analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://stackpathdownload.wildgames.com/WildTangentHelperUpdate/WildTangentHelper-1.0.0.437.exe

Full analysis: https://app.any.run/tasks/dedc4ddf-5709-4aff-8e0a-c9410bbbae04
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Analysis date: March 30, 2021, 16:26:23
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MD5:

76E3B343BEBE479C7EA10483CCDF7DB8

SHA1:

D059C8AF9ECA5672E39457542F23756EE53D38DA

SHA256:

4DB77FC13840323EC44F729600AF436CFCF5800569E2AF9E936A50CCDCCB009F

SSDEEP:

3:N1KNR3rB5yRnBxELX0vQRfCLX0EdVt:CH3knsTRO/dVt

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • WildTangentHelper-1.0.0.437.exe (PID: 556)
      • WildTangentHelper-1.0.0.437.exe (PID: 2364)
      • nsB151.tmp (PID: 3864)
      • nsB402.tmp (PID: 2556)
      • nsB740.tmp (PID: 3692)
      • nsB2AA.tmp (PID: 1892)
      • WildTangentHelperService.exe (PID: 2732)
      • WildTangentHelperService.exe (PID: 3440)
      • nsB915.tmp (PID: 1392)
      • nsC49F.tmp (PID: 928)
    • Drops executable file immediately after starts

      • WildTangentHelper-1.0.0.437.exe (PID: 556)
    • Loads dropped or rewritten executable

      • WildTangentHelper-1.0.0.437.exe (PID: 556)
    • Starts NET.EXE for service management

      • nsB2AA.tmp (PID: 1892)
      • nsB915.tmp (PID: 1392)
    • Changes settings of System certificates

      • WildTangentHelperService.exe (PID: 3440)
  • SUSPICIOUS

    • Drops a file with too old compile date

      • iexplore.exe (PID: 2504)
      • iexplore.exe (PID: 2528)
      • WildTangentHelper-1.0.0.437.exe (PID: 556)
    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 2528)
      • WildTangentHelper-1.0.0.437.exe (PID: 556)
    • Starts application with an unusual extension

      • WildTangentHelper-1.0.0.437.exe (PID: 556)
    • Uses TASKKILL.EXE to kill process

      • nsB402.tmp (PID: 2556)
    • Creates a directory in Program Files

      • WildTangentHelper-1.0.0.437.exe (PID: 556)
    • Drops a file with a compile date too recent

      • WildTangentHelper-1.0.0.437.exe (PID: 556)
    • Creates files in the program directory

      • WildTangentHelper-1.0.0.437.exe (PID: 556)
      • WildTangentHelperService.exe (PID: 2732)
    • Drops a file that was compiled in debug mode

      • WildTangentHelper-1.0.0.437.exe (PID: 556)
    • Creates a software uninstall entry

      • WildTangentHelper-1.0.0.437.exe (PID: 556)
    • Creates files in the user directory

      • WildTangentHelperService.exe (PID: 2732)
    • Executed as Windows Service

      • WildTangentHelperService.exe (PID: 3440)
    • Removes files from Windows directory

      • WildTangentHelperService.exe (PID: 3440)
    • Starts SC.EXE for service management

      • nsC49F.tmp (PID: 928)
    • Adds / modifies Windows certificates

      • WildTangentHelperService.exe (PID: 3440)
    • Creates files in the Windows directory

      • WildTangentHelperService.exe (PID: 3440)
    • Creates or modifies windows services

      • WildTangentHelperService.exe (PID: 3440)
  • INFO

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2528)
      • WildTangentHelperService.exe (PID: 3440)
    • Changes settings of System certificates

      • iexplore.exe (PID: 2528)
    • Changes internet zones settings

      • iexplore.exe (PID: 2528)
    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 2528)
    • Application launched itself

      • iexplore.exe (PID: 2528)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2528)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
64
Monitored processes
18
Malicious processes
3
Suspicious processes
2

Behavior graph

Click at the process to see the details
drop and start drop and start start drop and start drop and start drop and start drop and start drop and start drop and start iexplore.exe iexplore.exe wildtangenthelper-1.0.0.437.exe no specs wildtangenthelper-1.0.0.437.exe nsb151.tmp no specs nsb2aa.tmp no specs net.exe no specs net1.exe no specs nsb402.tmp no specs taskkill.exe no specs nsb740.tmp no specs wildtangenthelperservice.exe nsb915.tmp no specs net.exe no specs net1.exe no specs wildtangenthelperservice.exe nsc49f.tmp no specs sc.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2528"C:\Program Files\Internet Explorer\iexplore.exe" http://stackpathdownload.wildgames.com/WildTangentHelperUpdate/WildTangentHelper-1.0.0.437.exeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2504"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2528 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2364"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\WildTangentHelper-1.0.0.437.exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\WildTangentHelper-1.0.0.437.exeiexplore.exe
User:
admin
Company:
gamigo, Inc.
Integrity Level:
MEDIUM
Description:
WildTangentHelper
Exit code:
3221226540
Version:
1.0.0.437
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\6z2bcoul\wildtangenthelper-1.0.0.437.exe
c:\systemroot\system32\ntdll.dll
556"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\WildTangentHelper-1.0.0.437.exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\WildTangentHelper-1.0.0.437.exe
iexplore.exe
User:
admin
Company:
gamigo, Inc.
Integrity Level:
HIGH
Description:
WildTangentHelper
Exit code:
0
Version:
1.0.0.437
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\6z2bcoul\wildtangenthelper-1.0.0.437.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
3864"C:\Users\admin\AppData\Local\Temp\nsfB140.tmp\nsB151.tmp" "C:\Program Files\WildTangent Games\Integration\WildTangentHelperService.exe" /LockServiceC:\Users\admin\AppData\Local\Temp\nsfB140.tmp\nsB151.tmpWildTangentHelper-1.0.0.437.exe
User:
admin
Integrity Level:
HIGH
Exit code:
3221225501
Modules
Images
c:\users\admin\appdata\local\temp\nsfb140.tmp\nsb151.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1892"C:\Users\admin\AppData\Local\Temp\nsfB140.tmp\nsB2AA.tmp" net stop wildtangenthelperC:\Users\admin\AppData\Local\Temp\nsfB140.tmp\nsB2AA.tmpWildTangentHelper-1.0.0.437.exe
User:
admin
Integrity Level:
HIGH
Exit code:
2
Modules
Images
c:\users\admin\appdata\local\temp\nsfb140.tmp\nsb2aa.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
3304net stop wildtangenthelperC:\Windows\system32\net.exensB2AA.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Net Command
Exit code:
2
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
3796C:\Windows\system32\net1 stop wildtangenthelperC:\Windows\system32\net1.exenet.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Net Command
Exit code:
2
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
2556"C:\Users\admin\AppData\Local\Temp\nsfB140.tmp\nsB402.tmp" taskkill /fi "IMAGENAME eq WildTangentHelperService.exe" /t /fC:\Users\admin\AppData\Local\Temp\nsfB140.tmp\nsB402.tmpWildTangentHelper-1.0.0.437.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\nsfb140.tmp\nsb402.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1536taskkill /fi "IMAGENAME eq WildTangentHelperService.exe" /t /fC:\Windows\system32\taskkill.exensB402.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\taskkill.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
Total events
811
Read events
648
Write events
157
Delete events
6

Modification events

(PID) Process:(2528) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
2290302128
(PID) Process:(2528) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30877057
(PID) Process:(2528) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2528) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2528) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2528) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2528) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2528) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
46000000A5000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(2528) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2528) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
Executable files
27
Suspicious files
30
Text files
18
Unknown types
9

Dropped files

PID
Process
Filename
Type
2504iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\WildTangentHelper-1.0.0.437[1].exe
MD5:
SHA256:
2504iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\WildTangentHelper-1.0.0.437.exe.lnumaz7.partial
MD5:
SHA256:
2528iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF8DD285A64AF8EB0F.TMP
MD5:
SHA256:
2528iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\WildTangentHelper-1.0.0.437.exe.lnumaz7.partial:Zone.Identifier
MD5:
SHA256:
556WildTangentHelper-1.0.0.437.exeC:\Program Files\WildTangent Games\Integration\uninstaller.newexecutable
MD5:08304FE47722E2E0979109D30D7274DF
SHA256:8930A1CE709BA7B100BE6E649B64DDAC67E1800FFF9D37641200FD2796EECA64
556WildTangentHelper-1.0.0.437.exeC:\Program Files\WildTangent Games\Integration\ShellHlp.newexecutable
MD5:354CC7454CB56736F77F43AC1D2C6906
SHA256:074A218D606416869D69FDE570F08B010E0316D0C5F3B285D21C1F51CE33BA75
556WildTangentHelper-1.0.0.437.exeC:\Program Files\WildTangent Games\Integration\GameLauncherx64.newexecutable
MD5:DF27ECFBE5E034E5A323CDC12264FC66
SHA256:AE52D75E3E8CF9F444B4F08B5B447167AC8B05F4393F65D6A851B0187EDB917D
556WildTangentHelper-1.0.0.437.exeC:\Program Files\WildTangent Games\Integration\WildTangentHelperService.newexecutable
MD5:C58D0CF705BA20AE656AF5FB94EF89AA
SHA256:62C41D440EEB433CAB5EC105B939D3C6BBB3CD81A343057FAC053734F96DCE01
556WildTangentHelper-1.0.0.437.exeC:\Program Files\WildTangent Games\Integration\GameLauncherDllx64.newexecutable
MD5:1516A7DD670C30F386826022B8E7527C
SHA256:DA2FBC0BC3DE0B7DFA5F40D05AF4F372580248D42B822DA0740CDA39943D45B5
556WildTangentHelper-1.0.0.437.exeC:\Users\admin\AppData\Local\Temp\nsfB140.tmp\nsB402.tmpexecutable
MD5:279BAA18BA64F9C8A8FFB91CD4C53469
SHA256:9DAE470D35319ED412EE4B4F636AFCA5C3F4F5012D9D9F88255E8A24CA803C46
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
20
DNS requests
12
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3440
WildTangentHelperService.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
US
der
727 b
whitelisted
2504
iexplore.exe
GET
200
151.139.241.10:80
http://stackpathdownload.wildgames.com/WildTangentHelperUpdate/WildTangentHelper-1.0.0.437.exe
US
executable
3.13 Mb
suspicious
2528
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
3440
WildTangentHelperService.exe
GET
200
13.32.23.96:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
US
der
1.70 Kb
whitelisted
2528
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
3440
WildTangentHelperService.exe
GET
200
13.32.23.204:80
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
US
der
1.51 Kb
whitelisted
2528
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
3440
WildTangentHelperService.exe
GET
200
13.32.23.89:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D
US
der
1.39 Kb
shared
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2528
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3440
WildTangentHelperService.exe
205.185.216.10:80
www.download.windowsupdate.com
Highwinds Network Group, Inc.
US
whitelisted
2504
iexplore.exe
151.139.241.10:80
stackpathdownload.wildgames.com
netDNA
US
suspicious
3440
WildTangentHelperService.exe
13.32.23.204:80
ocsp.rootg2.amazontrust.com
Amazon.com, Inc.
US
whitelisted
3440
WildTangentHelperService.exe
151.139.128.14:80
ocsp.usertrust.com
Highwinds Network Group, Inc.
US
suspicious
2528
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3440
WildTangentHelperService.exe
151.139.241.4:443
onlinecheck.wildtangent.com
netDNA
US
unknown
3440
WildTangentHelperService.exe
143.204.202.10:443
clientservices.wildtangent.com
US
suspicious
3440
WildTangentHelperService.exe
13.32.23.89:80
ocsp.rootg2.amazontrust.com
Amazon.com, Inc.
US
whitelisted
3440
WildTangentHelperService.exe
13.32.23.96:80
o.ss2.us
Amazon.com, Inc.
US
unknown

DNS requests

Domain
IP
Reputation
stackpathdownload.wildgames.com
  • 151.139.241.10
suspicious
onlinecheck.wildtangent.com
  • 151.139.241.4
suspicious
www.download.windowsupdate.com
  • 205.185.216.10
  • 205.185.216.42
whitelisted
ocsp.usertrust.com
  • 151.139.128.14
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
ocsp.sectigo.com
  • 151.139.128.14
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
clientservices.wildtangent.com
  • 143.204.202.10
  • 143.204.202.28
  • 143.204.202.42
  • 143.204.202.105
whitelisted
o.ss2.us
  • 13.32.23.96
  • 13.32.23.16
  • 13.32.23.104
  • 13.32.23.215
whitelisted

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Misc activity
ET INFO EXE - Served Attached HTTP
Process
Message
WildTangentHelper-1.0.0.437.exe
WTHelperInstallUninstall :: ---------------------------Start Install---------------------------
WildTangentHelper-1.0.0.437.exe
WTHelperInstallUninstall :: Delete obsolete files
WildTangentHelper-1.0.0.437.exe
WTHelperInstallUninstall :: Delete any .bak files
WildTangentHelper-1.0.0.437.exe
WTHelperInstallUninstall :: Delete any .new files
WildTangentHelper-1.0.0.437.exe
WTHelperInstallUninstall :: Place all .new files
WildTangentHelper-1.0.0.437.exe
WTHelperInstallUninstall :: Stopping WTHelper
WildTangentHelper-1.0.0.437.exe
WTHelperInstallUninstall :: StopWTHelperWait : Begin
WildTangentHelper-1.0.0.437.exe
WTHelperInstallUninstall :: StopWTHelperWait : End
WildTangentHelper-1.0.0.437.exe
WTHelperInstallUninstall :: RetryRenameFiles() : Returning true - complete w/o errors
WildTangentHelper-1.0.0.437.exe
WTHelperInstallUninstall :: File operations completed successfully