File name:

Setup.exe.7z

Full analysis: https://app.any.run/tasks/e3bdda2d-cfa6-4164-ade5-9cf0aecd362d
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: February 09, 2024, 15:44:52
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
adaware
Indicators:
MIME: application/x-7z-compressed
File info: 7-zip archive data, version 0.4
MD5:

9554C0936D05C215D29951F092DD1436

SHA1:

1E5B0CB7F358EA5619165F1FE92E3D0445472D05

SHA256:

402F8EC917ECFBF8A13E54740C199A38B972F434518B83A3C5A31A05FAACD0C7

SSDEEP:

24576:nMyWymYU8jr1IpBzJmoJL8w+7x0Rh2gOtS+qfd:nMyWymYU8jr1IpBzJmoJL8w+7x0Rh2gn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 2160)
      • Setup.exe (PID: 2848)
      • WebCompanion-Installer.exe (PID: 2752)

    • Steals credentials from Web Browsers

      • WebCompanion.exe (PID: 956)
      • WebCompanion.exe (PID: 2184)

    • ADAWARE has been detected (SURICATA)

      • WebCompanion.exe (PID: 956)

    • Changes the autorun value in the registry

      • WebCompanion.exe (PID: 2184)
      • WebCompanion.exe (PID: 956)

    • Actions looks like stealing of personal data

      • WebCompanion.exe (PID: 956)
      • WebCompanion.exe (PID: 2184)

  • SUSPICIOUS

    • Searches for installed software

      • WebCompanion-Installer.exe (PID: 2752)
      • WebCompanion.exe (PID: 956)
      • WebCompanion.exe (PID: 2184)

    • Executable content was dropped or overwritten

      • Setup.exe (PID: 2848)
      • WebCompanion-Installer.exe (PID: 2752)

    • Reads the Internet Settings

      • WebCompanion-Installer.exe (PID: 2752)
      • WebCompanion.exe (PID: 956)
      • WebCompanion.exe (PID: 2184)

    • Drops 7-zip archiver for unpacking

      • WebCompanion-Installer.exe (PID: 2752)

    • Reads settings of System Certificates

      • WebCompanion-Installer.exe (PID: 2752)
      • WebCompanion.exe (PID: 2184)
      • WebCompanion.exe (PID: 956)

    • The process drops C-runtime libraries

      • WebCompanion-Installer.exe (PID: 2752)

    • The process creates files with name similar to system file names

      • WebCompanion-Installer.exe (PID: 2752)

    • Creates a software uninstall entry

      • WebCompanion-Installer.exe (PID: 2752)

    • Process drops legitimate windows executable

      • WebCompanion-Installer.exe (PID: 2752)

    • Starts CMD.EXE for commands execution

      • WebCompanion-Installer.exe (PID: 2752)

    • Reads security settings of Internet Explorer

      • WebCompanion-Installer.exe (PID: 2752)
      • WebCompanion.exe (PID: 956)
      • WebCompanion.exe (PID: 2184)

    • Suspicious use of NETSH.EXE

      • cmd.exe (PID: 3960)

    • Changes internet zones settings

      • WebCompanion-Installer.exe (PID: 2752)

    • Checks Windows Trust Settings

      • WebCompanion.exe (PID: 956)
      • WebCompanion.exe (PID: 2184)

  • INFO

    • Create files in a temporary directory

      • Setup.exe (PID: 2848)
      • WebCompanion-Installer.exe (PID: 2752)

    • Checks supported languages

      • Setup.exe (PID: 2848)
      • WebCompanion-Installer.exe (PID: 2752)
      • WebCompanion.exe (PID: 2184)
      • WebCompanion.exe (PID: 956)
      • wmpnscfg.exe (PID: 1652)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2160)

    • Manual execution by a user

      • Setup.exe (PID: 2848)
      • wmpnscfg.exe (PID: 1652)

    • Reads the computer name

      • WebCompanion-Installer.exe (PID: 2752)
      • WebCompanion.exe (PID: 2184)
      • WebCompanion.exe (PID: 956)
      • wmpnscfg.exe (PID: 1652)

    • Reads Environment values

      • WebCompanion-Installer.exe (PID: 2752)
      • WebCompanion.exe (PID: 956)
      • WebCompanion.exe (PID: 2184)

    • Reads the software policy settings

      • WebCompanion-Installer.exe (PID: 2752)
      • WebCompanion.exe (PID: 956)
      • WebCompanion.exe (PID: 2184)

    • Creates files or folders in the user directory

      • WebCompanion-Installer.exe (PID: 2752)
      • WebCompanion.exe (PID: 956)
      • WebCompanion.exe (PID: 2184)

    • Reads the machine GUID from the registry

      • WebCompanion-Installer.exe (PID: 2752)
      • WebCompanion.exe (PID: 2184)
      • WebCompanion.exe (PID: 956)

    • Creates files in the program directory

      • WebCompanion.exe (PID: 956)

    • Reads product name

      • WebCompanion.exe (PID: 956)
      • WebCompanion.exe (PID: 2184)

    • Reads Microsoft Office registry keys

      • WebCompanion.exe (PID: 2184)

    • Application launched itself

      • chrome.exe (PID: 2644)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.7z | 7-Zip compressed archive (v0.4) (57.1)
.7z | 7-Zip compressed archive (gen) (42.8)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
54
Monitored processes
16
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe setup.exe webcompanion-installer.exe cmd.exe no specs netsh.exe no specs #ADAWARE webcompanion.exe webcompanion.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
844"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2120 --field-trial-handle=1196,i,15285170934643703726,15017113756240189992,131072 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
952"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1220 --field-trial-handle=1196,i,15285170934643703726,15017113756240189992,131072 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
956"C:\Users\admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --install --geo= C:\Users\admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
WebCompanion-Installer.exe
User:
admin
Company:
Lavasoft
Integrity Level:
MEDIUM
Description:
Web Companion
Exit code:
0
Version:
11.908.5.907
Modules
Images
c:\users\admin\appdata\roaming\lavasoft\web companion\application\webcompanion.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1652"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2160"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Setup.exe.7z"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2184"C:\Users\admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --afterinstall C:\Users\admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
WebCompanion-Installer.exe
User:
admin
Company:
Lavasoft
Integrity Level:
MEDIUM
Description:
Web Companion
Exit code:
0
Version:
11.908.5.907
Modules
Images
c:\users\admin\appdata\roaming\lavasoft\web companion\application\webcompanion.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2244"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1092 --field-trial-handle=1196,i,15285170934643703726,15017113756240189992,131072 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2324"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2112 --field-trial-handle=1196,i,15285170934643703726,15017113756240189992,131072 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2504"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --mojo-platform-channel-handle=1396 --field-trial-handle=1196,i,15285170934643703726,15017113756240189992,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2644"C:\Program Files\Google\Chrome\Application\chrome.exe" https://webcompanion.com/en/install.php?partner=IN220101&campaign=20398348972&C:\Program Files\Google\Chrome\Application\chrome.exe
WebCompanion-Installer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
33 396
Read events
33 186
Write events
209
Delete events
1

Modification events

(PID) Process:(2160) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2160) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2160) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2160) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(2160) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(2160) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(2160) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Setup.exe.7z
(PID) Process:(2160) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2160) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2160) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
88
Suspicious files
86
Text files
93
Unknown types
26

Dropped files

PID
Process
Filename
Type
2848Setup.exeC:\Users\admin\AppData\Local\Temp\7zS02B9E348\pt-BR\WebCompanion-Installer.resources.dllexecutable
MD5:BAA8E33B6CDBD56F3B9C4F54C651AABD
SHA256:C7CA8B66102D5B748087713E2731CA6496EE54B99463F2294928674A4B2B3EC3
2848Setup.exeC:\Users\admin\AppData\Local\Temp\7zS02B9E348\WebCompanion-Installer.exe.configxml
MD5:795C7FE69D7D105B5FE997366A4EA7CE
SHA256:16C8C66E265F4120F8507E2DF0FE0545A5284A905BBBDB1029A5AF8F27017417
2848Setup.exeC:\Users\admin\AppData\Local\Temp\7zS02B9E348\fr-CA\WebCompanion-Installer.resources.dllexecutable
MD5:FF6F59A5A4C12B7D6A58240432C63B9F
SHA256:2BB8F3F19AA682F0FB63D762BA98EF8E826E54A5F3AC1C4AC0597AC9A4540738
2848Setup.exeC:\Users\admin\AppData\Local\Temp\7zS02B9E348\it-IT\WebCompanion-Installer.resources.dllexecutable
MD5:8EBA4FD645732D43A197FCFC2A3EFDAE
SHA256:AE539AE8FF586147AA4831E3235BAE7803903FF328631D2242C57EE0B192DFF5
2848Setup.exeC:\Users\admin\AppData\Local\Temp\7zS02B9E348\ja-JP\WebCompanion-Installer.resources.dllexecutable
MD5:B16A48786DB558673EDE949DC65D951B
SHA256:ECC50474941AB4308C1FBA9C487BA62C5A8D8FF7B434899E6AC5505BDEAC6D70
2848Setup.exeC:\Users\admin\AppData\Local\Temp\7zS02B9E348\Newtonsoft.Json.dllexecutable
MD5:57C8A84DC14BA65B08FDE3CA008B2783
SHA256:D456ABAF1B2BDC0DF8434A98AB230B0D7E9FFE26928D1854CC07FE7F22919553
2848Setup.exeC:\Users\admin\AppData\Local\Temp\7zS02B9E348\tr-TR\WebCompanion-Installer.resources.dllexecutable
MD5:133410268804F6BD62CBEF1C345E5EE3
SHA256:DDE61D6DC516429E7660186309008F5E05FD9AF320FD186F9D37E17F5D385469
2848Setup.exeC:\Users\admin\AppData\Local\Temp\7zS02B9E348\en-US\WebCompanion-Installer.resources.dllexecutable
MD5:3C753F7D9AFB1053C3EE7E74699FAFCA
SHA256:F0990C39872A1F2C4B4AD6BC3194B56AD7CAA1423D1160BA05E31294FD25DD7D
2848Setup.exeC:\Users\admin\AppData\Local\Temp\7zS02B9E348\es-ES\WebCompanion-Installer.resources.dllexecutable
MD5:EA8579573DEBD7089FBFC379084EC6DE
SHA256:D769B5A9F451BAD20CE9D640B07D659C13E9622DE7A5E943F1EA39012D986CB8
2160WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb2160.49917\Setup.exeexecutable
MD5:968DB632418736BBF5C17D2CDB73A0FC
SHA256:0CBB25C5A9029C480DFDF57604A189A2E4F531153EB4753BC98CC5923D99C7A9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
42
DNS requests
60
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2752
WebCompanion-Installer.exe
GET
200
104.17.8.52:80
http://geo.lavasoft.com/
unknown
binary
50 b
unknown
2752
WebCompanion-Installer.exe
GET
200
104.17.8.52:80
http://geo.lavasoft.com/
unknown
binary
50 b
unknown
956
WebCompanion.exe
GET
200
64.18.87.82:80
http://wc-partners.lavasoft.com/Partner.svc/GetPartnerInfo?partner=IN220101
unknown
binary
195 b
unknown
956
WebCompanion.exe
GET
200
104.17.8.52:80
http://geo.lavasoft.com/
unknown
binary
50 b
unknown
956
WebCompanion.exe
GET
200
104.18.212.25:80
http://webcompanion.com/version_logs?json=true&version=11.908.5.907
unknown
text
4 b
unknown
956
WebCompanion.exe
GET
200
64.18.87.82:80
http://wc-partners.lavasoft.com/Partner.svc/GetPartnerInfo?partner=IN220101_ab
unknown
binary
203 b
unknown
956
WebCompanion.exe
GET
200
64.18.87.82:80
http://wc-partners.lavasoft.com/Partner.svc/GetPartnerInfo?partner=IN220101_wb
unknown
binary
203 b
unknown
956
WebCompanion.exe
GET
200
64.18.87.82:80
http://wc-partners.lavasoft.com/Partner.svc/GetPartnerInfo?partner=IN220101_ac
unknown
binary
203 b
unknown
956
WebCompanion.exe
GET
200
104.17.8.52:80
http://geo.lavasoft.com/
unknown
binary
50 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
2752
WebCompanion-Installer.exe
104.17.8.52:80
geo.lavasoft.com
CLOUDFLARENET
shared
2752
WebCompanion-Installer.exe
104.17.8.52:443
geo.lavasoft.com
CLOUDFLARENET
shared
2752
WebCompanion-Installer.exe
104.18.26.149:443
flwadw.com
CLOUDFLARENET
shared
2752
WebCompanion-Installer.exe
104.17.9.52:443
geo.lavasoft.com
CLOUDFLARENET
shared
956
WebCompanion.exe
104.17.8.52:80
geo.lavasoft.com
CLOUDFLARENET
shared
956
WebCompanion.exe
104.17.8.52:443
geo.lavasoft.com
CLOUDFLARENET
shared
956
WebCompanion.exe
104.18.26.149:443
flwadw.com
CLOUDFLARENET
shared
956
WebCompanion.exe
64.18.87.82:80
wc-partners.lavasoft.com
MTO
CA
malicious

DNS requests

Domain
IP
Reputation
geo.lavasoft.com
  • 104.17.8.52
  • 104.17.9.52
unknown
featureflags.lavasoft.com
  • 104.17.8.52
  • 104.17.9.52
unknown
flwadw.com
  • 104.18.26.149
  • 104.18.27.149
unknown
wcdownloadercdn.lavasoft.com
  • 104.17.9.52
  • 104.17.8.52
whitelisted
wc-partners.lavasoft.com
  • 64.18.87.82
  • 64.18.87.81
whitelisted
webcompanion.com
  • 104.18.212.25
  • 104.18.211.25
unknown
clientservices.googleapis.com
  • 142.250.184.227
whitelisted
accounts.google.com
  • 173.194.76.84
shared
fonts.googleapis.com
  • 142.250.185.170
whitelisted
ajax.googleapis.com
  • 142.250.185.202
whitelisted

Threats

PID
Process
Class
Message
956
WebCompanion.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
956
WebCompanion.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
956
WebCompanion.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
956
WebCompanion.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
Process
Message
WebCompanion-Installer.exe
Failed to OpenWcfHost: System.ServiceModel.AddressAccessDeniedException: HTTP could not register URL http://+:9008/webcompanion/. Your process does not have access rights to this namespace (see http://go.microsoft.com/fwlink/?LinkId=70353 for details). ---> System.Net.HttpListenerException: Access is denied at System.Net.HttpListener.AddAllPrefixes() at System.Net.HttpListener.Start() at System.ServiceModel.Channels.SharedHttpTransportManager.OnOpen() --- End of inner exception stack trace --- at System.ServiceModel.Channels.SharedHttpTransportManager.OnOpen() at System.ServiceModel.Channels.TransportManager.Open(TransportChannelListener channelListener) at System.ServiceModel.Channels.TransportManagerContainer.Open(SelectTransportManagersCallback selectTransportManagerCallback) at System.ServiceModel.Channels.TransportChannelListener.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.HttpChannelListener`1.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at WebCompanionInstaller.App.OpenInstallerWcfHost()
WebCompanion-Installer.exe
Detecting windows culture
WebCompanion-Installer.exe
Preparing request for featureflag: {"Geo":"DE","Partner":"IN220101","Campaign":"20398348972","InstallDate":"20240209","TriggerType":"install","TriggerEvent":"installer","Version":"11.908.5.907","featurewp":true,"featureal":true}
WebCompanion-Installer.exe
Getting response from featureflag: [{"sectionCode":"WAC","code":"WAC","configuration":"{\"Icon\": \"https://webcompanion.com/images/favicon.ico\", \"AppName\": \"Web Companion\", \"Settings\": [\"WCAutoUpdate\", \"EnableGranularity\", \"PostRunV2Action\", \"PostRunTimerAction\", \"EnableTelemetryScan\", \"EnableWebProtection\", \"EnableDynamicNotification\"], \"CompanyName\": \"Lavasoft\", \"ConfigVersion\": \"v1\", \"CurrentVersion\": \"9.3.0\"}","targetId":301},{"sectionCode":"WFAI","code":"WCP","configuration":"{\"Version\": \"3.0.2.12\", \"FilePath\": \"https://rt.webcompanion.com/notifications/download/rt/dci/latest/Webprotection.zip\", \"BlackList\": \"https://acs.lavasoft.com/api/v2/url/blacklist\", \"WhiteList\": \"https://acs.lavasoft.com/api/v2/url/permanentwhitelist\", \"DisplayName\": \"Web Protection\", \"FeatureName\": \"WebProtection\"}","targetId":241}]
WebCompanion-Installer.exe
2/9/2024 3:45:31 PM :-> Start
WebCompanion-Installer.exe
Failed to report progress in SendPostRequest: System.Net.WebException: The remote server returned an error: (400) Bad Request. at System.Net.HttpWebRequest.GetResponse() at WebCompanionInstaller.Utils.RestUtils.SendPostRequest(String url, String body)
WebCompanion-Installer.exe
2/9/2024 3:45:31 PM :-> Starting installer 11.908.5.907 with: .\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN220101 --nonadmin --direct --tych --campaign=20398348972 --version=11.908.5.907, Run as admin: False
WebCompanion-Installer.exe
Preparing for installing Web Companion
WebCompanion-Installer.exe
2/9/2024 3:45:33 PM :-> Generating Machine and Install Id ...
WebCompanion-Installer.exe
2/9/2024 3:45:33 PM :-> Machine Id and Install Id has been generated
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Setup.exe.7z