URL:

https://webcompanion.com/en/

Full analysis: https://app.any.run/tasks/85c71890-8bfa-4b9d-98dd-ddb99f7d70be
Verdict: Malicious activity
Analysis date: December 26, 2023, 23:25:10
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

8A8491021A06102FAB6051BBE79EDFA3

SHA1:

D6E55A432EE4AF4CDB73942848F2E0E2175BA848

SHA256:

EF09652A37DB76F0BA96FB4F88AA509493EB6B80391054C8380AE1BF2B023007

SSDEEP:

3:N8RmgDKb+n:2Qg+b+n

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Creates a writable file in the system directory

      • Lavasoft.WCAssistant.WinService.exe (PID: 3832)
      • rundll32.exe (PID: 4016)

    • Starts NET.EXE for service management

      • WebCompanion-Installer.exe (PID: 3204)
      • net.exe (PID: 664)

    • Steals credentials from Web Browsers

      • WebCompanion.exe (PID: 2912)
      • WebCompanion.exe (PID: 2652)

    • Actions looks like stealing of personal data

      • WebCompanion.exe (PID: 2912)
      • WebCompanion.exe (PID: 2652)

    • Changes the autorun value in the registry

      • WebCompanion.exe (PID: 2652)

  • SUSPICIOUS

    • Searches for installed software

      • WebCompanion-Installer.exe (PID: 3204)
      • WebCompanion.exe (PID: 2912)
      • WebCompanion.exe (PID: 2652)

    • Reads the Internet Settings

      • WebCompanion-Installer.exe (PID: 3204)
      • runonce.exe (PID: 2120)
      • WebCompanion.exe (PID: 2912)
      • WebCompanion.exe (PID: 2652)

    • Reads settings of System Certificates

      • WebCompanion-Installer.exe (PID: 3204)
      • WebCompanion.exe (PID: 2912)
      • WebCompanion.exe (PID: 2652)

    • Drops a system driver (possible attempt to evade defenses)

      • WebCompanion-Installer.exe (PID: 3204)
      • rundll32.exe (PID: 4016)

    • Checks Windows Trust Settings

      • Lavasoft.WCAssistant.WinService.exe (PID: 3832)
      • WebCompanion.exe (PID: 2912)
      • WebCompanion.exe (PID: 2652)

    • Starts SC.EXE for service management

      • WebCompanion-Installer.exe (PID: 3204)
      • cmd.exe (PID: 2728)

    • Adds/modifies Windows certificates

      • Lavasoft.WCAssistant.WinService.exe (PID: 3832)

    • Suspicious use of NETSH.EXE

      • cmd.exe (PID: 3800)
      • cmd.exe (PID: 880)

    • Starts CMD.EXE for commands execution

      • Lavasoft.WCAssistant.WinService.exe (PID: 3832)
      • WebCompanion-Installer.exe (PID: 3204)

    • Uses RUNDLL32.EXE to load library

      • WebCompanion-Installer.exe (PID: 3204)

    • The process creates files with name similar to system file names

      • WebCompanion-Installer.exe (PID: 3204)

    • Executing commands from ".cmd" file

      • WebCompanion-Installer.exe (PID: 3204)

    • Changes internet zones settings

      • WebCompanion-Installer.exe (PID: 3204)

    • Reads security settings of Internet Explorer

      • WebCompanion.exe (PID: 2912)
      • WebCompanion.exe (PID: 2652)

  • INFO

    • Application launched itself

      • msedge.exe (PID: 2124)
      • msedge.exe (PID: 1356)
      • msedge.exe (PID: 3952)
      • msedge.exe (PID: 3168)

    • Drops the executable file immediately after the start

      • msedge.exe (PID: 2124)
      • WebCompanionInstaller.exe (PID: 3188)
      • msedge.exe (PID: 480)
      • rundll32.exe (PID: 4016)
      • WebCompanion-Installer.exe (PID: 3204)

    • Checks supported languages

      • WebCompanionInstaller.exe (PID: 3188)
      • WebCompanion-Installer.exe (PID: 3204)
      • Lavasoft.WCAssistant.WinService.exe (PID: 3832)
      • DCIService.exe (PID: 2904)
      • WebCompanion.exe (PID: 2912)
      • WebCompanion.exe (PID: 2652)

    • The process uses the downloaded file

      • msedge.exe (PID: 2848)

    • Manual execution by a user

      • WebCompanionInstaller.exe (PID: 3188)
      • msedge.exe (PID: 3168)

    • Create files in a temporary directory

      • WebCompanionInstaller.exe (PID: 3188)
      • WebCompanion-Installer.exe (PID: 3204)

    • Reads the computer name

      • WebCompanion-Installer.exe (PID: 3204)
      • Lavasoft.WCAssistant.WinService.exe (PID: 3832)
      • DCIService.exe (PID: 2904)
      • WebCompanion.exe (PID: 2912)
      • WebCompanion.exe (PID: 2652)

    • Reads Environment values

      • WebCompanion-Installer.exe (PID: 3204)
      • Lavasoft.WCAssistant.WinService.exe (PID: 3832)
      • WebCompanion.exe (PID: 2652)
      • WebCompanion.exe (PID: 2912)

    • Reads the machine GUID from the registry

      • WebCompanion-Installer.exe (PID: 3204)
      • Lavasoft.WCAssistant.WinService.exe (PID: 3832)
      • DCIService.exe (PID: 2904)
      • WebCompanion.exe (PID: 2652)
      • WebCompanion.exe (PID: 2912)

    • Creates files in the program directory

      • WebCompanion-Installer.exe (PID: 3204)
      • Lavasoft.WCAssistant.WinService.exe (PID: 3832)
      • DCIService.exe (PID: 2904)
      • WebCompanion.exe (PID: 2912)
      • WebCompanion.exe (PID: 2652)

    • Drops 7-zip archiver for unpacking

      • WebCompanion-Installer.exe (PID: 3204)

    • Process drops legitimate windows executable

      • WebCompanion-Installer.exe (PID: 3204)

    • Executes as Windows Service

      • Lavasoft.WCAssistant.WinService.exe (PID: 3832)
      • DCIService.exe (PID: 2904)

    • Creates files in the driver directory

      • rundll32.exe (PID: 4016)

    • The process drops C-runtime libraries

      • WebCompanion-Installer.exe (PID: 3204)

    • Creates files or folders in the user directory

      • WebCompanion-Installer.exe (PID: 3204)
      • DCIService.exe (PID: 2904)
      • WebCompanion.exe (PID: 2912)
      • WebCompanion.exe (PID: 2652)

    • Reads the time zone

      • runonce.exe (PID: 2120)

    • Reads product name

      • WebCompanion.exe (PID: 2912)
      • WebCompanion.exe (PID: 2652)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
111
Monitored processes
60
Malicious processes
4
Suspicious processes
1

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs webcompanioninstaller.exe webcompanion-installer.exe sc.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs lavasoft.wcassistant.winservice.exe cmd.exe no specs netsh.exe no specs rundll32.exe no specs runonce.exe no specs grpconv.exe no specs net.exe no specs sc.exe no specs net1.exe no specs sc.exe no specs cmd.exe no specs sc.exe no specs dciservice.exe no specs cmd.exe no specs netsh.exe no specs webcompanion.exe webcompanion.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
116"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x6e55f598,0x6e55f5a8,0x6e55f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
332"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1648 --field-trial-handle=1208,i,8222089530214659211,11166631965990500718,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
480"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1036 --field-trial-handle=1396,i,10983476810831258167,1707236551564779043,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
568"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4128 --field-trial-handle=1396,i,10983476810831258167,1707236551564779043,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
664"C:\Windows\system32\net.exe" start bddciC:\Windows\System32\net.exeWebCompanion-Installer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Net Command
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\net.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
668"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1236 --field-trial-handle=1396,i,10983476810831258167,1707236551564779043,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
680"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4124 --field-trial-handle=1396,i,10983476810831258167,1707236551564779043,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
712"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2288 --field-trial-handle=1396,i,10983476810831258167,1707236551564779043,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
880"C:\Windows\System32\cmd.exe" /C netsh http add urlacl url=http://+:9007/ user=EveryoneC:\Windows\System32\cmd.exeWebCompanion-Installer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
1
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1344"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1648 --field-trial-handle=1396,i,10983476810831258167,1707236551564779043,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
49 829
Read events
49 535
Write events
292
Delete events
2

Modification events

(PID) Process:(2124) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(2124) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(2124) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(2124) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(2124) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:dr
Value:
1
(PID) Process:(2124) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
1
(PID) Process:(2124) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1302019708-1500728564-335382590-1000
Value:
8A1A1F2B695E2F00
(PID) Process:(2124) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge
Operation:writeName:UsageStatsInSample
Value:
1
(PID) Process:(2124) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:usagestats
Value:
1
(PID) Process:(2124) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:urlstats
Value:
1
Executable files
223
Suspicious files
351
Text files
181
Unknown types
0

Dropped files

PID
Process
Filename
Type
2124msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RFdfb48.TMP
MD5:
SHA256:
2124msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
2124msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RFdfb68.TMP
MD5:
SHA256:
2124msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
2124msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RFdfb77.TMP
MD5:
SHA256:
2124msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RFdfc04.TMP
MD5:
SHA256:
2124msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
116msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics.pmabinary
MD5:C612E96CBFAC63232FC2062E15600FB1
SHA256:DB3C05D5EC0B6719A73E7F0BE84BCE9342772DA70567E7CE08CF6573480B38FF
2124msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old~RFdfb48.TMPtext
MD5:DC3DFB5AC4FB94152BBCC0A1072D0D87
SHA256:FDD5048837BDED85426AF270E6E08913657C1A12B1E40F6A67CF9487D7559FC9
2124msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\64183c7f-8095-424a-8b6b-720d96f0c09e.tmpbinary
MD5:5058F1AF8388633F609CADB75A75DC9D
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
13
TCP/UDP connections
82
DNS requests
93
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3832
Lavasoft.WCAssistant.WinService.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?eb7f7db88988dc94
unknown
unknown
3204
WebCompanion-Installer.exe
GET
200
104.17.9.52:80
http://geo.lavasoft.com/
unknown
binary
50 b
unknown
3832
Lavasoft.WCAssistant.WinService.exe
GET
200
69.192.162.201:80
http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRr2bwARTxMtEy9aspRAZg5QFhagQQUgrrWPZfOn89x6JI3r%2F2ztWk1V88CEDWvt3udNB9q%2FI%2BERqsxNSs%3D
unknown
binary
812 b
unknown
3204
WebCompanion-Installer.exe
GET
200
104.17.9.52:80
http://geo.lavasoft.com/
unknown
binary
50 b
unknown
3832
Lavasoft.WCAssistant.WinService.exe
GET
200
69.192.162.201:80
http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanImetAe733nO2lR1GyNn5ASZqsCEE5A5DdU7eaMAAAAAFHTlH8%3D
unknown
binary
1.55 Kb
unknown
3832
Lavasoft.WCAssistant.WinService.exe
GET
200
69.192.162.201:80
http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRp%2BmQDKauE4nIg%2FgknZHuBlLkfKgQUzolPglGqFaKEYsoxI2HSYfv4%2FngCEHTvSjTpoGUpJ37OBzkq8uU%3D
unknown
binary
806 b
unknown
2912
WebCompanion.exe
GET
200
104.17.9.52:80
http://geo.lavasoft.com/
unknown
binary
50 b
unknown
2912
WebCompanion.exe
GET
200
64.18.87.81:80
http://wc-partners.lavasoft.com/Partner.svc/GetPartnerInfo?partner=newwebsite_ab
unknown
binary
206 b
unknown
2912
WebCompanion.exe
GET
200
64.18.87.81:80
http://wc-partners.lavasoft.com/Partner.svc/GetPartnerInfo?partner=newwebsite
unknown
binary
207 b
unknown
2912
WebCompanion.exe
GET
200
104.18.212.25:80
http://webcompanion.com/version_logs?json=true&version=12.1.2.991
unknown
text
4 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
480
msedge.exe
104.18.211.25:443
webcompanion.com
CLOUDFLARENET
unknown
2124
msedge.exe
239.255.255.250:1900
whitelisted
480
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
480
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
480
msedge.exe
20.31.251.109:443
nav-edge.smartscreen.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
480
msedge.exe
20.105.95.163:443
data-edge.smartscreen.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
480
msedge.exe
142.250.186.170:443
fonts.googleapis.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
webcompanion.com
  • 104.18.211.25
  • 104.18.212.25
unknown
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
nav-edge.smartscreen.microsoft.com
  • 20.31.251.109
  • 20.103.180.120
whitelisted
data-edge.smartscreen.microsoft.com
  • 20.105.95.163
whitelisted
fonts.googleapis.com
  • 142.250.186.170
whitelisted
ajax.googleapis.com
  • 172.217.23.106
whitelisted
cdn.cookielaw.org
  • 104.18.131.236
  • 104.18.130.236
whitelisted
fonts.gstatic.com
  • 142.250.186.99
  • 216.58.206.35
whitelisted
www.googletagmanager.com
  • 142.250.181.232
whitelisted

Threats

No threats detected
Process
Message
WebCompanion-Installer.exe
Detecting windows culture
WebCompanion-Installer.exe
Preparing request for featureflag: {"Geo":"DE","Partner":"newwebsite","Campaign":"NA","InstallDate":"20231226","TriggerType":"install","TriggerEvent":"installer","Version":"12.1.2.982","featurewp":true,"featureal":true}
WebCompanion-Installer.exe
Getting response from featureflag: [{"sectionCode":"WAC","code":"WAC","configuration":"{\"Icon\": \"https://webcompanion.com/images/favicon.ico\", \"AppName\": \"Web Companion\", \"Settings\": [\"WCAutoUpdate\", \"EnableGranularity\", \"PostRunV2Action\", \"PostRunTimerAction\", \"EnableTelemetryScan\", \"EnableWebProtection\", \"EnableDynamicNotification\"], \"CompanyName\": \"Lavasoft\", \"ConfigVersion\": \"v1\", \"CurrentVersion\": \"9.3.0\"}","targetId":301},{"sectionCode":"WFAI","code":"WCP","configuration":"{\"Version\": \"3.0.2.12\", \"FilePath\": \"https://rt.webcompanion.com/notifications/download/rt/dci/latest/Webprotection.zip\", \"BlackList\": \"https://acs.lavasoft.com/api/v2/url/blacklist\", \"WhiteList\": \"https://acs.lavasoft.com/api/v2/url/permanentwhitelist\", \"DisplayName\": \"Web Protection\", \"FeatureName\": \"WebProtection\"}","targetId":241}]
WebCompanion-Installer.exe
12/26/2023 11:25:36 PM :-> Start
WebCompanion-Installer.exe
Failed to report progress in SendPostRequest: System.Net.WebException: The remote server returned an error: (400) Bad Request. at System.Net.HttpWebRequest.GetResponse() at WebCompanionInstaller.Utils.RestUtils.SendPostRequest(String url, String body)
WebCompanion-Installer.exe
12/26/2023 11:25:37 PM :-> Starting installer 12.1.2.982 with: .\WebCompanion-Installer.exe --partner=newwebsite --version=12.1.2.982, Run as admin: True
WebCompanion-Installer.exe
SecurityProtocol set toTls, Tls11, Tls12, Tls13
WebCompanion-Installer.exe
Preparing for installing Web Companion
WebCompanion-Installer.exe
12/26/2023 11:25:41 PM :-> Generating Machine and Install Id ...
WebCompanion-Installer.exe
12/26/2023 11:25:41 PM :-> Machine Id and Install Id has been generated
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://webcompanion.com/en/