Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip

Overview

General Information

Sample name:MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip
Analysis ID:1591608
MD5:fdab114c3a3affd8ecfae0c9e6560ac8
SHA1:25f6b3db7e3a96e39b2db043198dcf4d7e41f2a1
SHA256:cad3bc151093e13c2ca9b6b488e6ed7553fa773fb3a4492df0e918bdc0f1d1e6
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device

Classification

Process Tree

  • System is w10x64_ra
  • rundll32.exe (PID: 6328 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • $RZDPQ2Y.exe (PID: 6692 cmdline: "C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exe" MD5: 335830FFBDBD5FB758BC000423837821)
    • WebCompanion-Installer.exe (PID: 4400 cmdline: .\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN240402 --nonadmin --direct --tych --campaign=20556960917 --version=13.900.0.1080 MD5: A27F9713DB1688D03D2082BFA1827803)
  • $RZDPQ2Y.exe (PID: 1840 cmdline: "C:\Users\user\AppData\Local\Temp\Temp2_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exe" MD5: 335830FFBDBD5FB758BC000423837821)
    • WebCompanion-Installer.exe (PID: 3364 cmdline: .\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN240402 --nonadmin --direct --tych --campaign=20556960917 --version=13.900.0.1080 MD5: A27F9713DB1688D03D2082BFA1827803)
  • cleanup

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
    C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for dropped file
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeReversingLabs: Detection: 20%
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeVirustotal: Detection: 19%Perma Link
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\WcInstaller.log
        Source: unknownHTTPS traffic detected: 104.16.149.130:443 -> 192.168.2.16:49707 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.18.27.149:443 -> 192.168.2.16:49708 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.16.148.130:443 -> 192.168.2.16:49729 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.16.149.130:443 -> 192.168.2.16:49739 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.18.27.149:443 -> 192.168.2.16:49740 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.16.148.130:443 -> 192.168.2.16:49761 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.16.148.130:443 -> 192.168.2.16:49765 version: TLS 1.2

        Networking

        barindex
        Yara detected Generic Downloader
        Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe, type: DROPPED
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: geo.lavasoft.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: geo.lavasoft.com
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: geo.lavasoft.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: geo.lavasoft.com
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: geo.lavasoft.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: geo.lavasoft.com
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: geo.lavasoft.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: geo.lavasoft.com
        Source: global trafficDNS traffic detected: DNS query: geo.lavasoft.com
        Source: global trafficDNS traffic detected: DNS query: featureflags.lavasoft.com
        Source: global trafficDNS traffic detected: DNS query: flwadw.com
        Source: global trafficDNS traffic detected: DNS query: wcdownloadercdn.lavasoft.com
        Source: global trafficDNS traffic detected: DNS query: wcdownloader.lavasoft.com
        Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
        Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
        Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
        Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
        Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
        Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
        Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
        Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
        Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
        Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
        Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
        Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
        Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
        Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
        Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
        Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
        Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
        Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
        Source: unknownHTTPS traffic detected: 104.16.149.130:443 -> 192.168.2.16:49707 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.18.27.149:443 -> 192.168.2.16:49708 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.16.148.130:443 -> 192.168.2.16:49729 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.16.149.130:443 -> 192.168.2.16:49739 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.18.27.149:443 -> 192.168.2.16:49740 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.16.148.130:443 -> 192.168.2.16:49761 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.16.148.130:443 -> 192.168.2.16:49765 version: TLS 1.2
        Source: classification engineClassification label: mal52.troj.winZIP@7/17@6/31
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeMutant created: NULL
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exeFile created: C:\Users\user\AppData\Local\Temp\7zS42A26634
        Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
        Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exeFile read: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exe
        Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
        Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exe "C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exe"
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe .\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN240402 --nonadmin --direct --tych --campaign=20556960917 --version=13.900.0.1080
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe .\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN240402 --nonadmin --direct --tych --campaign=20556960917 --version=13.900.0.1080
        Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\Temp2_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exe "C:\Users\user\AppData\Local\Temp\Temp2_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exe"
        Source: C:\Users\user\AppData\Local\Temp\Temp2_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe .\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN240402 --nonadmin --direct --tych --campaign=20556960917 --version=13.900.0.1080
        Source: C:\Users\user\AppData\Local\Temp\Temp2_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe .\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN240402 --nonadmin --direct --tych --campaign=20556960917 --version=13.900.0.1080
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exeSection loaded: apphelp.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: mscoree.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: kernel.appcore.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: version.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: vcruntime140_clr0400.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: ucrtbase_clr0400.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: ucrtbase_clr0400.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: uxtheme.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: cryptsp.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: rsaenh.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: cryptbase.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: dwrite.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: msvcp140_clr0400.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: windows.storage.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: wldp.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: profapi.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: httpapi.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: mswsock.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: dnsapi.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: iphlpapi.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: rasadhlp.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: fwpuclnt.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: ntmarta.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: rasapi32.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: rasman.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: rtutils.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: winhttp.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: ondemandconnroutehelper.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: dhcpcsvc6.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: dhcpcsvc.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: winnsi.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: secur32.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: sspicli.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: schannel.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: mskeyprotect.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: ntasn1.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: ncrypt.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: ncryptsslp.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: msasn1.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: gpapi.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: wbemcomn.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: amsi.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: userenv.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: dwmapi.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: d3d9.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: d3d10warp.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: wtsapi32.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: winsta.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: powrprof.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: umpdc.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: textshaping.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: dataexchange.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: d3d11.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: dcomp.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: dxgi.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: twinapi.appcore.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: urlmon.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: iertutil.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: srvcli.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: netutils.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: windowscodecs.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: resourcepolicyclient.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: dxcore.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: textinputframework.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: coreuicomponents.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: coremessaging.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: wintypes.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: wintypes.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: wintypes.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: msctfui.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: uiautomationcore.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: propsys.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeSection loaded: d3dcompiler_47.dll
        Source: C:\Users\user\AppData\Local\Temp\Temp2_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exeSection loaded: apphelp.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: mscoree.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: kernel.appcore.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: version.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: vcruntime140_clr0400.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: ucrtbase_clr0400.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: ucrtbase_clr0400.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: uxtheme.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: cryptsp.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: rsaenh.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: cryptbase.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: dwrite.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: msvcp140_clr0400.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: windows.storage.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: wldp.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: profapi.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: httpapi.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: mswsock.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: dnsapi.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: iphlpapi.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: rasadhlp.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: fwpuclnt.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: rasapi32.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: rasman.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: rtutils.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: winhttp.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: ondemandconnroutehelper.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: dhcpcsvc6.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: dhcpcsvc.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: winnsi.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: secur32.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: sspicli.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: schannel.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: mskeyprotect.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: ntasn1.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: ncrypt.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: ncryptsslp.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: msasn1.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: gpapi.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: wbemcomn.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: amsi.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: userenv.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: dwmapi.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: d3d9.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: d3d10warp.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: wtsapi32.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: winsta.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: powrprof.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: umpdc.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: textshaping.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: dataexchange.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: d3d11.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: dcomp.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: dxgi.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: twinapi.appcore.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: urlmon.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: iertutil.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: srvcli.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: netutils.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: windowscodecs.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: resourcepolicyclient.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: dxcore.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: textinputframework.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: coreuicomponents.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: coremessaging.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: ntmarta.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: wintypes.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: wintypes.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: wintypes.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: msctfui.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: uiautomationcore.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: propsys.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeSection loaded: d3dcompiler_47.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exeFile created: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exeFile created: C:\Users\user\AppData\Local\Temp\7zS42A26634\es-ES\WebCompanion-Installer.resources.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exeFile created: C:\Users\user\AppData\Local\Temp\7zS42A26634\ja-JP\WebCompanion-Installer.resources.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exeFile created: C:\Users\user\AppData\Local\Temp\7zS42A26634\en-US\WebCompanion-Installer.resources.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exeFile created: C:\Users\user\AppData\Local\Temp\7zS42A26634\zh-CHS\WebCompanion-Installer.resources.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exeFile created: C:\Users\user\AppData\Local\Temp\7zS42A26634\de-DE\WebCompanion-Installer.resources.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exeFile created: C:\Users\user\AppData\Local\Temp\7zS42A26634\ru-RU\WebCompanion-Installer.resources.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exeFile created: C:\Users\user\AppData\Local\Temp\7zS42A26634\pt-BR\WebCompanion-Installer.resources.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exeFile created: C:\Users\user\AppData\Local\Temp\7zS42A26634\tr-TR\WebCompanion-Installer.resources.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exeFile created: C:\Users\user\AppData\Local\Temp\7zS42A26634\it-IT\WebCompanion-Installer.resources.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exeFile created: C:\Users\user\AppData\Local\Temp\7zS42A26634\fr-CA\WebCompanion-Installer.resources.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exeFile created: C:\Users\user\AppData\Local\Temp\7zS42A26634\ICSharpCode.SharpZipLib.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exeFile created: C:\Users\user\AppData\Local\Temp\7zS42A26634\Newtonsoft.Json.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\WcInstaller.log
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeMemory allocated: AE0000 memory reserve | memory write watch
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeMemory allocated: 2530000 memory reserve | memory write watch
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeMemory allocated: 2430000 memory reserve | memory write watch
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeMemory allocated: 1AB0000 memory reserve | memory write watch
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeMemory allocated: 34A0000 memory reserve | memory write watch
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeMemory allocated: 33F0000 memory reserve | memory write watch
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 922337203685477
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 600000
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 599888
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 599776
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 599664
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 599553
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 599426
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 599298
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 599170
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 599058
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 598947
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 598835
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 598724
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 598580
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 598453
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 598341
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 598229
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 598117
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 598005
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 597878
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 597750
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 597639
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 597528
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 597416
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 597305
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 597193
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 597065
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 596922
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 596810
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 596698
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 596587
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 596476
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 596364
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 596237
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 596109
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 595997
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 595885
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 595773
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 595661
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 595533
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 595405
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 595293
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 595181
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 595069
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 922337203685477
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 594957
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 594830
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 594702
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 594591
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 594480
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 594368
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 922337203685477
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 600000
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 599872
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 599761
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 599649
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 599537
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 599410
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 599282
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 599170
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 599060
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 598948
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 598837
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 598725
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 598613
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 598485
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 598373
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 598261
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 598149
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 598037
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 597909
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 597797
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 597685
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 597573
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 597461
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 597350
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 597239
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 597112
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 597000
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 596888
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 596775
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 596664
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 596552
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 596425
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 596313
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 596187
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 596075
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 595963
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 595851
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 595739
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 595611
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 595499
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 595387
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 595276
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 595164
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 595052
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 594924
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 594812
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 594700
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 594588
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 594476
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeWindow / User API: threadDelayed 5901
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeWindow / User API: threadDelayed 2584
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS42A26634\es-ES\WebCompanion-Installer.resources.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS42A26634\ja-JP\WebCompanion-Installer.resources.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS42A26634\en-US\WebCompanion-Installer.resources.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS42A26634\zh-CHS\WebCompanion-Installer.resources.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS42A26634\de-DE\WebCompanion-Installer.resources.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS42A26634\ru-RU\WebCompanion-Installer.resources.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS42A26634\pt-BR\WebCompanion-Installer.resources.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS42A26634\tr-TR\WebCompanion-Installer.resources.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS42A26634\it-IT\WebCompanion-Installer.resources.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS42A26634\fr-CA\WebCompanion-Installer.resources.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS42A26634\ICSharpCode.SharpZipLib.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS42A26634\Newtonsoft.Json.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -600000s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -599888s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -599776s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -599664s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -599553s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -599426s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -599298s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -599170s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -599058s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -598947s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -598835s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -598724s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -598580s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -598453s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -598341s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -598229s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -598117s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -598005s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -597878s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -597750s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -597639s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -597528s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -597416s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -597305s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -597193s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -597065s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -596922s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -596810s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -596698s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -596587s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -596476s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -596364s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -596237s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -596109s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -595997s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -595885s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -595773s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -595661s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -595533s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -595405s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -595293s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -595181s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -595069s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -594957s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -594830s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -594702s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -594591s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -594480s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe TID: 6324Thread sleep time: -594368s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -2767011611056431s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -600000s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -599872s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -599761s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -599649s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -599537s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -599410s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -599282s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -599170s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -599060s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -598948s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -598837s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -598725s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -598613s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -598485s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -598373s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -598261s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -598149s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -598037s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -597909s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -597797s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -597685s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -597573s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -597461s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -597350s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -597239s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -597112s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -597000s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -596888s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -596775s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -596664s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -596552s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -596425s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -596313s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -596187s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -596075s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -595963s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -595851s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -595739s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -595611s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -595499s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -595387s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -595276s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -595164s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -595052s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -594924s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -594812s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -594700s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -594588s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe TID: 6992Thread sleep time: -594476s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 922337203685477
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 600000
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 599888
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 599776
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 599664
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 599553
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 599426
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 599298
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 599170
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 599058
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 598947
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 598835
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 598724
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 598580
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 598453
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 598341
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 598229
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 598117
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 598005
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 597878
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 597750
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 597639
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 597528
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 597416
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 597305
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 597193
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 597065
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 596922
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 596810
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 596698
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 596587
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 596476
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 596364
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 596237
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 596109
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 595997
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 595885
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 595773
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 595661
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 595533
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 595405
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 595293
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 595181
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 595069
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 922337203685477
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 594957
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 594830
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 594702
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 594591
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 594480
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeThread delayed: delay time: 594368
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 922337203685477
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 600000
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 599872
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 599761
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 599649
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 599537
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 599410
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 599282
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 599170
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 599060
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 598948
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 598837
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 598725
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 598613
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 598485
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 598373
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 598261
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 598149
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 598037
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 597909
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 597797
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 597685
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 597573
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 597461
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 597350
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 597239
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 597112
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 597000
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 596888
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 596775
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 596664
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 596552
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 596425
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 596313
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 596187
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 596075
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 595963
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 595851
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 595739
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 595611
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 595499
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 595387
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 595276
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 595164
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 595052
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 594924
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 594812
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 594700
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 594588
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeThread delayed: delay time: 594476
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeProcess information queried: ProcessInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeMemory allocated: page read and write | page guard
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS42A26634\Newtonsoft.Json.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS42A26634\en-US\WebCompanion-Installer.resources.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXmlLinq\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXmlLinq.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS42A26634\ICSharpCode.SharpZipLib.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exe VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS0373DD25\Newtonsoft.Json.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS0373DD25\en-US\WebCompanion-Installer.resources.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXmlLinq\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXmlLinq.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS0373DD25\ICSharpCode.SharpZipLib.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
        Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
        Source: C:\Users\user\AppData\Local\Temp\7zS0373DD25\WebCompanion-Installer.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
        Windows Management Instrumentation        		1
        DLL Side-Loading        		1
        Process Injection        		1
        Masquerading        		OS Credential Dumping12
        Security Software Discovery        		Remote ServicesData from Local System2
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
        DLL Side-Loading        		1
        Disable or Modify Tools        		LSASS Memory1
        Process Discovery        		Remote Desktop ProtocolData from Removable Media1
        Ingress Tool Transfer        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)41
        Virtualization/Sandbox Evasion        		Security Account Manager41
        Virtualization/Sandbox Evasion        		SMB/Windows Admin SharesData from Network Shared Drive2
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
        Process Injection        		NTDS1
        Application Window Discovery        		Distributed Component Object ModelInput Capture3
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Rundll32        		LSA Secrets22
        System Information Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        DLL Side-Loading        		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        No Antivirus matches

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\7zS42A26634\ICSharpCode.SharpZipLib.dll4%ReversingLabs
        C:\Users\user\AppData\Local\Temp\7zS42A26634\ICSharpCode.SharpZipLib.dll1%VirustotalBrowse
        C:\Users\user\AppData\Local\Temp\7zS42A26634\Newtonsoft.Json.dll4%ReversingLabs
        C:\Users\user\AppData\Local\Temp\7zS42A26634\Newtonsoft.Json.dll1%VirustotalBrowse
        C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe21%ReversingLabsWin32.PUA.Generic
        C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe19%VirustotalBrowse
        C:\Users\user\AppData\Local\Temp\7zS42A26634\de-DE\WebCompanion-Installer.resources.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\7zS42A26634\de-DE\WebCompanion-Installer.resources.dll0%VirustotalBrowse
        C:\Users\user\AppData\Local\Temp\7zS42A26634\en-US\WebCompanion-Installer.resources.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\7zS42A26634\en-US\WebCompanion-Installer.resources.dll0%VirustotalBrowse
        C:\Users\user\AppData\Local\Temp\7zS42A26634\es-ES\WebCompanion-Installer.resources.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\7zS42A26634\es-ES\WebCompanion-Installer.resources.dll0%VirustotalBrowse
        C:\Users\user\AppData\Local\Temp\7zS42A26634\fr-CA\WebCompanion-Installer.resources.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\7zS42A26634\fr-CA\WebCompanion-Installer.resources.dll0%VirustotalBrowse
        C:\Users\user\AppData\Local\Temp\7zS42A26634\it-IT\WebCompanion-Installer.resources.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\7zS42A26634\it-IT\WebCompanion-Installer.resources.dll0%VirustotalBrowse
        C:\Users\user\AppData\Local\Temp\7zS42A26634\ja-JP\WebCompanion-Installer.resources.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\7zS42A26634\ja-JP\WebCompanion-Installer.resources.dll0%VirustotalBrowse
        C:\Users\user\AppData\Local\Temp\7zS42A26634\pt-BR\WebCompanion-Installer.resources.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\7zS42A26634\pt-BR\WebCompanion-Installer.resources.dll0%VirustotalBrowse
        C:\Users\user\AppData\Local\Temp\7zS42A26634\ru-RU\WebCompanion-Installer.resources.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\7zS42A26634\ru-RU\WebCompanion-Installer.resources.dll0%VirustotalBrowse
        C:\Users\user\AppData\Local\Temp\7zS42A26634\tr-TR\WebCompanion-Installer.resources.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\7zS42A26634\tr-TR\WebCompanion-Installer.resources.dll0%VirustotalBrowse
        C:\Users\user\AppData\Local\Temp\7zS42A26634\zh-CHS\WebCompanion-Installer.resources.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\7zS42A26634\zh-CHS\WebCompanion-Installer.resources.dll0%VirustotalBrowse

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://geo.lavasoft.com/0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        geo.lavasoft.com
        		104.16.149.130
        		truefalse
          		unknown
          wcdownloader.lavasoft.com
          		104.16.148.130
          		truefalse
            		unknown
            wcdownloadercdn.lavasoft.com
            		104.16.148.130
            		truefalse
              		unknown
              featureflags.lavasoft.com
              		104.16.149.130
              		truefalse
                		unknown
                flwadw.com
                		104.18.27.149
                		truefalse
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://geo.lavasoft.com/false
                  • Avira URL Cloud: safe
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  104.18.27.149
                  		flwadw.comUnited States
                  		13335CLOUDFLARENETUSfalse
                  104.16.149.130
                  		geo.lavasoft.comUnited States
                  		13335CLOUDFLARENETUSfalse
                  104.16.148.130
                  		wcdownloader.lavasoft.comUnited States
                  		13335CLOUDFLARENETUSfalse

                  General Information

                  Joe Sandbox version:42.0.0 Malachite
                  Analysis ID:1591608
                  Start date and time:2025-01-15 07:42:31 +01:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:defaultwindowsinteractivecookbook.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:16
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • EGA enabled
                  Analysis Mode:stream
                  Analysis stop reason:Timeout
                  Sample name:MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip
                  Detection:MAL
                  Classification:mal52.troj.winZIP@7/17@6/31
                  Cookbook Comments:
                  • Found application associated with file extension: .zip

                  Warnings

                  • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
                  • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                  • Report size getting too big, too many NtOpenKeyEx calls found.
                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.
                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                  • VT rate limit hit for: geo.lavasoft.com

                  Created / dropped Files

                  C:\Users\user\AppData\Local\Temp\7zS42A26634\ICSharpCode.SharpZipLib.dll

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):213656
                  Entropy (8bit):5.7590593524797615
                  Encrypted:false
                  SSDEEP:
                  MD5:0CFE19791546A96C6699657A94604596
                  SHA1:5D1A1B74CCA9F74FFFEBCB583661C02E4CA626DD
                  SHA-256:56FDFD148F0D60805B2873A5A49739909001D11789B75DAB2B0EA8E55BC60913
                  SHA-512:586CC695A2C3C03008D0A1032C221CD3384B5F4363E83C9D903753FB1DAD65B340BC8CD0659F7F891A641F8BD7535C9B889219842045854AA98CD380F0FE4AA3
                  Malicious:true
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 4%
                  • Antivirus: Virustotal, Detection: 1%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......S...........!......... ........... ........@.. .......................@......sC....@.................................d...W........................2... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\7zS42A26634\Newtonsoft.Json.dll

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):438424
                  Entropy (8bit):6.09887709092106
                  Encrypted:false
                  SSDEEP:
                  MD5:461C476F474A5F13D2EA9344AE6F70F6
                  SHA1:8F74702B99F08277D4514C63956E2E69E8090073
                  SHA-256:4F0EC6439B24652F16DF066F4A38B64518B5A874080EDA63DE45968545830F67
                  SHA-512:E69080C205CD82EA2C056FA1328BBEC4C03CA3FDC3EE381C4FB44CB356247BE5FE4B8ADD53036DCB19CAC2C6D59B8E02F81932320EA534B5BA50DB80A0647017
                  Malicious:true
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 4%
                  • Antivirus: Virustotal, Detection: 1%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....L.R...........!.....t............... ........... ..............................%.....@.....................................K.......8............~...2..........x................................................ ............... ..H............text....s... ...t.................. ..`.rsrc...8............v..............@..@.reloc...............|..............@..B........................H.......h...................X...P ......................................yK.N...f....i5.#I..xV. ..%BR..^.....t0"..z.%./.G'.j....{...2...k)w...'>.c..P..X.......n...h....E...ex..X/H].R.e.{..;&.-.'....{....*"..}....*V.(x.....(......}....*2.{....oy...*2.{....oz...*B..(....&..(....*...0...........oo........YE....}...............}...n...............n.......I...I...I...I...3...I...X...8D....t......{.....or...o{....ow.....+U..o|.....{.....o....oo...o}.....o....o....t.....o....o..

                  C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exe
                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):438936
                  Entropy (8bit):6.4311342686757245
                  Encrypted:false
                  SSDEEP:
                  MD5:A27F9713DB1688D03D2082BFA1827803
                  SHA1:B8DF4649659003609419D052757166499D2322E8
                  SHA-256:2F86EB0D3902A11DA1F534D9734DABAE37D33E2C57B03F968198A1CFC2E652A9
                  SHA-512:F952C6792F10CB60CA3ECC00B317C33AADB65C8471D106171660EC0FCB0603C8D18B8AD2A90AACDA6581D342647290099AF0ED0FDD897EDB390D5BF9209EA905
                  Malicious:true
                  Yara Hits:
                  • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe, Author: Joe Security
                  • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe, Author: Joe Security
                  • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe, Author: Joe Security
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 21%
                  • Antivirus: Virustotal, Detection: 19%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$Cf.....................t.......(... ...@....@.. ....................................@..................................(..K....@...q...............2..........X'............................................... ............... ..H............text........ ...................... ..`.rsrc....q...@...r..................@..@.reloc...............~..............@..B.................(......H..................{....i...9............................................~....}.....(......su...}......(....}....*.r...p*z.(....r'..p.{....(......(....*....0..j..........{....r...pov...,.(.....+.(......r...p(......(......r...p.{....o....o.......(........sG........o......z*..........UU......N.(....r...p..(....*.r...p.....*..{....*"..}....*.rA..p*.rS..p*.(....oV...*f.~....}.....(......(....*.ro..p*N.(....r...p..(....*.0..i.......~......(....(!...,.r...p.+..(.......(j.....(...+

                  C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe.config

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exe
                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):2273
                  Entropy (8bit):5.064418012146103
                  Encrypted:false
                  SSDEEP:
                  MD5:E3D3AA100B93504676414B9268DFBAD4
                  SHA1:A7D1E59C9D8C48DFE259D2973C13B0E2965E67AA
                  SHA-256:EA7747D876307B0022F055C311C4F8F8112FDDE380E0848FD35508C00EDF8E7A
                  SHA-512:9470E0B4784CE3AA94248DDBD9C17BCA988B6A680754511CBE1F1C368270F6D18C75AD1EA0F3A438CA5BB1A12E55E8745F68F2EBC9F78C68B373A6541AC9EFBE
                  Malicious:true
                  Reputation:unknown
                  Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ProdSettings" type="System.Configuration.NameValueSectionHandler"/>.. <section name="StagingSettings" type="System.Configuration.NameValueSectionHandler"/>.. </configSections>.. <ProdSettings>.. <add key="Installer" value="https://wcdownloadercdn.lavasoft.com/13.0.0.1080/WebCompanionInstaller-13.0.0.1080-prod.exe"/>.. <add key="WebProtectionZip" value="https://rt.webcompanion.com/notifications/download/rt/dci/latest/Webprotection.zip"/>.. <add key="InstallerZip" value="http://wcdownloadercdn.lavasoft.com/13.0.0.1080/WebCompanion-13.0.0.1080-prod.zip"/>.. <add key="WebInstallerZip" value="http://wcdownloadercdn.lavasoft.com/13.0.0.1080/webinstaller-13.0.0.1080-prod.zip"/>.. </ProdSettings>.. <StagingSettings>.. <add key="Installer" value="https://wcdownloader-qa.lavasoft.com/13.0.0.1080/WebCompanionInstaller-13.0.0.1080-internal.exe"/>.. <add key="WebProtectionZip" va

                  C:\Users\user\AppData\Local\Temp\7zS42A26634\de-DE\WebCompanion-Installer.resources.dll

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):6656
                  Entropy (8bit):4.423116664692943
                  Encrypted:false
                  SSDEEP:
                  MD5:A564D6AE745D289B599A010E570E609E
                  SHA1:7A698D14CDAB971982B02AF5A9C49D8AEDA56A19
                  SHA-256:E20A9695E1322491C57C8A0E61839E5AEEBA40F43AAB400C29F19531D18FA037
                  SHA-512:2894F6832F6D20E97E18FF09780D34E7CC25074F0382742838C9A060AF7ADE3FFD3DA9F844E0475697E3854A97379F0961A7F65A1EB5F2ACBA2AF17E49D75B39
                  Malicious:true
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$Cf...........!.................1... ...@....... ....................................@..................................0..O....@.......................`....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................1......H.......h-..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....".......PADPADP......n.....V ...].......}.E(/....xv.|.-..X:..o.....V..................v...1.D|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq............g...i...............!.......z...............5...v.......K....... .......3...<...

                  C:\Users\user\AppData\Local\Temp\7zS42A26634\en-US\WebCompanion-Installer.resources.dll

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):6144
                  Entropy (8bit):4.337584317889265
                  Encrypted:false
                  SSDEEP:
                  MD5:88498F281D2BC857F09C3A0EFFE97A35
                  SHA1:5560555DED4D2336EBAAC6AECBD80C2FC6F0AAE7
                  SHA-256:2FBD9C10CEC246D5E6EE2F41635F283C3064773724253BAE598BFAEA735B702D
                  SHA-512:2550C9C2E42E77A44520EC53418636721C3A56BE7B647C839B7A3063A9BDE4FFD304A6812F51A95DF19B1F04E05285FA9C23AF946472F07DE10F514DDB0DF9C0
                  Malicious:true
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$Cf...........!................N/... ...@....... ....................................@................................../..K....@.......................`....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................0/......H........+..d...........P ..I...........................................E..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet.... .......PADPADP......n.....V ...].......}.E(/....xv.|.-..X:..o.....V..............v.D|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq........\.......i.......t...............z...O...L...<...5...*.......................E...........L...

                  C:\Users\user\AppData\Local\Temp\7zS42A26634\es-ES\WebCompanion-Installer.resources.dll

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):6656
                  Entropy (8bit):4.320496600456879
                  Encrypted:false
                  SSDEEP:
                  MD5:A22C9231A5562DCA9F0BC186BDA3348D
                  SHA1:D4D281A596E272A482C6917DC3CA67C150E72FCB
                  SHA-256:AF899C47BDE2A325F3F9F22772F4E305F6B50EAF040670DE508226FEFBED649B
                  SHA-512:C140934BF63AADB01F7C0A1A4A7E89FB7CC6DEAA5219BBCB64EB6FB9D29F8139DC4A17C990373BB008A891436BD60E8B21CF748DAB0FA263853663AD17BA9FB4
                  Malicious:true
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$Cf...........!.................0... ...@....... ....................................@.................................<0..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p0......H........,..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....".......PADPADP......n.....V ...].......}.E(/....xv.|.-..X:..o.....V..................v...1.D|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq............g...i...............!.......z...............5...v.......K....... .......3...<...

                  C:\Users\user\AppData\Local\Temp\7zS42A26634\fr-CA\WebCompanion-Installer.resources.dll

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):6656
                  Entropy (8bit):4.4162624308031155
                  Encrypted:false
                  SSDEEP:
                  MD5:07759138B75C31E8E62E2DCB9E5B4121
                  SHA1:C78CAC2D69DD3770256EA1D22FE62F8991AE1735
                  SHA-256:460E0EA0F891B4A7D8FCF4D7C1DAF4034B1A8C01F35C55B87C4DE4D34F7E1119
                  SHA-512:7089069EFBE9109ED034C9538B16F482573757A6DAED2D870CF1711F15B1F39FFFC6E5F9FF5E3380514EAFCEE49797F63DD0C9E472D37647EE3FCF34E086B189
                  Malicious:true
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$Cf...........!.................0... ...@....... ....................................@..................................0..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................0......H.......8-..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....".......PADPADP......n.....V ...].......}.E(/....xv.|.-..X:..o.....V..................v...1.D|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq............g...i...............!.......z...............5...v.......K....... .......3...<...

                  C:\Users\user\AppData\Local\Temp\7zS42A26634\it-IT\WebCompanion-Installer.resources.dll

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):5632
                  Entropy (8bit):4.05939038461759
                  Encrypted:false
                  SSDEEP:
                  MD5:320A49D5E8C225BF7D8C8FC8F0FBA1FE
                  SHA1:6986D89BABDB474B16E3074865EEDFFCCECC9337
                  SHA-256:53F48BF5DEB5FB756EB61D5EE78BB72EF4509ADB396EB40BEF9671ECAA8D9819
                  SHA-512:6EC2883F6542F8EA3966F367E11359B3702B8E8E01FAFA3D3828E16D216CC77CC71B92BB1BFBC0C7F146C79FB4DBEE5FAD84288DFE1C5979F0C59841B92F03D6
                  Malicious:true
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$Cf...........!................n,... ...@....... ....................................@..................................,..W....@.......................`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P,......H........(..d...........P ..`...........................................\..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP........V ...].......}....xv.|.-..X:.....V..................v...1.D|-...."..&#Uv=.9.W.F.^:1;j........a.......J...'...........(...............p.......E...........{...........b.......B...O............B.T.N._.C.L.O.S.E......

                  C:\Users\user\AppData\Local\Temp\7zS42A26634\ja-JP\WebCompanion-Installer.resources.dll

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):5632
                  Entropy (8bit):4.697358912630535
                  Encrypted:false
                  SSDEEP:
                  MD5:442654050F5E5EBFB286C75A6AD10485
                  SHA1:7F9AB13C925DDDE3ADE1EBA334DD17F6BF341F7A
                  SHA-256:B85CC7BA82B58AFD8FA00DFCCD820B5B34BC14A942EBDAB5380FCE8F7257C0AE
                  SHA-512:E7F9F728603091728451127C02B1F8412C741C57C5ADFED91FECA37989C07570886ACA262ECBDB17A968474E05936C3485602115CBC26EDCEE65DD7764B76795
                  Malicious:true
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$Cf...........!.................-... ...@....... ....................................@..................................-..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H....... *..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP........V ...].......}....xv.|.-..X:.....V..................v...1.D|-...."..&.9.W.F.^:1;j........a.......)...............(...............O.......$...........{.......j...b...B...O............B.T.N._.C.L.O.S.E......B.T.N._.

                  C:\Users\user\AppData\Local\Temp\7zS42A26634\pt-BR\WebCompanion-Installer.resources.dll

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):6656
                  Entropy (8bit):4.272201212454418
                  Encrypted:false
                  SSDEEP:
                  MD5:01CCD85F0676258B5E4A223832E3258C
                  SHA1:630CD9F369A81A7823905FD842FDDEEFAF23D3A1
                  SHA-256:C482D074CFDA0B6921A6750F0CCC1279BA6FCFB9D2037CA6EAAF704D8DAF811F
                  SHA-512:1BB2DB0ABF3E0BCA3B131D2DF5329006A56E3FAA4E540621E54AA98DBB0BF4E27093314B477AA66E4F10FE0AF5DF1887FF23CAD938C5B0F98E455433E14FAD01
                  Malicious:true
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$Cf...........!.................0... ...@....... ....................................@................................../..K....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................0......H.......|,..d...........P ..,...........................................(..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....".......PADPADP......n.....V ...].......}.E(/....xv.|.-..X:..o.....V..................v...1.D|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq............g...i...............!.......z...............5...v.......K....... .......3...<...

                  C:\Users\user\AppData\Local\Temp\7zS42A26634\ru-RU\WebCompanion-Installer.resources.dll

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):7680
                  Entropy (8bit):4.608207837862824
                  Encrypted:false
                  SSDEEP:
                  MD5:F2876EC061D1CC88E44104ED97FC36F8
                  SHA1:68BFE2A32CA14B0C379EF725E426AB2FED09E075
                  SHA-256:6071DAA27880FE3F6B9FB704890250CA655CAFE832A1B9A4E59F0CFFFB042E04
                  SHA-512:E3DD2BAAB3C5AFB124DC9CC0BB2D9318D33707732B4F23C211C2E3BC5A8A8889FAF42003857DA98D43DD7F7368CAFB3A02591BE04DCA4E1343A00283CA071DB6
                  Malicious:true
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$Cf...........!.................3... ...@....... ....................................@..................................3..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................3......H.......L0..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....".......PADPADP......n.....V ...].......}.E(/....xv.|.-..X:..o.....V..................v...1.D|-......."..&...'c$Q:#Uv=.9.W*..Y`..[.F.^:1;jg.Jq............g...i...............!.......z...............5...v.......K....... .......3...<...

                  C:\Users\user\AppData\Local\Temp\7zS42A26634\tr-TR\WebCompanion-Installer.resources.dll

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):5632
                  Entropy (8bit):4.204809000235561
                  Encrypted:false
                  SSDEEP:
                  MD5:D0009577C38F3338B2A3DCCEE9DF5169
                  SHA1:D567D95A61B57885B55D7D70B93BC839EF162436
                  SHA-256:598BAD964E2BED4A4EDAFAC5E8838C7B922C6EBBFBA70EDA0D400E543B91E54B
                  SHA-512:95F766F541CA5EFC74C3DCC9D5C299798B581F1B302A4EFFDCA9B7ED4177DAF4E8547B7729DB724EB0A8A28C9770FC470BF9BDF2C616F70782DC96056CF8410E
                  Malicious:true
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$Cf...........!.................,... ...@....... ....................................@.................................<,..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p,......H........(..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP........V ...].......}....xv.|.-..X:.....V..................v...1.D|-...."..&.9.W.F.^:1;j........a.......)...............(...............O.......$...........{.......j...b...B...O............B.T.N._.C.L.O.S.E......B.T.N._.

                  C:\Users\user\AppData\Local\Temp\7zS42A26634\zh-CHS\WebCompanion-Installer.resources.dll

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip\$RZDPQ2Y.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):5120
                  Entropy (8bit):4.582926268925439
                  Encrypted:false
                  SSDEEP:
                  MD5:322549094C487E49ACEB9899419D8EC6
                  SHA1:DD0E5FF6BC3E4590203829DA1BB8BD7B00CBD07E
                  SHA-256:7824381C18E86E72C0D4A8BB0ED377DFDB6E3B5374984ED67AF119B14268E70D
                  SHA-512:80747F72196406993110D0DB5B736BCA21975C26615D34F771042E69CA0D519ED80C0E9267A90517A5B9862AB44CF9F9D96C354E952CB9CB0C32EB4887F80A1C
                  Malicious:true
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$Cf...........!.................+... ...@....... ....................................@.................................t+..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........(..h...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP........V ...].......}....xv.|.-..X:.....V..................v...1.D|-...."..&.9.W.F.^:1;j........a.......)...............(...............O.......$...........{.......j...b...B...O............B.T.N._.C.L.O.S.E......B.T.N._.

                  C:\Users\user\AppData\Local\Temp\WcInstaller.log

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe
                  File Type:ASCII text, with very long lines (912), with CRLF line terminators
                  Category:modified
                  Size (bytes):5027
                  Entropy (8bit):5.325918843004633
                  Encrypted:false
                  SSDEEP:
                  MD5:6F2ABE2868B81D5FA490869B20B9D8FE
                  SHA1:FB43570112BC0B033F05C7984549B426D512EF3D
                  SHA-256:EE12C44989CF2D6F0C419B5F3E9714A13D042E8AD4141C4EF0C7133874ED3084
                  SHA-512:AAD78E6EE7B1FCD1308FBA2FC446AFAE645C30857C72A65567E1AEA46F31E7CEC45602D8165D000277F4DF05D91288C7755C8D71ADC9A3097167294CD7A4AD0B
                  Malicious:false
                  Reputation:unknown
                  Preview:Failed to OpenWcfHost: System.ServiceModel.AddressAccessDeniedException: HTTP could not register URL http://+:9008/webcompanion/. Your process does not have access rights to this namespace (see http://go.microsoft.com/fwlink/?LinkId=70353 for details). ---> System.Net.HttpListenerException: Access is denied.. at System.Net.HttpListener.AddAllPrefixes().. at System.Net.HttpListener.Start().. at System.ServiceModel.Channels.SharedHttpTransportManager.OnOpen().. --- End of inner exception stack trace ---.. at System.ServiceModel.Channels.SharedHttpTransportManager.OnOpen().. at System.ServiceModel.Channels.TransportManager.Open(TransportChannelListener channelListener).. at System.ServiceModel.Channels.TransportManagerContainer.Open(SelectTransportManagersCallback selectTransportManagerCallback).. at System.ServiceModel.Channels.TransportChannelListener.OnOpen(TimeSpan timeout).. at System.ServiceModel.Channels.HttpChannelListener`1.OnOpen(TimeSpan timeout).. at System

                  C:\Users\user\AppData\Local\Temp\WebCompanion.zip

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe
                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                  Category:modified
                  Size (bytes):10494317
                  Entropy (8bit):7.994463819622281
                  Encrypted:true
                  SSDEEP:
                  MD5:C0A2AAF917E6BC1D951EC481213D4138
                  SHA1:56308BC1CF014F507E161B518736CD3D3666387D
                  SHA-256:2F87DCD36A114502A3C80ECF8A8C5F5EF60475951F9C142A1A68BDEC6CAA3E23
                  SHA-512:43EF07470F33BA0FF6A18E343C55ADAF0CDB2B88C3B37FA53F32608F1F78B6266BFACD2BB3BD92BF56EB0E28C4C20278212E06C1873DEA9098ECE5CDB117B9BC
                  Malicious:false
                  Reputation:unknown
                  Preview:PK.........%.X....FF...$......Application/7za.exe.yxTE.8|{I.YH'@CX.V[..%CP.4h_.MnCG@DQ..h..... .`'..\[...u..yg....QGY\........{..d.....S.......~.}y...N.:u..S.NU...`......*.k....~.......e..o.`.......[`._..]U..g.s...?..~..J..:.~.s.t.}..q.>}2l.....u.....#.Y..Mt}.......6z......{.:.:.y^KW.]....ys."..Nu.........C.EB..$..P.k......s.(..zN..K.........iH..Z.....[..x.P.7.iB.6..Ta.,..I...#....g.r...<.wg.....zb......QUw..M.:...L...nHN..r...]#..TA.r...vO..5.'.:B]..p}<.lxU... ...6...........?i...o...g..7H...%E_..B...d.... .f.].&I..Q..G.S..x.o.K......../.~...g.Q_..^(..h^...Dq.J\Y2.....&...........Fo`...........}....98E'..Kne+c........._./..o.o.+g.z..M.6.....D.D.^I9..!..0HJ..?h.7..2"U.;...RY..=b..k.^y....0.l...m*...h..9.........f....J-N..KU....HH."......Y...I)8..=s>.)MPH!.L....e...J..`bc(.:.-M=}...v...=..9.:..u.7.X.O...T..%e.)V...rS..s....o...[1.C... ...x7g)P..:............8. .u...lv-a..MB.TyW..D..p$..0.x>..'..K..l./g..U......b{.!_...,....<.....$#zh.e....+.

                  C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Options\Statistics.txt

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\7zS42A26634\WebCompanion-Installer.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):56
                  Entropy (8bit):4.525668537935866
                  Encrypted:false
                  SSDEEP:
                  MD5:35B6235F3B079C898D16100F0281C596
                  SHA1:EE0C71B75E3CB0B6B5213A47F7FF6F8AE2DFB4F5
                  SHA-256:CB914DD70873B106C1570F69A19A59BCFFE1DE26724C8D02D50B05F4EB8A1FC0
                  SHA-512:446A750751527B88B7AC08703C2B5308D98F7F9FB2D2C0CEC6F3D8C56CBBE4D1358D421D48DF2D1E0EDF8F4D3D75FF5912A7318228D55F5F915EB2F1C3B3E9B0
                  Malicious:false
                  Reputation:unknown
                  Preview:{ "install_id" : "7d2e069b-dfdb-4028-9c62-5b5ae1c2dd6f"}

                  Static File Info

                  General

                  File type:Zip archive data, at least v2.0 to extract, compression method=deflate
                  Entropy (8bit):7.999625533320735
                  TrID:
                  • ZIP compressed archive (8000/1) 100.00%
                  File name:MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zip
                  File size:456'709 bytes
                  MD5:fdab114c3a3affd8ecfae0c9e6560ac8
                  SHA1:25f6b3db7e3a96e39b2db043198dcf4d7e41f2a1
                  SHA256:cad3bc151093e13c2ca9b6b488e6ed7553fa773fb3a4492df0e918bdc0f1d1e6
                  SHA512:fb1f4a92304b4e1753d5ff69f60ae063a1daae51b5987d87732b2e6e601fe125165178d325a13e2398fb4a9f92e2b21a9bb8f44dd807256689437f0ad87a4825
                  SSDEEP:12288:/WQPG1/ivFsbz/nZTsDcLz7CBeBemTSzp:uQyi9kzPZqO7CVhzp
                  TLSH:16A4235E794C82AA2077386B2C3B628051D7B7DF9AA5130783553067CFC8EE3187ADD6
                  File Content Preview:PK.........u.Z..Z.C...HR....$.$RZDPQ2Y.exe.. .........k&.A.f..k&.A.f..d&.A.f..W...aG.k.......m#.X...a...P.w.....t.L...O......4.3&......$.].....D..%fx.....V.Wa../<...1...g{.a.%..'.....f:.a|,Ks............t...B.@.......V..@.h...*..na.>.)....K.r.!.w|K.....F.

                  File Icon

                  Icon Hash:1c1c1e4e4ececedc