File name:

WcInstaller.exe

Full analysis: https://app.any.run/tasks/d20821d8-c423-4724-b9ac-01b18f07c712
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: December 20, 2024, 09:56:43
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

0D45450BBAD58F6F889EBB333CB3FE9E

SHA1:

C9EC93894902FC345DFF5D066A11D4908EBD6B7A

SHA256:

62EDEF94E967D17AC0F939E5A85A6DB9C064382CAE446D530FEDE9C3C9F4CD59

SSDEEP:

24576:b6VnvKCp71e5Oxt/Y/ciGAOkP/WEVughNijvro6sof8:b6VnvKM71e5Oxt/Y/ciGAOkP/JughNik

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Checks Windows Trust Settings

      • WebCompanionInstaller.exe (PID: 6324)
      • WebCompanionInstaller.exe (PID: 6920)

    • Reads security settings of Internet Explorer

      • WebCompanionInstaller.exe (PID: 6324)
      • WebCompanionInstaller.exe (PID: 6920)

    • Executable content was dropped or overwritten

      • WcInstaller.exe (PID: 6160)
      • WebCompanionInstaller.exe (PID: 6324)
      • WcInstaller.exe (PID: 6884)
      • WebCompanionInstaller.exe (PID: 6920)

    • Process requests binary or script from the Internet

      • WebCompanionInstaller.exe (PID: 6324)

    • Potential Corporate Privacy Violation

      • WebCompanionInstaller.exe (PID: 6324)

    • Reads Microsoft Outlook installation path

      • WebCompanionInstaller.exe (PID: 6920)

    • Executes as Windows Service

      • PresentationFontCache.exe (PID: 7072)

    • Reads Internet Explorer settings

      • WebCompanionInstaller.exe (PID: 6920)

  • INFO

    • The sample compiled with english language support

      • WcInstaller.exe (PID: 6160)
      • WebCompanionInstaller.exe (PID: 6324)

    • Checks supported languages

      • WebCompanionInstaller.exe (PID: 6324)
      • WcInstaller.exe (PID: 6160)
      • WebCompanionInstaller.exe (PID: 6920)
      • WebCompanionInstaller[1].exe (PID: 6604)

    • Reads the machine GUID from the registry

      • WebCompanionInstaller.exe (PID: 6324)
      • WebCompanionInstaller.exe (PID: 6920)
      • PresentationFontCache.exe (PID: 7072)
      • WebCompanionInstaller[1].exe (PID: 6604)

    • Create files in a temporary directory

      • WebCompanionInstaller.exe (PID: 6324)
      • WcInstaller.exe (PID: 6884)

    • Creates files in the program directory

      • WebCompanionInstaller.exe (PID: 6324)

    • Sends debugging messages

      • WebCompanionInstaller.exe (PID: 6324)
      • WebCompanionInstaller.exe (PID: 6920)
      • WebCompanionInstaller[1].exe (PID: 6604)

    • Reads the software policy settings

      • WebCompanionInstaller.exe (PID: 6324)
      • WebCompanionInstaller.exe (PID: 6920)

    • Disables trace logs

      • WebCompanionInstaller.exe (PID: 6324)

    • Checks proxy server information

      • WebCompanionInstaller.exe (PID: 6920)

    • Creates files or folders in the user directory

      • WebCompanionInstaller.exe (PID: 6920)

    • Reads the computer name

      • PresentationFontCache.exe (PID: 7072)
      • WebCompanionInstaller[1].exe (PID: 6604)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | InstallShield setup (36.8)
.exe | Win32 Executable MS Visual C++ (generic) (26.6)
.exe | Win64 Executable (generic) (23.6)
.dll | Win32 Dynamic Link Library (generic) (5.6)
.exe | Win32 Executable (generic) (3.8)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2011:04:18 18:54:06+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 104448
InitializedDataSize: 60416
UninitializedDataSize: -
EntryPoint: 0x148d4
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 8.9.0.1201
ProductVersionNumber: 8.9.0.1201
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileVersion: 8.9.0.1201
ProductVersion: 8.9.0.1201
CompanyName: Lavasoft
FileDescription: Web Companion Installer
InternalName: Installer.exe
LegalCopyright: c Lavasoft Limited. All Rights Reserved.
OriginalFileName: Installer.exe
ProductName: Web Companion Installer
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
135
Monitored processes
7
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start wcinstaller.exe webcompanioninstaller.exe wcinstaller.exe webcompanioninstaller.exe presentationfontcache.exe no specs webcompanioninstaller[1].exe wcinstaller.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
4504"C:\Users\admin\AppData\Local\Temp\WcInstaller.exe" C:\Users\admin\AppData\Local\Temp\WcInstaller.exeexplorer.exe
User:
admin
Company:
Lavasoft
Integrity Level:
MEDIUM
Description:
Web Companion Installer
Exit code:
3221226540
Version:
8.9.0.1201
Modules
Images
c:\users\admin\appdata\local\temp\wcinstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
6160"C:\Users\admin\AppData\Local\Temp\WcInstaller.exe" C:\Users\admin\AppData\Local\Temp\WcInstaller.exe
explorer.exe
User:
admin
Company:
Lavasoft
Integrity Level:
HIGH
Description:
Web Companion Installer
Exit code:
0
Version:
8.9.0.1201
Modules
Images
c:\users\admin\appdata\local\temp\wcinstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
6324.\WebCompanionInstaller.exe --prodC:\Users\admin\AppData\Local\Temp\7zS01859533\WebCompanionInstaller.exe
WcInstaller.exe
User:
admin
Company:
Lavasoft
Integrity Level:
HIGH
Description:
Web Companion
Exit code:
0
Version:
8.9.0.1201
Modules
Images
c:\users\admin\appdata\local\temp\7zs01859533\webcompanioninstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
6604"C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\E4DJRUXW\WebCompanionInstaller[1].exe" C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\E4DJRUXW\WebCompanionInstaller[1].exe
WebCompanionInstaller.exe
User:
admin
Company:
Lavasoft
Integrity Level:
HIGH
Description:
Web Companion
Version:
12.1.3.1037
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\inetcache\ie\e4djruxw\webcompanioninstaller[1].exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
6884"C:\Users\admin\AppData\Local\Temp\wctmp_374416951\WcInstaller.exe" --nanouniqueid=1734688611981 --prodC:\Users\admin\AppData\Local\Temp\wctmp_374416951\WcInstaller.exe
WebCompanionInstaller.exe
User:
admin
Company:
Lavasoft
Integrity Level:
HIGH
Description:
Web Companion Installer
Version:
7.0.2417.4248
Modules
Images
c:\users\admin\appdata\local\temp\wctmp_374416951\wcinstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
6920.\WebCompanionInstaller.exe --prod --nanouniqueid=1734688611981 --prodC:\Users\admin\AppData\Local\Temp\7zS4EAAB703\WebCompanionInstaller.exe
WcInstaller.exe
User:
admin
Company:
Lavasoft
Integrity Level:
HIGH
Description:
Web Companion
Version:
7.0.2417.4248
Modules
Images
c:\users\admin\appdata\local\temp\7zs4eaab703\webcompanioninstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
7072C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exeservices.exe
User:
LOCAL SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
PresentationFontCache.exe
Version:
3.0.6920.9141 built by: WinRelRS6
Modules
Images
c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
Total events
18 722
Read events
18 677
Write events
41
Delete events
4

Modification events

(PID) Process:(6324) WebCompanionInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Lavasoft\Web Companion
Operation:writeName:MachineId
Value:
ad1f12af-3f36-3c28-b351-2ce4355f42c2
(PID) Process:(6324) WebCompanionInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\WebCompanionInstaller_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(6324) WebCompanionInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\WebCompanionInstaller_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(6324) WebCompanionInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\WebCompanionInstaller_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(6324) WebCompanionInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\WebCompanionInstaller_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(6324) WebCompanionInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\WebCompanionInstaller_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(6324) WebCompanionInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\WebCompanionInstaller_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(6324) WebCompanionInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\WebCompanionInstaller_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(6324) WebCompanionInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\WebCompanionInstaller_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(6324) WebCompanionInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\WebCompanionInstaller_RASMANCS
Operation:writeName:EnableAutoFileTracing
Value:
0
Executable files
28
Suspicious files
60
Text files
24
Unknown types
0

Dropped files

PID
Process
Filename
Type
6160WcInstaller.exeC:\Users\admin\AppData\Local\Temp\7zS01859533\en-US\WebCompanionInstaller.resources.dllexecutable
MD5:DFBEC54F561770CFC58EFCB94BC78916
SHA256:CC625E594020B6B1B0918B3B91494D7BD7BA1C1B42F0801EDA00873B2AAE633D
6160WcInstaller.exeC:\Users\admin\AppData\Local\Temp\7zS01859533\ja-JP\WebCompanionInstaller.resources.dllexecutable
MD5:7AC711D9380B785717AA978936886F82
SHA256:5426694F67F4025D7DCE718022F8FE47DE0A10C6F2CACAEAE9F35099258EA543
6160WcInstaller.exeC:\Users\admin\AppData\Local\Temp\7zS01859533\de-DE\WebCompanionInstaller.resources.dllexecutable
MD5:352908530F77475E978860F360EC7290
SHA256:30E9E01E9F5A64DE38CAAE805A098FEA68730B8B8B0ABB667F02C152C41D8E24
6324WebCompanionInstaller.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AF360AACB1570042DEFBC833317997D0_DF48483754A6AE209A217FF51855DB26binary
MD5:D9E493DE8189AEE8C63202A6FEE63170
SHA256:DE227EA9B8BE029BAF448F0B2BE44D358037EED16E3DE82FCCEC3830F1154679
6160WcInstaller.exeC:\Users\admin\AppData\Local\Temp\7zS01859533\Newtonsoft.Json.dllexecutable
MD5:3A4649717BDAF9E86DC93CFBCF8A4BAA
SHA256:F2D262CD645B7888B88FFA0E799E3E77C982BD2B09E68AD625B218D1435B6F6B
6324WebCompanionInstaller.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43Dder
MD5:06F09E25373E7F1E65AD72464C94A695
SHA256:1E31536AE72FA688AB515EA4E841022E550E13605126B37B2253626D1A286E87
6160WcInstaller.exeC:\Users\admin\AppData\Local\Temp\7zS01859533\it-IT\WebCompanionInstaller.resources.dllexecutable
MD5:51ACCFA80C64AF944665593304D0F6C3
SHA256:B28CF384E96421B62310A96A566A5FF8CDF3FB3659BD0F06C411670D8E40FE44
6160WcInstaller.exeC:\Users\admin\AppData\Local\Temp\7zS01859533\tr-TR\WebCompanionInstaller.resources.dllexecutable
MD5:BBA94A8FDBA46D14FD49495068A872A7
SHA256:DF665507E86838918F113A84AF7F088125B22A37ED27CFAE6684C72126EA36BD
6160WcInstaller.exeC:\Users\admin\AppData\Local\Temp\7zS01859533\fr-CA\WebCompanionInstaller.resources.dllexecutable
MD5:A204D5F89160479418A89B4C46A50E19
SHA256:F497A2969A09EA45481B01BE5ECB40044B16C5BE631EBE843AB624448BBB2DB2
6324WebCompanionInstaller.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FFbinary
MD5:1070B07840C324BDE9DF5DC5073ED30F
SHA256:264306CC116DBA34EA95DCEA82A355D924333B84C97F9B2F1EB36FD21B6D70F9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
44
TCP/UDP connections
62
DNS requests
43
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6324
WebCompanionInstaller.exe
GET
200
23.192.154.58:80
http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRr2bwARTxMtEy9aspRAZg5QFhagQQUgrrWPZfOn89x6JI3r%2F2ztWk1V88CEDWvt3udNB9q%2FI%2BERqsxNSs%3D
unknown
whitelisted
6324
WebCompanionInstaller.exe
GET
200
23.192.154.58:80
http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanImetAe733nO2lR1GyNn5ASZqsCEE5A5DdU7eaMAAAAAFHTlH8%3D
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6324
WebCompanionInstaller.exe
GET
200
23.192.154.58:80
http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRp%2BmQDKauE4nIg%2FgknZHuBlLkfKgQUzolPglGqFaKEYsoxI2HSYfv4%2FngCECXQy517DWxwDNrkPSQ6scY%3D
unknown
whitelisted
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6324
WebCompanionInstaller.exe
POST
200
64.18.87.82:80
http://wc-update-service.lavasoft.com/update.asmx
unknown
whitelisted
6920
WebCompanionInstaller.exe
GET
200
192.229.221.95:80
http://s1.symcb.com/pca3-g5.crl
unknown
whitelisted
6920
WebCompanionInstaller.exe
GET
200
152.199.19.74:80
http://s2.symcb.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCED141%2Fl2SWCyYX308B7Khio%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
192.168.100.255:137
whitelisted
132
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4712
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
5064
SearchApp.exe
104.126.37.144:443
www.bing.com
Akamai International B.V.
DE
whitelisted
6324
WebCompanionInstaller.exe
23.192.154.58:80
ocsp.entrust.net
AKAMAI-AS
GB
whitelisted
1076
svchost.exe
23.218.210.69:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.124.78.146
  • 51.104.136.2
whitelisted
google.com
  • 142.250.185.174
whitelisted
crl.microsoft.com
  • 23.48.23.156
  • 23.48.23.143
whitelisted
www.microsoft.com
  • 184.30.21.171
  • 88.221.169.152
whitelisted
www.bing.com
  • 104.126.37.144
  • 104.126.37.139
  • 104.126.37.146
  • 104.126.37.161
  • 104.126.37.160
  • 104.126.37.138
  • 104.126.37.154
  • 104.126.37.155
  • 104.126.37.153
whitelisted
ocsp.entrust.net
  • 23.192.154.58
whitelisted
go.microsoft.com
  • 23.218.210.69
whitelisted
login.live.com
  • 20.190.159.71
  • 40.126.31.67
  • 40.126.31.71
  • 20.190.159.73
  • 20.190.159.0
  • 40.126.31.73
  • 20.190.159.2
  • 20.190.159.68
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
wc-update-service.lavasoft.com
  • 64.18.87.82
  • 64.18.87.81
whitelisted

Threats

PID
Process
Class
Message
6324
WebCompanionInstaller.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
6324
WebCompanionInstaller.exe
Potentially Bad Traffic
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
2192
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
Process
Message
WebCompanionInstaller.exe
Detecting windows culture
WebCompanionInstaller.exe
12/20/2024 9:56:52 AM :-> Starting installer 8.9.0.1201 with: .\WebCompanionInstaller.exe --prod, Run as admin: True
WebCompanionInstaller.exe
Failed to report progress in SendPostRequest: System.Net.WebException: The remote name could not be resolved: 'flow.lavasoft.com' at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context) at System.Net.HttpWebRequest.GetRequestStream() at WebCompanionInstaller.Utils.RestUtils.SendPostRequest(String url, String body)
WebCompanionInstaller.exe
Detecting windows culture
WebCompanionInstaller.exe
12/20/2024 9:56:55 AM :-> Starting installer 7.0.2417.4248 with: .\WebCompanionInstaller.exe --prod --nanouniqueid=1734688611981 --prod, Run as admin: True
WebCompanionInstaller.exe
Failed to report progress in SendPostRequest: System.Net.WebException: The remote name could not be resolved: 'flow.lavasoft.com' at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context) at System.Net.HttpWebRequest.GetRequestStream() at WebCompanionInstaller.Utils.RestUtils.SendPostRequest(String url, String body)
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
WcInstaller.exe