URL:

https://webcompanion.com/nano_download.php?savename=Setup.exe&partner=IN220101&nonadmin&direct&tych&campaign=20398341592

Full analysis: https://app.any.run/tasks/f91d579d-a90f-4535-b50c-32e715acfd45
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: November 24, 2023, 02:56:27
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
adaware
Indicators:
SHA1:

BB995897FF470C681C38D644A9355838E21E3A93

SHA256:

8F380FA3967A558EB4B3176BE63D815D2399FFAD261FFD02DA7EC8769698165A

SSDEEP:

3:N8RmgDKQiKqJLJleLIUA2VkmVEXynMTEzxo3NPoEMIOWy:2Qg+tXJDapVknXynMTyo3NPtc

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Setup.exe (PID: 668)
      • csc.exe (PID: 3828)
      • Setup.exe (PID: 2812)
      • WebCompanionInstaller.exe (PID: 3816)
      • csc.exe (PID: 1576)
      • WebCompanionInstaller.exe (PID: 372)

    • ADAWARE has been detected (SURICATA)

      • WebCompanionInstaller.exe (PID: 3816)
      • WebCompanion.exe (PID: 1248)
      • WebCompanionInstaller.exe (PID: 372)

    • Starts Visual C# compiler

      • WebCompanion.exe (PID: 1248)
      • WebCompanion.exe (PID: 3504)

    • Steals credentials from Web Browsers

      • WebCompanion.exe (PID: 1248)
      • WebCompanion.exe (PID: 3588)
      • WebCompanion.exe (PID: 1860)

    • Changes the autorun value in the registry

      • WebCompanion.exe (PID: 3588)

    • Actions looks like stealing of personal data

      • WebCompanion.exe (PID: 1248)
      • WebCompanion.exe (PID: 3588)
      • WebCompanion.exe (PID: 1860)

  • SUSPICIOUS

    • Searches for installed software

      • WebCompanionInstaller.exe (PID: 3816)
      • WebCompanion.exe (PID: 1248)
      • WebCompanion.exe (PID: 3588)
      • WebCompanionInstaller.exe (PID: 372)
      • WebCompanion.exe (PID: 3504)
      • WebCompanion.exe (PID: 1860)

    • Executes as Windows Service

      • PresentationFontCache.exe (PID: 3868)

    • Reads the Internet Settings

      • WebCompanionInstaller.exe (PID: 3816)
      • WebCompanion.exe (PID: 1248)
      • WebCompanion.exe (PID: 3588)
      • WebCompanionInstaller.exe (PID: 372)
      • WebCompanion.exe (PID: 3504)
      • WebCompanion.exe (PID: 1860)

    • Checks Windows Trust Settings

      • WebCompanionInstaller.exe (PID: 3816)
      • WebCompanion.exe (PID: 1248)
      • WebCompanion.exe (PID: 3588)
      • WebCompanionInstaller.exe (PID: 372)
      • WebCompanion.exe (PID: 3504)
      • WebCompanion.exe (PID: 1860)

    • Reads security settings of Internet Explorer

      • WebCompanionInstaller.exe (PID: 3816)
      • WebCompanion.exe (PID: 1248)
      • WebCompanion.exe (PID: 3588)
      • WebCompanionInstaller.exe (PID: 372)
      • WebCompanion.exe (PID: 3504)
      • WebCompanion.exe (PID: 1860)

    • Reads settings of System Certificates

      • WebCompanionInstaller.exe (PID: 3816)
      • WebCompanion.exe (PID: 1248)
      • WebCompanion.exe (PID: 3588)
      • WebCompanionInstaller.exe (PID: 372)
      • WebCompanion.exe (PID: 3504)
      • WebCompanion.exe (PID: 1860)

    • Process drops legitimate windows executable

      • WebCompanionInstaller.exe (PID: 3816)
      • WebCompanionInstaller.exe (PID: 372)

    • Changes internet zones settings

      • WebCompanionInstaller.exe (PID: 3816)

    • The process drops C-runtime libraries

      • WebCompanionInstaller.exe (PID: 3816)
      • WebCompanionInstaller.exe (PID: 372)

    • Starts CMD.EXE for commands execution

      • WebCompanionInstaller.exe (PID: 3816)

    • Suspicious use of NETSH.EXE

      • cmd.exe (PID: 3100)

    • Drops 7-zip archiver for unpacking

      • WebCompanionInstaller.exe (PID: 3816)
      • WebCompanionInstaller.exe (PID: 372)

    • The process verifies whether the antivirus software is installed

      • WebCompanion.exe (PID: 1248)
      • WebCompanion.exe (PID: 3588)
      • WebCompanion.exe (PID: 1860)

    • Uses .NET C# to load dll

      • WebCompanion.exe (PID: 1248)
      • WebCompanion.exe (PID: 3504)

  • INFO

    • Manual execution by a user

      • wmpnscfg.exe (PID: 1508)
      • Setup.exe (PID: 668)

    • Drops the executable file immediately after the start

      • chrome.exe (PID: 3436)
      • chrome.exe (PID: 2528)

    • Checks supported languages

      • wmpnscfg.exe (PID: 1508)
      • Setup.exe (PID: 668)
      • PresentationFontCache.exe (PID: 3868)
      • WebCompanionInstaller.exe (PID: 3816)
      • WebCompanion.exe (PID: 1248)
      • csc.exe (PID: 3828)
      • cvtres.exe (PID: 4000)
      • WebCompanion.exe (PID: 3588)
      • Setup.exe (PID: 2812)
      • WebCompanionInstaller.exe (PID: 372)
      • WebCompanion.exe (PID: 3504)
      • csc.exe (PID: 1576)
      • cvtres.exe (PID: 4068)
      • WebCompanion.exe (PID: 1860)

    • Reads the computer name

      • wmpnscfg.exe (PID: 1508)
      • WebCompanionInstaller.exe (PID: 3816)
      • WebCompanion.exe (PID: 1248)
      • PresentationFontCache.exe (PID: 3868)
      • WebCompanion.exe (PID: 3588)
      • WebCompanionInstaller.exe (PID: 372)
      • WebCompanion.exe (PID: 3504)
      • WebCompanion.exe (PID: 1860)

    • The process uses the downloaded file

      • chrome.exe (PID: 3648)
      • chrome.exe (PID: 1640)
      • chrome.exe (PID: 1560)
      • chrome.exe (PID: 2940)
      • chrome.exe (PID: 3436)

    • Reads the machine GUID from the registry

      • wmpnscfg.exe (PID: 1508)
      • PresentationFontCache.exe (PID: 3868)
      • WebCompanionInstaller.exe (PID: 3816)
      • WebCompanion.exe (PID: 1248)
      • csc.exe (PID: 3828)
      • cvtres.exe (PID: 4000)
      • WebCompanion.exe (PID: 3588)
      • WebCompanionInstaller.exe (PID: 372)
      • WebCompanion.exe (PID: 3504)
      • cvtres.exe (PID: 4068)
      • csc.exe (PID: 1576)
      • WebCompanion.exe (PID: 1860)

    • Create files in a temporary directory

      • Setup.exe (PID: 668)
      • WebCompanionInstaller.exe (PID: 3816)
      • WebCompanion.exe (PID: 1248)
      • csc.exe (PID: 3828)
      • cvtres.exe (PID: 4000)
      • Setup.exe (PID: 2812)
      • WebCompanionInstaller.exe (PID: 372)
      • csc.exe (PID: 1576)
      • WebCompanion.exe (PID: 3504)
      • cvtres.exe (PID: 4068)

    • Creates files or folders in the user directory

      • WebCompanionInstaller.exe (PID: 3816)
      • WebCompanion.exe (PID: 1248)
      • WebCompanion.exe (PID: 3588)
      • WebCompanionInstaller.exe (PID: 372)
      • WebCompanion.exe (PID: 3504)
      • WebCompanion.exe (PID: 1860)

    • Reads Environment values

      • WebCompanionInstaller.exe (PID: 3816)
      • WebCompanion.exe (PID: 1248)
      • WebCompanion.exe (PID: 3588)
      • WebCompanionInstaller.exe (PID: 372)
      • WebCompanion.exe (PID: 3504)
      • WebCompanion.exe (PID: 1860)

    • Application launched itself

      • chrome.exe (PID: 3436)
      • chrome.exe (PID: 4068)

    • Creates files in the program directory

      • WebCompanion.exe (PID: 1248)

    • Reads product name

      • WebCompanion.exe (PID: 1248)
      • WebCompanion.exe (PID: 3588)
      • WebCompanion.exe (PID: 1860)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
85
Monitored processes
47
Malicious processes
9
Suspicious processes
2

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs wmpnscfg.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs setup.exe no specs #ADAWARE webcompanioninstaller.exe presentationfontcache.exe no specs chrome.exe no specs chrome.exe no specs cmd.exe no specs netsh.exe no specs #ADAWARE webcompanion.exe csc.exe no specs cvtres.exe no specs webcompanion.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs setup.exe no specs #ADAWARE webcompanioninstaller.exe chrome.exe no specs chrome.exe no specs webcompanion.exe csc.exe no specs cvtres.exe no specs webcompanion.exe

Process information

PID
CMD
Path
Indicators
Parent process
372.\WebCompanionInstaller.exe --savename=Setup.exe --partner=IN220101 --nonadmin --direct --tych --campaign=20398341592 --version=10.901.2.519C:\Users\admin\AppData\Local\Temp\7zSCFA4AAA9\WebCompanionInstaller.exe
Setup.exe
User:
admin
Company:
Lavasoft
Integrity Level:
MEDIUM
Description:
Web Companion
Exit code:
0
Version:
10.901.2.519
Modules
Images
c:\users\admin\appdata\local\temp\7zscfa4aaa9\webcompanioninstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
668"C:\Users\admin\Downloads\Setup.exe" C:\Users\admin\Downloads\Setup.exeexplorer.exe
User:
admin
Company:
Lavasoft
Integrity Level:
MEDIUM
Description:
Web Companion Installer
Exit code:
0
Version:
10.901.2.519
Modules
Images
c:\users\admin\downloads\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1248"C:\Users\admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --install --geo= C:\Users\admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
WebCompanionInstaller.exe
User:
admin
Company:
Lavasoft
Integrity Level:
MEDIUM
Description:
Web Companion
Exit code:
0
Version:
10.1.2.519
Modules
Images
c:\users\admin\appdata\roaming\lavasoft\web companion\application\webcompanion.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1436"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3112 --field-trial-handle=1164,i,16697089639446058376,13666948635335573340,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1508"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll
1528"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3364 --field-trial-handle=1164,i,16697089639446058376,13666948635335573340,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1560"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3464 --field-trial-handle=1164,i,16697089639446058376,13666948635335573340,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1576"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\admin\AppData\Local\Temp\kosog5lj.cmdline"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeWebCompanion.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Visual C# Command Line Compiler
Exit code:
0
Version:
8.0.50727.5483 (Win7SP1GDR.050727-5400)
Modules
Images
c:\windows\microsoft.net\framework\v2.0.50727\csc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1640"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3348 --field-trial-handle=1164,i,16697089639446058376,13666948635335573340,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1820"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3964 --field-trial-handle=1164,i,16697089639446058376,13666948635335573340,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
52 982
Read events
52 708
Write events
270
Delete events
4

Modification events

(PID) Process:(3436) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(3436) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(3436) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(3436) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(3436) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(3436) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
1
(PID) Process:(3436) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(3436) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(3436) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:metricsid_installdate
Value:
0
(PID) Process:(3436) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:metricsid_enableddate
Value:
0
Executable files
164
Suspicious files
174
Text files
133
Unknown types
0

Dropped files

PID
Process
Filename
Type
3436chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RF167331.TMP
MD5:
SHA256:
3436chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
3436chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Versiontext
MD5:9F941EA08DBDCA2EB3CFA1DBBBA6F5DC
SHA256:127F71DF0D2AD895D4F293E62284D85971AE047CA15F90B87BF6335898B0B655
3436chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF167469.TMPtext
MD5:561161B0FF5BCA89BF47F8AC972A7499
SHA256:ECCA5CCFA0BEED7581B39FCE03D0FD3B694DF0F92BFFF780F702118AD51FC17D
3436chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RF167321.TMPtext
MD5:D5C9ECBD2DCA29D89266782824D7AF99
SHA256:D22D1243ACC064A30823180D0E583C853E9395367C78C2AD9DE59A463904F702
3436chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\f45f251d-7df0-45f8-a217-3030c840f306.tmpbinary
MD5:5058F1AF8388633F609CADB75A75DC9D
SHA256:
3436chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\LOG.old~RF167b9d.TMP
MD5:
SHA256:
3436chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\LOG.old
MD5:
SHA256:
3436chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.oldtext
MD5:B806171F9E7C87423595645872D869B0
SHA256:851A8D533BEBF6A69C5518375396E97463302C1E2031D04F8EB5851C5C82CEB9
3436chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.oldtext
MD5:513218482935B0D388C0A990D868387A
SHA256:8E39CBAAF4AACC3A01AFA74EA8C30FB24FE69A22B8B30728AFB1614FD68809D9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
85
TCP/UDP connections
100
DNS requests
100
Threats
52

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3816
WebCompanionInstaller.exe
POST
200
104.17.9.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
3816
WebCompanionInstaller.exe
POST
200
104.17.9.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
3816
WebCompanionInstaller.exe
POST
200
104.17.9.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
3816
WebCompanionInstaller.exe
POST
200
104.17.9.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
3816
WebCompanionInstaller.exe
POST
200
104.17.9.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
3816
WebCompanionInstaller.exe
POST
200
104.17.9.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
3816
WebCompanionInstaller.exe
POST
200
104.17.9.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
3816
WebCompanionInstaller.exe
POST
200
104.17.9.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
3816
WebCompanionInstaller.exe
GET
200
104.17.9.52:80
http://wcdownloadercdn.lavasoft.com/10.1.2.519/WebCompanion-10.1.2.519-prod.zip
unknown
compressed
10.6 Mb
unknown
3816
WebCompanionInstaller.exe
POST
200
104.17.9.52:80
http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
unknown
binary
29 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
3436
chrome.exe
239.255.255.250:1900
whitelisted
3420
chrome.exe
104.18.211.25:443
webcompanion.com
CLOUDFLARENET
unknown
3420
chrome.exe
142.250.185.173:443
accounts.google.com
GOOGLE
US
unknown
3420
chrome.exe
142.250.185.174:443
sb-ssl.google.com
GOOGLE
US
whitelisted
3436
chrome.exe
224.0.0.251:5353
unknown
3420
chrome.exe
142.250.184.228:443
www.google.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
webcompanion.com
  • 104.18.211.25
  • 104.18.212.25
unknown
accounts.google.com
  • 142.250.185.173
shared
sb-ssl.google.com
  • 142.250.185.174
whitelisted
www.google.com
  • 142.250.184.228
  • 142.250.186.132
whitelisted
optimizationguide-pa.googleapis.com
  • 142.250.185.170
  • 142.250.185.202
  • 142.250.185.234
  • 142.250.186.74
  • 142.250.186.106
  • 142.250.181.234
  • 172.217.16.138
  • 142.250.184.202
  • 142.250.184.234
  • 142.250.186.138
  • 142.250.186.170
  • 142.250.186.42
  • 172.217.18.10
  • 172.217.16.202
  • 216.58.206.42
  • 142.250.74.202
whitelisted
flow.lavasoft.com
  • 104.17.9.52
  • 104.17.8.52
whitelisted
wcdownloadercdn.lavasoft.com
  • 104.17.9.52
  • 104.17.8.52
whitelisted
www.googleapis.com
  • 142.250.185.74
  • 142.250.185.138
  • 142.250.185.170
  • 142.250.185.202
  • 142.250.185.234
  • 142.250.186.74
  • 142.250.186.106
  • 142.250.181.234
  • 172.217.16.138
  • 142.250.184.202
  • 142.250.184.234
  • 142.250.186.138
  • 142.250.186.170
  • 142.250.186.42
  • 172.217.18.10
  • 172.217.16.202
whitelisted
featureflags.lavasoft.com
  • 104.17.9.52
  • 104.17.8.52
unknown
wc-partners.lavasoft.com
  • 64.18.87.82
  • 64.18.87.81
whitelisted

Threats

PID
Process
Class
Message
3816
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
3816
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
3816
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
3816
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
3816
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
3816
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
3816
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
3816
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
3816
WebCompanionInstaller.exe
Potentially Bad Traffic
ET HUNTING Terse Request for Zip File (GET)
3816
WebCompanionInstaller.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
5 ETPRO signatures available at the full report
Process
Message
WebCompanionInstaller.exe
Detecting windows culture
WebCompanionInstaller.exe
11/24/2023 2:56:56 AM :-> Starting installer 10.901.2.519 with: .\WebCompanionInstaller.exe --savename=Setup.exe --partner=IN220101 --nonadmin --direct --tych --campaign=20398341592 --version=10.901.2.519, Run as admin: False
WebCompanionInstaller.exe
Preparing for installing Web Companion
WebCompanionInstaller.exe
11/24/2023 2:56:58 AM :-> Machine Id and Install Id has been generated
WebCompanionInstaller.exe
11/24/2023 2:56:58 AM :-> Generating Machine and Install Id ...
WebCompanionInstaller.exe
11/24/2023 2:56:58 AM :-> Checking prerequisites ...
WebCompanionInstaller.exe
11/24/2023 2:56:58 AM :-> Antivirus not detected
WebCompanionInstaller.exe
11/24/2023 2:56:58 AM :-> vm_check False
WebCompanionInstaller.exe
11/24/2023 2:56:59 AM :-> reg_check :False
WebCompanionInstaller.exe
11/24/2023 2:56:59 AM :-> Installed .Net framework is V40
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://webcompanion.com/nano_download.php?savename=Setup.exe&partner=IN220101&nonadmin&direct&tych&campaign=20398341592