File name:

JavaSetup8u401.exe

Full analysis: https://app.any.run/tasks/5d28a63f-35a9-4ffc-bd06-013e667e8535
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: March 09, 2024, 09:18:41
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
adaware
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

6B561CDBB5C764D8B7D1B2DD583E1FDB

SHA1:

E6AB66AA100F8A04B183D188193C693D01122F76

SHA256:

936CEE4941CA401E556ECE5206DC4D9FC70C3660AAECF27CDB6C4D1CA5252EE3

SSDEEP:

98304:JfhV9fR8hZSs09uP8vEgMHPwv/hTwMqfZeW3nTZ8ac:R

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • JavaSetup8u401.exe (PID: 3708)
      • WebCompanion-Installer.exe (PID: 1424)
      • Setup.exe (PID: 2816)

    • Steals credentials from Web Browsers

      • WebCompanion.exe (PID: 2520)
      • WebCompanion.exe (PID: 240)

    • ADAWARE has been detected (SURICATA)

      • WebCompanion.exe (PID: 2520)

    • Changes the autorun value in the registry

      • WebCompanion.exe (PID: 2520)
      • WebCompanion.exe (PID: 240)

    • Actions looks like stealing of personal data

      • WebCompanion.exe (PID: 240)
      • WebCompanion.exe (PID: 2520)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • JavaSetup8u401.exe (PID: 3708)
      • WebCompanion-Installer.exe (PID: 1424)
      • Setup.exe (PID: 2816)

    • Checks for Java to be installed

      • JavaSetup8u401.exe (PID: 2036)

    • Reads the Internet Settings

      • JavaSetup8u401.exe (PID: 2036)
      • WebCompanion-Installer.exe (PID: 1424)
      • WebCompanion.exe (PID: 2520)
      • WebCompanion.exe (PID: 240)

    • Reads security settings of Internet Explorer

      • JavaSetup8u401.exe (PID: 2036)
      • WebCompanion-Installer.exe (PID: 1424)
      • WebCompanion.exe (PID: 2520)
      • WebCompanion.exe (PID: 240)

    • Reads settings of System Certificates

      • JavaSetup8u401.exe (PID: 2036)
      • WebCompanion-Installer.exe (PID: 1424)
      • WebCompanion.exe (PID: 2520)
      • WebCompanion.exe (PID: 240)

    • Reads Microsoft Outlook installation path

      • JavaSetup8u401.exe (PID: 2036)

    • Checks Windows Trust Settings

      • JavaSetup8u401.exe (PID: 2036)
      • WebCompanion.exe (PID: 240)
      • WebCompanion.exe (PID: 2520)

    • Reads Internet Explorer settings

      • JavaSetup8u401.exe (PID: 2036)

    • Process drops legitimate windows executable

      • WebCompanion-Installer.exe (PID: 1424)

    • Drops 7-zip archiver for unpacking

      • WebCompanion-Installer.exe (PID: 1424)

    • The process drops C-runtime libraries

      • WebCompanion-Installer.exe (PID: 1424)

    • The process creates files with name similar to system file names

      • WebCompanion-Installer.exe (PID: 1424)

    • Creates a software uninstall entry

      • WebCompanion-Installer.exe (PID: 1424)

    • Searches for installed software

      • WebCompanion-Installer.exe (PID: 1424)
      • WebCompanion.exe (PID: 2520)
      • WebCompanion.exe (PID: 240)

    • Starts CMD.EXE for commands execution

      • WebCompanion-Installer.exe (PID: 1424)

    • Changes internet zones settings

      • WebCompanion-Installer.exe (PID: 1424)

    • Suspicious use of NETSH.EXE

      • cmd.exe (PID: 2476)

  • INFO

    • Reads the computer name

      • JavaSetup8u401.exe (PID: 3708)
      • JavaSetup8u401.exe (PID: 2036)
      • WebCompanion-Installer.exe (PID: 1424)
      • WebCompanion.exe (PID: 2520)
      • WebCompanion.exe (PID: 240)

    • Checks supported languages

      • JavaSetup8u401.exe (PID: 3708)
      • JavaSetup8u401.exe (PID: 2036)
      • Setup.exe (PID: 2816)
      • jaureg.exe (PID: 2672)
      • WebCompanion-Installer.exe (PID: 1424)
      • WebCompanion.exe (PID: 2520)
      • WebCompanion.exe (PID: 240)

    • Checks proxy server information

      • JavaSetup8u401.exe (PID: 2036)

    • Creates files or folders in the user directory

      • JavaSetup8u401.exe (PID: 2036)
      • WebCompanion-Installer.exe (PID: 1424)
      • WebCompanion.exe (PID: 2520)
      • WebCompanion.exe (PID: 240)

    • Reads the software policy settings

      • JavaSetup8u401.exe (PID: 2036)
      • WebCompanion-Installer.exe (PID: 1424)
      • WebCompanion.exe (PID: 240)
      • WebCompanion.exe (PID: 2520)

    • Application launched itself

      • chrome.exe (PID: 1900)
      • chrome.exe (PID: 1692)

    • Drops the executable file immediately after the start

      • chrome.exe (PID: 1864)
      • chrome.exe (PID: 1900)
      • chrome.exe (PID: 2036)

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 1900)
      • chrome.exe (PID: 1864)
      • chrome.exe (PID: 2036)

    • The process uses the downloaded file

      • chrome.exe (PID: 2916)
      • chrome.exe (PID: 1900)

    • Reads the machine GUID from the registry

      • JavaSetup8u401.exe (PID: 2036)
      • WebCompanion-Installer.exe (PID: 1424)
      • WebCompanion.exe (PID: 2520)
      • WebCompanion.exe (PID: 240)

    • Create files in a temporary directory

      • JavaSetup8u401.exe (PID: 3708)
      • WebCompanion-Installer.exe (PID: 1424)
      • Setup.exe (PID: 2816)

    • Manual execution by a user

      • chrome.exe (PID: 1900)

    • Reads Environment values

      • WebCompanion-Installer.exe (PID: 1424)
      • WebCompanion.exe (PID: 2520)
      • WebCompanion.exe (PID: 240)

    • Creates files in the program directory

      • WebCompanion.exe (PID: 2520)

    • Reads product name

      • WebCompanion.exe (PID: 2520)
      • WebCompanion.exe (PID: 240)

    • Reads Microsoft Office registry keys

      • WebCompanion.exe (PID: 240)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:12:19 13:19:47+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.31
CodeSize: 197632
InitializedDataSize: 2143232
UninitializedDataSize: -
EntryPoint: 0x10ab3
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 8.0.4010.10
ProductVersionNumber: 8.0.4010.10
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Oracle Corporation
FileDescription: Java Platform SE binary
FileVersion: 8.0.4010.10
FullVersion: 1.8.0_401-b10
InternalName: Setup Launcher
LegalCopyright: Copyright © 2024
OriginalFileName: online_wrapper-cab.exe
ProductName: Java Platform SE 8 U401
ProductVersion: 8.0.4010.10
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
118
Monitored processes
67
Malicious processes
7
Suspicious processes
0

Behavior graph

Click at the process to see the details
start javasetup8u401.exe javasetup8u401.exe jaureg.exe msiexec.exe no specs chrome.exe chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs setup.exe chrome.exe no specs webcompanion-installer.exe chrome.exe no specs cmd.exe no specs netsh.exe no specs #ADAWARE webcompanion.exe chrome.exe no specs webcompanion.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs javasetup8u401.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
240"C:\Users\admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --afterinstall C:\Users\admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
WebCompanion-Installer.exe
User:
admin
Company:
Lavasoft
Integrity Level:
MEDIUM
Description:
Web Companion
Exit code:
0
Version:
12.901.4.1003
Modules
Images
c:\users\admin\appdata\roaming\lavasoft\web companion\application\webcompanion.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
316"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --disable-quic --mojo-platform-channel-handle=628 --field-trial-handle=1224,i,451350932256328439,6294710752700675746,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
316"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --disable-quic --mojo-platform-channel-handle=4336 --field-trial-handle=1224,i,451350932256328439,6294710752700675746,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
480"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2120 --field-trial-handle=1224,i,451350932256328439,6294710752700675746,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
480"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --disable-quic --mojo-platform-channel-handle=2004 --field-trial-handle=1224,i,451350932256328439,6294710752700675746,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
532"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3932 --field-trial-handle=1224,i,451350932256328439,6294710752700675746,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
748"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=3988 --field-trial-handle=1224,i,451350932256328439,6294710752700675746,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1092"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=4372 --field-trial-handle=1224,i,451350932256328439,6294710752700675746,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1368"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x6bcd8b38,0x6bcd8b48,0x6bcd8b54C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1384"C:\Users\admin\AppData\Local\Temp\JavaSetup8u401.exe" C:\Users\admin\AppData\Local\Temp\JavaSetup8u401.exeexplorer.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java Platform SE binary
Exit code:
3221226540
Version:
8.0.4010.10
Modules
Images
c:\users\admin\appdata\local\temp\javasetup8u401.exe
c:\windows\system32\ntdll.dll
Total events
48 196
Read events
47 778
Write events
401
Delete events
17

Modification events

(PID) Process:(2036) JavaSetup8u401.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft
Operation:delete valueName:InstallStatus
Value:
(PID) Process:(2036) JavaSetup8u401.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2036) JavaSetup8u401.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyServer
Value:
(PID) Process:(2036) JavaSetup8u401.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyOverride
Value:
(PID) Process:(2036) JavaSetup8u401.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoConfigURL
Value:
(PID) Process:(2036) JavaSetup8u401.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoDetect
Value:
(PID) Process:(2036) JavaSetup8u401.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005C010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2036) JavaSetup8u401.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2036) JavaSetup8u401.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2036) JavaSetup8u401.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
Executable files
93
Suspicious files
271
Text files
176
Unknown types
367

Dropped files

PID
Process
Filename
Type
2036JavaSetup8u401.exeC:\Users\admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\jds1574468.tmp
MD5:
SHA256:
1900chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RF18b30f.TMP
MD5:
SHA256:
1900chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
3708JavaSetup8u401.exeC:\Users\admin\AppData\Local\Temp\jds1570421.tmp\jds1570437.tmpexecutable
MD5:24CA1C45B2830C06A9BD61E0158D9953
SHA256:0E6C46FC45D9A7A8DDD13F67EE05CDE85212C8391A09C917ACEB375C26ADCCDF
2036JavaSetup8u401.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04binary
MD5:2978146AC20DB933DC32D5B3679984B5
SHA256:EA1712275E49E17530022F4DFA62DA4FCDB126AB3D04395AB4FE5CAD4547E10D
3708JavaSetup8u401.exeC:\Users\admin\AppData\Local\Temp\jds1570421.tmp\JavaSetup8u401.exeexecutable
MD5:24CA1C45B2830C06A9BD61E0158D9953
SHA256:0E6C46FC45D9A7A8DDD13F67EE05CDE85212C8391A09C917ACEB375C26ADCCDF
3708JavaSetup8u401.exeC:\Users\admin\AppData\Local\Temp\jusched.logtext
MD5:6B2DBBA340C0565B9F050658CA438854
SHA256:7C6F315E389862FD7EB69C16A2E300BBC751EB28FE6F22E26234A9DFB47843B0
1900chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF18b31e.TMPtext
MD5:ADB669AB4CD1C63883C64FB0DBA2C7DA
SHA256:18BFF89047EC5B122573D089B3DC7A7DD14A5A7A515B2D8141584B41E723253F
2036JavaSetup8u401.exeC:\Users\admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\Java3BillDevices.pngimage
MD5:8E52EFC6798ED074072F527309A1BA25
SHA256:12491EBC4EB99BF014D3BC44F770114BDE013E84CBEC2633303559A8C6E5F991
2036JavaSetup8u401.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:11066AB3665CC3D1A154D5B79EB84CAE
SHA256:F2159CC0E33BF38DD9422EAE87D2CA239927965E974998F408EFED531552653D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
57
TCP/UDP connections
267
DNS requests
327
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2036
JavaSetup8u401.exe
GET
304
92.122.157.71:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?3e1221cb6058ac68
unknown
unknown
2036
JavaSetup8u401.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEAPDhvRlt0cw%2BYeYLBQHCWo%3D
unknown
binary
471 b
unknown
2036
JavaSetup8u401.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
binary
471 b
unknown
856
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYTBmQUFZUHRkSkgtb01uSGNvRHZ2Tm5HQQ/1.0.0.15_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
unknown
unknown
856
svchost.exe
GET
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYTBmQUFZUHRkSkgtb01uSGNvRHZ2Tm5HQQ/1.0.0.15_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
unknown
binary
3.07 Kb
unknown
1080
svchost.exe
GET
200
92.122.157.71:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?e90c163b6659448e
unknown
compressed
67.5 Kb
unknown
856
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adasgb6qzo3kp62542i5hyaakdua_30.2/imefjhfbkmcmebodilednhmaccmincoa_30.2_win_kwiu22sehztwd3bii7gzgq4vri.crx3
unknown
binary
3.07 Kb
unknown
856
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adasgb6qzo3kp62542i5hyaakdua_30.2/imefjhfbkmcmebodilednhmaccmincoa_30.2_win_kwiu22sehztwd3bii7gzgq4vri.crx3
unknown
binary
6.91 Kb
unknown
856
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adasgb6qzo3kp62542i5hyaakdua_30.2/imefjhfbkmcmebodilednhmaccmincoa_30.2_win_kwiu22sehztwd3bii7gzgq4vri.crx3
unknown
binary
12.2 Kb
unknown
856
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adasgb6qzo3kp62542i5hyaakdua_30.2/imefjhfbkmcmebodilednhmaccmincoa_30.2_win_kwiu22sehztwd3bii7gzgq4vri.crx3
unknown
binary
10.0 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
2036
JavaSetup8u401.exe
23.14.21.64:443
javadl-esd-secure.oracle.com
TELXIUS TELXIUS Cable
CO
unknown
2036
JavaSetup8u401.exe
92.122.157.71:80
ctldl.windowsupdate.com
Akamai International B.V.
NL
unknown
1080
svchost.exe
224.0.0.252:5355
unknown
2036
JavaSetup8u401.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
2036
JavaSetup8u401.exe
23.221.248.104:443
sdlc-esd.oracle.com
AKAMAI-AS
NL
unknown
2036
JavaSetup8u401.exe
92.122.157.42:443
www.java.com
Akamai International B.V.
NL
unknown
2036
JavaSetup8u401.exe
63.140.62.17:443
sjremetrics.java.com
AMAZON-02
US
unknown

DNS requests

Domain
IP
Reputation
javadl-esd-secure.oracle.com
  • 23.14.21.64
whitelisted
ctldl.windowsupdate.com
  • 92.122.157.71
  • 92.122.157.92
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
javadl.oracle.com
  • 23.14.21.64
whitelisted
sdlc-esd.oracle.com
  • 23.221.248.104
whitelisted
www.java.com
  • 92.122.157.42
  • 92.122.157.40
whitelisted
rps-svcs.oracle.com
  • 23.14.21.64
unknown
sjremetrics.java.com
  • 63.140.62.17
  • 63.140.62.222
  • 63.140.62.27
whitelisted
clientservices.googleapis.com
  • 142.250.184.227
whitelisted
accounts.google.com
  • 173.194.76.84
shared

Threats

PID
Process
Class
Message
2520
WebCompanion.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
2520
WebCompanion.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
2520
WebCompanion.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
2520
WebCompanion.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
Process
Message
WebCompanion-Installer.exe
Failed to OpenWcfHost: System.ServiceModel.AddressAccessDeniedException: HTTP could not register URL http://+:9008/webcompanion/. Your process does not have access rights to this namespace (see http://go.microsoft.com/fwlink/?LinkId=70353 for details). ---> System.Net.HttpListenerException: Access is denied at System.Net.HttpListener.AddAllPrefixes() at System.Net.HttpListener.Start() at System.ServiceModel.Channels.SharedHttpTransportManager.OnOpen() --- End of inner exception stack trace --- at System.ServiceModel.Channels.SharedHttpTransportManager.OnOpen() at System.ServiceModel.Channels.TransportManager.Open(TransportChannelListener channelListener) at System.ServiceModel.Channels.TransportManagerContainer.Open(SelectTransportManagersCallback selectTransportManagerCallback) at System.ServiceModel.Channels.TransportChannelListener.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.HttpChannelListener`1.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at WebCompanionInstaller.App.OpenInstallerWcfHost()
WebCompanion-Installer.exe
Detecting windows culture
WebCompanion-Installer.exe
Preparing request for featureflag: {"Geo":"DE","Partner":"CH230501","Campaign":"1000x250","InstallDate":"20240309","TriggerType":"install","TriggerEvent":"installer","Version":"12.901.4.1003","featurewp":true,"featureal":true}
WebCompanion-Installer.exe
Getting response from featureflag: [{"sectionCode":"WAC","code":"WAC","configuration":"{\"Icon\": \"https://webcompanion.com/images/favicon.ico\", \"AppName\": \"Web Companion\", \"Settings\": [\"WCAutoUpdate\", \"EnableGranularity\", \"PostRunV2Action\", \"PostRunTimerAction\", \"EnableTelemetryScan\", \"EnableWebProtection\", \"EnableDynamicNotification\"], \"CompanyName\": \"Lavasoft\", \"ConfigVersion\": \"v1\", \"CurrentVersion\": \"9.3.0\"}","targetId":301},{"sectionCode":"WFAI","code":"WCP","configuration":"{\"Version\": \"3.0.2.12\", \"FilePath\": \"https://rt.webcompanion.com/notifications/download/rt/dci/latest/Webprotection.zip\", \"BlackList\": \"https://acs.lavasoft.com/api/v2/url/blacklist\", \"WhiteList\": \"https://acs.lavasoft.com/api/v2/url/permanentwhitelist\", \"DisplayName\": \"Web Protection\", \"FeatureName\": \"WebProtection\"}","targetId":241}]
WebCompanion-Installer.exe
3/9/2024 9:21:21 AM :-> Start
WebCompanion-Installer.exe
Failed to report progress in SendPostRequest: System.Net.WebException: The remote server returned an error: (400) Bad Request. at System.Net.HttpWebRequest.GetResponse() at WebCompanionInstaller.Utils.RestUtils.SendPostRequest(String url, String body)
WebCompanion-Installer.exe
3/9/2024 9:21:22 AM :-> Starting installer 12.901.4.1003 with: .\WebCompanion-Installer.exe --savename=Setup.exe --partner=CH230501 --nonadmin --direct --tych --campaign=1000x250 --version=12.901.4.1003, Run as admin: False
WebCompanion-Installer.exe
SecurityProtocol set toTls, Tls11, Tls12, Tls13
WebCompanion-Installer.exe
Preparing for installing Web Companion
WebCompanion-Installer.exe
3/9/2024 9:21:23 AM :-> Generating Machine and Install Id ...
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
JavaSetup8u401.exe