URL:

http://webcompanion.com/nano_download.php?partner=PF170501

Full analysis: https://app.any.run/tasks/7ff2b410-e548-4fb3-957d-35e11b280087
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: March 14, 2019, 22:38:33
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MD5:

524B303316D5DB7C535F2E6150CC37C0

SHA1:

5EC8B20F9CB07F274FCA9E4587258C386C26B768

SHA256:

12E65867F0D539577B2BEE69592630D5DCB4ECF79DCF4E81D45E5B20466AADF9

SSDEEP:

3:N1KJAmgDKQiKqJLJlhsnVUn:COmg+tXJDq+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • nano_download[1].exe (PID: 2744)
      • WebCompanionInstaller.exe (PID: 3104)
      • nano_download[1].exe (PID: 3528)
      • Lavasoft.WCAssistant.WinService.exe (PID: 2456)
      • WebCompanion.exe (PID: 3340)
      • Ad-Aware Web Companion.exe (PID: 2420)

    • Loads dropped or rewritten executable

      • WebCompanionInstaller.exe (PID: 3104)
      • Lavasoft.WCAssistant.WinService.exe (PID: 2456)
      • WebCompanion.exe (PID: 3340)

    • Downloads executable files from the Internet

      • iexplore.exe (PID: 3732)

    • Changes internet zones settings

      • WebCompanionInstaller.exe (PID: 3104)

    • Changes the autorun value in the registry

      • WebCompanion.exe (PID: 3340)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 3732)
      • WebCompanionInstaller.exe (PID: 3104)
      • iexplore.exe (PID: 3480)
      • nano_download[1].exe (PID: 3528)

    • Creates files in the program directory

      • WebCompanionInstaller.exe (PID: 3104)
      • WebCompanion.exe (PID: 3340)
      • Lavasoft.WCAssistant.WinService.exe (PID: 2456)

    • Creates files in the user directory

      • WebCompanionInstaller.exe (PID: 3104)
      • WebCompanion.exe (PID: 3340)

    • Reads Internet Cache Settings

      • WebCompanionInstaller.exe (PID: 3104)

    • Starts SC.EXE for service management

      • WebCompanionInstaller.exe (PID: 3104)

    • Reads internet explorer settings

      • WebCompanionInstaller.exe (PID: 3104)

    • Starts CMD.EXE for commands execution

      • WebCompanionInstaller.exe (PID: 3104)
      • Lavasoft.WCAssistant.WinService.exe (PID: 2456)

    • Uses NETSH.EXE for network configuration

      • cmd.exe (PID: 3200)
      • cmd.exe (PID: 2360)

    • Creates files in the Windows directory

      • Lavasoft.WCAssistant.WinService.exe (PID: 2456)

    • Creates a software uninstall entry

      • WebCompanionInstaller.exe (PID: 3104)

    • Removes files from Windows directory

      • Lavasoft.WCAssistant.WinService.exe (PID: 2456)

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3480)

    • Changes internet zones settings

      • iexplore.exe (PID: 3480)

    • Creates files in the user directory

      • iexplore.exe (PID: 3732)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3732)
      • iexplore.exe (PID: 3480)

    • Dropped object may contain Bitcoin addresses

      • WebCompanionInstaller.exe (PID: 3104)
      • WebCompanion.exe (PID: 3340)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
58
Monitored processes
18
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start drop and start start drop and start drop and start iexplore.exe iexplore.exe nano_download[1].exe no specs nano_download[1].exe webcompanioninstaller.exe presentationfontcache.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs cmd.exe no specs netsh.exe no specs webcompanion.exe lavasoft.wcassistant.winservice.exe cmd.exe no specs netsh.exe no specs csc.exe no specs cvtres.exe no specs ad-aware web companion.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1004"sc.exe" Create "WCAssistantService" binPath= "C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe" DisplayName= "WC Assistant" start= autoC:\Windows\system32\sc.exeWebCompanionInstaller.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
A tool to aid in developing services for WindowsNT
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\sc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\apphelp.dll
2068"sc.exe" description "WCAssistantService" "Ad-Aware Web Companion Internet security service"C:\Windows\system32\sc.exeWebCompanionInstaller.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
A tool to aid in developing services for WindowsNT
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\sc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\apphelp.dll
2360"C:\Windows\System32\cmd.exe" /C netsh http add urlacl url=http://+:9007/ user=EveryoneC:\Windows\System32\cmd.exeLavasoft.WCAssistant.WinService.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Command Processor
Exit code:
1
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2420"C:\Program Files\Lavasoft\Web Companion\Application\Ad-Aware Web Companion.exe" {0633EE93-D776-472f-A0FF-E1416B8B2E3A}C:\Program Files\Lavasoft\Web Companion\Application\Ad-Aware Web Companion.exeWebCompanion.exe
User:
admin
Company:
Integrity Level:
HIGH
Description:
Ad-Aware Web Companion.exe
Exit code:
0
Version:
4.6.1966.3854
Modules
Images
c:\program files\lavasoft\web companion\application\ad-aware web companion.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
2432C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\admin\AppData\Local\Temp\RESB330.tmp" "c:\Users\admin\AppData\Local\Temp\CSCB32F.tmp"C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.execsc.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft® Resource File To COFF Object Conversion Utility
Exit code:
0
Version:
8.00.50727.4940 (Win7SP1.050727-5400)
Modules
Images
c:\windows\microsoft.net\framework\v2.0.50727\cvtres.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\apphelp.dll
2456"C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe"C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
services.exe
User:
SYSTEM
Integrity Level:
SYSTEM
Description:
SPWindowsService
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\program files\lavasoft\web companion\application\lavasoft.wcassistant.winservice.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2744"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\nano_download[1].exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\nano_download[1].exeiexplore.exe
User:
admin
Company:
Lavasoft
Integrity Level:
MEDIUM
Description:
Web Companion Installer
Exit code:
3221226540
Version:
4.6.1966.3854
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\0uu90r59\nano_download[1].exe
c:\systemroot\system32\ntdll.dll
2880C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exeC:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exeservices.exe
User:
LOCAL SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
PresentationFontCache.exe
Exit code:
0
Version:
3.0.6920.4902 built by: NetFXw7
Modules
Images
c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2940netsh http add urlacl url=http://+:9007/ user=EveryoneC:\Windows\system32\netsh.execmd.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Network Command Shell
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
3104.\WebCompanionInstaller.exe --partner=PF170501 --version=4.6.1966.3854 --prodC:\Users\admin\AppData\Local\Temp\7zSEF24.tmp\WebCompanionInstaller.exe
nano_download[1].exe
User:
admin
Company:
Lavasoft
Integrity Level:
HIGH
Description:
Web Companion
Exit code:
0
Version:
4.6.1966.3854
Modules
Images
c:\users\admin\appdata\local\temp\7zsef24.tmp\webcompanioninstaller.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
Total events
1 396
Read events
1 142
Write events
249
Delete events
5

Modification events

(PID) Process:(3480) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3480) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(3480) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(3480) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(3480) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3480) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(3480) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{EDCEA133-46A9-11E9-BEEC-5254004A04AF}
Value:
0
(PID) Process:(3480) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(3480) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
3
(PID) Process:(3480) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E307030004000E00160026002F001B03
Executable files
76
Suspicious files
8
Text files
139
Unknown types
7

Dropped files

PID
Process
Filename
Type
3480iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico
MD5:
SHA256:
3480iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3480iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFCD0D89914F9200E2.TMP
MD5:
SHA256:
3480iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{EDCEA134-46A9-11E9-BEEC-5254004A04AF}.datbinary
MD5:
SHA256:
3732iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\WcInstaller[1].exeexecutable
MD5:
SHA256:
3480iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019031420190315\index.datdat
MD5:
SHA256:
3732iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@webcompanion[1].txttext
MD5:
SHA256:
3480iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF4DDBBC22FC62A529.TMP
MD5:
SHA256:
3480iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{EDCEA133-46A9-11E9-BEEC-5254004A04AF}.dat
MD5:
SHA256:
3480iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\nano_download[1].exeexecutable
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
38
TCP/UDP connections
21
DNS requests
14
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3732
iexplore.exe
GET
200
104.17.177.102:80
http://webcompanion.com/nano_download.php?partner=PF170501
US
executable
347 Kb
malicious
3104
WebCompanionInstaller.exe
POST
200
72.55.154.81:80
http://wc-update-service.lavasoft.com/update.asmx
CA
xml
1.43 Kb
whitelisted
3104
WebCompanionInstaller.exe
GET
200
104.17.60.19:80
http://wcdownloadercdn.lavasoft.com/4.6.1966.3854/WebCompanion-4.6.1966.3854-prod.zip
US
compressed
8.99 Mb
whitelisted
3104
WebCompanionInstaller.exe
POST
200
72.55.154.82:80
http://wc-tracking.lavasoft.com/Install.asmx
CA
xml
294 b
whitelisted
3104
WebCompanionInstaller.exe
GET
200
104.17.177.102:80
http://webcompanion.com/installer/css/styles.css?1552603147
US
text
928 b
malicious
3104
WebCompanionInstaller.exe
POST
200
72.55.154.82:80
http://wc-tracking.lavasoft.com/Install.asmx
CA
xml
294 b
whitelisted
3104
WebCompanionInstaller.exe
POST
200
72.55.154.82:80
http://wc-tracking.lavasoft.com/Install.asmx
CA
xml
294 b
whitelisted
3104
WebCompanionInstaller.exe
POST
200
72.55.154.82:80
http://wc-tracking.lavasoft.com/Install.asmx
CA
xml
294 b
whitelisted
3104
WebCompanionInstaller.exe
POST
200
72.55.154.82:80
http://wc-tracking.lavasoft.com/Install.asmx
CA
xml
294 b
whitelisted
3104
WebCompanionInstaller.exe
POST
200
72.55.154.82:80
http://wc-tracking.lavasoft.com/Install.asmx
CA
xml
294 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3104
WebCompanionInstaller.exe
104.17.177.102:80
webcompanion.com
Cloudflare Inc
US
shared
3104
WebCompanionInstaller.exe
72.55.154.82:80
wc-tracking.lavasoft.com
iWeb Technologies Inc.
CA
unknown
3732
iexplore.exe
104.17.177.102:80
webcompanion.com
Cloudflare Inc
US
shared
3480
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3104
WebCompanionInstaller.exe
72.55.154.81:80
wc-tracking.lavasoft.com
iWeb Technologies Inc.
CA
unknown
3104
WebCompanionInstaller.exe
205.185.208.52:80
code.jquery.com
Highwinds Network Group, Inc.
US
unknown
3340
WebCompanion.exe
104.17.178.102:80
webcompanion.com
Cloudflare Inc
US
shared
3340
WebCompanion.exe
104.17.177.102:80
webcompanion.com
Cloudflare Inc
US
shared
3340
WebCompanion.exe
72.55.154.81:80
wc-tracking.lavasoft.com
iWeb Technologies Inc.
CA
unknown
3104
WebCompanionInstaller.exe
104.17.60.19:80
wcdownloadercdn.lavasoft.com
Cloudflare Inc
US
shared

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
webcompanion.com
  • 104.17.177.102
  • 104.17.178.102
malicious
wc-tracking.lavasoft.com
  • 72.55.154.82
  • 72.55.154.81
whitelisted
www.webcompanion.com
  • 104.17.177.102
  • 104.17.178.102
malicious
code.jquery.com
  • 205.185.208.52
whitelisted
wc-update-service.lavasoft.com
  • 72.55.154.81
  • 72.55.154.82
whitelisted
wcdownloadercdn.lavasoft.com
  • 104.17.60.19
  • 104.17.61.19
whitelisted
rt.webcompanion.com
  • 104.17.178.102
  • 104.17.177.102
malicious
wc-partners.lavasoft.com
  • 72.55.154.81
  • 72.55.154.82
whitelisted
sg-bitmask.adaware.com
  • 104.16.235.79
  • 104.16.236.79
malicious

Threats

PID
Process
Class
Message
3732
iexplore.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3732
iexplore.exe
Misc activity
ET INFO EXE - Served Attached HTTP
3104
WebCompanionInstaller.exe
Misc activity
SUSPICIOUS [PTsecurity] Cmd.Powershell.Download HTTP UserAgent (Win7)
Process
Message
WebCompanionInstaller.exe
Detecting windows culture
WebCompanionInstaller.exe
3/14/2019 10:38:56 PM :-> Starting installer 4.6.1966.3854 with: .\WebCompanionInstaller.exe --partner=PF170501 --version=4.6.1966.3854 --prod, Run as admin: True
WebCompanionInstaller.exe
Preparing for installing Web Companion
WebCompanionInstaller.exe
3/14/2019 10:39:10 PM :-> Generating Machine and Install Id ...
WebCompanionInstaller.exe
3/14/2019 10:39:10 PM :-> Machine Id and Install Id has been generated
WebCompanionInstaller.exe
3/14/2019 10:39:11 PM :-> Checking prerequisites ...
WebCompanionInstaller.exe
3/14/2019 10:39:11 PM :-> Antivirus not detected
WebCompanionInstaller.exe
3/14/2019 10:39:11 PM :-> vm_check False
WebCompanionInstaller.exe
3/14/2019 10:39:11 PM :-> reg_check :False
WebCompanionInstaller.exe
3/14/2019 10:39:12 PM :-> Installed .Net framework is V40
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://webcompanion.com/nano_download.php?partner=PF170501