General Info

URL

http://webcompanion.com/nano_download.php?partner=PF170501

Full analysis
https://app.any.run/tasks/7ff2b410-e548-4fb3-957d-35e11b280087
Verdict
Malicious activity
Analysis date
3/14/2019, 23:38:33
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

loader

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • Ad-Aware Web Companion.exe (PID: 2420)
  • Lavasoft.WCAssistant.WinService.exe (PID: 2456)
  • WebCompanion.exe (PID: 3340)
  • nano_download[1].exe (PID: 2744)
  • WebCompanionInstaller.exe (PID: 3104)
  • nano_download[1].exe (PID: 3528)
Loads dropped or rewritten executable
  • Lavasoft.WCAssistant.WinService.exe (PID: 2456)
  • WebCompanion.exe (PID: 3340)
  • WebCompanionInstaller.exe (PID: 3104)
Downloads executable files from the Internet
  • iexplore.exe (PID: 3732)
Changes internet zones settings
  • WebCompanionInstaller.exe (PID: 3104)
Changes the autorun value in the registry
  • WebCompanion.exe (PID: 3340)
Executable content was dropped or overwritten
  • WebCompanionInstaller.exe (PID: 3104)
  • iexplore.exe (PID: 3732)
  • nano_download[1].exe (PID: 3528)
  • iexplore.exe (PID: 3480)
Uses NETSH.EXE for network configuration
  • cmd.exe (PID: 3200)
  • cmd.exe (PID: 2360)
Creates files in the program directory
  • WebCompanionInstaller.exe (PID: 3104)
  • WebCompanion.exe (PID: 3340)
  • Lavasoft.WCAssistant.WinService.exe (PID: 2456)
Reads internet explorer settings
  • WebCompanionInstaller.exe (PID: 3104)
Starts SC.EXE for service management
  • WebCompanionInstaller.exe (PID: 3104)
Creates files in the user directory
  • WebCompanionInstaller.exe (PID: 3104)
  • WebCompanion.exe (PID: 3340)
Reads Internet Cache Settings
  • WebCompanionInstaller.exe (PID: 3104)
Starts CMD.EXE for commands execution
  • WebCompanionInstaller.exe (PID: 3104)
  • Lavasoft.WCAssistant.WinService.exe (PID: 2456)
Creates a software uninstall entry
  • WebCompanionInstaller.exe (PID: 3104)
Removes files from Windows directory
  • Lavasoft.WCAssistant.WinService.exe (PID: 2456)
Creates files in the Windows directory
  • Lavasoft.WCAssistant.WinService.exe (PID: 2456)
Dropped object may contain Bitcoin addresses
  • WebCompanionInstaller.exe (PID: 3104)
  • WebCompanion.exe (PID: 3340)
Creates files in the user directory
  • iexplore.exe (PID: 3732)
Application launched itself
  • iexplore.exe (PID: 3480)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3480)
  • iexplore.exe (PID: 3732)
Changes internet zones settings
  • iexplore.exe (PID: 3480)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
58
Monitored processes
18
Malicious processes
5
Suspicious processes
0

Behavior graph

+
drop and start drop and start start drop and start drop and start iexplore.exe iexplore.exe nano_download[1].exe no specs nano_download[1].exe webcompanioninstaller.exe presentationfontcache.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs cmd.exe no specs netsh.exe no specs webcompanion.exe lavasoft.wcassistant.winservice.exe cmd.exe no specs netsh.exe no specs csc.exe no specs cvtres.exe no specs ad-aware web companion.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3480
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\ole32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\0uu90r59\nano_download[1].exe
c:\windows\system32\mpr.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mlang.dll

PID
3732
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3480 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wpc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll

PID
2744
CMD
"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\nano_download[1].exe"
Path
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\nano_download[1].exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Lavasoft
Description
Web Companion Installer
Version
4.6.1966.3854
Modules
Image
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\0uu90r59\nano_download[1].exe
c:\systemroot\system32\ntdll.dll

PID
3528
CMD
"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\nano_download[1].exe"
Path
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\nano_download[1].exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
HIGH
Version:
Company
Lavasoft
Description
Web Companion Installer
Version
4.6.1966.3854
Modules
Image
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\0uu90r59\nano_download[1].exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\users\admin\appdata\local\temp\7zsef24.tmp\webcompanioninstaller.exe

PID
3104
CMD
.\WebCompanionInstaller.exe --partner=PF170501 --version=4.6.1966.3854 --prod
Path
C:\Users\admin\AppData\Local\Temp\7zSEF24.tmp\WebCompanionInstaller.exe
Indicators
Parent process
nano_download[1].exe
User
admin
Integrity Level
HIGH
Version:
Company
Lavasoft
Description
Web Companion
Version
4.6.1966.3854
Modules
Image
c:\users\admin\appdata\local\temp\7zsef24.tmp\webcompanioninstaller.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorsec.dll
c:\windows\system32\wintrust.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\windowsbase\cf293040f3a93afa1ea782487acae816\windowsbase.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\presentationcore\2ad23de8284d4594aa658dfb5e667d97\presentationcore.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\presentationframewo#\bfaf8f86e69928fb2f67987c0203f603\presentationframework.ni.dll
c:\windows\assembly\gac_32\presentationcore\3.0.0.0__31bf3856ad364e35\presentationcore.dll
c:\windows\microsoft.net\framework\v3.0\wpf\wpfgfx_v0300.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.core\fbc05b5b05dc6366b02b8e2f77d080f1\system.core.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\bc09ad2d49d8535371845cd7532f9271\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\461d3b6b3f43e6fbe6c897d5936e17e4\system.xml.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.servicemodel\e2642bff810609f64343e53dddb6b59c\system.servicemodel.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.servicemodel#\4782a5d2bc7d86895faf404a3470aacb\system.servicemodel.web.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\smdiagnostics\8218dc4808b77f3585fb048c61597af1\smdiagnostics.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.web\da5da08245467818759aa44c4eb948e1\system.web.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.runtime.seri#\4a984a9ad59d14063bc6ae64a0c8f62a\system.runtime.serialization.ni.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\pcwum.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\system.management.ni.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.workflowserv#\f0f10d0591d11a36ee2aa8ee2fbdb2bf\system.workflowservices.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.identitymodel\b4c60dd01be760ee0452df2c040de8fc\system.identitymodel.ni.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\users\admin\appdata\local\temp\7zsef24.tmp\en-us\webcompanioninstaller.resources.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\presentationframewo#\2897c35bf2bc4ef171004bfc2909aaf3\presentationframework.classic.ni.dll
c:\windows\system32\presentationnative_v0300.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\msctfui.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sxs.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\uiautomationprovider\ab8ac659d9525c6a0cd22c6f3734862f\uiautomationprovider.ni.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\propsys.dll
c:\windows\assembly\gac\microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\microsoft.mshtml.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\midimap.dll
c:\users\admin\appdata\local\temp\7zsef24.tmp\icsharpcode.sharpziplib.dll
c:\windows\system32\sc.exe
c:\program files\lavasoft\web companion\application\webcompanion.exe
c:\windows\system32\cmd.exe
c:\windows\assembly\nativeimages_v2.0.50727_32\uiautomationtypes\6820836e29efa97200d3fcfb4d0f170b\uiautomationtypes.ni.dll
c:\windows\system32\uiautomationcore.dll

PID
2880
CMD
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
Path
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
Indicators
No indicators
Parent process
––
User
LOCAL SERVICE
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
PresentationFontCache.exe
Version
3.0.6920.4902 built by: NetFXw7
Modules
Image
c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\presentationfontcac#\b3ade8d5c0d4bb5d4940bcafd3453642\presentationfontcache.ni.exe
c:\windows\assembly\nativeimages_v2.0.50727_32\system.serviceproce#\20008c75bb41e2febf84d4d4aea5b4e8\system.serviceprocess.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\windowsbase\cf293040f3a93afa1ea782487acae816\windowsbase.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\presentationcore\2ad23de8284d4594aa658dfb5e667d97\presentationcore.ni.dll
c:\windows\assembly\gac_32\presentationcore\3.0.0.0__31bf3856ad364e35\presentationcore.dll
c:\windows\microsoft.net\framework\v3.0\wpf\wpfgfx_v0300.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shfolder.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\461d3b6b3f43e6fbe6c897d5936e17e4\system.xml.ni.dll

PID
1004
CMD
"sc.exe" Create "WCAssistantService" binPath= "C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe" DisplayName= "WC Assistant" start= auto
Path
C:\Windows\system32\sc.exe
Indicators
No indicators
Parent process
WebCompanionInstaller.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
A tool to aid in developing services for WindowsNT
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\sc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\apphelp.dll

PID
3508
CMD
"sc.exe" failure WCAssistantService reset= 30 actions= restart/60000
Path
C:\Windows\system32\sc.exe
Indicators
No indicators
Parent process
WebCompanionInstaller.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
A tool to aid in developing services for WindowsNT
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\sc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\apphelp.dll

PID
2068
CMD
"sc.exe" description "WCAssistantService" "Ad-Aware Web Companion Internet security service"
Path
C:\Windows\system32\sc.exe
Indicators
No indicators
Parent process
WebCompanionInstaller.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
A tool to aid in developing services for WindowsNT
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\sc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\apphelp.dll

PID
3200
CMD
"C:\Windows\System32\cmd.exe" /C netsh http add urlacl url=http://+:9007/ user=Everyone
Path
C:\Windows\System32\cmd.exe
Indicators
No indicators
Parent process
WebCompanionInstaller.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\netsh.exe

PID
3984
CMD
netsh http add urlacl url=http://+:9007/ user=Everyone
Path
C:\Windows\system32\netsh.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\napipsec.dll
c:\windows\system32\tsgqec.dll
c:\windows\system32\eapqec.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
3340
CMD
"C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe" --install --geo=
Path
C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe
Indicators
Parent process
WebCompanionInstaller.exe
User
admin
Integrity Level
HIGH
Version:
Company
Lavasoft
Description
Web Companion
Version
4.6.1966.3854
Modules
Image
c:\program files\lavasoft\web companion\application\webcompanion.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorsec.dll
c:\windows\system32\wintrust.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\windowsbase\cf293040f3a93afa1ea782487acae816\windowsbase.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\presentationcore\2ad23de8284d4594aa658dfb5e667d97\presentationcore.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\presentationframewo#\bfaf8f86e69928fb2f67987c0203f603\presentationframework.ni.dll
c:\windows\assembly\gac_32\presentationcore\3.0.0.0__31bf3856ad364e35\presentationcore.dll
c:\windows\microsoft.net\framework\v3.0\wpf\wpfgfx_v0300.dll
c:\program files\lavasoft\web companion\application\log4net.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.core\fbc05b5b05dc6366b02b8e2f77d080f1\system.core.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\program files\lavasoft\web companion\application\lavasoft.appcore.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\bc09ad2d49d8535371845cd7532f9271\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\461d3b6b3f43e6fbe6c897d5936e17e4\system.xml.ni.dll
c:\program files\lavasoft\web companion\application\lavasoft.utils.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\diasymreader.dll
c:\windows\system32\shfolder.dll
c:\program files\lavasoft\web companion\application\lavasoft.searchprotect.business.dll
c:\program files\lavasoft\web companion\application\newtonsoft.json.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.servicemodel\e2642bff810609f64343e53dddb6b59c\system.servicemodel.ni.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.componentmod#\221fa10bd3cb407e43b7476af5039090\system.componentmodel.dataannotations.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.runtime.seri#\4a984a9ad59d14063bc6ae64a0c8f62a\system.runtime.serialization.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml.linq\70aac9dff3bdde548962557151c1ff49\system.xml.linq.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.data\1e85062785e286cd9eae9c26d2c61f73\system.data.ni.dll
c:\windows\assembly\gac_32\system.data\2.0.0.0__b77a5c561934e089\system.data.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\lavasoft\web companion\application\interop.lavasofttcpservicelib.dll
c:\program files\lavasoft\web companion\application\icsharpcode.sharpziplib.dll
c:\program files\lavasoft\web companion\application\lavasoft.events.dll
c:\program files\lavasoft\web companion\application\lavasoft.sysinfo.dll
c:\program files\lavasoft\web companion\application\interop.iwshruntimelibrary.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wshom.ocx
c:\windows\system32\scrrun.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sxs.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\system.management.ni.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\security.dll
c:\windows\system32\secur32.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.servicemodel#\4782a5d2bc7d86895faf404a3470aacb\system.servicemodel.web.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\smdiagnostics\8218dc4808b77f3585fb048c61597af1\smdiagnostics.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.web\da5da08245467818759aa44c4eb948e1\system.web.ni.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\pcwum.dll
c:\program files\mozilla firefox\firefox.exe
c:\program files\lavasoft\web companion\application\lavasoft.compression.dll
c:\program files\lavasoft\web companion\application\mozcompressor.dll
c:\program files\lavasoft\web companion\application\vcruntime140d.dll
c:\program files\lavasoft\web companion\application\ucrtbased.dll
c:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\system32\api-ms-win-core-file-l1-2-0.dll
c:\program files\lavasoft\web companion\application\liblz4.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\microsoft.net\framework\v4.0.30319\diasymreader.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.serviceproce#\20008c75bb41e2febf84d4d4aea5b4e8\system.serviceprocess.ni.dll
c:\windows\system32\mshtml.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.workflowserv#\f0f10d0591d11a36ee2aa8ee2fbdb2bf\system.workflowservices.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.identitymodel\b4c60dd01be760ee0452df2c040de8fc\system.identitymodel.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\culture.dll
c:\windows\microsoft.net\framework\v2.0.50727\csc.exe
c:\program files\lavasoft\web companion\application\lavasoft.settings.dll
c:\program files\lavasoft\web companion\application\ad-aware web companion.exe
c:\program files\lavasoft\web companion\application\lavasoft.automation.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\uiautomationtypes\6820836e29efa97200d3fcfb4d0f170b\uiautomationtypes.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\uiautomationclient\eca4310274a7a6ce651b33cd4278610c\uiautomationclient.ni.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\uiautomationprovider\ab8ac659d9525c6a0cd22c6f3734862f\uiautomationprovider.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\uiautomationclients#\56780b4bd164787631d4317d0556c3c0\uiautomationclientsideproviders.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\accessibility\9859a6e0562f64eacfb8ad76f260a2d6\accessibility.ni.dll

PID
2456
CMD
"C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe"
Path
C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Description
SPWindowsService
Version
1.0.0.0
Modules
Image
c:\program files\lavasoft\web companion\application\lavasoft.wcassistant.winservice.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorsec.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.serviceproce#\20008c75bb41e2febf84d4d4aea5b4e8\system.serviceprocess.ni.dll
c:\program files\lavasoft\web companion\application\lavasoft.wcassistant.service.logger.dll
c:\program files\lavasoft\web companion\application\log4net.dll
c:\windows\system32\shfolder.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\bc09ad2d49d8535371845cd7532f9271\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\461d3b6b3f43e6fbe6c897d5936e17e4\system.xml.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\diasymreader.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.servicemodel\e2642bff810609f64343e53dddb6b59c\system.servicemodel.ni.dll
c:\program files\lavasoft\web companion\application\lavasoft.wcassistant.wcfservice.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\smdiagnostics\8218dc4808b77f3585fb048c61597af1\smdiagnostics.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\system.management.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.core\fbc05b5b05dc6366b02b8e2f77d080f1\system.core.ni.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbemcomn.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.runtime.seri#\4a984a9ad59d14063bc6ae64a0c8f62a\system.runtime.serialization.ni.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.web\da5da08245467818759aa44c4eb948e1\system.web.ni.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.workflowserv#\f0f10d0591d11a36ee2aa8ee2fbdb2bf\system.workflowservices.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.servicemodel#\4782a5d2bc7d86895faf404a3470aacb\system.servicemodel.web.ni.dll
c:\windows\system32\propsys.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.identitymodel\b4c60dd01be760ee0452df2c040de8fc\system.identitymodel.ni.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\security.dll
c:\windows\system32\secur32.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\pcwum.dll
c:\windows\system32\wbem\wmidcprv.dll
c:\windows\system32\ntmarta.dll

PID
2360
CMD
"C:\Windows\System32\cmd.exe" /C netsh http add urlacl url=http://+:9007/ user=Everyone
Path
C:\Windows\System32\cmd.exe
Indicators
No indicators
Parent process
Lavasoft.WCAssistant.WinService.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
2940
CMD
netsh http add urlacl url=http://+:9007/ user=Everyone
Path
C:\Windows\system32\netsh.exe
Indicators
No indicators
Parent process
cmd.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\mprmsg.dll

PID
3588
CMD
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\admin\AppData\Local\Temp\x9e_ec8z.cmdline"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
Indicators
No indicators
Parent process
WebCompanion.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Visual C# Command Line Compiler
Version
8.0.50727.4927 (NetFXspW7.050727-4900)
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\csc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\microsoft.net\framework\v2.0.50727\cscomp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\psapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v2.0.50727\alink.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorpe.dll
c:\windows\microsoft.net\framework\v2.0.50727\cvtres.exe

PID
2432
CMD
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\admin\AppData\Local\Temp\RESB330.tmp" "c:\Users\admin\AppData\Local\Temp\CSCB32F.tmp"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
Indicators
No indicators
Parent process
csc.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft® Resource File To COFF Object Conversion Utility
Version
8.00.50727.4940 (Win7SP1.050727-5400)
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\cvtres.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll

PID
2420
CMD
"C:\Program Files\Lavasoft\Web Companion\Application\Ad-Aware Web Companion.exe" {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Path
C:\Program Files\Lavasoft\Web Companion\Application\Ad-Aware Web Companion.exe
Indicators
No indicators
Parent process
WebCompanion.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Ad-Aware Web Companion.exe
Version
4.6.1966.3854
Modules
Image
c:\program files\lavasoft\web companion\application\ad-aware web companion.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll

Registry activity

Total events
1396
Read events
1143
Write events
249
Delete events
4

Modification events

PID
Process
Operation
Key
Name
Value
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019031420190315
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019031420190315
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019031420190315
CachePrefix
:2019031420190315:
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019031420190315
CacheLimit
8192
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019031420190315
CacheOptions
11
3732
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019031420190315
CacheRepair
0
3732
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
3104
WebCompanionInstaller.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3104
WebCompanionInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Web Companion
MachineId
735550bb-0faf-aab3-c4f6-bbac563dacb9
3104
WebCompanionInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebCompanionInstaller_RASAPI32
EnableFileTracing
0
3104
WebCompanionInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebCompanionInstaller_RASAPI32
EnableConsoleTracing
0
3104
WebCompanionInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebCompanionInstaller_RASAPI32
FileTracingMask
4294901760
3104
WebCompanionInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebCompanionInstaller_RASAPI32
ConsoleTracingMask
4294901760
3104
WebCompanionInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebCompanionInstaller_RASAPI32
MaxFileSize
1048576
3104
WebCompanionInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebCompanionInstaller_RASAPI32
FileDirectory
%windir%\tracing
3104
WebCompanionInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebCompanionInstaller_RASMANCS
EnableFileTracing
0
3104
WebCompanionInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebCompanionInstaller_RASMANCS
EnableConsoleTracing
0
3104
WebCompanionInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebCompanionInstaller_RASMANCS
FileTracingMask
4294901760
3104
WebCompanionInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebCompanionInstaller_RASMANCS
ConsoleTracingMask
4294901760
3104
WebCompanionInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebCompanionInstaller_RASMANCS
MaxFileSize
1048576
3104
WebCompanionInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebCompanionInstaller_RASMANCS
FileDirectory
%windir%\tracing
3104
WebCompanionInstaller.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
WebCompanionInstaller.exe
3104
WebCompanionInstaller.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3104
WebCompanionInstaller.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3104
WebCompanionInstaller.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3104
WebCompanionInstaller.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006A000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3104
WebCompanionInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{076a1a84-ab24-4dca-99d6-b86ce19773c6}
DisplayName
Web Companion
3104
WebCompanionInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{076a1a84-ab24-4dca-99d6-b86ce19773c6}
ApplicationVersion
4.6.1966.3854
3104
WebCompanionInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{076a1a84-ab24-4dca-99d6-b86ce19773c6}
Publisher
Lavasoft
3104
WebCompanionInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{076a1a84-ab24-4dca-99d6-b86ce19773c6}
DisplayIcon
C:\Program Files\Lavasoft\Web Companion\Application\WebCompanionIcon.ico
3104
WebCompanionInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{076a1a84-ab24-4dca-99d6-b86ce19773c6}
DisplayVersion
4.6.1966.3854
3104
WebCompanionInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{076a1a84-ab24-4dca-99d6-b86ce19773c6}
URLInfoAbout
http://www.lavasoft.com
3104
WebCompanionInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{076a1a84-ab24-4dca-99d6-b86ce19773c6}
Contact
3104
WebCompanionInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{076a1a84-ab24-4dca-99d6-b86ce19773c6}
InstallDate
20190314
3104
WebCompanionInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{076a1a84-ab24-4dca-99d6-b86ce19773c6}
UninstallString
C:\Program Files\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe --uninstall
3104
WebCompanionInstaller.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost
*
2
3104
WebCompanionInstaller.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
http
2
3104
WebCompanionInstaller.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
1406
0
3104
WebCompanionInstaller.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
2301
3
3104
WebCompanionInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Web Companion
Installed
1
3104
WebCompanionInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Web Companion
RevertHP
0
3104
WebCompanionInstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Web Companion
RevertSE
0
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{EDCEA133-46A9-11E9-BEEC-5254004A04AF}
0
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307030004000E00160026002F001B03
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307030004000E00160026002F001B03
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307030004000E00160026002F009803
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
11
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307030004000E00160026002F00B703
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
29
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307030004000E001600260030000D00
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
25
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307030004000E00160026003300300200000000
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
NotifyDownloadComplete
yes
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019031420190315
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019031420190315
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019031420190315
CachePrefix
:2019031420190315:
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019031420190315
CacheLimit
8192
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019031420190315
CacheOptions
11
3480
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019031420190315
CacheRepair
0
3480
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018082720180903
3480
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018090920180910
3984
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3984
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-100
DHCP Quarantine Enforcement Client
3984
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-101
Provides DHCP based enforcement for NAP
3984
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-103
1.0
3984
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-102
Microsoft Corporation
3984
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-1
IPsec Relying Party
3984
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-2
Provides IPsec based enforcement for Network Access Protection
3984
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-4
1.0
3984
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-3
Microsoft Corporation
3984
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-100
RD Gateway Quarantine Enforcement Client
3984
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-101
Provides RD Gateway enforcement for NAP
3984
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-102
1.0
3984
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-103
Microsoft Corporation
3984
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-100
EAP Quarantine Enforcement Client
3984
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-101
Provides Network Access Protection enforcement for EAP authenticated network connections, such as those used with 802.1X and VPN technologies.
3984
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-102
1.0
3984
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-103
Microsoft Corporation
3340
WebCompanion.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3340
WebCompanion.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebCompanion_RASAPI32
EnableFileTracing
0
3340
WebCompanion.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebCompanion_RASAPI32
EnableConsoleTracing
0
3340
WebCompanion.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebCompanion_RASAPI32
FileTracingMask
4294901760
3340
WebCompanion.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebCompanion_RASAPI32
ConsoleTracingMask
4294901760
3340
WebCompanion.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebCompanion_RASAPI32
MaxFileSize
1048576
3340
WebCompanion.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebCompanion_RASAPI32
FileDirectory
%windir%\tracing
3340
WebCompanion.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebCompanion_RASMANCS
EnableFileTracing
0
3340
WebCompanion.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebCompanion_RASMANCS
EnableConsoleTracing
0
3340
WebCompanion.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebCompanion_RASMANCS
FileTracingMask
4294901760
3340
WebCompanion.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebCompanion_RASMANCS
ConsoleTracingMask
4294901760
3340
WebCompanion.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebCompanion_RASMANCS
MaxFileSize
1048576
3340
WebCompanion.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WebCompanion_RASMANCS
FileDirectory
%windir%\tracing
3340
WebCompanion.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Web Companion
C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
3340
WebCompanion.exe
write
HKEY_CURRENT_USER\Software\Lavasoft\Web Companion
isFFOpen
False
3340
WebCompanion.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
3340
WebCompanion.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
DisplayName
Bing
3340
WebCompanion.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
URL
http://www.bing.com/search?pc=COSP&ptag=D031419-N0400A7DC2D27D18&form=CONBDF&conlogo=CT3335817&q={searchTerms}
3340
WebCompanion.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SuggestionsURL
http://api.bing.com/qsml.aspx?query={searchTerms}
3340
WebCompanion.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
FaviconPath
C:\ProgramData\Lavasoft\Web Companion\Icons\bing.ico
3340
WebCompanion.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
FaviconURL
http://www.bing.com/favicon.ico
3340
WebCompanion.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
OSDFileURL
3340
WebCompanion.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
ShowSearchSuggestions
1
3340
WebCompanion.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
ShowTopResult
1
3340
WebCompanion.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
TopResultURL
http://www.bing.com/search?pc=COSP&ptag=D031419-N0400A7DC2D27D18&form=CONBDF&conlogo=CT3335817&q={searchTerms}
3340
WebCompanion.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3340
WebCompanion.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2456
Lavasoft.WCAssistant.WinService.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2456
Lavasoft.WCAssistant.WinService.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2456
Lavasoft.WCAssistant.WinService.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2456
Lavasoft.WCAssistant.WinService.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost
*
2
2456
Lavasoft.WCAssistant.WinService.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
http
2
2940
netsh.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US

Files activity

Executable files
76
Suspicious files
8
Text files
139
Unknown types
7

Dropped files

PID
Process
Filename
Type
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe
executable
MD5: 4a4c31e5009e8148a135926b7becc07c
SHA256: 1c3f6fc6191ecc19e55fbd80add906a623e182e6c209234dd3db51f3e23b566f
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\es-ES\WebCompanionInstaller.resources.dll
executable
MD5: 2a2eec83b83257227bd89e1d457a65e5
SHA256: 61281bb873674945dca988be1990b38498a43b506d959751ce0a7c83bbeaca89
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\Esent.Interop.dll
executable
MD5: d873b8ae24c21541b58f85faca69dda6
SHA256: c0218aeeeb450a4e405589711d2320e8978739685e273657e2a52b972b6f2046
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\en-US\WebCompanion.resources.dll
executable
MD5: 4cb21062e12eac2442d80bfbaeedf11d
SHA256: 144a4db07102c64f68a274fec3e50aa1f42d1d99a3565c14adb99efb132d50b5
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\ICSharpCode.SharpZipLib.dll
executable
MD5: b7860f50ff7781c8f0f6d0b65c4b2148
SHA256: 96fca6b54b847e16c42e6fc9c2df01f2b7e49dca4f81c3e7584cc8d5540dd46b
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll
executable
MD5: 36e0351e45c25911159e07eaae7c9453
SHA256: 7c81495da567c130f26cafff2e1383a894f730b57d4f511a5715d49dbeaabece
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\DotNetZip.dll
executable
MD5: d536a2a31f13253b49567d8f392cfaa3
SHA256: 1c05b29823784f03425543e17b6e1279b73fb3def5be6054cab70d5ad347becb
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\en-US\WebCompanionInstaller.resources.dll
executable
MD5: 93c0da73d249b1f995bc0389c8467406
SHA256: be9a8f9801b7be20265f7d3381ebd6d8b4e0f075284bb8f70eec65ea65677031
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\BCUSDK.dll
executable
MD5: 11eeaf9ab5e56606e2a7ac9527ff6a89
SHA256: 72a89a974b1b847216e8eaa4d1cb43f4ce66dd4c4b5fa763dd1f11a39499e941
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\fr-CA\WebCompanion.resources.dll
executable
MD5: be7dd1f1cff845c69338e06ba5187bd6
SHA256: 0115acd4251817f65f84a030dd961837236ee0b6b9eaaa19986c976bdcb20821
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\BCUEngineS.dll
executable
MD5: 94eda684235096983c665a8c27ed94c8
SHA256: 8a5dbabb52064a6b46a1af7c00deafed299a03b7e41721ca19c0ca3012355c95
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\de-DE\WebCompanion.resources.dll
executable
MD5: 94c33a185de668b89bbd2ce2938b8e04
SHA256: b33b6c5b6e358435407dee5a6e7d82dd0c159e6ac870c9d3ad42b38ea204798a
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\it-IT\WebCompanion.resources.dll
executable
MD5: 27555a618f0e8653e86acccb8d58f99b
SHA256: 2608a1a06538ffce7bfbdd18f9a071b756207d31f2f444930dbfb90470dafc06
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
executable
MD5: fb70c64a5a170907c132eb6876d30210
SHA256: 532c5ac7794584a68aca3edd338fdda499f2d059653eda2246428a88d500ac08
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\Ad-Aware Web Companion.exe
executable
MD5: 0a5105331843fc0fd451c98cd6ba842c
SHA256: c143cc8d634c55c348543a21d49ec9a0174f4b959e6d514ab92c52267663d8de
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\de-DE\WebCompanionInstaller.resources.dll
executable
MD5: 2209d10f9cf4eb7c77e96148f5121419
SHA256: 1d34217c29fedd30fb147e2a874b47a183ce6eda951bc68a51249487fec21339
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\fr-CA\WebCompanionInstaller.resources.dll
executable
MD5: 318a11cacd2c6d298f9e6ab58e710be1
SHA256: b7e09e7eb0177e7b90614e9af2a5aa65f1e03e90facc78de3b2316b8ab45a69c
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\Interop.IWshRuntimeLibrary.dll
executable
MD5: 41502b2c071fe916ecb7d953f8a5957c
SHA256: 7d50c481d316b93508ff23c512b355e50bb4ac8f8bc7267e340b5a82e744ac89
3528
nano_download[1].exe
C:\Users\admin\AppData\Local\Temp\7zSEF24.tmp\en-US\WebCompanionInstaller.resources.dll
executable
MD5: cdc01a533b73e48df2a53b5edddaa4e1
SHA256: 7162563f890db1db2798f4cb9c8a604642ddd0c18d407d44e948757e0aa2afd8
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\WebCompanionExtensionIE.dll
executable
MD5: 260234aa0a842bbd0871fb273d89b14f
SHA256: 586f448ebf85fe25f53ecde565df77afbd76655dea5717fea8f1a903ca4faa17
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\it-IT\WebCompanionInstaller.resources.dll
executable
MD5: d0d0d82e7ed265928ae2b030992660e7
SHA256: 1ea0dd7a2a4950bd241baab5fa4439a4acd473f7794cfa49e94512fa21a4ee1a
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\Interop.LavasoftTcpServiceLib.dll
executable
MD5: 08e43c364b15a1c036caf73a7a974a5b
SHA256: 9fc106cea725f269adfecf61d895aed9ce9309444dd3df3298a7b7644d62507d
3528
nano_download[1].exe
C:\Users\admin\AppData\Local\Temp\7zSEF24.tmp\zh-CHS\WebCompanionInstaller.resources.dll
executable
MD5: 3f12518ac5b33364f614f62d828d43f0
SHA256: 6b5773e7208d753a64c924be5be25d752c770518649b85ff11148a0c3cf671fc
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.Loader.exe
executable
MD5: e4976bbdd6859dcd9e5225fdf7ec284b
SHA256: a11e1ab1e5674900a7f37cab7d61bdb9a8634952127818f8e39ba406ef89eed4
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\ja-JP\WebCompanion.resources.dll
executable
MD5: baeb394c5fdf30e99d2608506415f1a7
SHA256: a71a9459bb59677d5258393f778d56dab9547e850eba32d4f680aa8d14b8fa3d
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\Interop.SHDocVw.dll
executable
MD5: 7a91893bc7de8398e141a24922e38fe5
SHA256: cc5793cb4fe7b16330a4ad27d3b6c021bb85bbda856bf6f424d33112ae025c94
3528
nano_download[1].exe
C:\Users\admin\AppData\Local\Temp\7zSEF24.tmp\fr-CA\WebCompanionInstaller.resources.dll
executable
MD5: b86499ce5b44b03f28dd1824a0aca579
SHA256: 95426310488a1e8a74483d5cfcbdc6ae5a7af59ac86d0ad59087fd5ca0e10c97
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe
executable
MD5: 8cc8d226140cff7a8777ab2963ee884e
SHA256: 013a23c1b1e4b7f1d07e932845782ccbefc27b568ffd0a2b73b4152f817a677c
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\ja-JP\WebCompanionInstaller.resources.dll
executable
MD5: c682690da31756c9438c411e58adaa7a
SHA256: 232723ce1b3ac8455bb87a1b87ab303ba32f60f8b68b9369ae5abb82ccf0f4e8
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\Interop.Shell32.dll
executable
MD5: ac70612011dfa5a7476627a3674f5e14
SHA256: b8790c877bad4347709dd85aea323973f82d336eb0b9a2a5bf4afc2246948f09
3528
nano_download[1].exe
C:\Users\admin\AppData\Local\Temp\7zSEF24.tmp\es-ES\WebCompanionInstaller.resources.dll
executable
MD5: caa592f10e44a27bb796b34876157093
SHA256: fe049dacd1f377006c0511373d52b00d43d079bb2dcba833b96e0aa10105455e
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\ucrtbased.dll
executable
MD5: 538d5046b803026f0b92dfb4a5f19b2b
SHA256: cd548f55e0bda7ccff47d5de6273c9b854302b7225de70262cac4c993e4fd80b
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\pt-BR\WebCompanionInstaller.resources.dll
executable
MD5: abea852d4167ec5085d291fb91c1ce0f
SHA256: daf78a4418afb8b514fdf7835aafbc7c9dee80f9473cbec10ca2cbfdbadcbe5c
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Events.dll
executable
MD5: 7fb0f64df43425ff94f2c70d6c2cbbfe
SHA256: ba0126a1cfd17378202684212ff46def2efa7ac508992eb01e5d88c058c63021
3528
nano_download[1].exe
C:\Users\admin\AppData\Local\Temp\7zSEF24.tmp\it-IT\WebCompanionInstaller.resources.dll
executable
MD5: 5a550fd76f49ede76a617165790f1030
SHA256: b6b04af19eeff35f1acabdaaaa634d1ed8f2fd6318f486c1740d7df44b149a4c
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\vcruntime140d.dll
executable
MD5: 5981ba3712b6f1cce51b76c2d313c3ef
SHA256: 58a2e68820337d7fc06adf2bf91a7bccd3630d7192776446117891c0e803b38d
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\ru-RU\WebCompanion.resources.dll
executable
MD5: 2f5b133ad4858b5ae8b8514bb98c8422
SHA256: 7f8c1ae1c9b15caba4e956ade4573f632e3a3536c4dd7da09634fa9c3b260151
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Automation.dll
executable
MD5: 0b5d6f775636df2f5a199e65f3e453fb
SHA256: da824ca468c5656632a978b356afd95a76e383e60769ce53c0a91a56c69be9e7
3528
nano_download[1].exe
C:\Users\admin\AppData\Local\Temp\7zSEF24.tmp\tr-TR\WebCompanionInstaller.resources.dll
executable
MD5: 0df8782409c881ff4be2ee6f8bf939e9
SHA256: 15858667b77a42bf4d51b71c453c26fa31a73780e8e64c6d92348ccbb6394d69
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\System.Data.SQLite.dll
executable
MD5: c0b2cb356949bc956714c391b9f67558
SHA256: bf7f6a2c7d2858e3c52396951aa3adf71edeedd7264c38daa7afc3972a40045f
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\pt-BR\WebCompanion.resources.dll
executable
MD5: 0b6493eb5cd7a4e9f26d187466d08596
SHA256: 6a3e53b248bec7e3f1bd720a1bed717fd06831ab6b79d5b88b7a071343bff8a6
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Compression.dll
executable
MD5: c0c1948e7499845c33fa07591814a6db
SHA256: 3b0190745ce03925a579d9bd34bb280e401dcd0421bb543a4316adeadb364b73
3528
nano_download[1].exe
C:\Users\admin\AppData\Local\Temp\7zSEF24.tmp\ja-JP\WebCompanionInstaller.resources.dll
executable
MD5: 4935060a1fb7b24035bcbe6f96faf504
SHA256: ae176b7cbc6848146cc9a8bf890e532219ad8a67dd419e0abd00cc164c4f5f6d
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\Newtonsoft.Json.dll
executable
MD5: c9e32bc283b7f1551aa7420f3185fce6
SHA256: 9a4a00b1c8a21e80fd2a195601c0997bc8f7d1c03961c966dcc76c6ab32c4448
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\ru-RU\WebCompanionInstaller.resources.dll
executable
MD5: 345ec20afe0018744c8581dac80813d7
SHA256: f4908449e965a4174c9bd477ba0014498931b1a52a45e089db2e7ecc45b0536f
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
executable
MD5: 9f39de2f941ec9eda1e827b131f0b2b9
SHA256: f0182097198990df9c52c5a6b888c0ec4ae70789c3730058c93a1abe255da927
3528
nano_download[1].exe
C:\Users\admin\AppData\Local\Temp\7zSEF24.tmp\pt-BR\WebCompanionInstaller.resources.dll
executable
MD5: 00e3d0849c0c5bdcb71885515132b39a
SHA256: 02025ad21e2dc34a06861688064d8f2a53bf6b128d9c37164a2025406ba6f370
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\MozCompressor.dll
executable
MD5: 66643b88d7baaf72af0c9ab8e98f30a5
SHA256: 2541de9dcd72811dac8f845be54229751c759433e432524e22b50471819a235d
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\tr-TR\WebCompanionInstaller.resources.dll
executable
MD5: 31be1d8060f36acc539d48c6fbd9cd46
SHA256: ee6330d4e44af5f3a8ebb38ae94959e2e3ec1023a1f4e1a6cbe6b15d39bd15ff
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
executable
MD5: 21e1588e2d1bba283df22f976c9be114
SHA256: 5f49a83cecc4316dd2f3c849582d37eded6017f936782e59e5f94c2c6e6dfdb9
3528
nano_download[1].exe
C:\Users\admin\AppData\Local\Temp\7zSEF24.tmp\ru-RU\WebCompanionInstaller.resources.dll
executable
MD5: 6ed6e6769196eea2c495b42803aa7be4
SHA256: 59a912d53bb5e833a589b59e3e1426f5c9ea60d68ac5c0678c7ae838e2ed1646
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\Microsoft.mshtml.dll
executable
MD5: 7449b1a509e16606adc3b58837b728a1
SHA256: aada8001600d55623d11f8dc98be7ca90373cdb729b3f7c08039b9967daa7cb8
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\tr-TR\WebCompanion.resources.dll
executable
MD5: 723d3c4c1b1afbb0476eb4f0794eb503
SHA256: 84ea2bb41f17d2bb28df62ef58dfdb7e110b1d0a3d7f673f266926dde9a65510
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Omni.dll
executable
MD5: 87ec4c7e0ccd49e3c20c91a0dd5bac31
SHA256: 891aacc159642a5a2cb90d0cc62a7391d40211ec915c5c91e1834dc46442ca8a
3528
nano_download[1].exe
C:\Users\admin\AppData\Local\Temp\7zSEF24.tmp\de-DE\WebCompanionInstaller.resources.dll
executable
MD5: dc042680489ce8e844b99f4f0d46dcb0
SHA256: 63032b704d715e8954fbbbf9b96b3c2a38c0c92f8632921bd0b17a07e999d5dc
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\LZ4.dll
executable
MD5: bb68c69280e8ab02d0f6ff974eec3833
SHA256: 61f825177cd14af4026d859369b4ba250d64934e0f6b7f2dfa111296bea391e9
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\x64\SQLite.Interop.dll
executable
MD5: 221bff38a12c67d93d0aef4e4ae4cac3
SHA256: c3f57e8e12df92df1a8dcbea9aacb7afa0cc2a54b25c39b2f0b949bcd7009b78
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.IEController.dll
executable
MD5: 4a58a91c49e2d30d38ee74ba606ecc7c
SHA256: 99606355b70e8c0c02042d519f413288511f4e148b560b55d477e3a84856c228
3528
nano_download[1].exe
C:\Users\admin\AppData\Local\Temp\7zSEF24.tmp\ICSharpCode.SharpZipLib.dll
executable
MD5: 1b42db3c4a9039ebc3190335205247b5
SHA256: 59d23a14222f115cff3184d4c498ff563398957910271f9e47c319573f7f2dce
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Settings.dll
executable
MD5: 2db4b19214c32265544d775455ddfa9b
SHA256: 071fe20c5c5393e221571a4ee8d1ec3196d7b5d4f4f10972e956853a21f3df29
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\zh-Hans\WebCompanion.resources.dll
executable
MD5: e2fb06860a18e4c59bf45b7f8bf844a6
SHA256: 16e00863297a0c0839528fdad2661021da359ffdd267f9fcae3703f7ba2893ab
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
executable
MD5: f017387169bf11c1c5e13b38cbb9cf32
SHA256: dfafe1645046994a43cd57a132b0c5c7d2b46cd124d82b5147261d4b0c8c1aca
3528
nano_download[1].exe
C:\Users\admin\AppData\Local\Temp\7zSEF24.tmp\WebCompanionInstaller.exe
executable
MD5: a4ab7777a53e007e979dfead88cff835
SHA256: 7a25424c95df5e1a168f45a4042624576cf8137c97a4263751be2a30b869ce40
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
executable
MD5: 94f047ceb321754f9b9dfa127db72138
SHA256: 1a441400b681d9f64e57ff6be95434fa7f9f5f380fb68a40cc4e291c7551667b
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\zh-CHS\WebCompanionInstaller.resources.dll
executable
MD5: 4d5ff2ffc70a49ee0522c64c650579c5
SHA256: cb1480babde4b6776bfc26c1a95780373b2382a4051a66d4bb0ff63b7612c1df
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
executable
MD5: c368b3850e6bd6eeae3f35a1ca6bdbc5
SHA256: c9396d3d71e616e9b8e59318a6ce148b612309c99aaf366a63585afeccdf27c3
3480
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\nano_download[1].exe
executable
MD5: 12926e0abbe4ce4b4b871ba752c86db8
SHA256: b3d8e2f964f1d7335a03860a36c193480e700d3b6a2e2675babd5aafe8de8742
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\log4net.dll
executable
MD5: 54fc4b6aab0d9c2e810f287f70d61d4d
SHA256: 7f74303c8d50566211870f99f0e5f616eef4d46e528bef7a8e3245e2c0ae9be5
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\x86\SQLite.Interop.dll
executable
MD5: 5971b6ea07ba57ac96443339d5b8193b
SHA256: 99abd439c94ab61e41e209672f33e16caead59ec1533bf639b7e3e750fa68f2e
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
executable
MD5: 0c0027264f45ca72293bf9a6b705cd7d
SHA256: 18944cc0297d91ccddba3916e86588f800cbe4e468c866e19239674cb112fd1e
3732
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\WcInstaller[1].exe
executable
MD5: 12926e0abbe4ce4b4b871ba752c86db8
SHA256: b3d8e2f964f1d7335a03860a36c193480e700d3b6a2e2675babd5aafe8de8742
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
executable
MD5: ffbc4583e1708adf11c75337b97d6eda
SHA256: 38061b05a9f30089766d831abb56d2f0bce9bece257655c3c019e9590113fe4f
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
executable
MD5: eb3d1911ad6b1443cb287c725599da73
SHA256: 1ad6b7237e4cd9059628940693f2a7da15f6b68195dc4b2ed9df26dc5936206e
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\liblz4.dll
executable
MD5: 3d8df3a90abd0c1e74de3babf8c35e8d
SHA256: 13b584332496fd8525f9b448e946e80922866356b7351f9338221302f4f9b6e8
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
executable
MD5: 775396aca069a4e0e49422c6f70dcb8f
SHA256: 615ce44b420c708b820986156736052219a46f3c3c8a9fafe1a083bdf5b7c417
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\es-ES\WebCompanion.resources.dll
executable
MD5: caf83d78b6349a40ac5a10c7ac4cf2c4
SHA256: 7aa750e12f4160f277d662c582f1335cf8fa26e0c779538d1d04a5d4e6df7e7e
3588
csc.exe
C:\Users\admin\AppData\Local\Temp\CSCB32F.tmp
––
MD5:  ––
SHA256:  ––
3340
WebCompanion.exe
C:\Users\admin\AppData\Local\Temp\x9e_ec8z.0.cs
text
MD5: 73fd20c96b4b9de6a196448fa38364e2
SHA256: 8653c96caacf882554946d997a3067993ec74b4cf1ea62784f4758f615ec2532
3340
WebCompanion.exe
C:\Users\admin\AppData\Local\Temp\x9e_ec8z.cmdline
text
MD5: eaa4f074f86c508bf53592bf08c63e7b
SHA256: 161252a6c6825734566238bcb8838025c74ed6df9d4067332fab6a132f789c3d
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\WebCompanionInstaller.pdb
pdb
MD5: aa7276832f6fc583164694a09c09f28e
SHA256: 92b87f456bba020138ee7b172a4efe938b001b6519b9d8a73e2a5b051f58a955
3480
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico
––
MD5:  ––
SHA256:  ––
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\WebCompanionIcon.ico
image
MD5: 1dd04466644e96e0ad308d1e637e9621
SHA256: 9733ed5e1e2caeb0986f1d46a052b2d4bd8cd6b041b9f57216f12410605e8455
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe.config
xml
MD5: 1d0d9d32fb69c7f2f33b4e56d93e2c6d
SHA256: c022a2b126c1bad1774e7f9d3a5f50f30cb6b3758a2f870fc676160275f69eac
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\WebCompanionIcon_Pro.ico
image
MD5: bbd842a6e91d908141de6fa59d3a9868
SHA256: d5a8246ef2075dad3b3d582477cf757fe673a3a793ef3de60de82bf8581da19f
3340
WebCompanion.exe
C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log
text
MD5: e1776913294db0b44eb6d21b998638c1
SHA256: 62f7d130a346dba5ae383ea07d31b3d871684bf8eda5fa969bdfd50bd5e90d24
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe.config
xml
MD5: 0c68d37417aba406450f829ae6353c8a
SHA256: ebaa878c71314520307d5e259c93ded3857113112fe102255a4b19c262033a76
3340
WebCompanion.exe
C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log
text
MD5: 9a2974106acbf8c5d16937834ae297c3
SHA256: 0911a49979684d1fced3ba27c78e87e146d4d487a9c77ca73e91915c08dca339
2456
Lavasoft.WCAssistant.WinService.exe
C:\Windows\TEMP\TarAE4E.tmp
––
MD5:  ––
SHA256:  ––
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\WebcompaionReimageIcon.ico
image
MD5: 9932f44f84f0693ad7d3b7f5e41b5c3f
SHA256: 8e10edc1e341c0b89232811bf8b71ca1a1eedc8ca78b79432c4ad702591b2de5
2456
Lavasoft.WCAssistant.WinService.exe
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_B5D049703BF545D53C3EC408947E089F
binary
MD5: f91060a18cacf6c5c07dc62e3489904f
SHA256: b5de3964e4c62507b6f07b033e5f641020405aee3f6962cbf8934d7078d3a34c
2456
Lavasoft.WCAssistant.WinService.exe
C:\Windows\TEMP\CabAE4D.tmp
––
MD5:  ––
SHA256:  ––
2456
Lavasoft.WCAssistant.WinService.exe
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EA618097E393409AFA316F0F87E2C202_B5D049703BF545D53C3EC408947E089F
der
MD5: 34d489b964b0febc170710f66247b5ca
SHA256: fbe5e271db01734cb8ea4c928b92654df6caae86fbc3080b553b4947bd30fdb2
2456
Lavasoft.WCAssistant.WinService.exe
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
binary
MD5: 88221ca0e44c76ed70c8441575c0d470
SHA256: 5b50a31c497d517f6b2d14556efb2c5622364cbc751197b2eae3328d81bb1e7c
2456
Lavasoft.WCAssistant.WinService.exe
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
der
MD5: 5d3a200953a8de2a9e3143e09a8cd3ab
SHA256: adab0bb0d2a66d35ec164b61eb8df536e0f8b3c5da818ed7641ed0de33abd704
3340
WebCompanion.exe
C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log
text
MD5: da039442f0e26a68879e75177715b6c7
SHA256: 5465f7f856ca6db19fe99f28e71a3706de375b5ad21fbe43312c457436852951
3340
WebCompanion.exe
C:\ProgramData\Lavasoft\Web Companion\Options\b_search.json
text
MD5: 1b612a1bfe07bb95fb7244e3135c6b10
SHA256: 8da9b7dcbdba79e397342b9818716911a303e727d4d0810a0906e970bf9b2135
3340
WebCompanion.exe
C:\ProgramData\Lavasoft\Web Companion\Options\ProfileInfo.txt
text
MD5: 161e3d50d4dc4854a5660e4f6274d2bf
SHA256: cbc3ba8923dbfa6196bfef7452bf2d1ad1328a61d27764fd4745b73836867067
3340
WebCompanion.exe
C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log
text
MD5: b2058c41dcc5a7df43435f0ff190ff23
SHA256: 3902ceb33257d09130b4e3387e4a08f39f021400ee4727231fac7f6cb41717b2
3340
WebCompanion.exe
C:\Users\admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_f5db2c2eotb405zbclgx4obr3tgwdj1t\4.6.1966.3854\user.config
xml
MD5: ceddfece648a3e9961bb881bdee973ff
SHA256: 785f6c64bc26ded0c13986ff658a4e7f2d915acf40568f1cadc3dee692a46d63
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe.config
xml
MD5: aed25c4bb45d63f367ac309da2d91716
SHA256: 534ff170605c383fa723b662e49daf7683c560727fd71211b28799c5a6af11af
3340
WebCompanion.exe
C:\Users\admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_f5db2c2eotb405zbclgx4obr3tgwdj1t\4.6.1966.3854\qmbmn9az.newcfg
––
MD5:  ––
SHA256:  ––
3340
WebCompanion.exe
C:\ProgramData\Lavasoft\Web Companion\Options\ChannelInfo.txt
text
MD5: aaf0761fe041e4e57f2528564abf197a
SHA256: 8e596c6fb7be3bc5b625350c771a7ff0d764548189f116b94bfe63f7b830b8e7
3340
WebCompanion.exe
C:\Users\admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_f5db2c2eotb405zbclgx4obr3tgwdj1t\4.6.1966.3854\user.config
xml
MD5: 1854e4510eac8bb080dc1a6acfd12260
SHA256: 73c624af71fa882cdcfc21e6e551b2ef4cee8ef152e5e901c3487ea85c1b39b0
3340
WebCompanion.exe
C:\Users\admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_f5db2c2eotb405zbclgx4obr3tgwdj1t\4.6.1966.3854\yebxsbzy.newcfg
––
MD5:  ––
SHA256:  ––
3340
WebCompanion.exe
C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log
text
MD5: 3f083a503f574a4c7527da098f41e92c
SHA256: fde77ca5bca8debdea541acae2c419e53c5edde6fdbe3b2a9640f95203c7d6be
3340
WebCompanion.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion\Web Companion.lnk
lnk
MD5: 36e03562c2845a344dde1977e58ecda5
SHA256: 77b5f695fe512e3da10bad16c18c9046fbe4fcf90a0154096d087d853ff4198a
3340
WebCompanion.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion\Frequently Asked Questions.url
text
MD5: ad8e3ab1bd502cc189e68c00d6557458
SHA256: 12ba3b4dce1ba85e5a97bf578956d13393bb389a29e4540c9bbebbbd09aa8b45
3340
WebCompanion.exe
C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log
text
MD5: e3e04b98077e57cf9bbb4b92fc235ecd
SHA256: b3aa2962e8108ece6218312b48ef0cd96f4630295c7fe9f0b6d4c231e04276d2
3340
WebCompanion.exe
C:\ProgramData\Lavasoft\Web Companion\Options\ServicePartnerInfo.txt
text
MD5: e08a366da806418e292d0cb0c22abb81
SHA256: 419e19e569025564434ade7101188fcc215b88c15c13a215df5a2458ce93a4ed
3340
WebCompanion.exe
C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log
text
MD5: fbf5f7f7a352d6fa99dc955c7a439e67
SHA256: ce9a244fa9ded65878f6dc4072571fdbab39e9c00bdcc04aa47b5ff787bfae7f
3340
WebCompanion.exe
C:\ProgramData\Lavasoft\Web Companion\Options\ActiveFeatures.zip
compressed
MD5: 0229e30d27cb7e6bd70644d76d36977f
SHA256: b6fdb8b60de5b4f0cfd7236a02f6f2896b3595ff784896daeec61d6a56f69027
3340
WebCompanion.exe
C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log
text
MD5: c2b3fab4eb25451221431af891f6819e
SHA256: 4d06a279ddb8958209103f8f8523768018090d4396eebdb63df4a07ad98bc122
3340
WebCompanion.exe
C:\ProgramData\Lavasoft\Web Companion\Options\CurrentReleaseNotes.txt
text
MD5: f5bd57c383ba95f77ad910dd0200e081
SHA256: abdfbffecbe18ed94df9829819e596ee285b52a94aa108514452a9121721c789
3340
WebCompanion.exe
C:\Users\admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_f5db2c2eotb405zbclgx4obr3tgwdj1t\4.6.1966.3854\user.config
xml
MD5: 0a35fbae99f45bc0dccdb777ecfd0436
SHA256: 19af84c48a15820c94367390d58588ddad8164b0ac4056c258a766c726329550
3340
WebCompanion.exe
C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log
text
MD5: 1f1cefadf8b82687e20ca21444eee883
SHA256: 3cc44f92ea76ce1cb661a816ddc80294992b5c353cc7a6e3addbb55949cf8b91
3340
WebCompanion.exe
C:\Users\admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_f5db2c2eotb405zbclgx4obr3tgwdj1t\4.6.1966.3854\idw5dff3.newcfg
––
MD5:  ––
SHA256:  ––
3104
WebCompanionInstaller.exe
C:\Users\admin\AppData\Roaming\Lavasoft\Web Companion\Options\Language.txt
text
MD5: 3e682eb51baee9f27b0775287510ac6e
SHA256: 05a960000c74ca2f31fac1800e5156e2e4d04a78873f005218aeeb8fbacbbff6
3104
WebCompanionInstaller.exe
C:\ProgramData\Lavasoft\Web Companion\Options\UpdateServer.txt
text
MD5: cf85989b75515ff6cbaaa6dd23d3882a
SHA256: 50e3bd90035ca49b3c57050681449c20953f4efe5711bf4e02e23f2b63968388
3104
WebCompanionInstaller.exe
C:\ProgramData\Lavasoft\Web Companion\Options\install.txt
text
MD5: 3ca1cfa3e7fecbd3a3a49f70c4a6861c
SHA256: 4951e2cac9cffe384ec3ca07538c879683461ec632a1b3cf67b1c31f73800c25
3104
WebCompanionInstaller.exe
C:\ProgramData\Lavasoft\Web Companion\Options\partner.txt
text
MD5: 4a519e5ec4e6f8cbb797eee9698f2df9
SHA256: fdde437f7e5f73145191593fcec0def0ac1bef852199e40c590e998f21a91054
3340
WebCompanion.exe
C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log
text
MD5: bf49fa7d65b8db10a040786ceda3dfa6
SHA256: 019389c2e7ac3507bbd9bc6c628c5f0f98e3d0f53f4b74ecf8241312c05fb9cd
3340
WebCompanion.exe
C:\ProgramData\Lavasoft\Web Companion\Options\SearchInfo.txt
text
MD5: 49728c3f2541831dcd09f8aa07d903ee
SHA256: 9064c8df587ee296b0cd5907ddfded41948287cb790c6aae19a9008ed0e33640
3340
WebCompanion.exe
C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log
text
MD5: f5036be3632969daa3ca16e24fce6d9a
SHA256: 2be64356e8b7dc085dbbf1a95fbb08ec8e63784b1fc8b762e6174c4b9fd32cf7
3340
WebCompanion.exe
C:\ProgramData\Lavasoft\Web Companion\Options\b_search.json
text
MD5: d0825739749cd4cfbc2bbc6eca95eef0
SHA256: ce055abaa7e5debb64d1cb456db7924ab72df479430c0da2d18a514670ab2721
3340
WebCompanion.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
jsonlz4
MD5: 277c4d215234895f79496f25a8e658d0
SHA256: c4cbfb59b2b9ccacae43f1af131967447231fd231e8258e3de25a52e08dab252
3340
WebCompanion.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\searchplugins\bing-lavasoft-ff59.xml
text
MD5: c47ed179b38491d92b43862835d54b7d
SHA256: 2c26d54cdb1e17d1fb75c8112db7af310ba328eea6e55e6d9372f32a0e7e77b1
3104
WebCompanionInstaller.exe
C:\Users\admin\AppData\Local\Temp\WebCompanion.zip
compressed
MD5: 5cd05efd8b5fee4e956245bc85f6dd7a
SHA256: 786b82a90aa212baac51128b6254f9dc845b1a536e78951c458f065eb9792598
3104
WebCompanionInstaller.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\styles[1].css
text
MD5: 07698ba80b805d772a2ac8ac3375df46
SHA256: 78df154e056b8220fca4cf44526556bd64305e7fc9d25d060119641290f23143
3104
WebCompanionInstaller.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\jquery-1.11.2.min[1].js
text
MD5: 5790ead7ad3ba27397aedfa3d263b867
SHA256: 2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
3104
WebCompanionInstaller.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\consent_2[1].htm
html
MD5: 7b3b789cdb60d8f33cddecc8f10907a4
SHA256: e49c9f27c17add9f1f5504c0db31d4087f9ee9872aa2f68d21752181ce524db9
3104
WebCompanionInstaller.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 327eeb90900aadfd93fa1a7c938f17d2
SHA256: e59397f0ed0b92018f1b838a0543f05f221b0d8ae56fd18c7541744b5c055f4a
3104
WebCompanionInstaller.exe
C:\ProgramData\Lavasoft\Web Companion\Options\Statistics.txt
text
MD5: 85145c79400ba8820c7f6f13b722e605
SHA256: cead604bb3d93a24decbe5a6511848a0c249e21fd58c6767b2db6dbdbfa80ff9
3480
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{EDCEA133-46A9-11E9-BEEC-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
3480
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF4DDBBC22FC62A529.TMP
––
MD5:  ––
SHA256:  ––
3732
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\JavaDeployReg.log
text
MD5: 2d13cfa31de32faa5a1c5a7672472f4b
SHA256: d17efb5818a2f1bb04ee7c2da2dd47fe3658170f4f9b4178fed20b2f27f90935
3340
WebCompanion.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search-metadata.json
text
MD5: 249c1926e35a7fb517cd410d7a1e893b
SHA256: abe7fa6e184ff2b84e73e3af104bad28a4dd2cbba8dec8b1c23b98bc39b67cfe
3340
WebCompanion.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 17d7500b02e82916a85b32ed6ba5cc2b
SHA256: dd84ad4d81c6c88b0f414f38329dc162de1ac0f3e314b77429e93f12ceb573e7
3340
WebCompanion.exe
C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log
text
MD5: 124561cd999c5ac3e8034267fa81bf04
SHA256: 2ac9f2d3e22d608b5f6e72d96c92ca3f4e4aa1b16b2b3534b34658d12e732bad
3340
WebCompanion.exe
C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log
text
MD5: e6e37d8a7f2f56a4e223908a76169da2
SHA256: 0342fc6b7cd966976adc5455101568651de650a73101ccfdcca4b39207ef1647
3340
WebCompanion.exe
C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt
text
MD5: 81051bcc2cf1bedf378224b0a93e2877
SHA256: 7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6
3340
WebCompanion.exe
C:\ProgramData\Lavasoft\Web Companion\Options\AppSettings.txt
text
MD5: 77d963264124405cd595d82f8b98cf30
SHA256: a90eb1bce884851298178d140370016af0f4db96682e3dc8404a1a70951e3a3b
3340
WebCompanion.exe
C:\Users\admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_f5db2c2eotb405zbclgx4obr3tgwdj1t\4.6.1966.3854\user.config
xml
MD5: 53b7776133dea3e661de90db5f67a7c3
SHA256: 4cdc018aba5d64b99e82bfe24877d7987709b549cf716b21c18fd331d2ffa848
3340
WebCompanion.exe
C:\Users\admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_f5db2c2eotb405zbclgx4obr3tgwdj1t\4.6.1966.3854\fbafyuu0.newcfg
––
MD5:  ––
SHA256:  ––
3340
WebCompanion.exe
C:\Users\admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_f5db2c2eotb405zbclgx4obr3tgwdj1t\4.6.1966.3854\8wyxoe0h.newcfg
––
MD5:  ––
SHA256:  ––
3340
WebCompanion.exe
C:\Users\admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_f5db2c2eotb405zbclgx4obr3tgwdj1t\4.6.1966.3854\yqmmiib7.newcfg
––
MD5:  ––
SHA256:  ––
3588
csc.exe
C:\Users\admin\AppData\Local\Temp\x9e_ec8z.out
––
MD5:  ––
SHA256:  ––
3588
csc.exe
C:\Users\admin\AppData\Local\Temp\x9e_ec8z.dll
––
MD5:  ––
SHA256:  ––
3480
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019031420190315\index.dat
dat
MD5: d179e07da1d991b173b852437cfa8ecf
SHA256: 2d26acf10cbb6c428a75da62f42d681423b3d21672b624c43da43944287e5de1
3528
nano_download[1].exe
C:\Users\admin\AppData\Local\Temp\7zSEF24.tmp\WebCompanionInstaller.exe.config
xml
MD5: 1d0d9d32fb69c7f2f33b4e56d93e2c6d
SHA256: c022a2b126c1bad1774e7f9d3a5f50f30cb6b3758a2f870fc676160275f69eac
3732
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019031420190315\index.dat
dat
MD5: ae27fc388a0e7b32e65fc121a9b7a38b
SHA256: ccc21a9a3ae509f8c427c4402f391f6e4c05255c6b7b133d54d71317419de612
3480
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\WcInstaller[1].exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3480
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\nano_download[1].exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2432
cvtres.exe
C:\Users\admin\AppData\Local\Temp\RESB330.tmp
––
MD5:  ––
SHA256:  ––
3104
WebCompanionInstaller.exe
C:\Program Files\Lavasoft\Web Companion\Application\Extension\@wcextensionff.xpi
compressed
MD5: 8da01c7329c1af3202d93c8631e0df35
SHA256: a30d0aa074214f7c6d8e82fe36e6ea4fc17c95f6c772c11d03667911c0475a03
3480
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{EDCEA134-46A9-11E9-BEEC-5254004A04AF}.dat
binary
MD5: d02874c707937e189e41f75c6e183937
SHA256: 03b3f1beee1b14e66bf8d9f9ff6bc5d0941d92fd665fdb385ec908ab829b5d8b
3480
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFCD0D89914F9200E2.TMP
––
MD5:  ––
SHA256:  ––
3732
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: f7ef6f7240f92752d51d8c0ee1af3b8f
SHA256: 595a7ec70cb89045fe1c8f8401a5bf86d91c1c2b61651b290b7ff244e3cff37e
3480
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
3480
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[2].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
3340
WebCompanion.exe
C:\ProgramData\Lavasoft\Web Companion\Icons\bing.ico
image
MD5: 97d47d2be99ac4993c3b4ae476642356
SHA256: 8e6892b5a5bfad56e7407a18354cc93edd5691cc9789a19f537352ad8f2b54ac

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
38
TCP/UDP connections
21
DNS requests
14
Threats
3

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3480 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
3732 iexplore.exe GET 200 104.17.177.102:80 http://webcompanion.com/nano_download.php?partner=PF170501 US
executable
malicious
3104 WebCompanionInstaller.exe POST 200 72.55.154.82:80 http://wc-tracking.lavasoft.com/Install.asmx CA
text
xml
whitelisted
3104 WebCompanionInstaller.exe GET 200 104.17.177.102:80 http://www.webcompanion.com/installer/consent_2?culture=en&hp=1&se=1 US
html
malicious
3104 WebCompanionInstaller.exe GET 200 104.17.177.102:80 http://webcompanion.com/installer/css/styles.css?1552603147 US
text
malicious
3104 WebCompanionInstaller.exe GET 200 205.185.208.52:80 http://code.jquery.com/jquery-1.11.2.min.js US
text
whitelisted
3104 WebCompanionInstaller.exe POST 200 72.55.154.82:80 http://wc-tracking.lavasoft.com/Install.asmx CA
text
xml
whitelisted
3104 WebCompanionInstaller.exe POST 200 72.55.154.82:80 http://wc-tracking.lavasoft.com/Install.asmx CA
text
xml
whitelisted
3104 WebCompanionInstaller.exe POST 200 72.55.154.82:80 http://wc-tracking.lavasoft.com/Install.asmx CA
text
xml
whitelisted
3104 WebCompanionInstaller.exe POST 200 72.55.154.82:80 http://wc-tracking.lavasoft.com/Install.asmx CA
text
xml
whitelisted
3104 WebCompanionInstaller.exe POST 200 72.55.154.82:80 http://wc-tracking.lavasoft.com/Install.asmx CA
text
xml
whitelisted
3104 WebCompanionInstaller.exe POST 200 72.55.154.82:80 http://wc-tracking.lavasoft.com/Install.asmx CA
text
xml
whitelisted
3104 WebCompanionInstaller.exe POST 200 72.55.154.82:80 http://wc-tracking.lavasoft.com/Install.asmx CA
text
xml
whitelisted
3104 WebCompanionInstaller.exe POST 200 72.55.154.81:80 http://wc-update-service.lavasoft.com/update.asmx CA
text
xml
whitelisted
3104 WebCompanionInstaller.exe GET 200 104.17.60.19:80 http://wcdownloadercdn.lavasoft.com/4.6.1966.3854/WebCompanion-4.6.1966.3854-prod.zip US
compressed
whitelisted
3104 WebCompanionInstaller.exe POST 200 72.55.154.82:80 http://wc-tracking.lavasoft.com/Install.asmx CA
text
xml
whitelisted
3104 WebCompanionInstaller.exe POST 200 72.55.154.82:80 http://wc-tracking.lavasoft.com/Install.asmx CA
text
xml
whitelisted
3104 WebCompanionInstaller.exe POST 200 72.55.154.82:80 http://wc-tracking.lavasoft.com/Install.asmx CA
text
xml
whitelisted
3104 WebCompanionInstaller.exe POST 200 72.55.154.82:80 http://wc-tracking.lavasoft.com/Install.asmx CA
text
xml
whitelisted
3104 WebCompanionInstaller.exe POST 200 72.55.154.82:80 http://wc-tracking.lavasoft.com/Install.asmx CA
text
xml
whitelisted
3104 WebCompanionInstaller.exe POST 200 72.55.154.82:80 http://wc-tracking.lavasoft.com/Install.asmx CA
text
xml
whitelisted
3104 WebCompanionInstaller.exe POST 200 72.55.154.82:80 http://wc-tracking.lavasoft.com/Install.asmx CA
text
xml
whitelisted
3104 WebCompanionInstaller.exe POST 200 72.55.154.82:80 http://wc-tracking.lavasoft.com/Install.asmx CA
text
xml
whitelisted
3104 WebCompanionInstaller.exe POST 200 72.55.154.82:80 http://wc-tracking.lavasoft.com/Install.asmx CA
text
xml
whitelisted
3104 WebCompanionInstaller.exe POST 200 72.55.154.82:80 http://wc-tracking.lavasoft.com/Install.asmx CA
text
xml
whitelisted
3104 WebCompanionInstaller.exe POST 200 72.55.154.82:80 http://wc-tracking.lavasoft.com/Install.asmx CA
text
xml
whitelisted
3104 WebCompanionInstaller.exe POST 200 72.55.154.82:80 http://wc-tracking.lavasoft.com/Install.asmx CA
text
xml
whitelisted
3104 WebCompanionInstaller.exe POST 200 72.55.154.82:80 http://wc-tracking.lavasoft.com/Install.asmx CA
text
xml
whitelisted
3340 WebCompanion.exe GET 200 104.17.177.102:80 http://webcompanion.com/version_logs?json=true&version=4.6.1966.3854 US
text
malicious
3340 WebCompanion.exe GET 200 104.17.178.102:80 http://rt.webcompanion.com/notifications/download/rt/ActiveFeatures.zip US
compressed
malicious
3340 WebCompanion.exe GET 200 72.55.154.81:80 http://wc-partners.lavasoft.com/Partner.svc/GetPartnerInfo?partner=PF170501 CA
text
whitelisted
3340 WebCompanion.exe GET 200 72.55.154.81:80 http://wc-partners.lavasoft.com/Partner.svc/GetPartnerInfo?partner=PF170501_wb CA
text
whitelisted
3340 WebCompanion.exe GET 200 72.55.154.81:80 http://wc-partners.lavasoft.com/Partner.svc/GetPartnerInfo?partner=PF170501_ab CA
text
whitelisted
3340 WebCompanion.exe GET 200 72.55.154.81:80 http://wc-partners.lavasoft.com/Partner.svc/GetPartnerInfo?partner=PF170501_ac CA
text
whitelisted
2456 Lavasoft.WCAssistant.WinService.exe GET 200 23.37.43.27:80 http://s2.symcb.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCED141%2Fl2SWCyYX308B7Khio%3D NL
der
whitelisted
2456 Lavasoft.WCAssistant.WinService.exe GET 200 23.37.43.27:80 http://sv.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQe6LNDJdqx%2BJOp7hVgTeaGFJ%2FCQgQUljtT8Hkzl699g%2B8uK8zKt4YecmYCEHbufvBDgh52FD6VEFUzieE%3D NL
der
whitelisted
3340 WebCompanion.exe POST 200 72.55.154.82:80 http://wc-tracking.lavasoft.com/tracking.asmx CA
text
xml
whitelisted
3340 WebCompanion.exe POST 200 72.55.154.4:80 http://wsgeoip.lavasoft.com/ipservice.asmx CA
text
xml
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3480 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
3732 iexplore.exe 104.17.177.102:80 Cloudflare Inc US suspicious
3104 WebCompanionInstaller.exe 72.55.154.82:80 iWeb Technologies Inc. CA unknown
3104 WebCompanionInstaller.exe 104.17.177.102:80 Cloudflare Inc US suspicious
3104 WebCompanionInstaller.exe 205.185.208.52:80 Highwinds Network Group, Inc. US unknown
3104 WebCompanionInstaller.exe 72.55.154.81:80 iWeb Technologies Inc. CA unknown
3104 WebCompanionInstaller.exe 104.17.60.19:80 Cloudflare Inc US shared
3340 WebCompanion.exe 104.17.177.102:80 Cloudflare Inc US suspicious
3340 WebCompanion.exe 104.17.178.102:80 Cloudflare Inc US suspicious
3340 WebCompanion.exe 72.55.154.81:80 iWeb Technologies Inc. CA unknown
3340 WebCompanion.exe 104.16.235.79:443 Cloudflare Inc US suspicious
2456 Lavasoft.WCAssistant.WinService.exe 23.37.43.27:80 Akamai Technologies, Inc. NL whitelisted
3340 WebCompanion.exe 72.55.154.82:80 iWeb Technologies Inc. CA unknown
3340 WebCompanion.exe 72.55.154.4:80 iWeb Technologies Inc. CA unknown
3340 WebCompanion.exe 104.17.60.19:443 Cloudflare Inc US shared

DNS requests

Domain IP Reputation
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
webcompanion.com 104.17.177.102
104.17.178.102
malicious
wc-tracking.lavasoft.com 72.55.154.82
72.55.154.81
whitelisted
www.webcompanion.com 104.17.177.102
104.17.178.102
malicious
code.jquery.com 205.185.208.52
whitelisted
wc-update-service.lavasoft.com 72.55.154.81
72.55.154.82
whitelisted
wcdownloadercdn.lavasoft.com 104.17.60.19
104.17.61.19
whitelisted
rt.webcompanion.com 104.17.178.102
104.17.177.102
malicious
wc-partners.lavasoft.com 72.55.154.81
72.55.154.82
whitelisted
sg-bitmask.adaware.com 104.16.235.79
104.16.236.79
suspicious
s2.symcb.com 23.37.43.27
whitelisted
sv.symcd.com 23.37.43.27
whitelisted
wsgeoip.lavasoft.com 72.55.154.4
whitelisted
flow.lavasoft.com 104.17.60.19
104.17.61.19
malicious

Threats

PID Process Class Message
3732 iexplore.exe Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP
3732 iexplore.exe Misc activity ET INFO EXE - Served Attached HTTP
3104 WebCompanionInstaller.exe Misc activity SUSPICIOUS [PTsecurity] Cmd.Powershell.Download HTTP UserAgent (Win7)

Debug output strings

Process Message
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()
WebCompanion.exe System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt'. File name: 'C:\ProgramData\Lavasoft\Web Companion\Options\EventSafeguard.txt' at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Lavasoft.Events.EventSafeguard.RenameSafeguardFile()