7.4
高危
21 个模型检测该样本为恶意!
重新分析
更多

b2d74ed954677a241d66c81c159647aea1b8e06c0a9f4a2eae483e9018431548

2bab5bf05fe23935bd7e4adba9508359.exe

分析耗时

110s

最近分析

文件大小

372.3KB
静态报毒 动态报毒 ADDROP CASINO CASINOONLINE CASONLINE CONFIDENCE ELDORADO GAME HIGH CONFIDENCE IGENERIC ONLINECASINO PRIMECASINO PRIMECASINO POTENTIALLY UNWANTED SGENERIC UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee CasOnline 20181008 6.0.6.653
Alibaba 20180921 0.1.0.2
Baidu 20180930 1.0.0.2
Avast Win32:PUP-gen [PUP] 20181008 18.4.3895.0
Tencent 20181008 1.0.0.1
Kingsoft 20181008 2013.8.14.323
CrowdStrike malicious_confidence_60% (D) 20180723 1.0
静态指标
This executable is signed
This executable has a PDB path (1 个事件)
pdb_path e:\ToolsBuild\16.1.0.3697\source\release\MicrogamingInstall.pdb
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Performs some HTTP requests (16 个事件)
request GET http://download.thepalacegroupgaming.com/tracking.aspx?ul=en&casino=spinpalace&banner_tag=63b0157d-1789-4e69-92ed-651a8f69137b&uuid=%7bA73D1FF2-12D7-4A98-B3BD-95136C069477%7d&state=100
request GET http://spinpalace.mgsmup.com/mupp/spinpalace/spinpalace_install.cab
request GET http://spinpalace.mgsmup.com/mupp/spinpalace/spinpalace.cab
request GET http://download.thepalacegroupgaming.com/tracking.aspx?ul=en&casino=spinpalace&banner_tag=63b0157d-1789-4e69-92ed-651a8f69137b&uuid=%7bA73D1FF2-12D7-4A98-B3BD-95136C069477%7d&state=422
request GET http://marketing.valueactive.eu/VIP/animations/en/movies_en.htm
request GET http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
request GET http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
request GET http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt
request GET http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
request GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D
request GET http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl
request GET http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl
request GET http://download.thepalacegroupgaming.com/tracking.aspx?ul=en&casino=spinpalace&banner_tag=63b0157d-1789-4e69-92ed-651a8f69137b&uuid=%7bA73D1FF2-12D7-4A98-B3BD-95136C069477%7d&state=330
request GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA0srM0%2BnuwGc4QQujG%2FZZU%3D
request GET http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl
request GET http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620129401.192125
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000003e80000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620119618.655524
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Attempts to create or modify system certificates (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1620119621.265524
RegSetValueExA
key_handle: 0x00000398
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620119621.280524
RegSetValueExA
key_handle: 0x00000398
value: à¸íË@×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620119621.280524
RegSetValueExA
key_handle: 0x00000398
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620119621.280524
RegSetValueExW
key_handle: 0x00000398
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620119621.280524
RegSetValueExA
key_handle: 0x000003c0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620119621.280524
RegSetValueExA
key_handle: 0x000003c0
value: à¸íË@×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620119621.280524
RegSetValueExA
key_handle: 0x000003c0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620119621.343524
RegSetValueExW
key_handle: 0x000003a8
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Network activity contains more than one unique useragent (3 个事件)
process 2bab5bf05fe23935bd7e4adba9508359.exe useragent VIP_TRACKING
process 2bab5bf05fe23935bd7e4adba9508359.exe useragent Microgaming Install Program
process 2bab5bf05fe23935bd7e4adba9508359.exe useragent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Generates some ICMP traffic
File has been identified by 21 AntiVirus engines on VirusTotal as malicious (21 个事件)
CAT-QuickHeal Trojan.IGENERIC
McAfee CasOnline
Cylance Unsafe
Zillya Dropper.Addrop.Win32.656
Invincea heuristic
Cyren W32/Casino.F.gen!Eldorado
Avast Win32:PUP-gen [PUP]
GData Win32.Adware.PrimeCasino.B
DrWeb Trojan.Packed.23698
McAfee-GW-Edition CasOnline
F-Prot W32/Casino.F.gen!Eldorado
Avira GAME/Casino.Gen
Antiy-AVL Trojan/Win32.SGeneric
Endgame malicious (high confidence)
Microsoft PUA:Win32/CasinoOnline
ESET-NOD32 Win32/PrimeCasino potentially unwanted
Yandex Riskware.PrimeCasino!
Ikarus not-a-virus:OnlineCasino
Fortinet Riskware/CasOnline
AVG Win32:PUP-gen [PUP]
CrowdStrike malicious_confidence_60% (D)
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 94.125.56.235:443
dead_host 142.250.66.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2009-08-03 17:40:19

Imports

Library KERNEL32.dll:
0x42c05c lstrlenA
0x42c064 FindNextFileA
0x42c068 ReadFile
0x42c06c GetModuleHandleA
0x42c070 lstrcatA
0x42c074 CreateMutexA
0x42c078 GetFileSize
0x42c07c WideCharToMultiByte
0x42c080 FindClose
0x42c084 MultiByteToWideChar
0x42c088 GetLocalTime
0x42c08c ReleaseMutex
0x42c090 GetVersionExA
0x42c094 lstrcpynA
0x42c098 lstrcpynW
0x42c09c GetFileAttributesW
0x42c0a0 GetModuleFileNameW
0x42c0a4 lstrlenW
0x42c0ac WriteFile
0x42c0b0 OutputDebugStringA
0x42c0b4 FreeLibrary
0x42c0b8 LoadLibraryA
0x42c0bc LocalFree
0x42c0c0 GetDriveTypeA
0x42c0c8 DeviceIoControl
0x42c0cc SetEvent
0x42c0d0 CreateFileMappingA
0x42c0d4 GetExitCodeThread
0x42c0dc MapViewOfFile
0x42c0e0 UnmapViewOfFile
0x42c0e4 CreateThread
0x42c0e8 CreateEventA
0x42c0ec GetLastError
0x42c0f0 SetEndOfFile
0x42c100 SetLastError
0x42c104 DeleteFileW
0x42c108 CreateSemaphoreA
0x42c10c GetComputerNameA
0x42c110 CreateDirectoryA
0x42c114 WriteConsoleW
0x42c118 GetConsoleOutputCP
0x42c11c WriteConsoleA
0x42c120 FlushFileBuffers
0x42c124 GetConsoleMode
0x42c128 GetConsoleCP
0x42c12c SetStdHandle
0x42c130 GetStringTypeW
0x42c134 GetStringTypeA
0x42c138 LCMapStringW
0x42c13c LCMapStringA
0x42c140 GetLocaleInfoA
0x42c148 GetTickCount
0x42c160 GetFileType
0x42c164 SetHandleCount
0x42c168 HeapSize
0x42c16c VirtualAlloc
0x42c170 VirtualFree
0x42c174 HeapCreate
0x42c178 HeapDestroy
0x42c17c IsValidCodePage
0x42c180 GetOEMCP
0x42c184 GetACP
0x42c188 GetCPInfo
0x42c190 GetStdHandle
0x42c19c TlsFree
0x42c1a0 TlsSetValue
0x42c1a4 FormatMessageA
0x42c1a8 SetFilePointer
0x42c1ac GetProcAddress
0x42c1b0 lstrcpyA
0x42c1b4 GetFileAttributesA
0x42c1b8 FindFirstFileA
0x42c1bc CreateFileW
0x42c1c0 CreateFileA
0x42c1c4 GetTempFileNameA
0x42c1c8 GetModuleFileNameA
0x42c1cc WaitForSingleObject
0x42c1d0 OpenProcess
0x42c1d4 CreateProcessA
0x42c1d8 CopyFileA
0x42c1dc RemoveDirectoryA
0x42c1e0 DeleteFileA
0x42c1e4 GetTempPathA
0x42c1e8 lstrcmpiA
0x42c1ec GetCurrentProcessId
0x42c1f0 CloseHandle
0x42c1f4 Sleep
0x42c1f8 ReleaseSemaphore
0x42c1fc TlsAlloc
0x42c200 TlsGetValue
0x42c204 RtlUnwind
0x42c208 RaiseException
0x42c20c GetStartupInfoA
0x42c210 GetProcessHeap
0x42c214 GetCommandLineA
0x42c218 IsDebuggerPresent
0x42c224 GetCurrentProcess
0x42c228 TerminateProcess
0x42c22c HeapFree
0x42c230 HeapAlloc
0x42c234 HeapReAlloc
0x42c238 GetCurrentThreadId
0x42c23c ExitThread
0x42c240 ExitProcess
Library USER32.dll:
0x42c2ac SetWindowLongW
0x42c2b0 TranslateMessage
0x42c2b4 IsDialogMessageA
0x42c2b8 GetMessageA
0x42c2bc GetDlgCtrlID
0x42c2c0 LoadCursorA
0x42c2c4 AdjustWindowRect
0x42c2c8 ReleaseDC
0x42c2cc EnableWindow
0x42c2d0 PeekMessageA
0x42c2d4 UpdateWindow
0x42c2d8 GetWindowRect
0x42c2dc GetSystemMetrics
0x42c2e0 RegisterClassW
0x42c2e4 IsWindowEnabled
0x42c2e8 MessageBoxW
0x42c2ec GetWindowLongW
0x42c2f0 DispatchMessageA
0x42c2f4 LoadIconA
0x42c2f8 CreateWindowExW
0x42c2fc InvalidateRect
0x42c300 SetWindowLongA
0x42c304 DefWindowProcW
0x42c30c GetWindowDC
0x42c310 SetWindowPos
0x42c314 ShowWindow
0x42c318 RegisterClassA
0x42c31c DestroyWindow
0x42c320 CreateWindowExA
0x42c324 MessageBoxA
0x42c328 wsprintfA
0x42c32c OffsetRect
0x42c330 wvsprintfA
0x42c334 wsprintfW
0x42c338 GetActiveWindow
0x42c33c SetFocus
0x42c340 CopyRect
0x42c344 PostThreadMessageA
0x42c348 DefWindowProcA
0x42c34c PostMessageA
0x42c350 SetWindowTextA
0x42c354 MapWindowPoints
Library GDI32.dll:
0x42c03c CreateDIBSection
0x42c040 GetDIBits
0x42c044 DeleteObject
0x42c048 SelectObject
0x42c04c BitBlt
0x42c050 CreateCompatibleDC
0x42c054 DeleteDC
Library ADVAPI32.dll:
0x42c000 RegQueryValueW
0x42c004 RegEnumKeyW
0x42c008 RegOpenKeyExW
0x42c00c RegSetValueExW
0x42c010 RegQueryValueExW
0x42c014 RegCreateKeyExW
0x42c018 RegSetValueA
0x42c01c RegOpenKeyExA
0x42c020 FreeSid
0x42c024 RegQueryValueExA
0x42c028 RegCreateKeyExA
0x42c02c GetUserNameA
0x42c030 RegSetValueExA
0x42c034 RegCloseKey
Library SHELL32.dll:
0x42c278 SHGetFolderPathW
0x42c284 ShellExecuteA
0x42c288 SHGetMalloc
Library ole32.dll:
0x42c3ec OleUninitialize
0x42c3f0 CoCreateInstance
0x42c3f4 CoCreateGuid
0x42c3f8 CoTaskMemAlloc
0x42c3fc CoInitialize
0x42c400 CoUninitialize
0x42c404 StringFromIID
0x42c408 OleInitialize
0x42c410 OleCreate
0x42c414 CoTaskMemFree
0x42c418 CLSIDFromProgID
Library OLEAUT32.dll:
0x42c24c SysAllocStringLen
0x42c250 SysFreeString
0x42c254 SysStringLen
0x42c258 VariantInit
0x42c25c SysAllocString
0x42c260 VariantChangeType
0x42c264 VariantClear
0x42c268 VariantCopy
0x42c270 SafeArrayAccessData
Library WSOCK32.dll:
0x42c3b4 connect
0x42c3b8 WSAStartup
0x42c3bc closesocket
0x42c3c0 send
0x42c3c4 inet_ntoa
0x42c3c8 gethostbyname
0x42c3cc socket
0x42c3d0 recv
0x42c3d4 htons
0x42c3d8 WSAGetLastError
0x42c3dc select
0x42c3e0 WSACleanup
0x42c3e4 ioctlsocket
Library WININET.dll:
0x42c36c InternetConnectA
0x42c374 InternetReadFile
0x42c37c HttpOpenRequestA
0x42c380 HttpSendRequestA
0x42c384 InternetOpenA
0x42c388 InternetCrackUrlW
0x42c38c InternetCrackUrlA
0x42c390 InternetCombineUrlA
0x42c39c InternetOpenUrlA
0x42c3a0 InternetOpenUrlW
0x42c3a4 InternetOpenW
0x42c3a8 HttpQueryInfoA
0x42c3ac InternetCloseHandle
Library VERSION.dll:
0x42c360 GetFileVersionInfoA
0x42c364 VerQueryValueA
Library SHLWAPI.dll:
0x42c290 UrlGetPartA
0x42c294 PathAppendW
0x42c298 PathCanonicalizeA
0x42c29c SHDeleteKeyA
Library SensApi.dll:
0x42c2a4 IsNetworkAlive
Library urlmon.dll:

Hosts

No hosts contacted.

DNS

Name Response Post-Analysis Lookup
spinpalace.mgsmup.com A 91.206.144.76
CNAME allmup.mupp.gameassists.co.uk
A 109.202.114.129 		91.206.144.76
time.windows.com A 20.189.79.72
CNAME time.microsoft.akadns.net
download.macromedia.com A 23.73.130.115
CNAME e13914.dscd.akamaiedge.net
CNAME download.macromedia.com.edgekey.net 		23.73.130.115
pcm3.valueactive.eu A 66.212.246.111 66.212.246.111
dns.msftncsi.com A 131.107.255.255 131.107.255.255
marketing.valueactive.eu CNAME marketing.wip.valueactive.eu
A 109.202.114.129 		109.202.114.129
download.thepalacegroupgaming.com A 185.31.220.129 185.31.220.129
cacerts.digicert.com A 104.18.10.39
A 104.18.11.39
CNAME cdn.digicertcdn.com 		104.18.11.39
signin2.valueactive.eu A 94.125.56.235 94.125.56.235
crl4.digicert.com CNAME cs9.wac.phicdn.net
A 117.18.237.29 		117.18.237.29
www.download.windowsupdate.com CNAME cs11.wpc.v0cdn.net
CNAME 2-01-3cf7-0009.cdx.cedexis.net
CNAME wu.ec.azureedge.net
CNAME hlb.apr-52dd2-0.edgecastdns.net
CNAME wu.wpc.apr-52dd2.edgecastdns.net
CNAME wu.azureedge.net
CNAME wu-fg-shim.trafficmanager.net
A 93.184.221.240 		124.225.105.97
crl3.digicert.com A 93.184.220.29
CNAME cs9.wac.phicdn.net 		117.18.237.29
clients2.google.com CNAME clients.l.google.com
A 142.250.66.78 		172.217.160.110
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1 131.107.255.255
fpdownload2.macromedia.com A 23.204.147.16
CNAME fpdownload.macromedia.com.edgesuite.net
CNAME a1293.dspd.akamai.net
A 23.204.147.10 		23.15.196.147
ocsp.digicert.com CNAME cs9.wac.phicdn.net
A 117.18.237.29 		117.18.237.29
teredo.ipv6.microsoft.com 127.0.0.1

TCP

Source Source Port Destination Destination Port
192.168.56.101 49189 104.18.10.39 cacerts.digicert.com 80
192.168.56.101 49176 109.202.114.129 marketing.valueactive.eu 80
192.168.56.101 49182 109.202.114.129 marketing.valueactive.eu 80
192.168.56.101 49193 117.18.237.29 ocsp.digicert.com 80
192.168.56.101 49197 117.18.237.29 ocsp.digicert.com 80
192.168.56.101 49174 185.31.220.129 download.thepalacegroupgaming.com 80
192.168.56.101 49181 185.31.220.129 download.thepalacegroupgaming.com 80
192.168.56.101 49199 185.31.220.129 download.thepalacegroupgaming.com 80
192.168.56.101 49186 23.204.147.10 fpdownload2.macromedia.com 80
192.168.56.101 49185 23.73.130.115 download.macromedia.com 80
192.168.56.101 49178 66.212.246.111 pcm3.valueactive.eu 443
192.168.56.101 49183 66.212.246.111 pcm3.valueactive.eu 443
192.168.56.101 49194 93.184.220.29 crl3.digicert.com 80
192.168.56.101 49192 93.184.221.240 www.download.windowsupdate.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 53380 114.114.114.114 53
192.168.56.101 57236 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 49710 224.0.0.252 5355
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50320 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 50849 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://marketing.valueactive.eu/VIP/animations/en/movies_en.htm 
GET /VIP/animations/en/movies_en.htm HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: marketing.valueactive.eu
Connection: Keep-Alive
http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl 
GET /DigiCertHighAssuranceEVRootCA.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl4.digicert.com
http://spinpalace.mgsmup.com/mupp/spinpalace/spinpalace_install.cab 
GET /mupp/spinpalace/spinpalace_install.cab HTTP/1.1
User-Agent: Microgaming Install Program
Host: spinpalace.mgsmup.com
Cache-Control: no-cache
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab 
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Cache-Control: max-age = 3600
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 03 Mar 2021 06:32:16 GMT
If-None-Match: "0d8f4f3f6fd71:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.download.windowsupdate.com
http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl 
GET /EVCodeSigningSHA2-g1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl4.digicert.com
http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt 
GET /DigiCertHighAssuranceEVRootCA.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: cacerts.digicert.com
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab 
GET /get/shockwave/cabs/flash/swflash.cab HTTP/1.1
Accept: application/x-cabinet-win32-x86, application/x-pe-win32-x86, application/octet-stream, application/x-setupscript, */*
Accept-Language: zh-tw
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: fpdownload2.macromedia.com
Connection: Keep-Alive
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab 
GET /pub/shockwave/cabs/flash/swflash.cab HTTP/1.1
Accept: application/x-cabinet-win32-x86, application/x-pe-win32-x86, application/octet-stream, application/x-setupscript, */*
Accept-Language: zh-tw
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: download.macromedia.com
Connection: Keep-Alive
http://spinpalace.mgsmup.com/mupp/spinpalace/spinpalace.cab 
GET /mupp/spinpalace/spinpalace.cab HTTP/1.1
User-Agent: Microgaming Install Program
Host: spinpalace.mgsmup.com
Cache-Control: no-cache

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.