3450301605649661120,10581159794932868555,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6336 --field-trial-handle=1792,i,3450301605649661120,10581159794932868555,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\Downloads\Setup.exe "C:\Users\user\Downloads\Setup.exe"
    Source: C:\Users\user\Downloads\Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exe .\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN230901 --nonadmin --direct --tych --campaign=20731534003 --version=13.901.1.1179
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\Downloads\Setup.exe "C:\Users\user\Downloads\Setup.exe"
    Source: C:\Users\user\Downloads\Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exe .\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN230901 --nonadmin --direct --tych --campaign=20731534003 --version=13.901.1.1179
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\Downloads\Setup.exe "C:\Users\user\Downloads\Setup.exe"
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\Downloads\Setup.exe "C:\Users\user\Downloads\Setup.exe"
    Source: C:\Users\user\Downloads\Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exe .\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN230901 --nonadmin --direct --tych --campaign=20731534003 --version=13.901.1.1179
    Source: C:\Users\user\Downloads\Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exe .\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN230901 --nonadmin --direct --tych --campaign=20731534003 --version=13.901.1.1179
    Source: unknownProcess created: C:\Windows\System32\Taskmgr.exe
    Source: unknownProcess created: C:\Windows\System32\Taskmgr.exe "C:\Windows\system32\taskmgr.exe" /4
    Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: apphelp.dll
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: acgenral.dll
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: uxtheme.dll
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: winmm.dll
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: samcli.dll
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: msacm32.dll
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: version.dll
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: userenv.dll
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: dwmapi.dll
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: urlmon.dll
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: mpr.dll
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: sspicli.dll
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: winmmbase.dll
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: winmmbase.dll
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: iertutil.dll
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: srvcli.dll
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: netutils.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: mscoree.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: kernel.appcore.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: version.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: uxtheme.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: cryptsp.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: rsaenh.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: cryptbase.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: dwrite.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: msvcp140_clr0400.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: windows.storage.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: wldp.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: profapi.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: httpapi.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: mswsock.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: dnsapi.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: iphlpapi.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: rasadhlp.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: fwpuclnt.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: ntmarta.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: rasapi32.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: rasman.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: rtutils.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: winhttp.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: ondemandconnroutehelper.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: dhcpcsvc6.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: dhcpcsvc.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: winnsi.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: secur32.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: sspicli.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: schannel.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: mskeyprotect.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: ntasn1.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: ncrypt.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: ncryptsslp.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: msasn1.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: gpapi.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: wbemcomn.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: amsi.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeSection loaded: userenv.dll
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: apphelp.dll
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: acgenral.dll
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: uxtheme.dll
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: winmm.dll
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: samcli.dll
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: msacm32.dll
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: version.dll
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: userenv.dll
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: dwmapi.dll
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: urlmon.dll
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: mpr.dll
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: sspicli.dll
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: winmmbase.dll
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: winmmbase.dll
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: iertutil.dll
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: srvcli.dll
    Source: C:\Users\user\Downloads\Setup.exeSection loaded: netutils.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: mscoree.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: kernel.appcore.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: version.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: uxtheme.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: cryptsp.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: rsaenh.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: cryptbase.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: dwrite.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: msvcp140_clr0400.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: windows.storage.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: wldp.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: profapi.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: httpapi.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: mswsock.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: dnsapi.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: iphlpapi.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: rasadhlp.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: fwpuclnt.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: rasapi32.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: rasman.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: rtutils.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: winhttp.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: ondemandconnroutehelper.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: dhcpcsvc6.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: dhcpcsvc.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: winnsi.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: secur32.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: sspicli.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: schannel.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: mskeyprotect.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: ntasn1.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: ncrypt.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: ncryptsslp.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: msasn1.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: gpapi.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: wbemcomn.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: amsi.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeSection loaded: userenv.dll
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
    Source: C:\Windows\System32\Taskmgr.exeWindow found: window name: SysTabControl32
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
    Source: C:\Users\user\Downloads\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\de-DE\WebCompanion-Installer.resources.dllJump to dropped file
    Source: C:\Users\user\Downloads\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\ja-JP\WebCompanion-Installer.resources.dllJump to dropped file
    Source: C:\Users\user\Downloads\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeJump to dropped file
    Source: C:\Users\user\Downloads\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\ICSharpCode.SharpZipLib.dllJump to dropped file
    Source: C:\Users\user\Downloads\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\pt-BR\WebCompanion-Installer.resources.dllJump to dropped file
    Source: C:\Users\user\Downloads\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\ru-RU\WebCompanion-Installer.resources.dllJump to dropped file
    Source: C:\Users\user\Downloads\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS4587B09F\es-ES\WebCompanion-Installer.resources.dllJump to dropped file
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\a9e2446c-cae3-4959-8370-55ef2aa8c300.tmpJump to dropped file
    Source: C:\Users\user\Downloads\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\en-US\WebCompanion-Installer.resources.dllJump to dropped file
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\Unconfirmed 728685.crdownloadJump to dropped file
    Source: C:\Users\user\Downloads\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\fr-CA\WebCompanion-Installer.resources.dllJump to dropped file
    Source: C:\Users\user\Downloads\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\zh-CHS\WebCompanion-Installer.resources.dllJump to dropped file
    Source: C:\Users\user\Downloads\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Users\user\Downloads\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS4587B09F\tr-TR\WebCompanion-Installer.resources.dllJump to dropped file
    Source: C:\Users\user\Downloads\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\it-IT\WebCompanion-Installer.resources.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\WcInstaller.log
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\71e955b6-ff35-4258-86ee-9f217e1c9a66WcInstaller.log

    Boot Survival

    barindex
    Monitors registry run keys for changes
    Source: C:\Windows\System32\Taskmgr.exeRegistry key monitored: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Source: C:\Windows\System32\Taskmgr.exeRegistry key monitored: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
    Source: C:\Windows\System32\Taskmgr.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeMemory allocated: 2540000 memory reserve | memory write watch
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeMemory allocated: 2760000 memory reserve | memory write watch
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeMemory allocated: 2540000 memory reserve | memory write watch
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeMemory allocated: 1500000 memory reserve | memory write watch
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeMemory allocated: 2ED0000 memory reserve | memory write watch
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeMemory allocated: 4ED0000 memory reserve | memory write watch
    Source: C:\Windows\System32\Taskmgr.exeFile opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
    Source: C:\Users\user\Downloads\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\ja-JP\WebCompanion-Installer.resources.dllJump to dropped file
    Source: C:\Users\user\Downloads\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\de-DE\WebCompanion-Installer.resources.dllJump to dropped file
    Source: C:\Users\user\Downloads\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\ICSharpCode.SharpZipLib.dllJump to dropped file
    Source: C:\Users\user\Downloads\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\pt-BR\WebCompanion-Installer.resources.dllJump to dropped file
    Source: C:\Users\user\Downloads\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\ru-RU\WebCompanion-Installer.resources.dllJump to dropped file
    Source: C:\Users\user\Downloads\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS4587B09F\es-ES\WebCompanion-Installer.resources.dllJump to dropped file
    Source: C:\Users\user\Downloads\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\en-US\WebCompanion-Installer.resources.dllJump to dropped file
    Source: C:\Users\user\Downloads\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\fr-CA\WebCompanion-Installer.resources.dllJump to dropped file
    Source: C:\Users\user\Downloads\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\zh-CHS\WebCompanion-Installer.resources.dllJump to dropped file
    Source: C:\Users\user\Downloads\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Users\user\Downloads\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS4587B09F\tr-TR\WebCompanion-Installer.resources.dllJump to dropped file
    Source: C:\Users\user\Downloads\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\it-IT\WebCompanion-Installer.resources.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess information queried: ProcessInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeProcess token adjusted: Debug
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeProcess token adjusted: Debug
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeMemory allocated: page read and write | page guard
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exe VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\Newtonsoft.Json.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exe VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS4587B09F\Newtonsoft.Json.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\en-US\WebCompanion-Installer.resources.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS4587B09F\WebCompanion-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS4587B09F\en-US\WebCompanion-Installer.resources.dll VolumeInformation
    Source: C:\Windows\System32\Taskmgr.exeQueries volume information: C:\ProgramData\Microsoft\User Account Pictures\user.png VolumeInformation
    Source: C:\Windows\System32\Taskmgr.exeQueries volume information: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Assets\SmallLogo.scale-100.png VolumeInformation
    Source: C:\Windows\System32\Taskmgr.exeQueries volume information: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\AppListIcon.scale-100.png VolumeInformation
    Source: C:\Windows\System32\Taskmgr.exeQueries volume information: C:\Windows\System32\RuntimeBroker.exe VolumeInformation
    Source: C:\Windows\System32\Taskmgr.exeQueries volume information: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\AppListIcon.scale-100.png VolumeInformation
    Source: C:\Windows\System32\Taskmgr.exeQueries volume information: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Assets\SmallLogo.scale-100.png VolumeInformation
    Source: C:\Windows\System32\Taskmgr.exeQueries volume information: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Assets\SquareLogo44x44.scale-100.png VolumeInformation
    Source: C:\Windows\System32\Taskmgr.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\StoreAppList.scale-100.png VolumeInformation
    Source: C:\Windows\System32\Taskmgr.exeQueries volume information: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Assets\SquareLogo44x44.scale-100.png VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
    Browser Extensions    		1
    Process Injection    		1
    Masquerading    		OS Credential Dumping1
    Query Registry    		Remote ServicesData from Local System2
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/Job1
    Registry Run Keys / Startup Folder    		1
    Registry Run Keys / Startup Folder    		2
    Virtualization/Sandbox Evasion    		LSASS Memory11
    Security Software Discovery    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAt1
    DLL Side-Loading    		1
    DLL Side-Loading    		1
    Disable or Modify Tools    		Security Account Manager2
    Virtualization/Sandbox Evasion    		SMB/Windows Admin SharesData from Network Shared Drive2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
    Process Injection    		NTDS1
    Process Discovery    		Distributed Component Object ModelInput Capture3
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    Rundll32    		LSA Secrets1
    File and Directory Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain Credentials12
    System Information Discovery    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    http://home45insurance.blogspot.com0%Avira URL Cloudsafe

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\Downloads\Unconfirmed 728685.crdownload30%ReversingLabsWin32.PUA.Generic
    C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\ICSharpCode.SharpZipLib.dll4%ReversingLabs
    C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\Newtonsoft.Json.dll4%ReversingLabs
    C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exe21%ReversingLabsWin32.PUA.Generic
    C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\de-DE\WebCompanion-Installer.resources.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\en-US\WebCompanion-Installer.resources.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\fr-CA\WebCompanion-Installer.resources.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\it-IT\WebCompanion-Installer.resources.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\ja-JP\WebCompanion-Installer.resources.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\pt-BR\WebCompanion-Installer.resources.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\ru-RU\WebCompanion-Installer.resources.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\zh-CHS\WebCompanion-Installer.resources.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\7zS4587B09F\es-ES\WebCompanion-Installer.resources.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\7zS4587B09F\tr-TR\WebCompanion-Installer.resources.dll0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    http://home45insurance.blogspot.com/0%Avira URL Cloudsafe
    http://geo.lavasoft.com/0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    jsdelivr.map.fastly.net
    		151.101.1.229
    		truefalse
      		high
      cl-7ae93ad2.gcdn.co
      		92.223.55.62
      		truefalse
        		unknown
        a.dtsan.net
        		172.67.167.79
        		truefalse
          		high
          d-ams1.turn.com
          		46.228.164.13
          		truefalse
            		high
            httplogserver-lb.global.unified-prod.sharethis.net
            		18.194.154.81
            		truefalse
              		unknown
              api.intentiq.com
              		18.66.161.108
              		truefalse
                		unknown
                s4.histats.com
                		149.56.240.132
                		truefalse
                  		high
                  cdnjs.cloudflare.com
                  		104.17.24.14
                  		truefalse
                    		high
                    cm.g.doubleclick.net
                    		172.217.19.226
                    		truefalse
                      		high
                      idaas-ext.cph.liveintent.com
                      		54.80.88.99
                      		truefalse
                        		high
                        privacyportal-eu.onetrust.com
                        		104.18.32.137
                        		truefalse
                          		high
                          www.google.com
                          		142.250.181.132
                          		truefalse
                            		high
                            ald.my.id
                            		108.165.135.90
                            		truetrue
                              		unknown
                              p.dtsan.net
                              		172.67.167.79
                              		truefalse
                                		high
                                bcp.crwdcntrl.net
                                		13.228.52.238
                                		truefalse
                                  		high
                                  match.adsrvr.org
                                  		52.223.40.198
                                  		truefalse
                                    		high
                                    publickeyservice.msmt-1.aws.privacysandboxservices.com
                                    		13.227.8.118
                                    		truefalse
                                      		unknown
                                      t.dtscout.com
                                      		141.101.120.11
                                      		truefalse
                                        		high
                                        pixel.onaudience.com
                                        		148.113.153.94
                                        		truefalse
                                          		high
                                          bg.microsoft.map.fastly.net
                                          		199.232.214.172
                                          		truefalse
                                            		high
                                            googleads.g.doubleclick.net
                                            		142.250.181.66
                                            		truefalse
                                              		high
                                              www3.l.google.com
                                              		172.217.19.238
                                              		truefalse
                                                		high
                                                td.doubleclick.net
                                                		172.217.19.226
                                                		truefalse
                                                  		high
                                                  ml314.com
                                                  		34.117.77.79
                                                  		truefalse
                                                    		high
                                                    googlehosted.l.googleusercontent.com
                                                    		142.250.181.65
                                                    		truefalse
                                                      		high
                                                      s0.2mdn.net
                                                      		172.217.17.38
                                                      		truefalse
                                                        		high
                                                        cdn.cookielaw.org
                                                        		104.18.87.42
                                                        		truefalse
                                                          		high
                                                          geo.lavasoft.com
                                                          		104.16.148.130
                                                          		truefalse
                                                            		unknown
                                                            featureflags.lavasoft.com
                                                            		104.16.148.130
                                                            		truefalse
                                                              		unknown
                                                              de.tynt.com
                                                              		67.202.105.34
                                                              		truefalse
                                                                		high
                                                                s-part-0035.t-0009.t-msedge.net
                                                                		13.107.246.63
                                                                		truefalse
                                                                  		high
                                                                  ps.eyeota.net
                                                                  		3.122.214.165
                                                                  		truefalse
                                                                    		high
                                                                    idsync.rlcdn.com
                                                                    		35.244.154.8
                                                                    		truefalse
                                                                      		high
                                                                      i.simpli.fi
                                                                      		35.204.89.238
                                                                      		truefalse
                                                                        		high
                                                                        thrtle.com
                                                                        		54.225.117.250
                                                                        		truefalse
                                                                          		high
                                                                          pippio.com
                                                                          		107.178.254.65
                                                                          		truefalse
                                                                            		high
                                                                            a.nel.cloudflare.com
                                                                            		35.190.80.1
                                                                            		truefalse
                                                                              		high
                                                                              flwadw.com
                                                                              		104.18.26.149
                                                                              		truefalse
                                                                                		unknown
                                                                                blogspot.l.googleusercontent.com
                                                                                		172.217.19.193
                                                                                		truefalse
                                                                                  		unknown
                                                                                  ad.doubleclick.net
                                                                                  		172.217.17.70
                                                                                  		truefalse
                                                                                    		high
                                                                                    rawgitcdn.b-cdn.net
                                                                                    		89.35.237.170
                                                                                    		truefalse
                                                                                      		unknown
                                                                                      webcompanion.com
                                                                                      		104.19.208.152
                                                                                      		truefalse
                                                                                        		high
                                                                                        track2.securedvisit.com
                                                                                        		54.84.23.94
                                                                                        		truefalse
                                                                                          		unknown
                                                                                          tags.crwdcntrl.net
                                                                                          		108.158.75.83
                                                                                          		truefalse
                                                                                            		high
                                                                                            dsum-sec.casalemedia.com
                                                                                            		104.18.27.193
                                                                                            		truefalse
                                                                                              		high
                                                                                              thirdparty-logserver-lb.global.unified-prod.sharethis.net
                                                                                              		18.196.145.126
                                                                                              		truefalse
                                                                                                		unknown
                                                                                                t.dtscdn.com
                                                                                                		104.26.13.60
                                                                                                		truefalse
                                                                                                  		high
                                                                                                  e.dtscout.com
                                                                                                  		141.101.120.11
                                                                                                  		truefalse
                                                                                                    		high
                                                                                                    ic.tynt.com
                                                                                                    		67.202.105.34
                                                                                                    		truefalse
                                                                                                      		high
                                                                                                      free.webcompanion.com
                                                                                                      		45.63.66.114
                                                                                                      		truefalse
                                                                                                        		unknown
                                                                                                        ib.anycast.adnxs.com
                                                                                                        		37.252.171.85
                                                                                                        		truefalse
                                                                                                          		high
                                                                                                          geolocation.onetrust.com
                                                                                                          		172.64.155.119
                                                                                                          		truefalse
                                                                                                            		high
                                                                                                            home45insurance.blogspot.com
                                                                                                            		unknown
                                                                                                            		unknownfalse
                                                                                                              		unknown
                                                                                                              idpix.media6degrees.com
                                                                                                              		unknown
                                                                                                              		unknownfalse
                                                                                                                		high
                                                                                                                publickeyservice.aws.privacysandboxservices.com
                                                                                                                		unknown
                                                                                                                		unknownfalse
                                                                                                                  		unknown
                                                                                                                  z.clarity.ms
                                                                                                                  		unknown
                                                                                                                  		unknownfalse
                                                                                                                    		high
                                                                                                                    cdn.somplo.com
                                                                                                                    		unknown
                                                                                                                    		unknownfalse
                                                                                                                      		unknown
                                                                                                                      cloud.webcompanion.com
                                                                                                                      		unknown
                                                                                                                      		unknownfalse
                                                                                                                        		high
                                                                                                                        c.clarity.ms
                                                                                                                        		unknown
                                                                                                                        		unknownfalse
                                                                                                                          		high
                                                                                                                          px.ads.linkedin.com
                                                                                                                          		unknown
                                                                                                                          		unknownfalse
                                                                                                                            		high
                                                                                                                            d.turn.com
                                                                                                                            		unknown
                                                                                                                            		unknownfalse
                                                                                                                              		high
                                                                                                                              sync.sharethis.com
                                                                                                                              		unknown
                                                                                                                              		unknownfalse
                                                                                                                                		high
                                                                                                                                cdn.jsdelivr.net
                                                                                                                                		unknown
                                                                                                                                		unknownfalse
                                                                                                                                  		high
                                                                                                                                  t.sharethis.com
                                                                                                                                  		unknown
                                                                                                                                  		unknownfalse
                                                                                                                                    		high
                                                                                                                                    video.somplo.com
                                                                                                                                    		unknown
                                                                                                                                    		unknownfalse
                                                                                                                                      		unknown
                                                                                                                                      fundingchoicesmessages.google.com
                                                                                                                                      		unknown
                                                                                                                                      		unknownfalse
                                                                                                                                        		high
                                                                                                                                        aqfer.lijit.com
                                                                                                                                        		unknown
                                                                                                                                        		unknownfalse
                                                                                                                                          		high
                                                                                                                                          cdn.tynt.com
                                                                                                                                          		unknown
                                                                                                                                          		unknownfalse
                                                                                                                                            		unknown
                                                                                                                                            s10.histats.com
                                                                                                                                            		unknown
                                                                                                                                            		unknownfalse
                                                                                                                                              		unknown
                                                                                                                                              adserve.somplo.com
                                                                                                                                              		unknown
                                                                                                                                              		unknownfalse
                                                                                                                                                		unknown
                                                                                                                                                www.clarity.ms
                                                                                                                                                		unknown
                                                                                                                                                		unknownfalse
                                                                                                                                                  		high
                                                                                                                                                  cdn.rawgit.com
                                                                                                                                                  		unknown
                                                                                                                                                  		unknownfalse
                                                                                                                                                    		unknown
                                                                                                                                                    i.liadm.com
                                                                                                                                                    		unknown
                                                                                                                                                    		unknownfalse
                                                                                                                                                      		high
                                                                                                                                                      pxdrop.lijit.com
                                                                                                                                                      		unknown
                                                                                                                                                      		unknownfalse
                                                                                                                                                        		high
                                                                                                                                                        ib.adnxs.com
                                                                                                                                                        		unknown
                                                                                                                                                        		unknownfalse
                                                                                                                                                          		high
                                                                                                                                                          pd.sharethis.com
                                                                                                                                                          		unknown
                                                                                                                                                          		unknownfalse
                                                                                                                                                            		unknown
                                                                                                                                                            blogger.googleusercontent.com
                                                                                                                                                            		unknown
                                                                                                                                                            		unknownfalse
                                                                                                                                                              		high

                                                                                                                                                              Contacted URLs

                                                                                                                                                              NameMaliciousAntivirus DetectionReputation
                                                                                                                                                              https://ald.my.id/true
                                                                                                                                                                		unknown
                                                                                                                                                                http://geo.lavasoft.com/false
                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                		unknown
                                                                                                                                                                http://home45insurance.blogspot.com/false
                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                		unknown
                                                                                                                                                                https://free.webcompanion.com/minime/?campaign=20731534003&gad_source=5&gclid=EAIaIQobChMIrp6S2tqkigMVukP2CB1fOTF2EAEYASAAEgITOvD_BwEfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://free.webcompanion.com/minime/thank-you.phpfalse
                                                                                                                                                                    		unknown

                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                    Public IPs

                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                    172.217.19.228
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    172.217.19.226
                                                                                                                                                                    		cm.g.doubleclick.netUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    149.56.240.132
                                                                                                                                                                    		s4.histats.comCanada
                                                                                                                                                                    		16276OVHFRfalse
                                                                                                                                                                    172.217.17.66
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    52.29.88.124
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                    54.84.23.94
                                                                                                                                                                    		track2.securedvisit.comUnited States
                                                                                                                                                                    		14618AMAZON-AESUSfalse
                                                                                                                                                                    142.250.181.130
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    35.244.154.8
                                                                                                                                                                    		idsync.rlcdn.comUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    2.20.68.97
                                                                                                                                                                    		unknownEuropean Union
                                                                                                                                                                    		37457Telkom-InternetZAfalse
                                                                                                                                                                    142.250.181.132
                                                                                                                                                                    		www.google.comUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    64.233.164.84
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    35.234.162.151
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    104.18.32.137
                                                                                                                                                                    		privacyportal-eu.onetrust.comUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    172.217.19.194
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    172.217.19.193
                                                                                                                                                                    		blogspot.l.googleusercontent.comUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    35.190.80.1
                                                                                                                                                                    		a.nel.cloudflare.comUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    172.67.74.186
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    104.18.26.149
                                                                                                                                                                    		flwadw.comUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    34.117.77.79
                                                                                                                                                                    		ml314.comUnited States
                                                                                                                                                                    		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                    172.217.17.38
                                                                                                                                                                    		s0.2mdn.netUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    104.18.87.42
                                                                                                                                                                    		cdn.cookielaw.orgUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    1.1.1.1
                                                                                                                                                                    		unknownAustralia
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    104.18.12.146
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    172.217.17.78
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    13.107.21.237
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                    172.217.17.33
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    172.217.17.35
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    148.113.153.94
                                                                                                                                                                    		pixel.onaudience.comUnited States
                                                                                                                                                                    		396982GOOGLE-PRIVATE-CLOUDUSfalse
                                                                                                                                                                    216.58.208.232
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    13.107.42.14
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                    172.64.155.119
                                                                                                                                                                    		geolocation.onetrust.comUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    3.121.27.153
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                    107.178.254.65
                                                                                                                                                                    		pippio.comUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    20.48.202.165
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                    172.67.167.79
                                                                                                                                                                    		a.dtsan.netUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    108.158.75.83
                                                                                                                                                                    		tags.crwdcntrl.netUnited States
                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                    239.255.255.250
                                                                                                                                                                    		unknownReserved
                                                                                                                                                                    		unknownunknownfalse
                                                                                                                                                                    52.223.40.198
                                                                                                                                                                    		match.adsrvr.orgUnited States
                                                                                                                                                                    		8987AMAZONEXPANSIONGBfalse
                                                                                                                                                                    104.16.148.130
                                                                                                                                                                    		geo.lavasoft.comUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    172.217.17.70
                                                                                                                                                                    		ad.doubleclick.netUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    37.252.171.85
                                                                                                                                                                    		ib.anycast.adnxs.comEuropean Union
                                                                                                                                                                    		29990ASN-APPNEXUSfalse
                                                                                                                                                                    104.17.25.14
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    172.217.19.206
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    141.101.120.11
                                                                                                                                                                    		t.dtscout.comEuropean Union
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    13.107.246.63
                                                                                                                                                                    		s-part-0035.t-0009.t-msedge.netUnited States
                                                                                                                                                                    		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                    141.101.120.10
                                                                                                                                                                    		unknownEuropean Union
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    2.20.68.70
                                                                                                                                                                    		unknownEuropean Union
                                                                                                                                                                    		37457Telkom-InternetZAfalse
                                                                                                                                                                    104.18.41.39
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    54.225.117.250
                                                                                                                                                                    		thrtle.comUnited States
                                                                                                                                                                    		14618AMAZON-AESUSfalse
                                                                                                                                                                    2.20.68.75
                                                                                                                                                                    		unknownEuropean Union
                                                                                                                                                                    		37457Telkom-InternetZAfalse
                                                                                                                                                                    172.217.19.202
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    18.196.145.126
                                                                                                                                                                    		thirdparty-logserver-lb.global.unified-prod.sharethis.netUnited States
                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                    104.18.13.146
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    46.228.164.13
                                                                                                                                                                    		d-ams1.turn.comUnited Kingdom
                                                                                                                                                                    		56396TURNGBfalse
                                                                                                                                                                    104.20.2.69
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    185.89.210.180
                                                                                                                                                                    		unknownGermany
                                                                                                                                                                    		29990ASN-APPNEXUSfalse
                                                                                                                                                                    104.19.208.152
                                                                                                                                                                    		webcompanion.comUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    172.217.21.33
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    13.74.129.1
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                    104.26.13.60
                                                                                                                                                                    		t.dtscdn.comUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    67.202.105.33
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		32748STEADFASTUSfalse
                                                                                                                                                                    172.217.21.34
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    199.232.214.172
                                                                                                                                                                    		bg.microsoft.map.fastly.netUnited States
                                                                                                                                                                    		54113FASTLYUSfalse
                                                                                                                                                                    67.202.105.32
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		32748STEADFASTUSfalse
                                                                                                                                                                    92.223.55.62
                                                                                                                                                                    		cl-7ae93ad2.gcdn.coAustria
                                                                                                                                                                    		199524GCOREATfalse
                                                                                                                                                                    142.250.181.66
                                                                                                                                                                    		googleads.g.doubleclick.netUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    18.66.161.108
                                                                                                                                                                    		api.intentiq.comUnited States
                                                                                                                                                                    		3MIT-GATEWAYSUSfalse
                                                                                                                                                                    172.217.17.42
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    108.165.135.90
                                                                                                                                                                    		ald.my.idUnited States
                                                                                                                                                                    		11798ACEDATACENTERS-AS-1UStrue
                                                                                                                                                                    142.250.181.65
                                                                                                                                                                    		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    89.35.237.170
                                                                                                                                                                    		rawgitcdn.b-cdn.netRomania
                                                                                                                                                                    		34304TEENTELECOMROfalse
                                                                                                                                                                    3.122.214.165
                                                                                                                                                                    		ps.eyeota.netUnited States
                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                    151.101.1.229
                                                                                                                                                                    		jsdelivr.map.fastly.netUnited States
                                                                                                                                                                    		54113FASTLYUSfalse
                                                                                                                                                                    104.17.24.14
                                                                                                                                                                    		cdnjs.cloudflare.comUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    104.18.27.193
                                                                                                                                                                    		dsum-sec.casalemedia.comUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    172.217.19.238
                                                                                                                                                                    		www3.l.google.comUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    35.204.89.238
                                                                                                                                                                    		i.simpli.fiUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    13.227.8.118
                                                                                                                                                                    		publickeyservice.msmt-1.aws.privacysandboxservices.comUnited States
                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                    13.228.52.238
                                                                                                                                                                    		bcp.crwdcntrl.netUnited States
                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                    67.202.105.34
                                                                                                                                                                    		de.tynt.comUnited States
                                                                                                                                                                    		32748STEADFASTUSfalse
                                                                                                                                                                    2.20.68.83
                                                                                                                                                                    		unknownEuropean Union
                                                                                                                                                                    		37457Telkom-InternetZAfalse
                                                                                                                                                                    151.101.65.229
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		54113FASTLYUSfalse
                                                                                                                                                                    172.217.19.2
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    104.18.26.193
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    54.80.88.99
                                                                                                                                                                    		idaas-ext.cph.liveintent.comUnited States
                                                                                                                                                                    		14618AMAZON-AESUSfalse
                                                                                                                                                                    20.10.16.51
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                    172.217.19.234
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    18.194.154.81
                                                                                                                                                                    		httplogserver-lb.global.unified-prod.sharethis.netUnited States
                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                    172.217.19.162
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    45.63.66.114
                                                                                                                                                                    		free.webcompanion.comUnited States
                                                                                                                                                                    		20473AS-CHOOPAUSfalse
                                                                                                                                                                    142.250.181.99
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    104.18.86.42
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    104.20.3.69
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse

                                                                                                                                                                    Private

                                                                                                                                                                    IP
                                                                                                                                                                    192.168.2.16

                                                                                                                                                                    General Information

                                                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                    Analysis ID:1574657
                                                                                                                                                                    Start date and time:2024-12-13 13:06:10 +01:00
                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                    Overall analysis duration:
                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                    Report type:full
                                                                                                                                                                    Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                                                                    Sample URL:http://home45insurance.blogspot.com
                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                    Number of analysed new started processes analysed:23
                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                    Number of injected processes analysed:1
                                                                                                                                                                    Technologies:
                                                                                                                                                                    • EGA enabled
                                                                                                                                                                    Analysis Mode:stream
                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                    Detection:MAL
                                                                                                                                                                    Classification:mal60.troj.win@45/26@218/815

                                                                                                                                                                    Warnings

                                                                                                                                                                    • Exclude process from analysis (whitelisted): svchost.exe
                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 64.233.164.84, 142.250.181.99, 172.217.17.78
                                                                                                                                                                    • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, redirector.gvt1.com, clientservices.googleapis.com, clients.l.google.com
                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                    • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                    • Report size getting too big, too many NtOpenKey calls found.
                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                    • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                    • VT rate limit hit for: http://home45insurance.blogspot.com

                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                    File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):71954
                                                                                                                                                                    Entropy (8bit):7.996617769952133
                                                                                                                                                                    Encrypted:true
                                                                                                                                                                    SSDEEP:
                                                                                                                                                                    MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                                                                                                                    SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                                                                                                                    SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                                                                                                                    SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                    Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                                                                                                                                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):328
                                                                                                                                                                    Entropy (8bit):3.2539954282295116
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:
                                                                                                                                                                    MD5:F20FDF2736B0F11804F1335F8A7E773A
                                                                                                                                                                    SHA1:8FAEE5FA4667FF9B06BD6953EEF3AB8BBFA95902
                                                                                                                                                                    SHA-256:296E1A5CEA3A2B4240DB596F870EDF614720721C3C0BEC073DA6E38C8B0C5AD0
                                                                                                                                                                    SHA-512:453912AD2CF595D497124DA6DBD61DF3DE543D6942E004A6E0C161FFF5DEBBF14FDAC777415B14826B7685576AA9C224E3FA00B0A91FC767A04143B2BB949143
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                    Preview:p...... ..........5.WM..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                                                                                                                                    C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Windows\System32\Taskmgr.exe
                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                    Category:modified
                                                                                                                                                                    Size (bytes):4
                                                                                                                                                                    Entropy (8bit):1.5
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:
                                                                                                                                                                    MD5:F49655F856ACB8884CC0ACE29216F511
                                                                                                                                                                    SHA1:CB0F1F87EC0455EC349AAA950C600475AC7B7B6B
                                                                                                                                                                    SHA-256:7852FCE59C67DDF1D6B8B997EAA1ADFAC004A9F3A91C37295DE9223674011FBA
                                                                                                                                                                    SHA-512:599E93D25B174524495ED29653052B3590133096404873318F05FD68F4C9A5C9A3B30574551141FBB73D7329D6BE342699A17F3AE84554BAB784776DFDA2D5F8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                    Preview:EERF

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\ICSharpCode.SharpZipLib.dll

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Downloads\Setup.exe
                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):213656
                                                                                                                                                                    Entropy (8bit):5.759044472260774
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:
                                                                                                                                                                    MD5:03CF44FC9C6EF06AE8E507C07C3DB4DD
                                                                                                                                                                    SHA1:F56CADD14AF43CCCBAC9BF95D7431E47CF4BA898
                                                                                                                                                                    SHA-256:1ECB705291BC7252287A478EDCA727BF79FCC1B292C016F68CBB6A4A1A782935
                                                                                                                                                                    SHA-512:FB71D3145B317BEC52E40094378D82FD4D901C60C4F82267D9ABE0F7B4C5C6AF238894541FB5F4F34D73042EC1740FB8610790E24A488170136ABA4629FD8BB5
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Antivirus:
                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......S...........!......... ........... ........@.. .......................@......WM....@.................................d...W........................2... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\Newtonsoft.Json.dll

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Downloads\Setup.exe
                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):438424
                                                                                                                                                                    Entropy (8bit):6.098832901883364
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:
                                                                                                                                                                    MD5:A69B22C0654C4F0B1A68543B563941AD
                                                                                                                                                                    SHA1:8619F1221FCBFE3C92095365EE754F9A32567915
                                                                                                                                                                    SHA-256:37F3B53D32E8397662FD4168271DED189D3D6DC7DF843C9A0E8ACF289C8219CB
                                                                                                                                                                    SHA-512:2D56B878E2DEF63A173169EAC266616333B3FB4CAD6D45FC2D430F0AB9BE2D98938C3B190DD8B6CD17CDD1D42ED8509077557A759847A2A621F742B978A84E67
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Antivirus:
                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....L.R...........!.....t............... ........... ...............................Q....@.....................................K.......8............~...2..........x................................................ ............... ..H............text....s... ...t.................. ..`.rsrc...8............v..............@..@.reloc...............|..............@..B........................H.......h...................X...P ......................................yK.N...f....i5.#I..xV. ..%BR..^.....t0"..z.%./.G'.j....{...2...k)w...'>.c..P..X.......n...h....E...ex..X/H].R.e.{..;&.-.'....{....*"..}....*V.(x.....(......}....*2.{....oy...*2.{....oz...*B..(....&..(....*...0...........oo........YE....}...............}...n...............n.......I...I...I...I...3...I...X...8D....t......{.....or...o{....ow.....+U..o|.....{.....o....oo...o}.....o....o....t.....o....o..

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exe

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Downloads\Setup.exe
                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):439448
                                                                                                                                                                    Entropy (8bit):6.42930699816344
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:
                                                                                                                                                                    MD5:DE5D4C055629B8240881719DB2CD097E
                                                                                                                                                                    SHA1:77D5C4B193F067C173F949BB0D7615849A08CAA0
                                                                                                                                                                    SHA-256:D422BE02BB07FD4B31FFF3DDDC209E40E5BD3F4A6BFD72C5C796D3B1902DF4F3
                                                                                                                                                                    SHA-512:1530400DBF32B4B4CDBB8410DF6A1C602079B02384287E21B1194510F5F5740A8C779B4442C498ABACA985F270ED481087B6562210AFA58138938BF28E1298AB
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Yara Hits:
                                                                                                                                                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exe, Author: Joe Security
                                                                                                                                                                    Antivirus:
                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.f.....................t......^*... ...@....@.. ....................................@..................................*..S....@...q...............2...........(............................................... ............... ..H............text...d.... ...................... ..`.rsrc....q...@...r..................@..@.reloc..............................@..B................@*......H.......X...x.......~....j...9............................................~....}.....(......sw...}......(....}....*.r...p*z.(....r'..p.{....(......(....*....0..j..........{....r...pox...,.(.....+.(......r...p(......(......r...p.{....o....o.......(........sI........o......z*..........UU......N.(....r...p..(....*.r...p.....*..{....*"..}....*.rA..p*.rS..p*.(....oV...*f.~....}.....(......(....*.ro..p*N.(....r...p..(....*.0..i.......~......(....(!...,.r...p.+..(.......(m.....(...+

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exe.config

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Downloads\Setup.exe
                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):2273
                                                                                                                                                                    Entropy (8bit):5.067536367343473
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:
                                                                                                                                                                    MD5:3FB403E0C3164B126AB32B015E2D7CE4
                                                                                                                                                                    SHA1:C4A1F309C142A184A6418A54A3E5C29CAED4B0AC
                                                                                                                                                                    SHA-256:C5DF2E0C37EC827247F1F00CD303A90DC2D35AD49300B1C89904A65B8203349F
                                                                                                                                                                    SHA-512:F502149DEC13EA9219E171E11E5BAB0C62EFC6CA2F5E9FCB20C076EC0D2DD371E78C3FF050AD2C0F8A9EA45ADCC78FF37442DC4CD8E579F98BA5D205D4F12611
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ProdSettings" type="System.Configuration.NameValueSectionHandler"/>.. <section name="StagingSettings" type="System.Configuration.NameValueSectionHandler"/>.. </configSections>.. <ProdSettings>.. <add key="Installer" value="https://wcdownloadercdn.lavasoft.com/13.1.1.1179/WebCompanionInstaller-13.1.1.1179-prod.exe"/>.. <add key="WebProtectionZip" value="https://rt.webcompanion.com/notifications/download/rt/dci/latest/Webprotection.zip"/>.. <add key="InstallerZip" value="http://wcdownloadercdn.lavasoft.com/13.1.1.1179/WebCompanion-13.1.1.1179-prod.zip"/>.. <add key="WebInstallerZip" value="http://wcdownloadercdn.lavasoft.com/13.1.1.1179/webinstaller-13.1.1.1179-prod.zip"/>.. </ProdSettings>.. <StagingSettings>.. <add key="Installer" value="https://wcdownloader-qa.lavasoft.com/13.1.1.1179/WebCompanionInstaller-13.1.1.1179-internal.exe"/>.. <add key="WebProtectionZip" va

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\de-DE\WebCompanion-Installer.resources.dll

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Downloads\Setup.exe
                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):6656
                                                                                                                                                                    Entropy (8bit):4.427534145711148
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:
                                                                                                                                                                    MD5:2B158D1F77B6FB00182F4E51880C9B5E
                                                                                                                                                                    SHA1:9462CAB29373DF6DBA657A0521B2D1BC110C96E9
                                                                                                                                                                    SHA-256:5BC2C3B991B39EAE05630CABDA2E88AF306C14A92993824095CF97F4D421F7A2
                                                                                                                                                                    SHA-512:4041AEC90D190C6D341D0076E74803BD13C226F40B4D0BF32206193756C33581811E13624B8F23D6B1D24A487EE4E4E7AB1465FC3282C55A7E77F8439B24624E
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Antivirus:
                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.f...........!.................1... ...@....... ....................................@..................................0..O....@.......................`....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................1......H.......h-..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....".......PADPADP......n.....V ...].......}.E(/....xv.|.-..X:..o.....V..................v...1.D|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq............g...i...............!.......z...............5...v.......K....... .......3...<...

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\en-US\WebCompanion-Installer.resources.dll

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Downloads\Setup.exe
                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):6144
                                                                                                                                                                    Entropy (8bit):4.339294309762595
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:
                                                                                                                                                                    MD5:1ED68BE22523B4A7920A2F111325FEF7
                                                                                                                                                                    SHA1:65726C9E3A36801D52A205F32038E4B64D117A19
                                                                                                                                                                    SHA-256:7C2E4121915A0C54BD10B3D6343DC59DC544CF7DC58F358A6B85557A2A9F70F1
                                                                                                                                                                    SHA-512:26015886C3455154827F2EAEC1323DF01EB08DC53FA7BD22ADB6A93123755DFB0C74723195587DB7F618DFE9633B181D30F3D422522FA26E2E384A6B9C7B7710
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Antivirus:
                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.f...........!................N/... ...@....... ....................................@................................../..K....@.......................`....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................0/......H........+..d...........P ..I...........................................E..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet.... .......PADPADP......n.....V ...].......}.E(/....xv.|.-..X:..o.....V..............v.D|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq........\.......i.......t...............z...O...L...<...5...*.......................E...........L...

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\fr-CA\WebCompanion-Installer.resources.dll

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Downloads\Setup.exe
                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):6656
                                                                                                                                                                    Entropy (8bit):4.4176722582847505
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:
                                                                                                                                                                    MD5:D23BF3C535A319D064EAF1F3F3118F74
                                                                                                                                                                    SHA1:5DC768B7F167BB5D2CF56A96F92DC85C154E4CC4
                                                                                                                                                                    SHA-256:E43E53DB993BD8A201CF1DE5C37CB506B2FA4A1605001980AD6BF86AD7CB81E6
                                                                                                                                                                    SHA-512:20ADFF2612924F35BBB2D8BC5C8D16417C5AE7E67C12F2746130C372B401CE64D98B34DE53877034F92B225AA0E4A06E75006F9F23BBEFC7CB349F982B49BF37
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Antivirus:
                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.f...........!.................0... ...@....... ....................................@..................................0..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................0......H.......8-..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....".......PADPADP......n.....V ...].......}.E(/....xv.|.-..X:..o.....V..................v...1.D|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq............g...i...............!.......z...............5...v.......K....... .......3...<...

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\it-IT\WebCompanion-Installer.resources.dll

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Downloads\Setup.exe
                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):5632
                                                                                                                                                                    Entropy (8bit):4.060923121600365
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:
                                                                                                                                                                    MD5:383770F745B3B4D0E219134FA3872904
                                                                                                                                                                    SHA1:00E17F78BE917CB1006071B30872069DB8A731EE
                                                                                                                                                                    SHA-256:0B35BB8F794B6ED9487F8B1DD7B09DC08E44F0246FF53B1E9B0F5B1B734DECF7
                                                                                                                                                                    SHA-512:FE8DF419CAC17BD8CE3308961401B982160DF6D08E0084436E7BEA8903AED093C50C7054FF559AAB961E421392D566D1B9853636ACD521AF49627A2C3AC739C7
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Antivirus:
                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.f...........!................n,... ...@....... ....................................@..................................,..W....@.......................`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P,......H........(..d...........P ..`...........................................\..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP........V ...].......}....xv.|.-..X:.....V..................v...1.D|-...."..&#Uv=.9.W.F.^:1;j........a.......J...'...........(...............p.......E...........{...........b.......B...O............B.T.N._.C.L.O.S.E......

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\ja-JP\WebCompanion-Installer.resources.dll

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Downloads\Setup.exe
                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):5632
                                                                                                                                                                    Entropy (8bit):4.698650425604893
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:
                                                                                                                                                                    MD5:3CDDC69B08D26BBB7AC57774E25EE787
                                                                                                                                                                    SHA1:47AFAA19DA44566C5AE535FE87FFDF3746EFD37B
                                                                                                                                                                    SHA-256:A91F77FD2D0C536D051DC5581B6BD63A9091C3C4FA39C6DAAFD33DB0E8CA2B84
                                                                                                                                                                    SHA-512:C68FE5E5D2E42C170A1B4E9070B6231A05A332C386B59553A66A54BAC3ACE4E1A5853142C30B757FD3DF1DE5B948AD20E9E4E6FEAE51A895F7A16966AF1C3A46
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Antivirus:
                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.f...........!.................-... ...@....... ....................................@..................................-..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H....... *..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP........V ...].......}....xv.|.-..X:.....V..................v...1.D|-...."..&.9.W.F.^:1;j........a.......)...............(...............O.......$...........{.......j...b...B...O............B.T.N._.C.L.O.S.E......B.T.N._.

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\pt-BR\WebCompanion-Installer.resources.dll

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Downloads\Setup.exe
                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):6656
                                                                                                                                                                    Entropy (8bit):4.274418145266816
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:
                                                                                                                                                                    MD5:71AD33192C870E4B723BE07E930F249F
                                                                                                                                                                    SHA1:E2CECA4F80EAE7D390E776B66BEE82E46BFF70BD
                                                                                                                                                                    SHA-256:088C23879FA3B97E3C81B0D1A2670A0DF92627B70E49AA8D940ABF8F3FBF9A1D
                                                                                                                                                                    SHA-512:0F58F5EAE4AF161AE21D71E4260D41520866346F65991288EB935BD42E3F59A1D115466A1B212837EABE3249A99CAE86B1DB8833F649288F58F7B8FE0ED726CD
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Antivirus:
                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.f...........!.................0... ...@....... ....................................@................................../..K....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................0......H.......|,..d...........P ..,...........................................(..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....".......PADPADP......n.....V ...].......}.E(/....xv.|.-..X:..o.....V..................v...1.D|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq............g...i...............!.......z...............5...v.......K....... .......3...<...

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\ru-RU\WebCompanion-Installer.resources.dll

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Downloads\Setup.exe
                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):7680
                                                                                                                                                                    Entropy (8bit):4.607663123611976
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:
                                                                                                                                                                    MD5:C88BBF07B2B7EDC5205DBF5F1539CD3F
                                                                                                                                                                    SHA1:728FAA3D69420CEC22C6D935DD4253F394F8747A
                                                                                                                                                                    SHA-256:FDE9FBACA962F4346D48276305DEFE1D38FB9703E9AE86582E7633530E0FE00F
                                                                                                                                                                    SHA-512:4A35EACA34925EC5A50366CD4B83A50EC53A4B02EA6A50C5BB3A11F57B2E97421BCD50174AFB8C12ABE1930DFC13B24BA2A9BF9172BF4E79B3D199FAA9D934B3
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Antivirus:
                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.f...........!.................3... ...@....... ....................................@..................................3..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................3......H.......L0..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....".......PADPADP......n.....V ...].......}.E(/....xv.|.-..X:..o.....V..................v...1.D|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq............g...i...............!.......z...............5...v.......K....... .......3...<...

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\zh-CHS\WebCompanion-Installer.resources.dll

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Downloads\Setup.exe
                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):5120
                                                                                                                                                                    Entropy (8bit):4.581448579704757
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:
                                                                                                                                                                    MD5:21206CA26B282772375850A90D1B9CFB
                                                                                                                                                                    SHA1:1AA00CE33486E229B2AC77B2067662084D4E9F34
                                                                                                                                                                    SHA-256:9224AA7D56FF2C03387AB85BE48F04E4A76D16B2CFFCC34E9DFD150759DBFCAB
                                                                                                                                                                    SHA-512:A54081239D1B024595DAB27150DC3385A45F70ADD0C661A39A9DA068B5D651D8F99A391FF4A636B78CC739018F08D795E64A7ED3873F23F2084343B7C9A7CE91
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Antivirus:
                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.f...........!.................+... ...@....... ....................................@.................................t+..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........(..h...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP........V ...].......}....xv.|.-..X:.....V..................v...1.D|-...."..&.9.W.F.^:1;j........a.......)...............(...............O.......$...........{.......j...b...B...O............B.T.N._.C.L.O.S.E......B.T.N._.

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\7zS4587B09F\es-ES\WebCompanion-Installer.resources.dll

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Downloads\Setup.exe
                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):6656
                                                                                                                                                                    Entropy (8bit):4.320693627423164
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:
                                                                                                                                                                    MD5:0CBCEA3167E1F9F44CD23E144295437B
                                                                                                                                                                    SHA1:71F60B549FF3AD80CA9D2DE0DF6E3527575D6BB3
                                                                                                                                                                    SHA-256:9535AF311BC06A9C2DBF7E30220FA45A0CCC3F16A29A997C8BCE0D81AB7631E8
                                                                                                                                                                    SHA-512:7518081D19B1F891F0B67C13AB6331893C2639B774AC34D449EB8F9E8CEC5D9E497087C61D8B95BB29A5C3C947F59E5E12ABD80C51149A61CD95F07DE0E5D7ED
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Antivirus:
                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.f...........!.................0... ...@....... ....................................@.................................<0..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p0......H........,..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....".......PADPADP......n.....V ...].......}.E(/....xv.|.-..X:..o.....V..................v...1.D|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq............g...i...............!.......z...............5...v.......K....... .......3...<...

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\7zS4587B09F\tr-TR\WebCompanion-Installer.resources.dll

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Downloads\Setup.exe
                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):5632
                                                                                                                                                                    Entropy (8bit):4.208367971344699
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:
                                                                                                                                                                    MD5:84F2A4C9AA4C44A675AB0919107886E3
                                                                                                                                                                    SHA1:46371BB7C0B265AB8A08432D03F1DB320D0CE38F
                                                                                                                                                                    SHA-256:DCA31BB1BCB195719D993995A865AB66A6225B0314CE12E44A6C0F6459A5FA08
                                                                                                                                                                    SHA-512:0F5FC1368C4E17CABE0872F27D3DA7C046F139983D775DFFD21C9189AB6E63E8A1E05D79DC4C3CB2666C13CCD5D5DA523714FF9CAD1829B17A5F9E2DDD59114D
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Antivirus:
                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.f...........!.................,... ...@....... ....................................@.................................<,..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p,......H........(..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP........V ...].......}....xv.|.-..X:.....V..................v...1.D|-...."..&.9.W.F.^:1;j........a.......)...............(...............O.......$...........{.......j...b...B...O............B.T.N._.C.L.O.S.E......B.T.N._.

                                                                                                                                                                    C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Options\Statistics.txt

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\7zS0CE2A3BF\WebCompanion-Installer.exe
                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):56
                                                                                                                                                                    Entropy (8bit):4.338804369244614
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:
                                                                                                                                                                    MD5:40831AA8F0B617B21DB11233C9742969
                                                                                                                                                                    SHA1:0E85B8C6B32F5CB8393526C2BC9D6AB28BEB7A40
                                                                                                                                                                    SHA-256:587669462880F0C3EE5678D66747363FFCA2FE9C40A96D156D7512D546559CDD
                                                                                                                                                                    SHA-512:796B979FAFF76BEA49B6E362FC62BC9E654964F9B22259CC139FDDB884EF4750895D7784A0D691CC359E2EBAC79ADE88CDB29A595BD22CA7E8D51269647F51B4
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                    Preview:{ "install_id" : "76a69f81-806d-4d87-a55d-245dbaa5ba56"}

                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 13 11:06:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):2673
                                                                                                                                                                    Entropy (8bit):3.988157507498855
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:
                                                                                                                                                                    MD5:E45B6C9630ABE1BA567ADEBE0BF28960
                                                                                                                                                                    SHA1:CA0DF95336FB6AFFB9C4ACE029D1AD52AE81408C
                                                                                                                                                                    SHA-256:16D7397CAF91BC9C53D6EED1713FFE2AE0DE470879DDDB5539CC4ECC2A0B36D7
                                                                                                                                                                    SHA-512:3A7471576AAD8852CEB51CE98974BA4E5B8059F0A0918A51FBF8F631BFB404610A0847C76FB452957966EF2BDBEDE88A6B4AA3A634768BD2EAF8E69D095F9251
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                    Preview:L..................F.@.. ...$+.,......yWM..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.`....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.`....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.`....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.`..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.`...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Z..+.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 13 11:06:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):2675
                                                                                                                                                                    Entropy (8bit):4.005086630952564
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:
                                                                                                                                                                    MD5:C1A86B5B30768B4BB0AA8BE0EC45108F
                                                                                                                                                                    SHA1:5C3D7F1BEEA983458CE109E43CA4530E8A75A50D
                                                                                                                                                                    SHA-256:2E0E603BC18965C10D823128556A1D60DD1CFCD0E5CD95239EE022E56FCBF797
                                                                                                                                                                    SHA-512:DFEBE4BAEDFFBE746E39A67624C0EB28D60E632DF98712FF8BBAFFE5A2FF3B1EB6F8072990C7EC739247D3748E2A070D87BF001A069F706313D1BC0B9E955F81
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                    Preview:L..................F.@.. ...$+.,......yWM..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.`....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.`....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.`....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.`..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.`...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Z..+.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):2689
                                                                                                                                                                    Entropy (8bit):4.01217199924605
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:
                                                                                                                                                                    MD5:18F73091FB9D8103A13C159FFEB47C6F
                                                                                                                                                                    SHA1:DAA7DDE7ADB944D15E650CF743475426D3F52A17
                                                                                                                                                                    SHA-256:BD5DDD9D5540CE77BA7DBB62FC20C6B8D4AD11D3D4618B0F4A9899E47D3C7936
                                                                                                                                                                    SHA-512:FD5D8C3DFEA14686099BB10A34B51D89F0E7047534F81F7FB2C6B2EAD9DAAA96B25BBD52C0D3E4FC5CEDC2BE7EAF315E92AF48BB52A07293A00D3233E071BAEB
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                    Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.`....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.`....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.`....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.`..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Z..+.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 13 11:06:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):2677
                                                                                                                                                                    Entropy (8bit):4.001348239790998
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:
                                                                                                                                                                    MD5:D8EC45D222A7DCEB76D0AFB66ACB06DA
                                                                                                                                                                    SHA1:AF136CA86D3CCACA3194424D8B62BE667DD7C3D8
                                                                                                                                                                    SHA-256:9449E24D976C0F817428BA15A717B2EE3C4198ECD38CEBFF24FAB8892CD3740F
                                                                                                                                                                    SHA-512:FA540B94C0C3ADA4B9B9327C34C069000218B1B4E434D2C6FA86F8196941B621C3E24B7EEF1B7D9515048B9693F047C52225862C8E5667529D5C139A77DA4BE5
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                    Preview:L..................F.@.. ...$+.,....g.yWM..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.`....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.`....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.`....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.`..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.`...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Z..+.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 13 11:06:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):2677
                                                                                                                                                                    Entropy (8bit):3.9904602791463453
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:
                                                                                                                                                                    MD5:D254E4AF7359432B210981976E34E3B5
                                                                                                                                                                    SHA1:861BDDD6015B1FA083572980A08842C21D0D8BAC
                                                                                                                                                                    SHA-256:B692F12B64C6395452B4ED96F0A7B42F6753A41C1C4E83B87398C4A3C41E2272
                                                                                                                                                                    SHA-512:01FC8503E5ABCB6843F731A749BC1E000F19F61A50FDF5EF9B73317FD6E4C6C9FFBE87BD09727FB511A14D13B7D93601F0FB26798E48932F8B16B399F17A573C
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                    Preview:L..................F.@.. ...$+.,.......yWM..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.`....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.`....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.`....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.`..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.`...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Z..+.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 13 11:06:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):2679
                                                                                                                                                                    Entropy (8bit):3.999902466146265
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:
                                                                                                                                                                    MD5:09D135BF2CCAA76CA1F4E6491F7136A7
                                                                                                                                                                    SHA1:1B52A748A5BC3ECF22BA3F845885192D830237F1
                                                                                                                                                                    SHA-256:9D978C8B2A5503B27A0D93335A171DA859D0130D54EE69AE6AF0C5A682A9F141
                                                                                                                                                                    SHA-512:A8B0E32DBA016674ECA6F120ABB192DC07F2D7AC2FE733935CC7505E6D3911148EB4EEA18B335D31C5025093DE3A58CA565831302ECACAB7E6DD8E022CE20569
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                    Preview:L..................F.@.. ...$+.,....N..yWM..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.`....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.`....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.`....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.`..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.`...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Z..+.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                    C:\Users\user\Downloads\Setup.exe (copy)

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):0
                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:
                                                                                                                                                                    MD5:A174920F996D10D14AC12E57A3EBC5D9
                                                                                                                                                                    SHA1:6C365DF1A747EEFF3EEE39B8DB49C15F834DE82E
                                                                                                                                                                    SHA-256:EDF40E55F1BFE16ED9B1339C2D07CACE96DF156776F20B17F91A05C9532B5309
                                                                                                                                                                    SHA-512:29000C0EC313E7CFBBFCDF176CCBD4D227A3AB186CBF81203C85C665C5F375A21AC5380E83277D8175C68C87D60F058600E790A4D799F7EC3ADCAB3069C9ADB9
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W..s...s...s..c}...s..Yy...s..w,...s...r./.s..w....s..Yx...s.......s.......s.Zyu...s.Rich..s.................PE..L.....M........../..................H............@.............................................................................d....p...q...............2...........................................................................................text............................... ..`.rdata...D.......F..................@..@.data...hZ.......2..................@....sxdata......`......................@....rsrc....q...p...r..................@..@........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                    C:\Users\user\Downloads\Unconfirmed 728685.crdownload

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):545416
                                                                                                                                                                    Entropy (8bit):7.653932942486877
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:
                                                                                                                                                                    MD5:A174920F996D10D14AC12E57A3EBC5D9
                                                                                                                                                                    SHA1:6C365DF1A747EEFF3EEE39B8DB49C15F834DE82E
                                                                                                                                                                    SHA-256:EDF40E55F1BFE16ED9B1339C2D07CACE96DF156776F20B17F91A05C9532B5309
                                                                                                                                                                    SHA-512:29000C0EC313E7CFBBFCDF176CCBD4D227A3AB186CBF81203C85C665C5F375A21AC5380E83277D8175C68C87D60F058600E790A4D799F7EC3ADCAB3069C9ADB9
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Antivirus:
                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 30%
                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W..s...s...s..c}...s..Yy...s..w,...s...r./.s..w....s..Yx...s.......s.......s.Zyu...s.Rich..s.................PE..L.....M........../..................H............@.............................................................................d....p...q...............2...........................................................................................text............................... ..`.rdata...D.......F..................@..@.data...hZ.......2..................@....sxdata......`......................@....rsrc....q...p...r..................@..@........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                    C:\Users\user\Downloads\a9e2446c-cae3-4959-8370-55ef2aa8c300.tmp

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4996
                                                                                                                                                                    Entropy (8bit):5.633799388906732
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:
                                                                                                                                                                    MD5:DD5A93841595F11BE887C3A83E115689
                                                                                                                                                                    SHA1:A861BEDD13072C05300485BC28A442B2A22C51B9
                                                                                                                                                                    SHA-256:C8D6DA5B4C89A7DA05E44CBAF11D02EAD4F631C49835890CF1A4CD142E542B7E
                                                                                                                                                                    SHA-512:7F8943D2CD903A5C5ACBB990BE267A833F7ACE91A65ACC2993EEAA8F10897E6EC1C9F4F400633B27243D4039471216F654B536380B2A5C98E382011A4B5B3044
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W..s...s...s..c}...s..Yy...s..w,...s...r./.s..w....s..Yx...s.......s.......s.Zyu...s.Rich..s.................PE..L.....M........../..................H............@.............................................................................d....p...q...............2...........................................................................................text............................... ..`.rdata...D.......F..................@..@.data...hZ.......2..................@....sxdata......`......................@....rsrc....q...p...r..................@..@........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                    Static File Info

                                                                                                                                                                    No static file info