URL:

http://wcdownloadercdn.lavasoft.com/9.1.0.409/WcInstaller.exe

Full analysis: https://app.any.run/tasks/005bd4db-7aca-4300-a0df-58111f35569c
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: February 14, 2022, 07:25:59
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MD5:

F67A8D7E9B6EC740CAEBD6F6749EB4EA

SHA1:

BF46C7B6466EDA4D9DB733822C8778FCDDF8E51A

SHA256:

D91FAC5675EFDCF9F6F4AFF5865304CE1680C1AC380812F2E4C2791D5C97B044

SSDEEP:

3:N1KJGDodXGpJEraRcLULVlVcEiJOXLNn:CIAQcLULVPcEqOXLN

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • WcInstaller.exe (PID: 3420)
      • WcInstaller.exe (PID: 3672)
      • WebCompanionInstaller.exe (PID: 2172)
      • WcInstaller.exe (PID: 3936)
      • WebCompanionInstaller.exe (PID: 3656)
      • WcInstaller.exe (PID: 2816)
      • WebCompanionInstaller.exe (PID: 3276)
      • WcInstaller.exe (PID: 2268)
      • WebCompanionInstaller.exe (PID: 3360)
      • WcInstaller.exe (PID: 3532)
      • WebCompanionInstaller.exe (PID: 3028)
      • WcInstaller.exe (PID: 2560)
      • WebCompanionInstaller.exe (PID: 1324)
      • WcInstaller.exe (PID: 3864)
      • WebCompanionInstaller.exe (PID: 3816)
      • WcInstaller.exe (PID: 3492)
      • WcInstaller.exe (PID: 3776)
      • WebCompanionInstaller.exe (PID: 2724)

    • Drops executable file immediately after starts

      • WcInstaller.exe (PID: 3672)
      • WcInstaller.exe (PID: 3936)
      • WcInstaller.exe (PID: 2816)
      • WcInstaller.exe (PID: 2268)
      • WcInstaller.exe (PID: 3532)
      • WcInstaller.exe (PID: 2560)
      • WcInstaller.exe (PID: 3492)
      • WcInstaller.exe (PID: 3776)

    • Changes settings of System certificates

      • WebCompanionInstaller.exe (PID: 2172)

    • Loads dropped or rewritten executable

      • WebCompanionInstaller.exe (PID: 2172)
      • WebCompanionInstaller.exe (PID: 3656)
      • WebCompanionInstaller.exe (PID: 3276)
      • WebCompanionInstaller.exe (PID: 3360)
      • WebCompanionInstaller.exe (PID: 1324)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 3148)
      • WcInstaller.exe (PID: 3672)
      • WcInstaller.exe (PID: 3936)
      • WebCompanionInstaller.exe (PID: 3656)
      • WcInstaller.exe (PID: 2816)
      • WcInstaller.exe (PID: 2268)
      • WcInstaller.exe (PID: 3532)
      • WebCompanionInstaller.exe (PID: 3028)
      • WcInstaller.exe (PID: 2560)
      • WebCompanionInstaller.exe (PID: 2172)
      • WcInstaller.exe (PID: 3492)
      • WebCompanionInstaller.exe (PID: 3816)
      • WcInstaller.exe (PID: 3776)

    • Drops a file with a compile date too recent

      • chrome.exe (PID: 2948)
      • chrome.exe (PID: 3148)
      • WcInstaller.exe (PID: 3672)
      • WcInstaller.exe (PID: 3936)
      • WebCompanionInstaller.exe (PID: 3656)
      • WcInstaller.exe (PID: 2816)
      • WebCompanionInstaller.exe (PID: 2172)
      • WcInstaller.exe (PID: 2268)
      • WcInstaller.exe (PID: 3532)
      • WebCompanionInstaller.exe (PID: 3028)
      • WcInstaller.exe (PID: 2560)
      • WcInstaller.exe (PID: 3492)
      • WebCompanionInstaller.exe (PID: 3816)
      • WcInstaller.exe (PID: 3776)

    • Reads the computer name

      • WebCompanionInstaller.exe (PID: 2172)
      • WebCompanionInstaller.exe (PID: 3656)
      • WebCompanionInstaller.exe (PID: 3276)
      • WebCompanionInstaller.exe (PID: 3360)
      • WebCompanionInstaller.exe (PID: 3028)
      • WebCompanionInstaller.exe (PID: 1324)
      • WebCompanionInstaller.exe (PID: 3816)
      • WebCompanionInstaller.exe (PID: 2724)

    • Drops a file that was compiled in debug mode

      • WcInstaller.exe (PID: 3672)
      • WcInstaller.exe (PID: 3936)
      • WcInstaller.exe (PID: 2816)
      • WcInstaller.exe (PID: 2268)
      • WcInstaller.exe (PID: 3532)
      • WcInstaller.exe (PID: 2560)
      • WcInstaller.exe (PID: 3492)
      • WcInstaller.exe (PID: 3776)

    • Checks supported languages

      • WebCompanionInstaller.exe (PID: 2172)
      • WcInstaller.exe (PID: 3936)
      • WebCompanionInstaller.exe (PID: 3656)
      • WcInstaller.exe (PID: 2816)
      • WebCompanionInstaller.exe (PID: 3276)
      • WcInstaller.exe (PID: 3672)
      • WcInstaller.exe (PID: 2268)
      • WebCompanionInstaller.exe (PID: 3360)
      • WcInstaller.exe (PID: 3532)
      • WebCompanionInstaller.exe (PID: 3028)
      • WcInstaller.exe (PID: 2560)
      • WebCompanionInstaller.exe (PID: 1324)
      • WcInstaller.exe (PID: 3492)
      • WebCompanionInstaller.exe (PID: 3816)
      • WcInstaller.exe (PID: 3776)
      • WebCompanionInstaller.exe (PID: 2724)

    • Adds / modifies Windows certificates

      • WebCompanionInstaller.exe (PID: 2172)

    • Reads Environment values

      • WebCompanionInstaller.exe (PID: 2172)
      • WebCompanionInstaller.exe (PID: 3656)
      • WebCompanionInstaller.exe (PID: 3276)
      • WebCompanionInstaller.exe (PID: 3360)
      • WebCompanionInstaller.exe (PID: 3028)
      • WebCompanionInstaller.exe (PID: 1324)
      • WebCompanionInstaller.exe (PID: 3816)
      • WebCompanionInstaller.exe (PID: 2724)

    • Searches for installed software

      • WebCompanionInstaller.exe (PID: 2172)
      • WebCompanionInstaller.exe (PID: 3656)
      • WebCompanionInstaller.exe (PID: 3028)
      • WebCompanionInstaller.exe (PID: 3816)

    • Creates files in the program directory

      • WebCompanionInstaller.exe (PID: 2172)

    • Creates files in the Windows directory

      • WebCompanionInstaller.exe (PID: 3656)
      • WebCompanionInstaller.exe (PID: 2172)
      • WebCompanionInstaller.exe (PID: 3028)
      • WebCompanionInstaller.exe (PID: 3816)
      • WebCompanionInstaller.exe (PID: 1324)
      • WebCompanionInstaller.exe (PID: 2724)

    • Creates files in the user directory

      • WebCompanionInstaller.exe (PID: 2172)
      • WebCompanionInstaller.exe (PID: 3028)
      • WebCompanionInstaller.exe (PID: 3816)
      • WebCompanionInstaller.exe (PID: 1324)
      • WebCompanionInstaller.exe (PID: 2724)

    • Removes files from Windows directory

      • WebCompanionInstaller.exe (PID: 2172)
      • WebCompanionInstaller.exe (PID: 3028)
      • WebCompanionInstaller.exe (PID: 3816)
      • WebCompanionInstaller.exe (PID: 2724)
      • WebCompanionInstaller.exe (PID: 1324)

    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 2636)

  • INFO

    • Checks supported languages

      • chrome.exe (PID: 3148)
      • chrome.exe (PID: 3680)
      • chrome.exe (PID: 4080)
      • chrome.exe (PID: 2888)
      • chrome.exe (PID: 2588)
      • chrome.exe (PID: 2948)
      • chrome.exe (PID: 2808)
      • chrome.exe (PID: 1596)
      • chrome.exe (PID: 2860)
      • chrome.exe (PID: 2760)
      • chrome.exe (PID: 1480)
      • chrome.exe (PID: 1996)
      • explorer.exe (PID: 1800)
      • chrome.exe (PID: 3156)
      • chrome.exe (PID: 3216)
      • chrome.exe (PID: 3016)
      • chrome.exe (PID: 3472)
      • chrome.exe (PID: 3880)
      • taskmgr.exe (PID: 3420)
      • chrome.exe (PID: 3056)
      • chrome.exe (PID: 3328)
      • chrome.exe (PID: 2996)
      • chrome.exe (PID: 3392)
      • chrome.exe (PID: 3816)
      • chrome.exe (PID: 2636)
      • chrome.exe (PID: 3896)
      • chrome.exe (PID: 4048)
      • chrome.exe (PID: 3684)
      • chrome.exe (PID: 3900)
      • chrome.exe (PID: 3652)
      • chrome.exe (PID: 2776)
      • chrome.exe (PID: 2280)
      • chrome.exe (PID: 1160)
      • chrome.exe (PID: 2580)
      • chrome.exe (PID: 2524)
      • chrome.exe (PID: 3232)
      • chrome.exe (PID: 2080)
      • chrome.exe (PID: 2980)
      • chrome.exe (PID: 2940)
      • chrome.exe (PID: 520)
      • chrome.exe (PID: 2148)
      • chrome.exe (PID: 3200)
      • chrome.exe (PID: 2992)
      • chrome.exe (PID: 2168)

    • Application launched itself

      • chrome.exe (PID: 3148)
      • chrome.exe (PID: 2636)

    • Reads the hosts file

      • chrome.exe (PID: 2948)
      • chrome.exe (PID: 3148)
      • chrome.exe (PID: 2636)
      • chrome.exe (PID: 4048)

    • Reads the computer name

      • chrome.exe (PID: 3148)
      • chrome.exe (PID: 2948)
      • chrome.exe (PID: 3680)
      • chrome.exe (PID: 2760)
      • chrome.exe (PID: 1480)
      • chrome.exe (PID: 3156)
      • explorer.exe (PID: 1800)
      • chrome.exe (PID: 3472)
      • chrome.exe (PID: 3880)
      • taskmgr.exe (PID: 3420)
      • chrome.exe (PID: 3816)
      • chrome.exe (PID: 2636)
      • chrome.exe (PID: 3896)
      • chrome.exe (PID: 4048)
      • chrome.exe (PID: 2524)
      • chrome.exe (PID: 1160)
      • chrome.exe (PID: 2148)

    • Reads settings of System Certificates

      • chrome.exe (PID: 3148)
      • chrome.exe (PID: 2948)
      • WebCompanionInstaller.exe (PID: 2172)
      • WebCompanionInstaller.exe (PID: 3656)
      • WebCompanionInstaller.exe (PID: 3276)
      • WebCompanionInstaller.exe (PID: 3360)
      • chrome.exe (PID: 4048)
      • WebCompanionInstaller.exe (PID: 3028)
      • WebCompanionInstaller.exe (PID: 3816)
      • WebCompanionInstaller.exe (PID: 2724)
      • WebCompanionInstaller.exe (PID: 1324)

    • Checks Windows Trust Settings

      • chrome.exe (PID: 3148)
      • WebCompanionInstaller.exe (PID: 2172)
      • WebCompanionInstaller.exe (PID: 3656)
      • WebCompanionInstaller.exe (PID: 3276)
      • WebCompanionInstaller.exe (PID: 3360)
      • WebCompanionInstaller.exe (PID: 3028)
      • WebCompanionInstaller.exe (PID: 1324)
      • WebCompanionInstaller.exe (PID: 3816)
      • WebCompanionInstaller.exe (PID: 2724)

    • Manual execution by user

      • explorer.exe (PID: 1800)
      • WcInstaller.exe (PID: 3420)
      • WcInstaller.exe (PID: 3672)
      • WcInstaller.exe (PID: 3936)
      • taskmgr.exe (PID: 3420)
      • chrome.exe (PID: 2636)
      • WcInstaller.exe (PID: 3532)
      • WcInstaller.exe (PID: 3492)
      • WcInstaller.exe (PID: 3864)

    • Reads the date of Windows installation

      • chrome.exe (PID: 3880)
      • chrome.exe (PID: 2148)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
111
Monitored processes
62
Malicious processes
16
Suspicious processes
0

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs explorer.exe no specs wcinstaller.exe no specs wcinstaller.exe webcompanioninstaller.exe wcinstaller.exe webcompanioninstaller.exe chrome.exe no specs wcinstaller.exe webcompanioninstaller.exe chrome.exe no specs taskmgr.exe no specs wcinstaller.exe webcompanioninstaller.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs wcinstaller.exe webcompanioninstaller.exe chrome.exe no specs wcinstaller.exe webcompanioninstaller.exe wcinstaller.exe no specs wcinstaller.exe webcompanioninstaller.exe wcinstaller.exe webcompanioninstaller.exe

Process information

PID
CMD
Path
Indicators
Parent process
520"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1056,9595543852154317132,604139615858523926,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
1160"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1056,9595543852154317132,604139615858523926,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
1324.\WebCompanionInstaller.exe --prod --nanouniqueid=1644823731411 --prodC:\Users\admin\AppData\Local\Temp\7zS00ACF3A6\WebCompanionInstaller.exe
WcInstaller.exe
User:
admin
Company:
Lavasoft
Integrity Level:
HIGH
Description:
Web Companion
Exit code:
0
Version:
7.0.2417.4248
1480"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1032,11373123984495570394,12710461487532574670,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3752 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
1596"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,11373123984495570394,12710461487532574670,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1840 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
1800"C:\Windows\explorer.exe" C:\Windows\explorer.exeExplorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
1996"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1032,11373123984495570394,12710461487532574670,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3568 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
2080"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1056,9595543852154317132,604139615858523926,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3864 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
2148"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1056,9595543852154317132,604139615858523926,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1772 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
2168"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1056,9595543852154317132,604139615858523926,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=532 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
113
Suspicious files
217
Text files
231
Unknown types
11

Dropped files

PID
Process
Filename
Type
3148chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-620A040A-C4C.pma
MD5:
SHA256:
3148chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\0682d275-035d-4236-9093-481762749fd1.tmptext
MD5:
SHA256:
3148chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferencestext
MD5:
SHA256:
2888chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pmabinary
MD5:03C4F648043A88675A920425D824E1B3
SHA256:F91DBB7C64B4582F529C968C480D2DCE1C8727390482F31E4355A27BB3D9B450
3148chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF13ea05.TMPtext
MD5:D0BA19096D6C8F8DE58312E8D938E893
SHA256:AADE90A7B0984F3C719D528E4E6FAE3854E28B30363BDD4DF65037E69784A078
3148chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF13e831.TMPtext
MD5:8304B8F42465198890090F52D3F80A4C
SHA256:80C32AC2585E7E81200104B1630F19560A156C4ABF51B5888B0FBF07323FAB34
3148chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datbinary
MD5:9C016064A1F864C8140915D77CF3389A
SHA256:0E7265D4A8C16223538EDD8CD620B8820611C74538E420A88E333BE7F62AC787
3148chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.oldtext
MD5:5BD3C311F2136A7A88D3E197E55CF902
SHA256:FA331915E1797E59979A3E4BCC2BD0D3DEAA039B94D4DB992BE251FD02A224B9
3148chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF13e6e8.TMPtext
MD5:64AD8ED3E666540337BA541C549F72F7
SHA256:BECBDB08B5B37D203A85F2E974407334053BB1D2270F0B3C9A4DB963896F2206
3148chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.oldtext
MD5:8FF312A95D60ED89857FEB720D80D4E1
SHA256:946A57FAFDD28C3164D5AB8AB4971B21BD5EC5BFFF7554DBF832CB58CC37700B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
58
TCP/UDP connections
73
DNS requests
35
Threats
13

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2948
chrome.exe
GET
104.18.88.101:80
http://wcdownloadercdn.lavasoft.com/9.1.0.409/WcInstaller.exe
US
whitelisted
924
svchost.exe
HEAD
403
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOGMyQUFYUjhaZkNqaEUyZDFCRWM2S3dUZw/1.0.0.11_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
US
whitelisted
924
svchost.exe
HEAD
403
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adktovjj3t3n7jwiiegl5h6y3v5q_1.3.36.121/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.121_win_bxugoraqoudfswxg22hsatfdbi.crx3
US
whitelisted
924
svchost.exe
HEAD
200
173.194.137.71:80
http://r2---sn-aigzrn76.gvt1.com/edgedl/release2/chrome_component/adktovjj3t3n7jwiiegl5h6y3v5q_1.3.36.121/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.121_win_bxugoraqoudfswxg22hsatfdbi.crx3?cms_redirect=yes&mh=bj&mip=185.198.243.195&mm=28&mn=sn-aigzrn76&ms=nvh&mt=1644823219&mv=m&mvi=2&pl=24&rmhost=r3---sn-aigzrn76.gvt1.com&shardbypass=yes&smhost=r3---sn-aigzrn7e.gvt1.com
US
whitelisted
924
svchost.exe
HEAD
200
173.194.135.102:80
http://r1---sn-aigzrn7z.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOGMyQUFYUjhaZkNqaEUyZDFCRWM2S3dUZw/1.0.0.11_llkgjffcdpffmhiakmfcdcblohccpfmo.crx?cms_redirect=yes&mh=mM&mip=185.198.243.195&mm=28&mn=sn-aigzrn7z&ms=nvh&mt=1644823219&mv=m&mvi=1&pl=24&shardbypass=yes&smhost=r1---sn-aigzrn7d.gvt1.com
US
whitelisted
2948
chrome.exe
GET
200
104.18.88.101:80
http://wcdownloadercdn.lavasoft.com/9.1.0.409/WcInstaller.exe
US
executable
542 Kb
whitelisted
924
svchost.exe
HEAD
302
142.250.186.142:80
http://redirector.gvt1.com/edgedl/release2/chrome_component/adktovjj3t3n7jwiiegl5h6y3v5q_1.3.36.121/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.121_win_bxugoraqoudfswxg22hsatfdbi.crx3
US
html
559 b
whitelisted
924
svchost.exe
GET
200
173.194.135.102:80
http://r1---sn-aigzrn7z.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOGMyQUFYUjhaZkNqaEUyZDFCRWM2S3dUZw/1.0.0.11_llkgjffcdpffmhiakmfcdcblohccpfmo.crx?cms_redirect=yes&mh=mM&mip=185.198.243.195&mm=28&mn=sn-aigzrn7z&ms=nvh&mt=1644823219&mv=m&mvi=1&pl=24&shardbypass=yes&smhost=r1---sn-aigzrn7d.gvt1.com
US
crx
2.80 Kb
whitelisted
924
svchost.exe
GET
302
142.250.186.142:80
http://redirector.gvt1.com/edgedl/release2/chrome_component/adktovjj3t3n7jwiiegl5h6y3v5q_1.3.36.121/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.121_win_bxugoraqoudfswxg22hsatfdbi.crx3
US
html
614 b
whitelisted
3276
WebCompanionInstaller.exe
POST
200
104.18.87.101:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
US
binary
29 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2948
chrome.exe
142.250.186.35:443
ssl.gstatic.com
Google Inc.
US
whitelisted
2948
chrome.exe
142.250.185.100:443
www.google.com
Google Inc.
US
whitelisted
2948
chrome.exe
142.250.185.110:443
safebrowsing.google.com
Google Inc.
US
whitelisted
2172
WebCompanionInstaller.exe
104.18.87.101:80
wcdownloadercdn.lavasoft.com
Cloudflare Inc
US
shared
2948
chrome.exe
104.18.87.101:80
wcdownloadercdn.lavasoft.com
Cloudflare Inc
US
shared
2948
chrome.exe
104.18.88.101:80
wcdownloadercdn.lavasoft.com
Cloudflare Inc
US
shared
3656
WebCompanionInstaller.exe
104.18.87.101:80
wcdownloadercdn.lavasoft.com
Cloudflare Inc
US
shared
2172
WebCompanionInstaller.exe
104.18.88.101:80
wcdownloadercdn.lavasoft.com
Cloudflare Inc
US
shared
3656
WebCompanionInstaller.exe
64.18.87.81:80
wc-update-service.lavasoft.com
COGECODATA
CA
unknown
3276
WebCompanionInstaller.exe
64.18.87.81:80
wc-update-service.lavasoft.com
COGECODATA
CA
unknown

DNS requests

Domain
IP
Reputation
wcdownloadercdn.lavasoft.com
  • 104.18.88.101
  • 104.18.87.101
whitelisted
clients2.google.com
  • 142.250.186.174
whitelisted
accounts.google.com
  • 142.250.186.77
shared
sb-ssl.google.com
  • 142.250.186.142
whitelisted
www.google.com
  • 142.250.185.100
malicious
ssl.gstatic.com
  • 142.250.186.35
whitelisted
safebrowsing.google.com
  • 142.250.185.110
whitelisted
flow.lavasoft.com
  • 104.18.87.101
  • 104.18.88.101
whitelisted
wc-update-service.lavasoft.com
  • 64.18.87.81
  • 64.18.87.82
whitelisted
update.googleapis.com
  • 142.250.185.99
whitelisted

Threats

PID
Process
Class
Message
2948
chrome.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3656
WebCompanionInstaller.exe
Potential Corporate Privacy Violation
AV POLICY HTTP request for .exe file with no User-Agent
3656
WebCompanionInstaller.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3656
WebCompanionInstaller.exe
Potentially Bad Traffic
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
2172
WebCompanionInstaller.exe
Potential Corporate Privacy Violation
AV POLICY HTTP request for .exe file with no User-Agent
2172
WebCompanionInstaller.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
2172
WebCompanionInstaller.exe
Potentially Bad Traffic
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
3028
WebCompanionInstaller.exe
Potential Corporate Privacy Violation
AV POLICY HTTP request for .exe file with no User-Agent
3028
WebCompanionInstaller.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3028
WebCompanionInstaller.exe
Potentially Bad Traffic
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
Process
Message
WebCompanionInstaller.exe
Detecting windows culture
WebCompanionInstaller.exe
2/14/2022 7:26:25 AM :-> Starting installer 9.1.0.409 with: .\WebCompanionInstaller.exe --prod, Run as admin: True
WebCompanionInstaller.exe
Detecting windows culture
WebCompanionInstaller.exe
2/14/2022 7:26:38 AM :-> Starting installer 9.1.0.409 with: .\WebCompanionInstaller.exe --prod, Run as admin: True
WebCompanionInstaller.exe
Detecting windows culture
WebCompanionInstaller.exe
2/14/2022 7:26:47 AM :-> Starting installer 7.0.2417.4248 with: .\WebCompanionInstaller.exe --prod --nanouniqueid=1644823598259 --prod, Run as admin: True
WebCompanionInstaller.exe
Failed to report progress in SendPostRequest: System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 104.18.88.101:80 at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress) at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP) at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception) --- End of inner exception stack trace --- at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context) at System.Net.HttpWebRequest.GetRequestStream() at WebCompanionInstaller.Utils.RestUtils.SendPostRequest(String url, String body)
WebCompanionInstaller.exe
Detecting windows culture
WebCompanionInstaller.exe
2/14/2022 7:27:03 AM :-> Starting installer 7.0.2417.4248 with: .\WebCompanionInstaller.exe --prod --nanouniqueid=1644823585058 --prod, Run as admin: True
WebCompanionInstaller.exe
Detecting windows culture
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://wcdownloadercdn.lavasoft.com/9.1.0.409/WcInstaller.exe