URL:

https://webcompanion.com/nano_download.php?savename=Setup.exe&partner=IN220101&nonadmin&direct&tych&campaign=18022583703

Full analysis: https://app.any.run/tasks/63967cb9-a96d-420d-ac37-d45613c40725
Verdict: Malicious activity
Analysis date: January 15, 2024, 04:22:57
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

EC37A52DE4A218ADDA366B4980FDB15C

SHA1:

D5DEF8E7CC4AB154F8798B1343347D36BF16A4F8

SHA256:

3C73D8FEF26623BE3FEB54F4C314D8152E9BCBDB096C7DEEB584DA5E2E3B2E29

SSDEEP:

3:N8RmgDKQiKqJLJleLIUA2VkmVEXynMTEzxo3NPoEMID9Ad/Wn:2Qg+tXJDapVknXynMTyo3NPtZ4/Wn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Setup.exe (PID: 1216)
      • WebCompanion-Installer.exe (PID: 1264)

    • Steals credentials from Web Browsers

      • WebCompanion.exe (PID: 452)
      • WebCompanion.exe (PID: 984)

    • Changes the autorun value in the registry

      • WebCompanion.exe (PID: 984)

    • Actions looks like stealing of personal data

      • WebCompanion.exe (PID: 984)
      • WebCompanion.exe (PID: 452)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Setup.exe (PID: 1216)
      • WebCompanion-Installer.exe (PID: 1264)

    • Searches for installed software

      • WebCompanion-Installer.exe (PID: 1264)
      • WebCompanion.exe (PID: 452)
      • WebCompanion.exe (PID: 984)

    • Reads the Internet Settings

      • WebCompanion-Installer.exe (PID: 1264)
      • WebCompanion.exe (PID: 452)
      • WebCompanion.exe (PID: 984)

    • Reads settings of System Certificates

      • WebCompanion-Installer.exe (PID: 1264)
      • WebCompanion.exe (PID: 984)
      • WebCompanion.exe (PID: 452)

    • Drops 7-zip archiver for unpacking

      • WebCompanion-Installer.exe (PID: 1264)

    • The process drops C-runtime libraries

      • WebCompanion-Installer.exe (PID: 1264)

    • Suspicious use of NETSH.EXE

      • cmd.exe (PID: 1748)

    • The process creates files with name similar to system file names

      • WebCompanion-Installer.exe (PID: 1264)

    • Process drops legitimate windows executable

      • WebCompanion-Installer.exe (PID: 1264)

    • Starts CMD.EXE for commands execution

      • WebCompanion-Installer.exe (PID: 1264)

    • Changes internet zones settings

      • WebCompanion-Installer.exe (PID: 1264)

    • Checks Windows Trust Settings

      • WebCompanion.exe (PID: 452)
      • WebCompanion.exe (PID: 984)

    • Reads security settings of Internet Explorer

      • WebCompanion.exe (PID: 452)
      • WebCompanion.exe (PID: 984)

  • INFO

    • Drops the executable file immediately after the start

      • iexplore.exe (PID: 324)
      • iexplore.exe (PID: 2044)

    • Application launched itself

      • iexplore.exe (PID: 2044)
      • chrome.exe (PID: 1268)

    • Create files in a temporary directory

      • Setup.exe (PID: 1216)
      • WebCompanion-Installer.exe (PID: 1264)

    • Checks supported languages

      • Setup.exe (PID: 1216)
      • WebCompanion-Installer.exe (PID: 1264)
      • WebCompanion.exe (PID: 452)
      • WebCompanion.exe (PID: 984)

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 324)
      • iexplore.exe (PID: 2044)

    • Reads Environment values

      • WebCompanion-Installer.exe (PID: 1264)
      • WebCompanion.exe (PID: 452)
      • WebCompanion.exe (PID: 984)

    • Reads the machine GUID from the registry

      • WebCompanion-Installer.exe (PID: 1264)
      • WebCompanion.exe (PID: 452)
      • WebCompanion.exe (PID: 984)

    • The process uses the downloaded file

      • iexplore.exe (PID: 2044)

    • Reads the computer name

      • WebCompanion-Installer.exe (PID: 1264)
      • WebCompanion.exe (PID: 452)
      • WebCompanion.exe (PID: 984)

    • Creates files or folders in the user directory

      • WebCompanion-Installer.exe (PID: 1264)
      • WebCompanion.exe (PID: 452)
      • WebCompanion.exe (PID: 984)

    • Creates files in the program directory

      • WebCompanion.exe (PID: 452)

    • Reads product name

      • WebCompanion.exe (PID: 452)
      • WebCompanion.exe (PID: 984)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
51
Monitored processes
16
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe setup.exe webcompanion-installer.exe cmd.exe no specs netsh.exe no specs webcompanion.exe webcompanion.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
324"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2044 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
452"C:\Users\admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --install --geo= C:\Users\admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
WebCompanion-Installer.exe
User:
admin
Company:
Lavasoft
Integrity Level:
MEDIUM
Description:
Web Companion
Exit code:
0
Version:
11.908.5.907
Modules
Images
c:\users\admin\appdata\roaming\lavasoft\web companion\application\webcompanion.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
984"C:\Users\admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --afterinstall C:\Users\admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
WebCompanion-Installer.exe
User:
admin
Company:
Lavasoft
Integrity Level:
MEDIUM
Description:
Web Companion
Exit code:
0
Version:
11.908.5.907
Modules
Images
c:\users\admin\appdata\roaming\lavasoft\web companion\application\webcompanion.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1000"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1068 --field-trial-handle=1160,i,3821926603721281504,10000600115287331715,131072 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1216"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\Setup.exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\Setup.exe
iexplore.exe
User:
admin
Company:
Lavasoft
Integrity Level:
MEDIUM
Description:
Web Companion Installer
Exit code:
0
Version:
11.908.5.907
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\po2hn1x2\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1264.\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN220101 --nonadmin --direct --tych --campaign=18022583703 --version=11.908.5.907C:\Users\admin\AppData\Local\Temp\7zS0C4E2D0E\WebCompanion-Installer.exe
Setup.exe
User:
admin
Company:
Lavasoft
Integrity Level:
MEDIUM
Description:
Web Companion
Exit code:
0
Version:
11.908.5.907
Modules
Images
c:\users\admin\appdata\local\temp\7zs0c4e2d0e\webcompanion-installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1268"C:\Program Files\Google\Chrome\Application\chrome.exe" https://webcompanion.com/en/install.php?partner=IN220101&campaign=18022583703&C:\Program Files\Google\Chrome\Application\chrome.exe
WebCompanion-Installer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1748"C:\Windows\System32\cmd.exe" /C netsh http add urlacl url=http://+:9007/ user=EveryoneC:\Windows\System32\cmd.exeWebCompanion-Installer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1812"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=1576 --field-trial-handle=1160,i,3821926603721281504,10000600115287331715,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2044"C:\Program Files\Internet Explorer\iexplore.exe" "https://webcompanion.com/nano_download.php?savename=Setup.exe&partner=IN220101&nonadmin&direct&tych&campaign=18022583703"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
29 871
Read events
29 684
Write events
184
Delete events
3

Modification events

(PID) Process:(2044) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(2044) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(2044) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(2044) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2044) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2044) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2044) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2044) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2044) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2044) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
94
Suspicious files
123
Text files
91
Unknown types
0

Dropped files

PID
Process
Filename
Type
324iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
SHA256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
324iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:48580A5272C61CAD277036D12BFAE099
SHA256:39719AFD427134B6E7F940AC54C541616FAC9ECEF7FD25E44AB0F2FFC0A95CF5
324iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\Setup[1].exeexecutable
MD5:E21DFA72D8EBCC555D714C06F5B433F6
SHA256:10079620067203B2E50979A05D9702925F00B5E6A9991795D3C1BA44B28CEBB6
2044iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\Setup.exeexecutable
MD5:6C780F92DBC597AC1562D44270A06793
SHA256:6B31088496597340505F1A5F3BEC80644089A9E7071898046B3F9BA3639D5209
324iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\Setup.exe.yofcgvy.partialexecutable
MD5:6C780F92DBC597AC1562D44270A06793
SHA256:6B31088496597340505F1A5F3BEC80644089A9E7071898046B3F9BA3639D5209
2044iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\Setup.exe.yofcgvy.partial:Zone.Identifiertext
MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
SHA256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
1216Setup.exeC:\Users\admin\AppData\Local\Temp\7zS0C4E2D0E\fr-CA\WebCompanion-Installer.resources.dllexecutable
MD5:FF6F59A5A4C12B7D6A58240432C63B9F
SHA256:2BB8F3F19AA682F0FB63D762BA98EF8E826E54A5F3AC1C4AC0597AC9A4540738
1216Setup.exeC:\Users\admin\AppData\Local\Temp\7zS0C4E2D0E\de-DE\WebCompanion-Installer.resources.dllexecutable
MD5:D997A5CA551AD26547DF633DF9D30781
SHA256:C3F463C1D96D1C30C14B243F89F7C4BD1EAC3B250208487634E3417B28ED9B6D
1216Setup.exeC:\Users\admin\AppData\Local\Temp\7zS0C4E2D0E\ICSharpCode.SharpZipLib.dllexecutable
MD5:4458468519A7DD4AE25CB03A06CE6126
SHA256:57A1EB3DC2E50D377EA5781299304A795AEF63D50D0431D6F01C1C1F59A23F8D
2044iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{C5B55F77-B35D-11EE-AE0A-12A9866C77DE}.datbinary
MD5:087C87121D9E430800A21BC05F9FA627
SHA256:3C6CA3B9954BA11BF58EC1C943B977E6A4F7EB767F4007862F03A4FBEBEBAC59
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
13
TCP/UDP connections
52
DNS requests
66
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
324
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?129d20c84d8c4223
unknown
compressed
4.66 Kb
unknown
324
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?53bfb7cf8a6cf97e
unknown
compressed
4.66 Kb
unknown
324
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
unknown
binary
1.47 Kb
unknown
1264
WebCompanion-Installer.exe
GET
200
104.17.9.52:80
http://geo.lavasoft.com/
unknown
binary
50 b
unknown
1080
svchost.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?1b8fee253118cbef
unknown
unknown
1264
WebCompanion-Installer.exe
GET
200
104.17.9.52:80
http://geo.lavasoft.com/
unknown
binary
50 b
unknown
452
WebCompanion.exe
GET
200
64.18.87.81:80
http://wc-partners.lavasoft.com/Partner.svc/GetPartnerInfo?partner=IN220101
unknown
binary
196 b
unknown
452
WebCompanion.exe
GET
200
64.18.87.81:80
http://wc-partners.lavasoft.com/Partner.svc/GetPartnerInfo?partner=IN220101_wb
unknown
binary
204 b
unknown
452
WebCompanion.exe
GET
200
104.17.9.52:80
http://geo.lavasoft.com/
unknown
binary
50 b
unknown
452
WebCompanion.exe
GET
200
64.18.87.81:80
http://wc-partners.lavasoft.com/Partner.svc/GetPartnerInfo?partner=IN220101_ab
unknown
binary
204 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
324
iexplore.exe
104.18.212.25:443
webcompanion.com
CLOUDFLARENET
unknown
4
System
192.168.100.255:138
whitelisted
324
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
324
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
1264
WebCompanion-Installer.exe
104.17.9.52:80
geo.lavasoft.com
CLOUDFLARENET
shared
1264
WebCompanion-Installer.exe
104.17.9.52:443
geo.lavasoft.com
CLOUDFLARENET
shared
1264
WebCompanion-Installer.exe
104.18.27.149:443
flwadw.com
CLOUDFLARENET
shared
1080
svchost.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted

DNS requests

Domain
IP
Reputation
webcompanion.com
  • 104.18.212.25
  • 104.18.211.25
unknown
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
geo.lavasoft.com
  • 104.17.9.52
  • 104.17.8.52
unknown
featureflags.lavasoft.com
  • 104.17.9.52
  • 104.17.8.52
unknown
flwadw.com
  • 104.18.27.149
  • 104.18.26.149
unknown
wcdownloadercdn.lavasoft.com
  • 104.17.9.52
  • 104.17.8.52
whitelisted
wc-partners.lavasoft.com
  • 64.18.87.81
  • 64.18.87.82
whitelisted
clientservices.googleapis.com
  • 142.250.186.35
whitelisted
accounts.google.com
  • 64.233.166.84
shared

Threats

No threats detected
Process
Message
WebCompanion-Installer.exe
Detecting windows culture
WebCompanion-Installer.exe
Failed to OpenWcfHost: System.ServiceModel.AddressAccessDeniedException: HTTP could not register URL http://+:9008/webcompanion/. Your process does not have access rights to this namespace (see http://go.microsoft.com/fwlink/?LinkId=70353 for details). ---> System.Net.HttpListenerException: Access is denied at System.Net.HttpListener.AddAllPrefixes() at System.Net.HttpListener.Start() at System.ServiceModel.Channels.SharedHttpTransportManager.OnOpen() --- End of inner exception stack trace --- at System.ServiceModel.Channels.SharedHttpTransportManager.OnOpen() at System.ServiceModel.Channels.TransportManager.Open(TransportChannelListener channelListener) at System.ServiceModel.Channels.TransportManagerContainer.Open(SelectTransportManagersCallback selectTransportManagerCallback) at System.ServiceModel.Channels.TransportChannelListener.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.HttpChannelListener`1.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at WebCompanionInstaller.App.OpenInstallerWcfHost()
WebCompanion-Installer.exe
Preparing request for featureflag: {"Geo":"DE","Partner":"IN220101","Campaign":"18022583703","InstallDate":"20240115","TriggerType":"install","TriggerEvent":"installer","Version":"11.908.5.907","featurewp":true,"featureal":true}
WebCompanion-Installer.exe
Getting response from featureflag: [{"sectionCode":"WAC","code":"WAC","configuration":"{\"Icon\": \"https://webcompanion.com/images/favicon.ico\", \"AppName\": \"Web Companion\", \"Settings\": [\"WCAutoUpdate\", \"EnableGranularity\", \"PostRunV2Action\", \"PostRunTimerAction\", \"EnableTelemetryScan\", \"EnableWebProtection\", \"EnableDynamicNotification\"], \"CompanyName\": \"Lavasoft\", \"ConfigVersion\": \"v1\", \"CurrentVersion\": \"9.3.0\"}","targetId":301},{"sectionCode":"WFAI","code":"WCP","configuration":"{\"Version\": \"3.0.2.12\", \"FilePath\": \"https://rt.webcompanion.com/notifications/download/rt/dci/latest/Webprotection.zip\", \"BlackList\": \"https://acs.lavasoft.com/api/v2/url/blacklist\", \"WhiteList\": \"https://acs.lavasoft.com/api/v2/url/permanentwhitelist\", \"DisplayName\": \"Web Protection\", \"FeatureName\": \"WebProtection\"}","targetId":241}]
WebCompanion-Installer.exe
1/15/2024 4:23:13 AM :-> Start
WebCompanion-Installer.exe
Failed to report progress in SendPostRequest: System.Net.WebException: The remote server returned an error: (400) Bad Request. at System.Net.HttpWebRequest.GetResponse() at WebCompanionInstaller.Utils.RestUtils.SendPostRequest(String url, String body)
WebCompanion-Installer.exe
1/15/2024 4:23:28 AM :-> Starting installer 11.908.5.907 with: .\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN220101 --nonadmin --direct --tych --campaign=18022583703 --version=11.908.5.907, Run as admin: False
WebCompanion-Installer.exe
Preparing for installing Web Companion
WebCompanion-Installer.exe
1/15/2024 4:23:29 AM :-> Generating Machine and Install Id ...
WebCompanion-Installer.exe
1/15/2024 4:23:29 AM :-> Machine Id and Install Id has been generated
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://webcompanion.com/nano_download.php?savename=Setup.exe&partner=IN220101&nonadmin&direct&tych&campaign=18022583703