File name:

Setup.exe.zip

Full analysis: https://app.any.run/tasks/22d4279d-6389-46ec-9b03-4e85707cc171
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: October 23, 2023, 16:46:29
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
adaware
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

6D10BFC07E5510CBAAAF1640DA86FF4C

SHA1:

0988B37087B1BD021E825AEE321A69D65A46A6AD

SHA256:

38F6120A9759663BC363FB1A43C555F174F49273BDC492F29CA8401129D07E3D

SSDEEP:

12288:e5Imi+DBLUg43k7olAcahW+zytlb4qn5DuDgmQ:fjcBLUg43Zl0jYS8H

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Setup.exe (PID: 3536)
      • WebCompanionInstaller.exe (PID: 2160)
      • WebCompanion.exe (PID: 4028)
      • WebCompanion.exe (PID: 3800)
      • WebCompanion.exe (PID: 3620)

    • Drops the executable file immediately after the start

      • Setup.exe (PID: 3536)
      • WebCompanionInstaller.exe (PID: 2160)
      • csc.exe (PID: 3472)

    • Loads dropped or rewritten executable

      • WebCompanionInstaller.exe (PID: 2160)
      • WebCompanion.exe (PID: 4028)
      • WebCompanion.exe (PID: 3620)
      • WebCompanion.exe (PID: 3800)

    • ADAWARE was detected

      • WebCompanionInstaller.exe (PID: 2160)
      • WebCompanion.exe (PID: 4028)

    • Steals credentials from Web Browsers

      • WebCompanion.exe (PID: 4028)
      • WebCompanion.exe (PID: 3800)

    • Starts Visual C# compiler

      • WebCompanion.exe (PID: 4028)

    • Changes the autorun value in the registry

      • WebCompanion.exe (PID: 3800)

    • Actions looks like stealing of personal data

      • WebCompanion.exe (PID: 4028)
      • WebCompanion.exe (PID: 3800)

  • SUSPICIOUS

    • Checks Windows Trust Settings

      • WebCompanionInstaller.exe (PID: 2160)
      • WebCompanion.exe (PID: 4028)
      • WebCompanion.exe (PID: 3800)
      • WebCompanion.exe (PID: 3620)

    • Reads security settings of Internet Explorer

      • WebCompanionInstaller.exe (PID: 2160)
      • WebCompanion.exe (PID: 4028)
      • WebCompanion.exe (PID: 3800)
      • WebCompanion.exe (PID: 3620)

    • Reads settings of System Certificates

      • WebCompanionInstaller.exe (PID: 2160)
      • WebCompanion.exe (PID: 4028)
      • WebCompanion.exe (PID: 3800)
      • WebCompanion.exe (PID: 3620)

    • Searches for installed software

      • WebCompanionInstaller.exe (PID: 2160)
      • WebCompanion.exe (PID: 4028)
      • WebCompanion.exe (PID: 3800)
      • WebCompanion.exe (PID: 3620)

    • Executes as Windows Service

      • PresentationFontCache.exe (PID: 2540)

    • Reads the Internet Settings

      • WebCompanionInstaller.exe (PID: 2160)
      • WebCompanion.exe (PID: 4028)
      • WebCompanion.exe (PID: 3800)
      • WebCompanion.exe (PID: 3620)

    • Drops 7-zip archiver for unpacking

      • WebCompanionInstaller.exe (PID: 2160)

    • Process drops legitimate windows executable

      • WebCompanionInstaller.exe (PID: 2160)

    • The process drops C-runtime libraries

      • WebCompanionInstaller.exe (PID: 2160)

    • Changes internet zones settings

      • WebCompanionInstaller.exe (PID: 2160)

    • Suspicious use of NETSH.EXE

      • cmd.exe (PID: 3768)

    • Starts CMD.EXE for commands execution

      • WebCompanionInstaller.exe (PID: 2160)

    • Uses .NET C# to load dll

      • WebCompanion.exe (PID: 4028)

    • The process verifies whether the antivirus software is installed

      • WebCompanion.exe (PID: 4028)
      • WebCompanion.exe (PID: 3800)

  • INFO

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 556)
      • chrome.exe (PID: 1408)

    • Reads the machine GUID from the registry

      • WebCompanionInstaller.exe (PID: 2160)
      • PresentationFontCache.exe (PID: 2540)
      • WebCompanion.exe (PID: 4028)
      • cvtres.exe (PID: 2732)
      • csc.exe (PID: 3472)
      • WebCompanion.exe (PID: 3800)
      • WebCompanion.exe (PID: 3620)

    • Checks supported languages

      • WebCompanionInstaller.exe (PID: 2160)
      • Setup.exe (PID: 3536)
      • WebCompanion.exe (PID: 4028)
      • PresentationFontCache.exe (PID: 2540)
      • csc.exe (PID: 3472)
      • cvtres.exe (PID: 2732)
      • WebCompanion.exe (PID: 3800)
      • WebCompanion.exe (PID: 3620)

    • Create files in a temporary directory

      • Setup.exe (PID: 3536)
      • WebCompanionInstaller.exe (PID: 2160)
      • csc.exe (PID: 3472)
      • WebCompanion.exe (PID: 4028)
      • cvtres.exe (PID: 2732)

    • Reads the computer name

      • WebCompanionInstaller.exe (PID: 2160)
      • PresentationFontCache.exe (PID: 2540)
      • WebCompanion.exe (PID: 4028)
      • WebCompanion.exe (PID: 3800)
      • WebCompanion.exe (PID: 3620)

    • Reads Environment values

      • WebCompanionInstaller.exe (PID: 2160)
      • WebCompanion.exe (PID: 4028)
      • WebCompanion.exe (PID: 3800)
      • WebCompanion.exe (PID: 3620)

    • Creates files or folders in the user directory

      • WebCompanionInstaller.exe (PID: 2160)
      • WebCompanion.exe (PID: 4028)
      • WebCompanion.exe (PID: 3800)
      • WebCompanion.exe (PID: 3620)

    • Creates files in the program directory

      • WebCompanion.exe (PID: 4028)

    • Reads product name

      • WebCompanion.exe (PID: 4028)
      • WebCompanion.exe (PID: 3800)

    • Application launched itself

      • chrome.exe (PID: 2064)

    • The process uses the downloaded file

      • chrome.exe (PID: 3468)
      • chrome.exe (PID: 2816)
      • chrome.exe (PID: 2860)

    • Manual execution by a user

      • control.exe (PID: 584)
      • WebCompanion.exe (PID: 3620)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: Setup.exe
ZipUncompressedSize: 566584
ZipCompressedSize: 477822
ZipCRC: 0xdd60ab68
ZipModifyDate: 2023:10:23 00:59:08
ZipCompression: Deflated
ZipBitFlag: 0x0009
ZipRequiredVersion: 20
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
69
Monitored processes
31
Malicious processes
7
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start start drop and start drop and start drop and start winrar.exe no specs setup.exe no specs #ADAWARE webcompanioninstaller.exe presentationfontcache.exe no specs cmd.exe no specs netsh.exe no specs #ADAWARE webcompanion.exe csc.exe no specs cvtres.exe no specs webcompanion.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs control.exe no specs webcompanion.exe chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
328"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x60258b38,0x60258b48,0x60258b54C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
556"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Setup.exe.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
584"C:\Windows\System32\control.exe" C:\Windows\System32\control.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Control Panel
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\control.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
948"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=692 --field-trial-handle=1188,i,15346113544262427889,2189819112723663572,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
1044"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3704 --field-trial-handle=1188,i,15346113544262427889,2189819112723663572,131072 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1408"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3612 --field-trial-handle=1188,i,15346113544262427889,2189819112723663572,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\chrome.exe
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1580"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1548 --field-trial-handle=1188,i,15346113544262427889,2189819112723663572,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1928"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3288 --field-trial-handle=1188,i,15346113544262427889,2189819112723663572,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1956"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1328 --field-trial-handle=1188,i,15346113544262427889,2189819112723663572,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2064"C:\Program Files\Google\Chrome\Application\chrome.exe" https://webcompanion.com/en/install.php?partner=IN220101&campaign=20398348972C:\Program Files\Google\Chrome\Application\chrome.exe
WebCompanionInstaller.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
36 724
Read events
36 520
Write events
204
Delete events
0

Modification events

(PID) Process:(556) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
87
Suspicious files
144
Text files
97
Unknown types
0

Dropped files

PID
Process
Filename
Type
3536Setup.exeC:\Users\admin\AppData\Local\Temp\7zS0DD1F91F\Newtonsoft.Json.dllexecutable
MD5:6FE086F542AE0DDE2AB0162A87B63192
SHA256:484A60598618C20E518C0ACB0A2D5296FB64D15DEA2EDDA698A178CABA16CE27
3536Setup.exeC:\Users\admin\AppData\Local\Temp\7zS0DD1F91F\de-DE\WebCompanionInstaller.resources.dllexecutable
MD5:383BA01583DD7FEEE5B749AE4C0A058B
SHA256:ECBE3D8661D6495A47182DDB0C2099EDD1E1B3BE1F14449A10F3F47DDD62539D
3536Setup.exeC:\Users\admin\AppData\Local\Temp\7zS0DD1F91F\en-US\WebCompanionInstaller.resources.dllexecutable
MD5:D3105E9DB5AAC25193D6C6D2D99349F6
SHA256:86B3513221F9D1EDAC50AFB7A43CDEEE1599CDC69F37D6C52BE7F2A0BF014E66
3536Setup.exeC:\Users\admin\AppData\Local\Temp\7zS0DD1F91F\tr-TR\WebCompanionInstaller.resources.dllexecutable
MD5:D0B891BDD8A9CB2ECEF467043456B896
SHA256:B6876B549DB6AAACFA023DC9B26730DBA139B44203918CE98A633BF35E4BFA9F
2160WebCompanionInstaller.exeC:\Users\admin\AppData\Local\Temp\WebCompanion.zipcompressed
MD5:35C46BD17F521B2538081BFBB7CD491C
SHA256:B9646664245A3DDA1FE26EFA6D71B11883DF383F764ADED75976980BED4E18FD
556WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb556.9679\Setup.exeexecutable
MD5:B4B1F8513067D2239C38D5A01CFE8E9C
SHA256:5AA715F9E79444DD3C38F25F676272A883D0BAB424AEE1B7BB872ACFF333AE89
3536Setup.exeC:\Users\admin\AppData\Local\Temp\7zS0DD1F91F\zh-CHS\WebCompanionInstaller.resources.dllexecutable
MD5:581CC2E4A7B67F04B3736AFE592C3BA5
SHA256:EB2384F4871B5DBA83FD3F5B076442B4AEAD1E57ED10E9095C1E13B45AC8BCC5
3536Setup.exeC:\Users\admin\AppData\Local\Temp\7zS0DD1F91F\WebCompanionInstaller.exeexecutable
MD5:4A5B051EDBC60C58D0FA08810AB2FA0A
SHA256:4F388B54E9BA62572013722783938E1603FE3E76B5B02031ED33DF09C1C73EAA
2160WebCompanionInstaller.exeC:\Users\admin\AppData\Roaming\Lavasoft\Web Companion\Application\BCUEngineS.dllexecutable
MD5:3DAE06217531B92FD7D2509059320E05
SHA256:7EEA058588F69F90C57D890278506FD9B61966C496C417E27A52F0463EC8D856
2160WebCompanionInstaller.exeC:\Users\admin\AppData\Roaming\Lavasoft\Web Companion\Application\7za.exeexecutable
MD5:7B7886B90339FE4940E7052618F347F6
SHA256:52AF7460762A7E3F84CCF87628D0866B77318EFCB4BCC86430196BFB842D51B4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
67
TCP/UDP connections
70
DNS requests
82
Threats
33

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2160
WebCompanionInstaller.exe
POST
200
104.17.8.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
2160
WebCompanionInstaller.exe
POST
200
104.17.8.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
2160
WebCompanionInstaller.exe
POST
200
104.17.8.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
2160
WebCompanionInstaller.exe
POST
200
104.17.8.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
2160
WebCompanionInstaller.exe
POST
200
104.17.8.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
2160
WebCompanionInstaller.exe
POST
200
104.17.8.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
2160
WebCompanionInstaller.exe
GET
200
104.17.8.52:80
http://wcdownloadercdn.lavasoft.com/10.1.2.519/WebCompanion-10.1.2.519-prod.zip
unknown
compressed
10.6 Mb
unknown
2160
WebCompanionInstaller.exe
POST
200
104.17.8.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
2160
WebCompanionInstaller.exe
POST
200
104.17.8.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
2160
WebCompanionInstaller.exe
POST
200
104.17.8.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
2160
WebCompanionInstaller.exe
104.17.8.52:80
flow.lavasoft.com
CLOUDFLARENET
shared
4028
WebCompanion.exe
104.17.8.52:443
flow.lavasoft.com
CLOUDFLARENET
shared
4028
WebCompanion.exe
64.18.87.82:80
wc-partners.lavasoft.com
MTO
CA
malicious
4028
WebCompanion.exe
104.17.8.52:80
flow.lavasoft.com
CLOUDFLARENET
shared
4028
WebCompanion.exe
64.18.87.4:80
wsgeoip.lavasoft.com
MTO
CA
unknown
4028
WebCompanion.exe
104.18.212.25:80
webcompanion.com
CLOUDFLARENET
unknown
3800
WebCompanion.exe
104.17.8.52:443
flow.lavasoft.com
CLOUDFLARENET
shared
1956
chrome.exe
104.18.211.25:443
webcompanion.com
CLOUDFLARENET
unknown

DNS requests

Domain
IP
Reputation
flow.lavasoft.com
  • 104.17.8.52
  • 104.17.9.52
whitelisted
wcdownloadercdn.lavasoft.com
  • 104.17.8.52
  • 104.17.9.52
whitelisted
featureflags.lavasoft.com
  • 104.17.8.52
  • 104.17.9.52
unknown
wc-partners.lavasoft.com
  • 64.18.87.82
  • 64.18.87.81
whitelisted
wsgeoip.lavasoft.com
  • 64.18.87.4
whitelisted
webcompanion.com
  • 104.18.212.25
  • 104.18.211.25
malicious
accounts.google.com
  • 142.250.187.141
shared
clientservices.googleapis.com
  • 142.250.187.99
whitelisted
sg-bitmask.adaware.com
  • 104.18.67.73
  • 104.18.68.73
unknown
fonts.googleapis.com
  • 172.217.169.138
whitelisted

Threats

PID
Process
Class
Message
2160
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
2160
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
2160
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
2160
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
2160
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
2160
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
2160
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
2160
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
2160
WebCompanionInstaller.exe
Potentially Bad Traffic
ET HUNTING Terse Request for Zip File (GET)
2160
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
3 ETPRO signatures available at the full report
Process
Message
WebCompanionInstaller.exe
Detecting windows culture
WebCompanionInstaller.exe
10/23/2023 5:46:59 PM :-> Starting installer 10.901.2.519 with: .\WebCompanionInstaller.exe --savename=Setup.exe --partner=IN220101 --nonadmin --direct --tych --campaign=20398348972 --version=10.901.2.519, Run as admin: False
WebCompanionInstaller.exe
Preparing for installing Web Companion
WebCompanionInstaller.exe
10/23/2023 5:47:02 PM :-> Machine Id and Install Id has been generated
WebCompanionInstaller.exe
10/23/2023 5:47:02 PM :-> Generating Machine and Install Id ...
WebCompanionInstaller.exe
10/23/2023 5:47:02 PM :-> Checking prerequisites ...
WebCompanionInstaller.exe
10/23/2023 5:47:02 PM :-> Antivirus not detected
WebCompanionInstaller.exe
10/23/2023 5:47:03 PM :-> vm_check False
WebCompanionInstaller.exe
10/23/2023 5:47:03 PM :-> reg_check :False
WebCompanionInstaller.exe
10/23/2023 5:47:03 PM :-> Installed .Net framework is V40
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Setup.exe.zip