URL:

https://modfyp.com/stumble-guys/

Full analysis: https://app.any.run/tasks/5512569c-5243-41e6-8ee7-e58565064e28
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: May 27, 2024, 14:52:37
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
adaware
Indicators:
MD5:

7FA3AAA5E169662D8C02297D956B93AA

SHA1:

E31B7E78F480793B98FF75DB40503218E20C080D

SHA256:

5C4687AC5211E65336C75240D7455D53095DC1025AD12C41A87B45CFCD6DBBA4

SSDEEP:

3:N8jDcesICQnK:2UepCQK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Setup.exe (PID: 3524)
      • WebCompanion-Installer.exe (PID: 3604)

    • Steals credentials from Web Browsers

      • WebCompanion.exe (PID: 2996)
      • WebCompanion.exe (PID: 2472)

    • ADAWARE has been detected (SURICATA)

      • WebCompanion.exe (PID: 2996)

    • Changes the autorun value in the registry

      • WebCompanion.exe (PID: 2996)

    • Actions looks like stealing of personal data

      • WebCompanion.exe (PID: 2996)
      • WebCompanion.exe (PID: 2472)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Setup.exe (PID: 3524)
      • WebCompanion-Installer.exe (PID: 3604)

    • Reads the Internet Settings

      • WebCompanion-Installer.exe (PID: 3604)
      • WebCompanion.exe (PID: 2996)
      • WebCompanion.exe (PID: 2472)

    • Reads settings of System Certificates

      • WebCompanion-Installer.exe (PID: 3604)
      • WebCompanion.exe (PID: 2996)
      • WebCompanion.exe (PID: 2472)

    • The process drops C-runtime libraries

      • WebCompanion-Installer.exe (PID: 3604)

    • Drops 7-zip archiver for unpacking

      • WebCompanion-Installer.exe (PID: 3604)

    • Searches for installed software

      • WebCompanion-Installer.exe (PID: 3604)
      • WebCompanion.exe (PID: 2996)
      • WebCompanion.exe (PID: 2472)

    • Reads security settings of Internet Explorer

      • WebCompanion-Installer.exe (PID: 3604)
      • WebCompanion.exe (PID: 2996)
      • WebCompanion.exe (PID: 2472)

    • Process drops legitimate windows executable

      • WebCompanion-Installer.exe (PID: 3604)

    • The process creates files with name similar to system file names

      • WebCompanion-Installer.exe (PID: 3604)

    • Changes internet zones settings

      • WebCompanion-Installer.exe (PID: 3604)

    • Creates a software uninstall entry

      • WebCompanion-Installer.exe (PID: 3604)

    • Starts CMD.EXE for commands execution

      • WebCompanion-Installer.exe (PID: 3604)

    • Suspicious use of NETSH.EXE

      • cmd.exe (PID: 1008)

    • Checks Windows Trust Settings

      • WebCompanion.exe (PID: 2996)
      • WebCompanion.exe (PID: 2472)

    • Access to an unwanted program domain was detected

      • WebCompanion.exe (PID: 2996)

  • INFO

    • Application launched itself

      • firefox.exe (PID: 3992)
      • firefox.exe (PID: 3976)
      • firefox.exe (PID: 3556)

    • Checks supported languages

      • wmpnscfg.exe (PID: 2540)
      • Setup.exe (PID: 3524)
      • WebCompanion-Installer.exe (PID: 3604)
      • WebCompanion.exe (PID: 2996)
      • WebCompanion.exe (PID: 2472)

    • Reads the computer name

      • wmpnscfg.exe (PID: 2540)
      • WebCompanion-Installer.exe (PID: 3604)
      • WebCompanion.exe (PID: 2996)
      • WebCompanion.exe (PID: 2472)

    • Drops the executable file immediately after the start

      • firefox.exe (PID: 3992)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 2540)

    • The process uses the downloaded file

      • firefox.exe (PID: 3992)

    • Executable content was dropped or overwritten

      • firefox.exe (PID: 3992)

    • Create files in a temporary directory

      • Setup.exe (PID: 3524)
      • WebCompanion-Installer.exe (PID: 3604)

    • Reads the machine GUID from the registry

      • WebCompanion-Installer.exe (PID: 3604)
      • WebCompanion.exe (PID: 2996)
      • WebCompanion.exe (PID: 2472)

    • Reads Environment values

      • WebCompanion-Installer.exe (PID: 3604)
      • WebCompanion.exe (PID: 2996)
      • WebCompanion.exe (PID: 2472)

    • Creates files or folders in the user directory

      • WebCompanion-Installer.exe (PID: 3604)
      • WebCompanion.exe (PID: 2996)
      • WebCompanion.exe (PID: 2472)

    • Disables trace logs

      • WebCompanion-Installer.exe (PID: 3604)
      • WebCompanion.exe (PID: 2996)
      • WebCompanion.exe (PID: 2472)

    • Reads the software policy settings

      • WebCompanion-Installer.exe (PID: 3604)
      • WebCompanion.exe (PID: 2996)
      • WebCompanion.exe (PID: 2472)

    • Creates files in the program directory

      • WebCompanion.exe (PID: 2996)

    • Reads product name

      • WebCompanion.exe (PID: 2996)
      • WebCompanion.exe (PID: 2472)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
63
Monitored processes
29
Malicious processes
6
Suspicious processes
0

Behavior graph

Click at the process to see the details
start firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs wmpnscfg.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs setup.exe webcompanion-installer.exe cmd.exe no specs netsh.exe no specs #ADAWARE webcompanion.exe webcompanion.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
616"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3992.2.1308676865\301036378" -childID 1 -isForBrowser -prefsHandle 1660 -prefMapHandle 1656 -prefsLen 24491 -prefMapSize 244195 -jsInitHandle 900 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c50fb2b-fcc9-49b2-907b-7a7df282bd79} 3992 "\\.\pipe\gecko-crash-server-pipe.3992" 2008 1b668e00 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
1008"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3992.6.1513072299\1405669715" -childID 5 -isForBrowser -prefsHandle 4344 -prefMapHandle 4208 -prefsLen 29209 -prefMapSize 244195 -jsInitHandle 900 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c35d7abd-eb66-40c2-9160-335856b86cad} 3992 "\\.\pipe\gecko-crash-server-pipe.3992" 4356 217539b0 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
1008"C:\Windows\System32\cmd.exe" /C netsh http add urlacl url=http://+:9007/ user=EveryoneC:\Windows\System32\cmd.exeWebCompanion-Installer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1044"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3992.4.1268839378\269965527" -childID 3 -isForBrowser -prefsHandle 3956 -prefMapHandle 3936 -prefsLen 29102 -prefMapSize 244195 -jsInitHandle 900 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b3c3926-3514-4395-a1a4-e9ab53d99f35} 3992 "\\.\pipe\gecko-crash-server-pipe.3992" 3968 1c3609b0 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
1120"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3992.0.331248619\1943171102" -parentBuildID 20230710165010 -prefsHandle 1128 -prefMapHandle 1120 -prefsLen 28523 -prefMapSize 244195 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d06e98a-e12b-43e7-b36f-74853385c675} 3992 "\\.\pipe\gecko-crash-server-pipe.3992" 1200 165abf30 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
1612"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3992.5.749146854\353643887" -childID 4 -isForBrowser -prefsHandle 4016 -prefMapHandle 4012 -prefsLen 29102 -prefMapSize 244195 -jsInitHandle 900 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e83822a3-11bb-47a5-a500-bcde6a496da6} 3992 "\\.\pipe\gecko-crash-server-pipe.3992" 3984 2172d3f0 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2116"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3992.1.787454389\609688035" -parentBuildID 20230710165010 -prefsHandle 1444 -prefMapHandle 1440 -prefsLen 28600 -prefMapSize 244195 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b78ba75f-5a9f-491c-a361-27cc59bb2d02} 3992 "\\.\pipe\gecko-crash-server-pipe.3992" 1456 17f80900 socketC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2368"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3992.3.1313828601\572381746" -childID 2 -isForBrowser -prefsHandle 2924 -prefMapHandle 2920 -prefsLen 34225 -prefMapSize 244195 -jsInitHandle 900 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b80c22a2-c1a9-4a83-b8dd-ec6c9753639d} 3992 "\\.\pipe\gecko-crash-server-pipe.3992" 2936 1f4fe110 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2472"C:\Users\admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --afterinstall C:\Users\admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
WebCompanion-Installer.exe
User:
admin
Company:
Lavasoft
Integrity Level:
MEDIUM
Description:
Web Companion
Version:
12.901.4.1003
Modules
Images
c:\users\admin\appdata\roaming\lavasoft\web companion\application\webcompanion.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2540"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
55 437
Read events
55 181
Write events
249
Delete events
7

Modification events

(PID) Process:(3976) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Launcher
Value:
9C2D2EE300000000
(PID) Process:(3992) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Browser
Value:
C53130E300000000
(PID) Process:(3992) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Installer\308046B0AF4A39CB
Operation:delete valueName:installer.taskbarpin.win10.enabled
Value:
(PID) Process:(3992) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Telemetry
Value:
0
(PID) Process:(3992) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
(PID) Process:(3992) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\PreXULSkeletonUISettings
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Theme
Value:
1
(PID) Process:(3992) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\PreXULSkeletonUISettings
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Enabled
Value:
1
(PID) Process:(3992) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:writeName:C:\Program Files\Mozilla Firefox|DisableTelemetry
Value:
1
(PID) Process:(3992) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:writeName:C:\Program Files\Mozilla Firefox|DisableDefaultBrowserAgent
Value:
0
(PID) Process:(3992) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:writeName:C:\Program Files\Mozilla Firefox|SetDefaultBrowserUserChoice
Value:
1
Executable files
78
Suspicious files
204
Text files
77
Unknown types
0

Dropped files

PID
Process
Filename
Type
3992firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin
MD5:
SHA256:
3992firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
3992firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmpbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
3992firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.jstext
MD5:A4C0253717519EB0B07D5D8DD14F5D02
SHA256:115B88AA451EA9D5CD010C60DB4B97759E55ECE806CF6C4EBA737C6290C0D044
3992firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.jsonbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
3992firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-current.binbinary
MD5:04BADC0A17F546BBD91CC2404D2776D9
SHA256:54CD83D3031D15EA1F5B1C5D73416C0B2F9151F93E130DD525DDA488A8EB9110
3992firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.jstext
MD5:A4C0253717519EB0B07D5D8DD14F5D02
SHA256:115B88AA451EA9D5CD010C60DB4B97759E55ECE806CF6C4EBA737C6290C0D044
3992firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
3992firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
MD5:
SHA256:
3992firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
45
TCP/UDP connections
188
DNS requests
324
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3992
firefox.exe
POST
200
142.250.184.227:80
http://o.pki.goog/wr2
unknown
unknown
3992
firefox.exe
POST
200
142.250.184.227:80
http://o.pki.goog/wr2
unknown
unknown
3992
firefox.exe
POST
200
142.250.184.227:80
http://o.pki.goog/wr2
unknown
unknown
3992
firefox.exe
POST
200
23.37.228.19:80
http://r3.o.lencr.org/
unknown
unknown
3992
firefox.exe
POST
200
23.37.228.19:80
http://r3.o.lencr.org/
unknown
unknown
3992
firefox.exe
POST
200
142.250.184.227:80
http://o.pki.goog/wr2
unknown
unknown
3992
firefox.exe
POST
200
142.250.184.227:80
http://o.pki.goog/wr2
unknown
unknown
3992
firefox.exe
POST
200
142.250.184.227:80
http://o.pki.goog/wr2
unknown
unknown
3992
firefox.exe
POST
200
23.37.228.19:80
http://r3.o.lencr.org/
unknown
unknown
3992
firefox.exe
POST
200
142.250.184.227:80
http://o.pki.goog/wr2
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
unknown
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
3992
firefox.exe
104.26.12.32:443
modfyp.com
CLOUDFLARENET
US
unknown
3992
firefox.exe
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted
3992
firefox.exe
216.58.212.138:443
ajax.googleapis.com
whitelisted
3992
firefox.exe
172.67.39.148:443
static.addtoany.com
unknown
3992
firefox.exe
104.17.25.14:443
cdnjs.cloudflare.com
unknown
3992
firefox.exe
142.250.185.162:443
pagead2.googlesyndication.com
whitelisted
3992
firefox.exe
169.150.247.37:443
images.dmca.com
GB
unknown

DNS requests

Domain
IP
Reputation
detectportal.firefox.com
  • 34.107.221.82
whitelisted
modfyp.com
  • 104.26.12.32
  • 104.26.13.32
  • 172.67.75.101
  • 2606:4700:20::ac43:4b65
  • 2606:4700:20::681a:c20
  • 2606:4700:20::681a:d20
unknown
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
example.org
  • 93.184.215.14
whitelisted
ipv4only.arpa
  • 192.0.0.170
  • 192.0.0.171
whitelisted
contile.services.mozilla.com
  • 34.117.188.166
whitelisted
spocs.getpocket.com
  • 34.117.188.166
shared
prod.ads.prod.webservices.mozgcp.net
  • 34.117.188.166
unknown
r3.o.lencr.org
  • 23.37.228.19
  • 23.37.228.57
shared
firefox.settings.services.mozilla.com
  • 34.149.100.209
whitelisted

Threats

PID
Process
Class
Message
2996
WebCompanion.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
2996
WebCompanion.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Adaware Web Companion
Process
Message
WebCompanion-Installer.exe
Failed to OpenWcfHost: System.ServiceModel.AddressAccessDeniedException: HTTP could not register URL http://+:9008/webcompanion/. Your process does not have access rights to this namespace (see http://go.microsoft.com/fwlink/?LinkId=70353 for details). ---> System.Net.HttpListenerException: Access is denied at System.Net.HttpListener.AddAllPrefixes() at System.Net.HttpListener.Start() at System.ServiceModel.Channels.SharedHttpTransportManager.OnOpen() --- End of inner exception stack trace --- at System.ServiceModel.Channels.SharedHttpTransportManager.OnOpen() at System.ServiceModel.Channels.TransportManager.Open(TransportChannelListener channelListener) at System.ServiceModel.Channels.TransportManagerContainer.Open(SelectTransportManagersCallback selectTransportManagerCallback) at System.ServiceModel.Channels.TransportChannelListener.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.HttpChannelListener`1.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at WebCompanionInstaller.App.OpenInstallerWcfHost()
WebCompanion-Installer.exe
Detecting windows culture
WebCompanion-Installer.exe
Preparing request for featureflag: {"Geo":"NL","Partner":"IN240402","Campaign":"20541619131","InstallDate":"20240527","TriggerType":"install","TriggerEvent":"installer","Version":"12.901.4.1003","featurewp":true,"featureal":true}
WebCompanion-Installer.exe
Getting response from featureflag: [{"sectionCode":"WAC","code":"WAC","configuration":"{\"Icon\": \"https://webcompanion.com/images/favicon.ico\", \"AppName\": \"Web Companion\", \"Settings\": [\"WCAutoUpdate\", \"EnableGranularity\", \"PostRunV2Action\", \"PostRunTimerAction\", \"EnableTelemetryScan\", \"EnableWebProtection\", \"EnableDynamicNotification\"], \"CompanyName\": \"Lavasoft\", \"ConfigVersion\": \"v1\", \"CurrentVersion\": \"9.3.0\"}","targetId":301},{"sectionCode":"WFAI","code":"WCP","configuration":"{\"Version\": \"3.0.2.12\", \"FilePath\": \"https://rt.webcompanion.com/notifications/download/rt/dci/latest/Webprotection.zip\", \"BlackList\": \"https://acs.lavasoft.com/api/v2/url/blacklist\", \"WhiteList\": \"https://acs.lavasoft.com/api/v2/url/permanentwhitelist\", \"DisplayName\": \"Web Protection\", \"FeatureName\": \"WebProtection\"}","targetId":241}]
WebCompanion-Installer.exe
5/27/2024 3:53:25 PM :-> Start
WebCompanion-Installer.exe
5/27/2024 3:53:25 PM :-> Starting installer 12.901.4.1003 with: .\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN240402 --nonadmin --direct --tyff --campaign=20541619131 --version=12.901.4.1003, Run as admin: False
WebCompanion-Installer.exe
Failed to report progress in SendPostRequest: System.Net.WebException: The remote server returned an error: (400) Bad Request. at System.Net.HttpWebRequest.GetResponse() at WebCompanionInstaller.Utils.RestUtils.SendPostRequest(String url, String body)
WebCompanion-Installer.exe
SecurityProtocol set toTls, Tls11, Tls12, Tls13
WebCompanion-Installer.exe
Preparing for installing Web Companion
WebCompanion-Installer.exe
5/27/2024 3:53:27 PM :-> Generating Machine and Install Id ...
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://modfyp.com/stumble-guys/