Edit tour

Windows Analysis Report
Setup (3).exe.zip

Overview

General Information

Sample name:	Setup (3).exe.zip
Analysis ID:	1579107
MD5:	2dd24cb963b3719816ad9f5f1d230cd4
SHA1:	6dd11df6cd6bab4969dfc33b49b98a7b3dc7bb9a
SHA256:	4a5c3e536399a074b7f182acc4c33c4839d9fba651a5e40228f9aee09bcefa55
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for dropped file

Yara detected Generic Downloader

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains long sleeps (>= 3 min)

Drops PE files

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

HTTP GET or POST without a user agent

May sleep (evasive loops) to hinder dynamic analysis

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Suricata IDS alerts with low severity for network traffic

Classification

Process Tree

System is w10x64_ra

rundll32.exe (PID: 4048 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)

Setup (3).exe (PID: 6460 cmdline: "C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe" MD5: A174920F996D10D14AC12E57A3EBC5D9)

WebCompanion-Installer.exe (PID: 6828 cmdline: .\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN230901 --nonadmin --direct --tych --campaign=20731534003 --version=13.901.1.1179 MD5: DE5D4C055629B8240881719DB2CD097E)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-20T20:47:48.536165+0100	2803305	3	Unknown Traffic	192.168.2.16	49708	104.16.149.130	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe

ReversingLabs: Detection: 20%

Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe

File created: C:\Users\user\AppData\Local\Temp\WcInstaller.log

Source: unknown	HTTPS traffic detected: 104.16.148.130:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.26.149:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.149.130:443 -> 192.168.2.16:49732 version: TLS 1.2

Networking

Yara detected Generic Downloader

Source: Yara match

File source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe, type: DROPPED

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: geo.lavasoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: geo.lavasoft.com

Source: Network traffic

Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.16:49708 -> 104.16.149.130:80

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: geo.lavasoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: geo.lavasoft.com

Source: global traffic	DNS traffic detected: DNS query: geo.lavasoft.com
Source: global traffic	DNS traffic detected: DNS query: featureflags.lavasoft.com
Source: global traffic	DNS traffic detected: DNS query: flwadw.com
Source: global traffic	DNS traffic detected: DNS query: wcdownloadercdn.lavasoft.com

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443

Source: unknown	HTTPS traffic detected: 104.16.148.130:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.26.149:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.149.130:443 -> 192.168.2.16:49732 version: TLS 1.2

Source: classification engine

Classification label: mal52.troj.winZIP@4/16@4/34

Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe

File created: C:\Users\user\AppData\Roaming\Lavasoft

Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe

File created: C:\Users\user\AppData\Local\Temp\7zSC399B81D

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe "C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe"
Source: C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe	Process created: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe .\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN230901 --nonadmin --direct --tych --campaign=20731534003 --version=13.901.1.1179
Source: C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe	Process created: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe .\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN230901 --nonadmin --direct --tych --campaign=20731534003 --version=13.901.1.1179

Source: C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: msvcp140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: httpapi.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: rasman.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: d3d9.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: dataexchange.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: dxcore.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: msctfui.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Section loaded: d3dcompiler_47.dll

Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Source: C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe	File created: C:\Users\user\AppData\Local\Temp\7zSC399B81D\ru-RU\WebCompanion-Installer.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe	File created: C:\Users\user\AppData\Local\Temp\7zSC399B81D\zh-CHS\WebCompanion-Installer.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe	File created: C:\Users\user\AppData\Local\Temp\7zSC399B81D\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe	File created: C:\Users\user\AppData\Local\Temp\7zSC399B81D\es-ES\WebCompanion-Installer.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe	File created: C:\Users\user\AppData\Local\Temp\7zSC399B81D\fr-CA\WebCompanion-Installer.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe	File created: C:\Users\user\AppData\Local\Temp\7zSC399B81D\en-US\WebCompanion-Installer.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe	File created: C:\Users\user\AppData\Local\Temp\7zSC399B81D\ICSharpCode.SharpZipLib.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe	File created: C:\Users\user\AppData\Local\Temp\7zSC399B81D\tr-TR\WebCompanion-Installer.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe	File created: C:\Users\user\AppData\Local\Temp\7zSC399B81D\it-IT\WebCompanion-Installer.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe	File created: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe	File created: C:\Users\user\AppData\Local\Temp\7zSC399B81D\pt-BR\WebCompanion-Installer.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe	File created: C:\Users\user\AppData\Local\Temp\7zSC399B81D\de-DE\WebCompanion-Installer.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe	File created: C:\Users\user\AppData\Local\Temp\7zSC399B81D\ja-JP\WebCompanion-Installer.resources.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe

File created: C:\Users\user\AppData\Local\Temp\WcInstaller.log

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Memory allocated: C80000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Memory allocated: 2780000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Memory allocated: C80000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 600000
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 599888
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 599776
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 599664
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 599553
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 599441
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 599313
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 599201
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 599090
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 598979
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 598867
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 598755
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 598643
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 598515
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 598403
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 598291
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 598179
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 598067
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 597955
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 597827
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 597716
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 597604
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 597492
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 597380
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 597268
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 597140
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 597028
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 596916
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 596804
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 596692
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 596580
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 596452
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 596341
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 596229
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 596117
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 596005
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 595893
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 595765
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 595654
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 595542
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 595430
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 595318
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 595206
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 595078
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 594966
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 594855
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 594743
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 594631
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 594519

Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe

Window / User API: threadDelayed 1996

Source: C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC399B81D\ru-RU\WebCompanion-Installer.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC399B81D\zh-CHS\WebCompanion-Installer.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC399B81D\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC399B81D\es-ES\WebCompanion-Installer.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC399B81D\fr-CA\WebCompanion-Installer.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC399B81D\en-US\WebCompanion-Installer.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC399B81D\ICSharpCode.SharpZipLib.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC399B81D\tr-TR\WebCompanion-Installer.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC399B81D\it-IT\WebCompanion-Installer.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC399B81D\pt-BR\WebCompanion-Installer.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC399B81D\de-DE\WebCompanion-Installer.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC399B81D\ja-JP\WebCompanion-Installer.resources.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -600000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -599888s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -599776s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -599664s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -599553s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -599441s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -599313s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -599201s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -599090s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -598979s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -598867s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -598755s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -598643s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -598515s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -598403s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -598291s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -598179s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -598067s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -597955s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -597827s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -597716s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -597604s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -597492s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -597380s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -597268s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -597140s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -597028s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -596916s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -596804s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -596692s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -596580s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -596452s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -596341s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -596229s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -596117s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -596005s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -595893s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -595765s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -595654s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -595542s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -595430s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -595318s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -595206s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -595078s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -594966s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -594855s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -594743s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -594631s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe TID: 1608	Thread sleep time: -594519s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem

Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 600000
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 599888
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 599776
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 599664
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 599553
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 599441
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 599313
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 599201
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 599090
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 598979
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 598867
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 598755
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 598643
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 598515
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 598403
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 598291
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 598179
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 598067
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 597955
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 597827
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 597716
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 597604
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 597492
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 597380
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 597268
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 597140
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 597028
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 596916
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 596804
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 596692
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 596580
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 596452
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 596341
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 596229
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 596117
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 596005
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 595893
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 595765
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 595654
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 595542
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 595430
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 595318
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 595206
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 595078
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 594966
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 594855
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 594743
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 594631
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Thread delayed: delay time: 594519

Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe

Process information queried: ProcessInformation

Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe

Memory allocated: page read and write | page guard

Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\7zSC399B81D\Newtonsoft.Json.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\7zSC399B81D\en-US\WebCompanion-Installer.resources.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXmlLinq\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXmlLinq.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\7zSC399B81D\ICSharpCode.SharpZipLib.dll VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	1 Masquerading	OS Credential Dumping	12 Security Software Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Disable or Modify Tools	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	41 Virtualization/Sandbox Evasion	Security Account Manager	41 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	3 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Rundll32	LSA Secrets	22 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\7zSC399B81D\ICSharpCode.SharpZipLib.dll	4%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7zSC399B81D\Newtonsoft.Json.dll	4%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe	21%	ReversingLabs	Win32.PUA.Generic
C:\Users\user\AppData\Local\Temp\7zSC399B81D\de-DE\WebCompanion-Installer.resources.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7zSC399B81D\en-US\WebCompanion-Installer.resources.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7zSC399B81D\es-ES\WebCompanion-Installer.resources.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7zSC399B81D\fr-CA\WebCompanion-Installer.resources.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7zSC399B81D\it-IT\WebCompanion-Installer.resources.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7zSC399B81D\ja-JP\WebCompanion-Installer.resources.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7zSC399B81D\pt-BR\WebCompanion-Installer.resources.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7zSC399B81D\ru-RU\WebCompanion-Installer.resources.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7zSC399B81D\tr-TR\WebCompanion-Installer.resources.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7zSC399B81D\zh-CHS\WebCompanion-Installer.resources.dll	0%	ReversingLabs

Name	IP	Active	Malicious	Reputation
geo.lavasoft.com	104.16.149.130	true	false	unknown
wcdownloadercdn.lavasoft.com	104.16.149.130	true	false	high
featureflags.lavasoft.com	104.16.148.130	true	false	unknown
flwadw.com	104.18.26.149	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://geo.lavasoft.com/	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.16.149.130	geo.lavasoft.com	United States	13335	CLOUDFLARENETUS	false
104.16.148.130	featureflags.lavasoft.com	United States	13335	CLOUDFLARENETUS	false
104.18.26.149	flwadw.com	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1579107
Start date and time:	2024-12-20 20:46:23 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	Setup (3).exe.zip
Detection:	MAL
Classification:	mal52.troj.winZIP@4/16@4/34
Cookbook Comments:	Found application associated with file extension: .zip

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
VT rate limit hit for: Setup (3).exe.zip

Created / dropped Files

C:\Users\user\AppData\Local\Temp\7zSC399B81D\ICSharpCode.SharpZipLib.dll

Download File

Process:	C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	213656
Entropy (8bit):	5.759044472260774
Encrypted:	false
SSDEEP:
MD5:	03CF44FC9C6EF06AE8E507C07C3DB4DD
SHA1:	F56CADD14AF43CCCBAC9BF95D7431E47CF4BA898
SHA-256:	1ECB705291BC7252287A478EDCA727BF79FCC1B292C016F68CBB6A4A1A782935
SHA-512:	FB71D3145B317BEC52E40094378D82FD4D901C60C4F82267D9ABE0F7B4C5C6AF238894541FB5F4F34D73042EC1740FB8610790E24A488170136ABA4629FD8BB5
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......S...........!......... ........... ........@.. .......................@......WM....@.................................d...W........................2... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\7zSC399B81D\Newtonsoft.Json.dll

Download File

Process:	C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	438424
Entropy (8bit):	6.098832901883364
Encrypted:	false
SSDEEP:
MD5:	A69B22C0654C4F0B1A68543B563941AD
SHA1:	8619F1221FCBFE3C92095365EE754F9A32567915
SHA-256:	37F3B53D32E8397662FD4168271DED189D3D6DC7DF843C9A0E8ACF289C8219CB
SHA-512:	2D56B878E2DEF63A173169EAC266616333B3FB4CAD6D45FC2D430F0AB9BE2D98938C3B190DD8B6CD17CDD1D42ED8509077557A759847A2A621F742B978A84E67
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....L.R...........!.....t............... ........... ...............................Q....@.....................................K.......8............~...2..........x................................................ ............... ..H............text....s... ...t.................. ..`.rsrc...8............v..............@..@.reloc...............\|..............@..B........................H.......h...................X...P ......................................yK.N...f....i5.#I..xV. ..%BR..^.....t0"..z.%./.G'.j....{...2...k)w...'>.c..P..X.......n...h....E...ex..X/H].R.e.{..;&.-.'....{...."..}....V.(x.....(......}....2.{....oy...2.{....oz...B..(....&..(.......0...........oo........YE....}...............}...n...............n.......I...I...I...I...3...I...X...8D....t......{.....or...o{....ow.....+U..o\|.....{.....o....oo...o}.....o....o....t.....o....o..

C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe

Download File

Process:	C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	439448
Entropy (8bit):	6.42930699816344
Encrypted:	false
SSDEEP:
MD5:	DE5D4C055629B8240881719DB2CD097E
SHA1:	77D5C4B193F067C173F949BB0D7615849A08CAA0
SHA-256:	D422BE02BB07FD4B31FFF3DDDC209E40E5BD3F4A6BFD72C5C796D3B1902DF4F3
SHA-512:	1530400DBF32B4B4CDBB8410DF6A1C602079B02384287E21B1194510F5F5740A8C779B4442C498ABACA985F270ED481087B6562210AFA58138938BF28E1298AB
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 21%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.f.....................t......^... ...@....@.. ....................................@....................................S....@...q...............2...........(............................................... ............... ..H............text...d.... ...................... ..`.rsrc....q...@...r..................@..@.reloc..............................@..B................@......H.......X...x.......~....j...9............................................~....}.....(......sw...}......(....}.....r...pz.(....r'..p.{....(......(........0..j..........{....r...pox...,.(.....+.(......r...p(......(......r...p.{....o....o.......(........sI........o......z..........UU......N.(....r...p..(.....r...p.......{...."..}.....rA..p.rS..p.(....oV...f.~....}.....(......(.....ro..pN.(....r...p..(....*.0..i.......~......(....(!...,.r...p.+..(.......(m.....(...+

C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe.config

Download File

Process:	C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2273
Entropy (8bit):	5.067536367343473
Encrypted:	false
SSDEEP:
MD5:	3FB403E0C3164B126AB32B015E2D7CE4
SHA1:	C4A1F309C142A184A6418A54A3E5C29CAED4B0AC
SHA-256:	C5DF2E0C37EC827247F1F00CD303A90DC2D35AD49300B1C89904A65B8203349F
SHA-512:	F502149DEC13EA9219E171E11E5BAB0C62EFC6CA2F5E9FCB20C076EC0D2DD371E78C3FF050AD2C0F8A9EA45ADCC78FF37442DC4CD8E579F98BA5D205D4F12611
Malicious:	true
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ProdSettings" type="System.Configuration.NameValueSectionHandler"/>.. <section name="StagingSettings" type="System.Configuration.NameValueSectionHandler"/>.. </configSections>.. <ProdSettings>.. <add key="Installer" value="https://wcdownloadercdn.lavasoft.com/13.1.1.1179/WebCompanionInstaller-13.1.1.1179-prod.exe"/>.. <add key="WebProtectionZip" value="https://rt.webcompanion.com/notifications/download/rt/dci/latest/Webprotection.zip"/>.. <add key="InstallerZip" value="http://wcdownloadercdn.lavasoft.com/13.1.1.1179/WebCompanion-13.1.1.1179-prod.zip"/>.. <add key="WebInstallerZip" value="http://wcdownloadercdn.lavasoft.com/13.1.1.1179/webinstaller-13.1.1.1179-prod.zip"/>.. </ProdSettings>.. <StagingSettings>.. <add key="Installer" value="https://wcdownloader-qa.lavasoft.com/13.1.1.1179/WebCompanionInstaller-13.1.1.1179-internal.exe"/>.. <add key="WebProtectionZip" va

C:\Users\user\AppData\Local\Temp\7zSC399B81D\de-DE\WebCompanion-Installer.resources.dll

Download File

Process:	C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	6656
Entropy (8bit):	4.427534145711148
Encrypted:	false
SSDEEP:
MD5:	2B158D1F77B6FB00182F4E51880C9B5E
SHA1:	9462CAB29373DF6DBA657A0521B2D1BC110C96E9
SHA-256:	5BC2C3B991B39EAE05630CABDA2E88AF306C14A92993824095CF97F4D421F7A2
SHA-512:	4041AEC90D190C6D341D0076E74803BD13C226F40B4D0BF32206193756C33581811E13624B8F23D6B1D24A487EE4E4E7AB1465FC3282C55A7E77F8439B24624E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.f...........!.................1... ...@....... ....................................@..................................0..O....@.......................`....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................1......H.......h-..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....".......PADPADP......n.....V ...].......}.E(/....xv.\|.-..X:..o.....V..................v...1.D\|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq............g...i...............!.......z...............5...v.......K....... .......3...<...

C:\Users\user\AppData\Local\Temp\7zSC399B81D\en-US\WebCompanion-Installer.resources.dll

Download File

Process:	C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	6144
Entropy (8bit):	4.339294309762595
Encrypted:	false
SSDEEP:
MD5:	1ED68BE22523B4A7920A2F111325FEF7
SHA1:	65726C9E3A36801D52A205F32038E4B64D117A19
SHA-256:	7C2E4121915A0C54BD10B3D6343DC59DC544CF7DC58F358A6B85557A2A9F70F1
SHA-512:	26015886C3455154827F2EAEC1323DF01EB08DC53FA7BD22ADB6A93123755DFB0C74723195587DB7F618DFE9633B181D30F3D422522FA26E2E384A6B9C7B7710
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.f...........!................N/... ...@....... ....................................@................................../..K....@.......................`....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................0/......H........+..d...........P ..I...........................................E..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet.... .......PADPADP......n.....V ...].......}.E(/....xv.\|.-..X:..o.....V..............v.D\|-......."..&...'c$Q:#Uv=.9.W..Y`..[.F.^:1;jg.Jq........\.......i.......t...............z...O...L...<...5..........................E...........L...

C:\Users\user\AppData\Local\Temp\7zSC399B81D\es-ES\WebCompanion-Installer.resources.dll

Download File

Process:	C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	6656
Entropy (8bit):	4.320693627423164
Encrypted:	false
SSDEEP:
MD5:	0CBCEA3167E1F9F44CD23E144295437B
SHA1:	71F60B549FF3AD80CA9D2DE0DF6E3527575D6BB3
SHA-256:	9535AF311BC06A9C2DBF7E30220FA45A0CCC3F16A29A997C8BCE0D81AB7631E8
SHA-512:	7518081D19B1F891F0B67C13AB6331893C2639B774AC34D449EB8F9E8CEC5D9E497087C61D8B95BB29A5C3C947F59E5E12ABD80C51149A61CD95F07DE0E5D7ED
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.f...........!.................0... ...@....... ....................................@.................................<0..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p0......H........,..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....".......PADPADP......n.....V ...].......}.E(/....xv.\|.-..X:..o.....V..................v...1.D\|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq............g...i...............!.......z...............5...v.......K....... .......3...<...

C:\Users\user\AppData\Local\Temp\7zSC399B81D\fr-CA\WebCompanion-Installer.resources.dll

Download File

Process:	C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	6656
Entropy (8bit):	4.4176722582847505
Encrypted:	false
SSDEEP:
MD5:	D23BF3C535A319D064EAF1F3F3118F74
SHA1:	5DC768B7F167BB5D2CF56A96F92DC85C154E4CC4
SHA-256:	E43E53DB993BD8A201CF1DE5C37CB506B2FA4A1605001980AD6BF86AD7CB81E6
SHA-512:	20ADFF2612924F35BBB2D8BC5C8D16417C5AE7E67C12F2746130C372B401CE64D98B34DE53877034F92B225AA0E4A06E75006F9F23BBEFC7CB349F982B49BF37
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.f...........!.................0... ...@....... ....................................@..................................0..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................0......H.......8-..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....".......PADPADP......n.....V ...].......}.E(/....xv.\|.-..X:..o.....V..................v...1.D\|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq............g...i...............!.......z...............5...v.......K....... .......3...<...

C:\Users\user\AppData\Local\Temp\7zSC399B81D\it-IT\WebCompanion-Installer.resources.dll

Download File

Process:	C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	5632
Entropy (8bit):	4.060923121600365
Encrypted:	false
SSDEEP:
MD5:	383770F745B3B4D0E219134FA3872904
SHA1:	00E17F78BE917CB1006071B30872069DB8A731EE
SHA-256:	0B35BB8F794B6ED9487F8B1DD7B09DC08E44F0246FF53B1E9B0F5B1B734DECF7
SHA-512:	FE8DF419CAC17BD8CE3308961401B982160DF6D08E0084436E7BEA8903AED093C50C7054FF559AAB961E421392D566D1B9853636ACD521AF49627A2C3AC739C7
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.f...........!................n,... ...@....... ....................................@..................................,..W....@.......................`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P,......H........(..d...........P ..`...........................................\..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP........V ...].......}....xv.\|.-..X:.....V..................v...1.D\|-...."..&#Uv=.9.W.F.^:1;j........a.......J...'...........(...............p.......E...........{...........b.......B...O............B.T.N._.C.L.O.S.E......

C:\Users\user\AppData\Local\Temp\7zSC399B81D\ja-JP\WebCompanion-Installer.resources.dll

Download File

Process:	C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	5632
Entropy (8bit):	4.698650425604893
Encrypted:	false
SSDEEP:
MD5:	3CDDC69B08D26BBB7AC57774E25EE787
SHA1:	47AFAA19DA44566C5AE535FE87FFDF3746EFD37B
SHA-256:	A91F77FD2D0C536D051DC5581B6BD63A9091C3C4FA39C6DAAFD33DB0E8CA2B84
SHA-512:	C68FE5E5D2E42C170A1B4E9070B6231A05A332C386B59553A66A54BAC3ACE4E1A5853142C30B757FD3DF1DE5B948AD20E9E4E6FEAE51A895F7A16966AF1C3A46
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.f...........!.................-... ...@....... ....................................@..................................-..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H....... *..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP........V ...].......}....xv.\|.-..X:.....V..................v...1.D\|-...."..&.9.W.F.^:1;j........a.......)...............(...............O.......$...........{.......j...b...B...O............B.T.N._.C.L.O.S.E......B.T.N._.

C:\Users\user\AppData\Local\Temp\7zSC399B81D\pt-BR\WebCompanion-Installer.resources.dll

Download File

Process:	C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	6656
Entropy (8bit):	4.274418145266816
Encrypted:	false
SSDEEP:
MD5:	71AD33192C870E4B723BE07E930F249F
SHA1:	E2CECA4F80EAE7D390E776B66BEE82E46BFF70BD
SHA-256:	088C23879FA3B97E3C81B0D1A2670A0DF92627B70E49AA8D940ABF8F3FBF9A1D
SHA-512:	0F58F5EAE4AF161AE21D71E4260D41520866346F65991288EB935BD42E3F59A1D115466A1B212837EABE3249A99CAE86B1DB8833F649288F58F7B8FE0ED726CD
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.f...........!.................0... ...@....... ....................................@................................../..K....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................0......H.......\|,..d...........P ..,...........................................(..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....".......PADPADP......n.....V ...].......}.E(/....xv.\|.-..X:..o.....V..................v...1.D\|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq............g...i...............!.......z...............5...v.......K....... .......3...<...

C:\Users\user\AppData\Local\Temp\7zSC399B81D\ru-RU\WebCompanion-Installer.resources.dll

Download File

Process:	C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	7680
Entropy (8bit):	4.607663123611976
Encrypted:	false
SSDEEP:
MD5:	C88BBF07B2B7EDC5205DBF5F1539CD3F
SHA1:	728FAA3D69420CEC22C6D935DD4253F394F8747A
SHA-256:	FDE9FBACA962F4346D48276305DEFE1D38FB9703E9AE86582E7633530E0FE00F
SHA-512:	4A35EACA34925EC5A50366CD4B83A50EC53A4B02EA6A50C5BB3A11F57B2E97421BCD50174AFB8C12ABE1930DFC13B24BA2A9BF9172BF4E79B3D199FAA9D934B3
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.f...........!.................3... ...@....... ....................................@..................................3..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................3......H.......L0..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....".......PADPADP......n.....V ...].......}.E(/....xv.\|.-..X:..o.....V..................v...1.D\|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq............g...i...............!.......z...............5...v.......K....... .......3...<...

C:\Users\user\AppData\Local\Temp\7zSC399B81D\tr-TR\WebCompanion-Installer.resources.dll

Download File

Process:	C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	5632
Entropy (8bit):	4.208367971344699
Encrypted:	false
SSDEEP:
MD5:	84F2A4C9AA4C44A675AB0919107886E3
SHA1:	46371BB7C0B265AB8A08432D03F1DB320D0CE38F
SHA-256:	DCA31BB1BCB195719D993995A865AB66A6225B0314CE12E44A6C0F6459A5FA08
SHA-512:	0F5FC1368C4E17CABE0872F27D3DA7C046F139983D775DFFD21C9189AB6E63E8A1E05D79DC4C3CB2666C13CCD5D5DA523714FF9CAD1829B17A5F9E2DDD59114D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.f...........!.................,... ...@....... ....................................@.................................<,..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p,......H........(..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP........V ...].......}....xv.\|.-..X:.....V..................v...1.D\|-...."..&.9.W.F.^:1;j........a.......)...............(...............O.......$...........{.......j...b...B...O............B.T.N._.C.L.O.S.E......B.T.N._.

C:\Users\user\AppData\Local\Temp\7zSC399B81D\zh-CHS\WebCompanion-Installer.resources.dll

Download File

Process:	C:\Users\user\Desktop\Setup (3).exe\Setup (3).exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	5120
Entropy (8bit):	4.581448579704757
Encrypted:	false
SSDEEP:
MD5:	21206CA26B282772375850A90D1B9CFB
SHA1:	1AA00CE33486E229B2AC77B2067662084D4E9F34
SHA-256:	9224AA7D56FF2C03387AB85BE48F04E4A76D16B2CFFCC34E9DFD150759DBFCAB
SHA-512:	A54081239D1B024595DAB27150DC3385A45F70ADD0C661A39A9DA068B5D651D8F99A391FF4A636B78CC739018F08D795E64A7ED3873F23F2084343B7C9A7CE91
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.f...........!.................+... ...@....... ....................................@.................................t+..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........(..h...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP........V ...].......}....xv.\|.-..X:.....V..................v...1.D\|-...."..&.9.W.F.^:1;j........a.......)...............(...............O.......$...........{.......j...b...B...O............B.T.N._.C.L.O.S.E......B.T.N._.

C:\Users\user\AppData\Local\Temp\WebCompanion.zip

Download File

Process:	C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	modified
Size (bytes):	11036293
Entropy (8bit):	7.994790862072961
Encrypted:	true
SSDEEP:
MD5:	D3B32BF52C10B6CD178C968DF62C4209
SHA1:	23B25C73510C628E7A34A64969E631173C97E92A
SHA-256:	4BC4DF621EE1643E0B3013C3675BA7D7BC9B366598D89FEA0C752B8473F39927
SHA-512:	400FCB0A8132F79435DE109E81776DD974FDB7D10D385EBD68C1BC2A2BC6BA1FF4F5F302948E293019CF4B94862593FED91CA12AB7CB3EB5183E89F0A4C673CF
Malicious:	false
Reputation:	unknown
Preview:	PK........99.Y.T.WGF...$......Application/7za.exe.yxTE.8\|{I.YH'@CX.V[..%CP.4h_.MnCG@DQ..h..... .`'..\[...u..yg....QGY\........{..d.....S.......~.}y...N.:u..S.NU...`.......k....~.......e..o.`.......[`._..]U..g.s...?..~..J..:.~.s.t.}..q.>}2l.....u.....#.Y..Mt}.......6z......{.:.:.y^KW.]....ys."..Nu.........C.EB..$..P.k......s.(..zN..K........iH..Z.....[..x.P.7.iB.6..Ta.,..I...#....g.r...<.wg.....zb......QUw..M.:...L...nHN..r...]#..TA.r...vO..5.'.:B]..p}<.lxU... ...6...........?i...o...g..7H...%E_..B...d.... .f.].&I..Q..G.S..x.o.K......../.~...g.Q_..^(..h^...Dq.J\Y2.....&...........Fo`...........}....98E'..Kne+c........._./..o.o.+g.z..M.6.....D.D.^I9..!..0HJ..?h.7..2"U.;...RY..=b..k.^y....0.l...m...h..9.........f....J-N..KU....HH."......Y...I)8..=s>.)MPH!.L....e...J..`bc(.:.-M=}...v...=..9.:..u.7.X.O...T..%e.)V...rS..s....o...[1.C... ...x7g)P..:............8. .u...lv-a..MB.TyW..D..p$..0.x>..'..K..l./g..U......b{.!_...,....<.....$#zh.e....+.

C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Options\Statistics.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	56
Entropy (8bit):	4.592370993177109
Encrypted:	false
SSDEEP:
MD5:	A8BB19605491EA5D425897413BEE0ED8
SHA1:	D0B07F6F44DCDACEFF2C610DB941E6204A2F8EE3
SHA-256:	6BC96880756BF585B91EE31606FBE410A850567115A870A08C1EE4F4DFC40EC0
SHA-512:	B79F927785B2FCC201C347E5A6EC0A598EFA0067B0449AC1F2F5B6852FDE7463A1E33A625A6552BB54A7CCBA0E7D721D2D43DEE06F9614E560E88E60120FEDE2
Malicious:	false
Reputation:	unknown
Preview:	{ "install_id" : "fc5600be-1571-4f04-ab39-19d688be6854"}

Static File Info

General

File type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Entropy (8bit):	7.999487216680623
TrID:	ZIP compressed archive (8000/1) 100.00%
File name:	Setup (3).exe.zip
File size:	456'910 bytes
MD5:	2dd24cb963b3719816ad9f5f1d230cd4
SHA1:	6dd11df6cd6bab4969dfc33b49b98a7b3dc7bb9a
SHA256:	4a5c3e536399a074b7f182acc4c33c4839d9fba651a5e40228f9aee09bcefa55
SHA512:	61851dd8cbcbf301c62d8594e4cceeff8c35ee5110c7074ffea6936ee4d93369a19d5d6c736a89441d0235cc094b882e6cf185bcdbea7312d558224902a4d57f
SSDEEP:	12288:7Fd3kqf9cAhiWuiWddMWjwO3fwlBSVCr4N64KY:7F1kqCAEWDWduqxPwl+CrQ64x
TLSH:	E7A423BBC91FD8CF078ACB86B6835B8D7472853E941B3BB466079580530AB0707B5F56
File Content Preview:	PK...........Y.........R......Setup (3).exe...\|...8<..$C.d.Ip.(....5.h..4.v.....]"$.V..j+.,`.lc...\...h.U..V.<.+..h......T.P.......B..\|..wv.........\|......s.=.....).y.`..A...&.a..)...?1..1q{..m......oLZT..U9+V......$......w.9?X........4g.MU9?....W......8\|

File Icon


Icon Hash:	1c1c1e4e4ececedc

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Setup (3).exe.zip

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Dropped Files

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Local\Temp\7zSC399B81D\ICSharpCode.SharpZipLib.dll

C:\Users\user\AppData\Local\Temp\7zSC399B81D\Newtonsoft.Json.dll

C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe

C:\Users\user\AppData\Local\Temp\7zSC399B81D\WebCompanion-Installer.exe.config

C:\Users\user\AppData\Local\Temp\7zSC399B81D\de-DE\WebCompanion-Installer.resources.dll

C:\Users\user\AppData\Local\Temp\7zSC399B81D\en-US\WebCompanion-Installer.resources.dll

C:\Users\user\AppData\Local\Temp\7zSC399B81D\es-ES\WebCompanion-Installer.resources.dll

C:\Users\user\AppData\Local\Temp\7zSC399B81D\fr-CA\WebCompanion-Installer.resources.dll

C:\Users\user\AppData\Local\Temp\7zSC399B81D\it-IT\WebCompanion-Installer.resources.dll

C:\Users\user\AppData\Local\Temp\7zSC399B81D\ja-JP\WebCompanion-Installer.resources.dll

C:\Users\user\AppData\Local\Temp\7zSC399B81D\pt-BR\WebCompanion-Installer.resources.dll

C:\Users\user\AppData\Local\Temp\7zSC399B81D\ru-RU\WebCompanion-Installer.resources.dll

C:\Users\user\AppData\Local\Temp\7zSC399B81D\tr-TR\WebCompanion-Installer.resources.dll

C:\Users\user\AppData\Local\Temp\7zSC399B81D\zh-CHS\WebCompanion-Installer.resources.dll

C:\Users\user\AppData\Local\Temp\WebCompanion.zip

C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Options\Statistics.txt

Static File Info

General

File Icon

Windows Analysis Report
Setup (3).exe.zip