URL:

http://wcdownloadercdn.lavasoft.com/9.1.0.409/WcInstaller.exe

Full analysis: https://app.any.run/tasks/005bd4db-7aca-4300-a0df-58111f35569c
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: February 14, 2022, 07:25:59
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MD5:

F67A8D7E9B6EC740CAEBD6F6749EB4EA

SHA1:

BF46C7B6466EDA4D9DB733822C8778FCDDF8E51A

SHA256:

D91FAC5675EFDCF9F6F4AFF5865304CE1680C1AC380812F2E4C2791D5C97B044

SSDEEP:

3:N1KJGDodXGpJEraRcLULVlVcEiJOXLNn:CIAQcLULVPcEqOXLN

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • WcInstaller.exe (PID: 3420)
      • WcInstaller.exe (PID: 3672)
      • WebCompanionInstaller.exe (PID: 3656)
      • WcInstaller.exe (PID: 3936)
      • WebCompanionInstaller.exe (PID: 2172)
      • WcInstaller.exe (PID: 2816)
      • WebCompanionInstaller.exe (PID: 3276)
      • WcInstaller.exe (PID: 2268)
      • WebCompanionInstaller.exe (PID: 3360)
      • WcInstaller.exe (PID: 3532)
      • WebCompanionInstaller.exe (PID: 3028)
      • WcInstaller.exe (PID: 2560)
      • WebCompanionInstaller.exe (PID: 1324)
      • WcInstaller.exe (PID: 3864)
      • WebCompanionInstaller.exe (PID: 3816)
      • WcInstaller.exe (PID: 3492)
      • WcInstaller.exe (PID: 3776)
      • WebCompanionInstaller.exe (PID: 2724)

    • Drops executable file immediately after starts

      • WcInstaller.exe (PID: 3672)
      • WcInstaller.exe (PID: 3936)
      • WcInstaller.exe (PID: 2816)
      • WcInstaller.exe (PID: 2268)
      • WcInstaller.exe (PID: 3532)
      • WcInstaller.exe (PID: 2560)
      • WcInstaller.exe (PID: 3492)
      • WcInstaller.exe (PID: 3776)

    • Loads dropped or rewritten executable

      • WebCompanionInstaller.exe (PID: 2172)
      • WebCompanionInstaller.exe (PID: 3656)
      • WebCompanionInstaller.exe (PID: 3276)
      • WebCompanionInstaller.exe (PID: 3360)
      • WebCompanionInstaller.exe (PID: 1324)

    • Changes settings of System certificates

      • WebCompanionInstaller.exe (PID: 2172)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 3148)
      • WcInstaller.exe (PID: 3672)
      • WcInstaller.exe (PID: 3936)
      • WcInstaller.exe (PID: 2816)
      • WebCompanionInstaller.exe (PID: 3656)
      • WebCompanionInstaller.exe (PID: 2172)
      • WcInstaller.exe (PID: 2268)
      • WcInstaller.exe (PID: 3532)
      • WebCompanionInstaller.exe (PID: 3028)
      • WcInstaller.exe (PID: 2560)
      • WcInstaller.exe (PID: 3492)
      • WebCompanionInstaller.exe (PID: 3816)
      • WcInstaller.exe (PID: 3776)

    • Drops a file with a compile date too recent

      • chrome.exe (PID: 2948)
      • chrome.exe (PID: 3148)
      • WcInstaller.exe (PID: 3672)
      • WcInstaller.exe (PID: 3936)
      • WebCompanionInstaller.exe (PID: 3656)
      • WcInstaller.exe (PID: 2816)
      • WebCompanionInstaller.exe (PID: 2172)
      • WcInstaller.exe (PID: 2268)
      • WcInstaller.exe (PID: 3532)
      • WebCompanionInstaller.exe (PID: 3028)
      • WcInstaller.exe (PID: 2560)
      • WcInstaller.exe (PID: 3492)
      • WebCompanionInstaller.exe (PID: 3816)
      • WcInstaller.exe (PID: 3776)

    • Checks supported languages

      • WcInstaller.exe (PID: 3672)
      • WebCompanionInstaller.exe (PID: 2172)
      • WcInstaller.exe (PID: 3936)
      • WebCompanionInstaller.exe (PID: 3656)
      • WcInstaller.exe (PID: 2816)
      • WebCompanionInstaller.exe (PID: 3276)
      • WcInstaller.exe (PID: 2268)
      • WebCompanionInstaller.exe (PID: 3360)
      • WcInstaller.exe (PID: 3532)
      • WebCompanionInstaller.exe (PID: 3028)
      • WcInstaller.exe (PID: 2560)
      • WebCompanionInstaller.exe (PID: 1324)
      • WcInstaller.exe (PID: 3492)
      • WebCompanionInstaller.exe (PID: 3816)
      • WebCompanionInstaller.exe (PID: 2724)
      • WcInstaller.exe (PID: 3776)

    • Drops a file that was compiled in debug mode

      • WcInstaller.exe (PID: 3672)
      • WcInstaller.exe (PID: 3936)
      • WcInstaller.exe (PID: 2816)
      • WcInstaller.exe (PID: 2268)
      • WcInstaller.exe (PID: 3532)
      • WcInstaller.exe (PID: 2560)
      • WcInstaller.exe (PID: 3492)
      • WcInstaller.exe (PID: 3776)

    • Reads the computer name

      • WebCompanionInstaller.exe (PID: 2172)
      • WebCompanionInstaller.exe (PID: 3656)
      • WebCompanionInstaller.exe (PID: 3276)
      • WebCompanionInstaller.exe (PID: 3360)
      • WebCompanionInstaller.exe (PID: 1324)
      • WebCompanionInstaller.exe (PID: 3028)
      • WebCompanionInstaller.exe (PID: 3816)
      • WebCompanionInstaller.exe (PID: 2724)

    • Adds / modifies Windows certificates

      • WebCompanionInstaller.exe (PID: 2172)

    • Reads Environment values

      • WebCompanionInstaller.exe (PID: 2172)
      • WebCompanionInstaller.exe (PID: 3656)
      • WebCompanionInstaller.exe (PID: 3276)
      • WebCompanionInstaller.exe (PID: 3360)
      • WebCompanionInstaller.exe (PID: 3028)
      • WebCompanionInstaller.exe (PID: 3816)
      • WebCompanionInstaller.exe (PID: 1324)
      • WebCompanionInstaller.exe (PID: 2724)

    • Creates files in the program directory

      • WebCompanionInstaller.exe (PID: 2172)

    • Searches for installed software

      • WebCompanionInstaller.exe (PID: 2172)
      • WebCompanionInstaller.exe (PID: 3656)
      • WebCompanionInstaller.exe (PID: 3028)
      • WebCompanionInstaller.exe (PID: 3816)

    • Creates files in the Windows directory

      • WebCompanionInstaller.exe (PID: 3656)
      • WebCompanionInstaller.exe (PID: 2172)
      • WebCompanionInstaller.exe (PID: 3028)
      • WebCompanionInstaller.exe (PID: 3816)
      • WebCompanionInstaller.exe (PID: 1324)
      • WebCompanionInstaller.exe (PID: 2724)

    • Creates files in the user directory

      • WebCompanionInstaller.exe (PID: 2172)
      • WebCompanionInstaller.exe (PID: 3028)
      • WebCompanionInstaller.exe (PID: 1324)
      • WebCompanionInstaller.exe (PID: 3816)
      • WebCompanionInstaller.exe (PID: 2724)

    • Removes files from Windows directory

      • WebCompanionInstaller.exe (PID: 2172)
      • WebCompanionInstaller.exe (PID: 3028)
      • WebCompanionInstaller.exe (PID: 3816)
      • WebCompanionInstaller.exe (PID: 2724)
      • WebCompanionInstaller.exe (PID: 1324)

    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 2636)

  • INFO

    • Application launched itself

      • chrome.exe (PID: 3148)
      • chrome.exe (PID: 2636)

    • Reads the hosts file

      • chrome.exe (PID: 3148)
      • chrome.exe (PID: 2948)
      • chrome.exe (PID: 2636)
      • chrome.exe (PID: 4048)

    • Reads the computer name

      • chrome.exe (PID: 2948)
      • chrome.exe (PID: 3680)
      • chrome.exe (PID: 3148)
      • chrome.exe (PID: 2760)
      • chrome.exe (PID: 1480)
      • chrome.exe (PID: 3156)
      • explorer.exe (PID: 1800)
      • chrome.exe (PID: 3472)
      • chrome.exe (PID: 3880)
      • taskmgr.exe (PID: 3420)
      • chrome.exe (PID: 3816)
      • chrome.exe (PID: 2636)
      • chrome.exe (PID: 3896)
      • chrome.exe (PID: 4048)
      • chrome.exe (PID: 2524)
      • chrome.exe (PID: 1160)
      • chrome.exe (PID: 2148)

    • Checks supported languages

      • chrome.exe (PID: 2588)
      • chrome.exe (PID: 3680)
      • chrome.exe (PID: 3148)
      • chrome.exe (PID: 2888)
      • chrome.exe (PID: 2808)
      • chrome.exe (PID: 1596)
      • chrome.exe (PID: 2948)
      • chrome.exe (PID: 4080)
      • chrome.exe (PID: 2760)
      • chrome.exe (PID: 2860)
      • chrome.exe (PID: 1996)
      • chrome.exe (PID: 1480)
      • chrome.exe (PID: 3216)
      • chrome.exe (PID: 3056)
      • chrome.exe (PID: 3016)
      • explorer.exe (PID: 1800)
      • chrome.exe (PID: 3156)
      • chrome.exe (PID: 3472)
      • chrome.exe (PID: 3880)
      • taskmgr.exe (PID: 3420)
      • chrome.exe (PID: 3816)
      • chrome.exe (PID: 3328)
      • chrome.exe (PID: 2996)
      • chrome.exe (PID: 2636)
      • chrome.exe (PID: 3392)
      • chrome.exe (PID: 3896)
      • chrome.exe (PID: 3684)
      • chrome.exe (PID: 2280)
      • chrome.exe (PID: 3652)
      • chrome.exe (PID: 2080)
      • chrome.exe (PID: 3232)
      • chrome.exe (PID: 2776)
      • chrome.exe (PID: 2524)
      • chrome.exe (PID: 2580)
      • chrome.exe (PID: 1160)
      • chrome.exe (PID: 520)
      • chrome.exe (PID: 2980)
      • chrome.exe (PID: 4048)
      • chrome.exe (PID: 3900)
      • chrome.exe (PID: 2940)
      • chrome.exe (PID: 3200)
      • chrome.exe (PID: 2992)
      • chrome.exe (PID: 2148)
      • chrome.exe (PID: 2168)

    • Checks Windows Trust Settings

      • chrome.exe (PID: 3148)
      • WebCompanionInstaller.exe (PID: 2172)
      • WebCompanionInstaller.exe (PID: 3656)
      • WebCompanionInstaller.exe (PID: 3276)
      • WebCompanionInstaller.exe (PID: 3360)
      • WebCompanionInstaller.exe (PID: 3028)
      • WebCompanionInstaller.exe (PID: 1324)
      • WebCompanionInstaller.exe (PID: 3816)
      • WebCompanionInstaller.exe (PID: 2724)

    • Reads settings of System Certificates

      • chrome.exe (PID: 3148)
      • chrome.exe (PID: 2948)
      • WebCompanionInstaller.exe (PID: 2172)
      • WebCompanionInstaller.exe (PID: 3656)
      • WebCompanionInstaller.exe (PID: 3276)
      • WebCompanionInstaller.exe (PID: 3360)
      • chrome.exe (PID: 4048)
      • WebCompanionInstaller.exe (PID: 3028)
      • WebCompanionInstaller.exe (PID: 3816)
      • WebCompanionInstaller.exe (PID: 2724)
      • WebCompanionInstaller.exe (PID: 1324)

    • Manual execution by user

      • explorer.exe (PID: 1800)
      • WcInstaller.exe (PID: 3420)
      • WcInstaller.exe (PID: 3672)
      • WcInstaller.exe (PID: 3936)
      • taskmgr.exe (PID: 3420)
      • chrome.exe (PID: 2636)
      • WcInstaller.exe (PID: 3532)
      • WcInstaller.exe (PID: 3864)
      • WcInstaller.exe (PID: 3492)

    • Reads the date of Windows installation

      • chrome.exe (PID: 3880)
      • chrome.exe (PID: 2148)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
111
Monitored processes
62
Malicious processes
16
Suspicious processes
0

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs explorer.exe no specs wcinstaller.exe no specs wcinstaller.exe webcompanioninstaller.exe wcinstaller.exe webcompanioninstaller.exe chrome.exe no specs wcinstaller.exe webcompanioninstaller.exe chrome.exe no specs taskmgr.exe no specs wcinstaller.exe webcompanioninstaller.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs wcinstaller.exe webcompanioninstaller.exe chrome.exe no specs wcinstaller.exe webcompanioninstaller.exe wcinstaller.exe no specs wcinstaller.exe webcompanioninstaller.exe wcinstaller.exe webcompanioninstaller.exe

Process information

PID
CMD
Path
Indicators
Parent process
520"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1056,9595543852154317132,604139615858523926,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
1160"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1056,9595543852154317132,604139615858523926,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
1324.\WebCompanionInstaller.exe --prod --nanouniqueid=1644823731411 --prodC:\Users\admin\AppData\Local\Temp\7zS00ACF3A6\WebCompanionInstaller.exe
WcInstaller.exe
User:
admin
Company:
Lavasoft
Integrity Level:
HIGH
Description:
Web Companion
Exit code:
0
Version:
7.0.2417.4248
1480"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1032,11373123984495570394,12710461487532574670,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3752 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
1596"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,11373123984495570394,12710461487532574670,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1840 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
1800"C:\Windows\explorer.exe" C:\Windows\explorer.exeExplorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
1996"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1032,11373123984495570394,12710461487532574670,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3568 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
2080"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1056,9595543852154317132,604139615858523926,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3864 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
2148"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1056,9595543852154317132,604139615858523926,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1772 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
2168"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1056,9595543852154317132,604139615858523926,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=532 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
113
Suspicious files
217
Text files
231
Unknown types
11

Dropped files

PID
Process
Filename
Type
3148chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-620A040A-C4C.pma
MD5:
SHA256:
3148chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\0682d275-035d-4236-9093-481762749fd1.tmptext
MD5:
SHA256:
3148chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferencestext
MD5:
SHA256:
2888chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pmabinary
MD5:03C4F648043A88675A920425D824E1B3
SHA256:F91DBB7C64B4582F529C968C480D2DCE1C8727390482F31E4355A27BB3D9B450
3148chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datbinary
MD5:9C016064A1F864C8140915D77CF3389A
SHA256:0E7265D4A8C16223538EDD8CD620B8820611C74538E420A88E333BE7F62AC787
3148chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF13e6e8.TMPtext
MD5:64AD8ED3E666540337BA541C549F72F7
SHA256:BECBDB08B5B37D203A85F2E974407334053BB1D2270F0B3C9A4DB963896F2206
3148chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF13e6f8.TMPtext
MD5:81F483F77EE490F35306A4F94DB2286B
SHA256:82434CE3C9D13F509EBEEBE3A7A1A1DE9AB4557629D9FC855761E0CFA45E8BCE
3148chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RF13e6e8.TMPtext
MD5:936EB7280DA791E6DD28EF3A9B46D39C
SHA256:CBAF2AFD831B32F6D1C12337EE5D2F090D6AE1F4DCB40B08BEF49BF52AD9721F
3148chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.oldtext
MD5:5BD3C311F2136A7A88D3E197E55CF902
SHA256:FA331915E1797E59979A3E4BCC2BD0D3DEAA039B94D4DB992BE251FD02A224B9
3148chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Versiontext
MD5:00046F773EFDD3C8F8F6D0F87A2B93DC
SHA256:593EDE11D17AF7F016828068BCA2E93CF240417563FB06DC8A579110AEF81731
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
58
TCP/UDP connections
73
DNS requests
35
Threats
13

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2948
chrome.exe
GET
104.18.88.101:80
http://wcdownloadercdn.lavasoft.com/9.1.0.409/WcInstaller.exe
US
whitelisted
924
svchost.exe
HEAD
403
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOGMyQUFYUjhaZkNqaEUyZDFCRWM2S3dUZw/1.0.0.11_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
US
whitelisted
924
svchost.exe
HEAD
302
142.250.186.142:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOGMyQUFYUjhaZkNqaEUyZDFCRWM2S3dUZw/1.0.0.11_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
US
whitelisted
924
svchost.exe
HEAD
200
173.194.135.102:80
http://r1---sn-aigzrn7z.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOGMyQUFYUjhaZkNqaEUyZDFCRWM2S3dUZw/1.0.0.11_llkgjffcdpffmhiakmfcdcblohccpfmo.crx?cms_redirect=yes&mh=mM&mip=185.198.243.195&mm=28&mn=sn-aigzrn7z&ms=nvh&mt=1644823219&mv=m&mvi=1&pl=24&shardbypass=yes&smhost=r1---sn-aigzrn7d.gvt1.com
US
whitelisted
924
svchost.exe
HEAD
403
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adktovjj3t3n7jwiiegl5h6y3v5q_1.3.36.121/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.121_win_bxugoraqoudfswxg22hsatfdbi.crx3
US
whitelisted
924
svchost.exe
HEAD
200
173.194.137.71:80
http://r2---sn-aigzrn76.gvt1.com/edgedl/release2/chrome_component/adktovjj3t3n7jwiiegl5h6y3v5q_1.3.36.121/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.121_win_bxugoraqoudfswxg22hsatfdbi.crx3?cms_redirect=yes&mh=bj&mip=185.198.243.195&mm=28&mn=sn-aigzrn76&ms=nvh&mt=1644823219&mv=m&mvi=2&pl=24&rmhost=r3---sn-aigzrn76.gvt1.com&shardbypass=yes&smhost=r3---sn-aigzrn7e.gvt1.com
US
whitelisted
2948
chrome.exe
GET
200
104.18.88.101:80
http://wcdownloadercdn.lavasoft.com/9.1.0.409/WcInstaller.exe
US
executable
542 Kb
whitelisted
924
svchost.exe
GET
302
142.250.186.142:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOGMyQUFYUjhaZkNqaEUyZDFCRWM2S3dUZw/1.0.0.11_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
US
html
559 b
whitelisted
924
svchost.exe
HEAD
302
142.250.186.142:80
http://redirector.gvt1.com/edgedl/release2/chrome_component/adktovjj3t3n7jwiiegl5h6y3v5q_1.3.36.121/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.121_win_bxugoraqoudfswxg22hsatfdbi.crx3
US
html
559 b
whitelisted
924
svchost.exe
GET
200
173.194.135.102:80
http://r1---sn-aigzrn7z.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOGMyQUFYUjhaZkNqaEUyZDFCRWM2S3dUZw/1.0.0.11_llkgjffcdpffmhiakmfcdcblohccpfmo.crx?cms_redirect=yes&mh=mM&mip=185.198.243.195&mm=28&mn=sn-aigzrn7z&ms=nvh&mt=1644823219&mv=m&mvi=1&pl=24&shardbypass=yes&smhost=r1---sn-aigzrn7d.gvt1.com
US
crx
2.80 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2948
chrome.exe
104.18.88.101:80
wcdownloadercdn.lavasoft.com
Cloudflare Inc
US
shared
2948
chrome.exe
142.250.186.174:443
clients2.google.com
Google Inc.
US
whitelisted
2948
chrome.exe
142.250.186.77:443
accounts.google.com
Google Inc.
US
suspicious
2948
chrome.exe
142.250.186.142:443
sb-ssl.google.com
Google Inc.
US
whitelisted
2948
chrome.exe
142.250.185.100:443
www.google.com
Google Inc.
US
whitelisted
2948
chrome.exe
142.250.186.35:443
ssl.gstatic.com
Google Inc.
US
whitelisted
2948
chrome.exe
142.250.185.110:443
safebrowsing.google.com
Google Inc.
US
whitelisted
2948
chrome.exe
104.18.87.101:80
wcdownloadercdn.lavasoft.com
Cloudflare Inc
US
shared
2172
WebCompanionInstaller.exe
104.18.87.101:80
wcdownloadercdn.lavasoft.com
Cloudflare Inc
US
shared
3656
WebCompanionInstaller.exe
104.18.87.101:80
wcdownloadercdn.lavasoft.com
Cloudflare Inc
US
shared

DNS requests

Domain
IP
Reputation
wcdownloadercdn.lavasoft.com
  • 104.18.88.101
  • 104.18.87.101
whitelisted
clients2.google.com
  • 142.250.186.174
whitelisted
accounts.google.com
  • 142.250.186.77
shared
sb-ssl.google.com
  • 142.250.186.142
whitelisted
www.google.com
  • 142.250.185.100
malicious
ssl.gstatic.com
  • 142.250.186.35
whitelisted
safebrowsing.google.com
  • 142.250.185.110
whitelisted
flow.lavasoft.com
  • 104.18.87.101
  • 104.18.88.101
whitelisted
wc-update-service.lavasoft.com
  • 64.18.87.81
  • 64.18.87.82
whitelisted
update.googleapis.com
  • 142.250.185.99
whitelisted

Threats

PID
Process
Class
Message
2948
chrome.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3656
WebCompanionInstaller.exe
Potential Corporate Privacy Violation
AV POLICY HTTP request for .exe file with no User-Agent
3656
WebCompanionInstaller.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3656
WebCompanionInstaller.exe
Potentially Bad Traffic
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
2172
WebCompanionInstaller.exe
Potential Corporate Privacy Violation
AV POLICY HTTP request for .exe file with no User-Agent
2172
WebCompanionInstaller.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
2172
WebCompanionInstaller.exe
Potentially Bad Traffic
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
3028
WebCompanionInstaller.exe
Potential Corporate Privacy Violation
AV POLICY HTTP request for .exe file with no User-Agent
3028
WebCompanionInstaller.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3028
WebCompanionInstaller.exe
Potentially Bad Traffic
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
Process
Message
WebCompanionInstaller.exe
Detecting windows culture
WebCompanionInstaller.exe
2/14/2022 7:26:25 AM :-> Starting installer 9.1.0.409 with: .\WebCompanionInstaller.exe --prod, Run as admin: True
WebCompanionInstaller.exe
Detecting windows culture
WebCompanionInstaller.exe
2/14/2022 7:26:38 AM :-> Starting installer 9.1.0.409 with: .\WebCompanionInstaller.exe --prod, Run as admin: True
WebCompanionInstaller.exe
Detecting windows culture
WebCompanionInstaller.exe
2/14/2022 7:26:47 AM :-> Starting installer 7.0.2417.4248 with: .\WebCompanionInstaller.exe --prod --nanouniqueid=1644823598259 --prod, Run as admin: True
WebCompanionInstaller.exe
Failed to report progress in SendPostRequest: System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 104.18.88.101:80 at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress) at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP) at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception) --- End of inner exception stack trace --- at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context) at System.Net.HttpWebRequest.GetRequestStream() at WebCompanionInstaller.Utils.RestUtils.SendPostRequest(String url, String body)
WebCompanionInstaller.exe
Detecting windows culture
WebCompanionInstaller.exe
2/14/2022 7:27:03 AM :-> Starting installer 7.0.2417.4248 with: .\WebCompanionInstaller.exe --prod --nanouniqueid=1644823585058 --prod, Run as admin: True
WebCompanionInstaller.exe
Detecting windows culture
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://wcdownloadercdn.lavasoft.com/9.1.0.409/WcInstaller.exe