SmartHawk

10.4

0-day

该样本未表现出任何异常！

重新分析

下载样本

b1bb9a072f1cb131a27de0c60b41dd18744c39e1f8273d2e6dd5e7aa4bd18524

444739b0316f6184757774fa2903ea69.exe

分析耗时

119s

最近分析

文件大小

763.0KB

静态报毒动态报毒

未检测暂无鹰眼引擎检测结果

未检测暂无反病毒引擎检测结果

Checks if process is being debugged by a debugger (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619389996.956249 IsDebuggerPresent		failed	0	0

This executable is signed

Tries to locate where the browsers are installed (3 个事件)

registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
registry	HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Mozilla Firefox
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619389931.424501 GlobalMemoryStatusEx		success	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

.ndata

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)

suspicious_features

POST method with no referer header

suspicious_request

POST https://update.googleapis.com/service/update2?cup2key=10:2314416845&cup2hreq=237c3426c9beee7ca0e5a9ebec8d4e7c47667fd560b331134ff4f4a5d7349a0b

Performs some HTTP requests (24 个事件)

request	GET http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
request	GET http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
request	GET http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
request	GET http://fallback.playtech-installer.com/playtech_compressed_assets/poker_william_hill/index.7ze
request	GET http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEHSfdSPcp6pyLdnEz5lZ6ec%3D
request	GET http://fallback.playtech-installer.com/playtech_compressed_assets/poker_william_hill/templates/installer/william_hill_new.7ze
request	GET http://cachedownload-poker.williamhill.com/download/poker/client_update_urls.php
request	GET http://fallback.playtech-installer.com/playtech_cabs/poker_william_hill/casino[en].cab?t=1619387601799
request	HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request	HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619360895&mv=m&mvi=1&pl=23&shardbypass=yes
request	HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=8d97caf9013e7b90&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619360895&mv=m
request	GET https://c6m7w2m9.ssl.hwcdn.net/playtech_compressed_assets/poker_william_hill/templates/installer/william_hill_new.7ze
request	GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=qYtD95rVXU8Tq%2FFJaD36s5d3AB26acfMTbn4IhoQKT54%2FIj73ub1qKDXD7XZwWWltJ8rBhL6yEEigpYYrar8hcr%2FUQm2AidApiAc5BYnt1ns4NLCC8HhF9kIzj8AA2RjfdB8Wm1VAxtSksx%2Fo4WGtNOXgVLuPJNzAOFHSeCUqEV97PmRwOwx%2FzN8FzYMT0GSjrJTeiv4yDYnMupdP5IrosNo%2B7f4CihSpfDCHhU1Zg%2ByonGXMJJiFxLYYiKdayn%2Fni2Yk%2FDZdlPr2I2btDPMVPJV6FOdF0ZVm1YLzU%2FYwOPQxkl8NzhpO7V2LuSB3klqibt8zrXwMnWIQVhT0AjCN2V5wMpbK6BzlSHret%2FvGdAeNgIC70VjlMw9t0vwiq8d0gOQCkyrBH%2B6uncE%2BpCN%2F4c3p6LQWHa75EDfZhsiLOmMRCYds9qx%2F3XzABIvZg28vLc92jVNDQt97dJNDZB6Show1l3lt1zsMIUdnF9fVpH3kJts2OSum3wTb7DvT1vgS%2BgjcqnBFH7t18YiwFP%2BRc0TWenCiYvvpN3l%2Bk8c7paFS2hGJfl9MymQZxymyI79dwk4iyo%2B122sqgG0dzfrAJWz0TiP4w3ZlwjHVNVaey7YwDE8kRx7H19wiIgeGFMLZaJBYNc3Sh2EJs57h62yUo2E9F4rhphKM45OmqFWEQY%3D
request	GET https://c6m7w2m9.ssl.hwcdn.net/playtech_cabs/poker_william_hill/casino[en].cab?t=1619387597127
request	GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=O%2BZeiMeTMUlM4ToTy6N59ud5j4tZOQVZUT7vb0axyJfnjixBCH6nfyHI%2B4fGfWjlu3MyI5BejBaDhKy3%2BTfWPIv3xSmTtSz3VJ1dyo4x5m7LsPd8kwDWbsOCR2QrZen6Tw8VOu5UWcOwQc%2BhWZVNf7wP2K3KXstOZsV%2Fpy52HrsFLdDz6HEZm9DVozlbCdW6ALR0UYFFQTTRbHPtCGlZTduj8F8nQVobGAP1VZCdK8LMJVQ04bZLs%2BIpr2ZBl7%2Fha%2FEeHM%2FzfVztEQdVE6vj0oArjbm4HuQmT8D9qZh2ks8uhy5Rn2rgM1s5fGcb64YXD9%2Bm83RqVf7Ev7ftI%2BSRUS%2FZ%2Bqd6AFwafKPg5hVWj%2BU2ChWS9WdDrT1Kh5FoqFNkWMgKyXX4%2Ffqmhx1%2F7WbqY0Bz1IbPgfDHtRx5dgMvdO%2FeAHo3Xjdhj0zIOvp%2FRfSXepRvQ4HWxR99h78ZCb56R%2FdF4sBspaBQWGFasMHC%2Bq3ohjVi0SyZcBrPJ%2FFREa3FFxhRYec7eIGJOnoKS3QWWe2NEcGWu8j8C9ieEg%2F%2FnEJeO65sa1c7olSGZE%2FcM941bBt4hmSNcsm4UsMgatSmxqinMOxioWZNQ%2BDoawpGPaA64Zo7pbUHcPUSBv05zVuiwt%2BLr7Gu9FulcuR5NHKY6LqPYtQPTfQrfULGyJmS9a4%3D
request	GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=MmX%2BaXzJ6%2BGBPOPdJK3VXPw3A5E9fxrYOxg86VHdUd3DCZD1Ey0bhTFBit5YhUG10F8O5k1lLWdEfHZBeJwq7BW4fdqwGF2qgHByWxrcaSk8GGQqZDJSl1x4q%2BPhQgq7ZNr20kyIYxJdsPYjkuIysAhVIFGWR5nAGI1mFb38sRV3XkyggGNTY6ZPMHDFzML5zO2ERFQCz4AQQHOZXQMBzFjCu3w6uC9RD0Dx%2BvAyWolqaPZeSFaMwdoOjlA6ucqCLJUwOo6piA7UV9wVAseT0gVoC3e1pXL40WIiu0I7uGdPW5gcIU48zQp4%2BV8FtadNeK0rhRyeYBno1qNo2y6hc8QWsopcgL6TSGDWwlg2iUSeo2tUeeGkKw9jUg4815L2dDGyjQEQYpM34jaJYM8I8vzNk7N0spVM95aGLyJi9SxTgViAdHfBw1zFkQ3uuYypyLQniXQH3ATUPc75dQ53IkY1Uz6aAoi12N6HtL7Rl7RZLtd9ikfVVRH3OXAd7ckpSJbe8j54sTmfAbbBtdT2Gi9eiOq1S4iKMtUIeTq3cgZfAcqmTeBNaYgY9tdKB84nGTGBpVD%2FAtO4JKcDHidD1%2FJwjXAUhYXPKKY6%2BWGYehh9964C9nzFljFw2IlfD6XLxL7EoajUCincWyZR0dhLsjxQn1%2Bxq93s9Rm1K8YCiTc%3D
request	GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=T7HfwKpRkPglhBRypSszq7xB5o3vE183veeUBYI0SRDOwXN%2F1S57Z3h4Le4dh7yPC6iUTPutn1zsvnM7n%2BarjUoX13aVqIn758vso0o8sH9S1w7avYWITWtZl5WrVbuscyhdhe3E2y60TdEGzwIkbOU8OLcs2HIk18CzE9fLTOhzpOXKtT6Dc68h%2FDn4MBieGC6yUbObTXEkZoXL575Gy8TX3qXCjx%2BcPupYYh8%2FhaNBiTML2vAZhvG8eZZ0LYfjiu14at0lS9rkApwedaFFOOMEQ0uqUn2uMduAiNUbbMHzyOtJx9Tdwk6Y%2BNorVAyVZD9BJ4YIjyEoXH7iAXAIQyomgQjyHEjj4oxFG1WEYWNl3j3i01nLggGydGblU4CW5QiSFbSfUJhjANc2gd%2Fvm6c1X7%2B8FOAbxSMaFtGJVn9lAvcVPRWKVwAUXfZAdqqGhHGBFir4Kv35vQgRxBD4MMuwrjMQsXlKKwSAlZwabRBchFgxBg2%2FQJcbjVC%2F9qEs6oWM2eib%2FKgRum%2Frfej1IkSdgjcy094qpRK1f9NELKCwdOVRTPtbwoi9qvJPRRv%2BczN2oStQQydSGa%2BgmjTM%2Bnac%2BoLmEAA%2Brt0gL5%2FyBhOqapQlUKuRHH9U2%2BH%2FkFjMd5EGbI6WwM4wR5H01b%2FGba7EcVsQ%2BP2%2BsAu7nygnrD4%3D
request	GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=nkORh8gpnsTdLytbCGB%2BPjWrmW8OQyK%2BHZQuig09r5Dr431NnZQr3KReMLkfjDZ1FWO4Jb25UEi8GYU3m%2F4%2F1FyCsM6eQ8Y0njyZgQJF%2BIty6YMdu2%2FXJs3LCpXkO5XCJyb7pK70zW8MHDdh7Pc40ofKE34rMdsvaR0ksIztIKsv%2Bnx6N5qBDmqTikPnbwscIbR7Rz3nyw3XyfX2jW0YAG%2Fr8WldxOlsFcdtiVuix1QS2zD67wu7fTN5W%2B4pNcXP91eOke0%2F1OrjB3eEOslczFQhDPwSclA2Y6sinGBhKqiH6TtK%2FLkUyqGJ5BFEcY%2BjIDfU5rjTb7EdbGVpyEb3p5AcG18By0jhrxHWxzrsQAacALmVxR0pR2S4Bodk6WtCMqRWSx7zgjBtR4obQXJ2mfq289RAo72i9WUDh5odL%2By4Dh3kY%2Fqq10qEHM1zxuX8GFTQKpGGi0mi0KRLRSvvufW%2Fph0XBP%2Br73ruqzDTcwVw58ghOpqibMoA9%2BUgGwcG%2FCyCoVQcJkTRzvUJkkbaI7Vji2XUIFyfEBr4euztTyGKWWl9tWxVsTqxTRLIjQMjT8uDXOxbn%2F67yGWBWTvlM%2F0Ct8llNCp5qX1q0LncbcK3MwYMdVCsxfpO%2FAu2y0Yvlt22tnwnZ4xdpdhsKP9GMxyeTbWttdS7lNFChMl%2FspSRA8FCny6TfrF30ESv230zGgR5Bdwt%2FxXQoVCn%2ByxTDa7%2FFK3TA9EpDdJNPr5pIZDduElppRcmT%2BW7u7KpW6nPXfgxcZDbKMOguL%2B0A1HfoACrSBeBPS17PCvqgoAv85s5l43QBWrGDmQXiTBsFG%2BgN2pB3pOEl2wmiuhOy2h0zLWrofVq3EUxgTeo8LKCPw1GsZJymvwFIfgfEJ5Q0JSu5zHrfTXyGij%2FD3snTyguWD7FzxtXJ6EKP89oRIqXKZfzIByRBCg4GiAS8FhX7U75ZGVirx8Zs6Il3O4gq0bo1s1hUGhAPmHAoCIxoVA7hB9ADqQljcg8ArIbnKoRVJCepNsx1i5hhWDy07vB7Vk%2FZdLpjdyuLTIubQ5hQCYFK1fX4wshxtxafXkDEkIDD9eQqLoUXLNjEiwoRzo3SVY0P2gxZIVC2610fLTLrC%2FzR72p%2B%2FqEhVFsk8LHZ4IGcgdeMr8h0%2BCaWJytaTtifblCxTplL17W%2B5qv4BaiRKCT3iRj7tL%2BI4SSrLxIjmB6Qohl0HEqitTpwmBeOy%2BvF%2F8%2B0RpnuxPV4kqMgd03UAZthEd8R8JuDRkjYFyoiFzvTWoEJBF6NwBsgb5S%2FUxM54qSObvJmkxZ%2BJRNVbLxMM9WwkitJs6aorCCCHv5t1IkG%2BijpOwA01KKXyQyqV6vohViEA%3D%3D
request	GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=pyTjFadMal6hhe6iVTEgBhaTka4ZolkKnWDo5CxfFnFBv4RL5AgTIGwcP6GFJakiDxBIPN2463MVN2%2FKY9Ez97KixiOnf4gMdlmMrfLUJZ5w1NBRWK9w3M5prDnhhEb%2B%2B%2BPMedOblntLjcijT7wepMN2aT36NneCGPmZ0W7HL8LElYbd%2B0Hdh15wQ%2FrrNOYMq4EieXu%2BaOzlC5f6BQGovkEgiRfBbtjMbohSSu1E74zNGAXkfXBHaTUMHAqysSFGB0jMW49dtAv5lBkrO89V68yMb75TSyA%2FRnGuj%2BUaBLcQaPbmhzSFSDWbumxBNQnI4Ql%2BDqrym%2B95Azw6OJUi0x%2FTbr%2BSCcXs9KehljcrHcMSzMTRXstrmfP0j%2Bmv8HXDKZ5ugI4Ekzky1LdDXDDlgCB0AzQ831apmL%2F8kqzvGDGPUgVfT5tyPs1z4VzZJ7E%2F6rwlhEaq2av96x3jycvIEx1g9d7ELBhzwlKBsmtmz2yoL5KyqDmHzv7i6UKvN8V6bhcF%2FMfIrDk8nppa8YkCfTIMduNj2lVZyFhxYrPBIjGinDWD5HH2o%2Bmy%2FAz3xLWz3IXDVtYnhzijFEfnOVL2ILwURnqCC9JuYa91WWXWJdBKlVB8wmlaQVFZynicqRdtff%2BDuHhk1dfjItzx6shEJEvEMCbHPbgfl0ZJkwf42cs%3D
request	GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=qkFNREoFbcAXCGDGaCD%2Fc49H7oS%2FkUWNpHl6nOIcOT8TJ9AhK8oVZdw69m8JxFma0dIg3MBLC1Rrej4e7EnLDoDsVa8Xog%2BA4YitN968scCVKLHQ59IhGU8CrAFPjqbkdTc2VDoVYQ41p0qqvQZeac2dlpQ%2BTzva%2B7PXxoL%2F3Yo9pe0a46orm34t%2Blgosb%2FvIVwh%2BE%2FWBxKOAi1ScD41Ab3jBd5q9Jah%2FHmHEMRsadqTSRZ8HVu5yiGnY%2Ftp9H5%2B0jBy7n9aHQnixZWfdEX%2FfPSESYHQiUzU4Asxfn74JLSRNU0NwcF3YLCsZJ6AgS2ymrNtlhlFXUdF2Jfm0BYpUI5BEOnaBZ93Vl6h8Rc%2FX7BrLUZj42UdiGlpag8i%2FaJIUnBLbI1Goifb5NM6s4HMhxoKKpGHNryF%2FuI7qklHp7ZXFFa%2FNN9iYexqxUWRXX90Z7FvK9iT%2FqTu0exKfFJgBQ1Mfm8uUJL0m6UsnHzWpnqVp1hUS9ANk7zkeg08i2f61WXbUWhnaRkytJi635n4CPnNGQrD1mU2zbjuMELzPWhOjw5GlGRoNlimKKR3SJ1%2B1nq4F8L5UrjlnxNkTzRJ2LczW9wjJSuamUjv6wAjgQ7xzaV45DdtUMg%2BS9jUg4fgg42PMNV0MyK%2BE6NJe%2FDCR%2Fyao5xkD1CkCQq8Fmzair8%3D
request	GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=y0DXKXeLm1sHJNc5FPBQM17YSjs%2Be3Y4PiJ0ke6YmRVGKb0QapK1Xq%2FkHnkftTXs1EEOr%2Bbi6MUd02oaGOprKcZD5DJtFSMSM4pFpbZbVDgNkWQPfq96vdTJqrC9hibsFrCsGdmistqnWwRt0JXKiSkqhFNI6e11BcE0TZ3%2F6ImmSwguib%2FYvLWX37d4v4caOm%2Fs0W%2FppoWWROgJRE5PsPxRelAg95K2CtlYJu1yxw42jOFDXcqqv%2BtNznXwz8NYLaKLW4lhbbdJYjim3qHg2wdsKLMgB80U8wtvNYM%2B7K0ypJsmPnA44Ydh%2FtAzXPJ1g4ik0uvVBcCjLWl6WxQEo3JYct3P9rGbigppz9%2FuhDvfSZZNz%2BHnZxMoNhKd37sqMdyryESa9EvrHd4Xt05AR0NlkPhcx5II1FTOuEbjUSB6LRKm%2FROxVcHOA3IDFSGN92cS66r2%2BgX9aLqIldd4xAnqa%2BKCbOuobwt7QLbcz9oP%2FD9wombo89GoiRA8yLAd1%2BUMAfqtiy2VLLM%2By6gSlHxYHrDphg0xliQYIhU4lhKzRLXD6I7xOH2jvPU2luUjOrKsRs412X0KKLZl8XoJNWH7PDdqqNGSUYr6eemvk1XpjyQhyKPHv7Z0J%2FQN%2Fox%2BNrZ512CYX8bIpSJhFHiVgaYNsHq5MFIguY0aFDCRmt4ekIoy0A5fiPHZjGyckBSyf83dKWyRI8XWw8PEnUnJGJxDKCt18xxaWYqhtgynGEs2ZB02IsOCmqjULdLS3RSdLQ0JHwmks5rIkBpgLA21Kgi92gJqrluvCrUtM6qVvFesgrfnDcfa5iuK5GlypP%2BuEwHlvqucHfg7x%2BHgQ6S3pKrSOidc5E7g1GYQ8S9PURH6B%2FKgAA22852tt%2FoCEBU%2B9vlm5qxKue3ZIw3E7VwWHiXwOnVAMF0R0n3UZBaEBQvoyolYqTN3cKUf%2FYDeBfU%2FBe4DS540nR0%2BdvKPxjjyBCCXCgP%2BZXVDj93ocBmLYsiTmSnCecdcH1VE46bEHdRkkxM4TX%2BfgIYrysDzH6fFCoddHIsNxLnE0oCISa3C17QiwDaP4r3dYYeUwFCryRbWl%2FoK38FCwpFVP9XZ1Tpi1TbjAfIivUbK8AUQPcOFKrsxD7v%2B%2FR%2BlS8fNZrgZrhfhvzH9b%2F%2BRzApMeTBNsx4LnPHSJrorFFxfFzAjGmQItrfDbkbWj%2FcAxYwyt0G1MO8WzlkcuS0IA6QGu2S8xqhwSJCwyzN9vb8Jo1fmx1sFR8RI4OaVXvSNdLhsyegrjx8dNIujepbUT72n3dtlRh5QYgggDZWVgY3fzXbNM%2FD3jAqp%2BkR4p%2FUZrsrxSkoguKSUemCjCxIUj1bPmWiAi%2BNefA%3D%3D
request	GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=hmhWalJZbFCDJ8ovkuLLIJG3TSstVZePlB5RWabwOfkg1Ea1EXD7cuZDdkxo1BqVA9v13hNnCi6d7T3D%2BmMo31h6QB827VSGgQQGL2Ylh8wG1CyfG85OuEJam9Dn4kHjzK4YPqeAGNKKzUE3XMMmJesmmKGv30ZiIcxFL0ggo%2B95QhbCFh9LDNgIv7u%2FAHXPBI76Lfn0B2UZ1R8t3foQ1AT4D2RN3cmbi8tZBOsGhQKLebos8RmoBO1VKd6JGohQw660COBgi54rhy2RHpCEAmZRBVYWutg7%2BV7bW6XAhA4WGuNvnxq1OUZVyhMLw27tcPctV2dfrKqSajckptsZiPcnxg7NYrvKW63FkQgLHBKY0icbU8zm20WjJ%2B90LDiktyAlKBkhF79bqoWOndtuPTFRqedd8W5VjaAtSSV%2BqvPTGSMPCWUpaSvBWWe55ElFp6LJH%2FD7p1zxWXBLwzY7sTN922Z4am%2BuR3060QN%2Fehwn%2BepGQE3%2FVvS%2FFU5Iy4fzdhdg%2BReip5bDDnjU8%2FXmO4JibX9U7Ia3%2FHIQvLF3wvkGtrKW%2BuZxQDq2Lsj93Z%2BqNV9b9xp7b4B5I45JAAAKZQfd%2BTL2Pmqo6N%2Fe4GnPOo75QmyhLHK6AoLPMouI0CV%2BlNA4ti2li8LLYajngLmxhaTQJWPJLBEifJsC2Wbf%2FpjPAV%2FzugtSL1NxToSpCb%2FXQARkWyTpWSETkGHAUht1HrE5q%2B7ZiASz9pGTGCmx5DZqRr6EZxukhs4%2B31H1X540wPi6IrDWtAa4MYlh218%2BJZZsJF9PXBLB3jZhAz5VjdyXLCwzqqGziSbiNtvsxCCFmKp%2FcLMWO4mZV77iAIpk69IviCIHwy0IOj4%2FMezCj6W8O3z90RY8KPRdVk8MhZAFI05hBqU8an3rZpaXZJHdQthdE5Wr0AmS3Q9CS3Vk1X3GreyesymS4oGx%2FIngmaqQD0PDInlyIZr7UdHtE%2B4vzufHeQHgQmBJkDFJIiht6PY9e50uP7RTcJo7m4SzoQGEl1N73FmHHhm9546TIaVb2jYXNtNbMBAum0xaOg%2Fcl%2FOvPNrrss%2BR2YY3sREIQpKUCwd4fIT2ucDho0fL4oR%2BM%2BZhPGtrdYAiMDULdJ4LSheeN43ERxFfDP0DCDht40XR9zCQBbPkdhriVFtBCwyvJcYjGprzf2MPJOwJCcSdJl0uXRcTSavdowAlgmi7mrocwMV0ORZfsboW4JJmTl3UgUtZLNI7Pv7a0DWzLLeDoPUQAFKcy9niM%2BnV0aZFQd7x89jxmh7eeY8IOqACUhClfqyBp3OtvMIDK0Nc6G8U7sCE0sGv4rCzKvicDfEg0a0YJrCA9%2FmsIAAaH79fHv%2B%2BVw%3D%3D
request	GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=gA1m%2B8vxOqgIE%2BYe1uJXwqccr2hNiRY9bjGA%2FCYCqCaxR9C9vWG5Ufuzum8vNkRD1iv5MBLjx%2Ft%2BQgVIhX4umZ2fk%2F19GU%2Baf8j%2Bv9aGA5GVQNTPGgQhduR4IkyjOnyAC9q4lD7YtqCfHcrW7d7Q4TNqSda%2BdfcUZIfkPQ%2FNCSQwQVAxD6KVrA8l18TBLW%2BQqN4%2F0RHJx%2BNHuDkGC0sZVSm%2B6f7L3alrm%2BaD2sPDzryOhttygrDsqpF5YhE4sXqodY6HTeOCizlkFTiYy8J%2BwYj5BUvCj8JBX%2BwNvmeCsziQt5CDGhFJzZ1Z9wWKrYDUf%2Fl%2BLGtfS4DYkGHQOpl9Y9eP2qBgB9ovmf9yIUqncHl7yhbAwK3hw8B%2B4FsTOnjXrzm5U19FUGGdv7DkA4scnCb%2FC7pnbkCqlGIWREkjodSOFEckEbRkK6sg1tHAex6C9%2BhGi%2Ba%2FEaGDvqjH2bJPsDroYRahQMQvy7kbQxgqrQJ%2B%2FJ%2BPtMLFhfVmQcLDtoloETMhH3%2B0rIZvY9X1Rcec1nss5EcWAniGIVXbpJ6aGawvtkE3sxK8hKp4XRDeGj72Qh06nSF3mt1S3PI%2B9p2p6sDG42yzd4SvhYY9nAXJTjopAX7HVcETLghA7NDeLR1bnwlHkY0UN0szZAe4PFlfp2YaF98FSMBtoEnzQtIck4wLeZYFDKT9eHYutxCYM%2FPZUmb%2BaVkudfjz0Hwfr2BHijrUc85kfAC9Ra7NbGxv94VhU7XBelsXHtC35Flnfz5szhURBjX%2FhBsVdj%2FCT404ftWDQhckcl1GBIlBq%2BS4qaBtNEglUeN43IX6Ci2N0ztuoawp%2BAilj0uZB%2BQUD%2FEcJVk%2B8u41VBvhozHoV7AouHNO9%2BXq8ITFdaPX6zbxiesFeGDGv2MlP%2BlrTWFoyr6PnlS%2Bbn7r%2FR%2FJSgd1o3gDmwgwOevDpDLE425M7Yy86CHBVC6ezHb7f%2BT0w18XHveKYMHQctaKDHYN5ezhZkJj2fsv%2FOZZgqb%2Fk03esvnqqgz9GHtBAWlYpvf6k8F8JTzVjXiRLCSNCrLJnZGkingNxS2RZ6ICVfvE8n9hxyCgULSP3PtMi4hVW745%2FvrQzMzkM8Uu85rO4BkmfhMGnO4O1Bif7mHj%2BE6wYC1ZOClhvkQEY%2FDdae9SDICtvL5OoyoQ87ViqbP7%2F6T7mKkSAYI7Pn2nQuUyMYM22wd7NitaoTZebQGmhyTHnz6JvBvNNnWoSrYiRSbIuva3791erg9z7gRvrOVgg9tJSIBRgB0gsUDUMUn1d3T%2BpPpqD1bKy7ICpiAiiIM7SY76%2FRU%2BuDguyufdvitMhCVB%2FpO66KSuNcNW3HzZ0yHupo%2Fht%2BxIeqx%2Fow%3D%3D
request	POST https://update.googleapis.com/service/update2?cup2key=10:2314416845&cup2hreq=237c3426c9beee7ca0e5a9ebec8d4e7c47667fd560b331134ff4f4a5d7349a0b

Sends data using the HTTP POST Method (1 个事件)

request

POST https://update.googleapis.com/service/update2?cup2key=10:2314416845&cup2hreq=237c3426c9beee7ca0e5a9ebec8d4e7c47667fd560b331134ff4f4a5d7349a0b

Allocates read-write-execute memory (usually to unpack itself) (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1619389936.502249 NtAllocateVirtualMemory	process_identifier: 1908 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x026e0000	success	0	0
1619389557.224895 NtAllocateVirtualMemory	process_identifier: 1424 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00000000041d0000	success	0	0

Checks whether any human activity is being performed by constantly checking whether the foreground window changed

Steals private information from local Internet browsers (2 个事件)

registry	HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox
registry	HKEY_CURRENT_USER\Software\Mozilla\Mozilla Firefox

Creates executable files on the filesystem (2 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\E209F001679248FBB0F61EC18BB5CAEA\william_hill_new\js\template.js
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nss9D46.tmp\internal444739b0316f6184757774fa2903ea69.exe

Drops an executable to the user AppData folder (1 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nss9D46.tmp\internal444739b0316f6184757774fa2903ea69.exe

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619389995.127249 Process32NextW	process_name: GoogleUpdate.exe snapshot_handle: 0x0000088c process_identifier: 3324	success	1	0

Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619389939.440249 GetAdaptersAddresses	flags: 0 family: 0	failed	111	0

Checks for the Locally Unique Identifier on the system for a suspicious privilege (4 个事件)

Time & API	Arguments	Status	Return
1619389995.112249 LookupPrivilegeValueW	system_name: privilege_name: SeDebugPrivilege	success	1
1619389995.112249 LookupPrivilegeValueW	system_name: privilege_name: SeDebugPrivilege	success	1
1619389995.127249 LookupPrivilegeValueW	system_name: privilege_name: SeDebugPrivilege	success	1
1619389995.127249 LookupPrivilegeValueW	system_name: privilege_name: SeDebugPrivilege	success	1

Queries for potentially installed applications (6 个事件)

Time & API	Arguments	Status	Return
1619389934.737249 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000001 key_handle: 0x00000000 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome options: 0	failed	2
1619389934.737249 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000002 key_handle: 0x000000e0 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome options: 0	success	0
1619389973.627249 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000001 key_handle: 0x00000000 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome options: 0	failed	2
1619389973.627249 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000002 key_handle: 0x000008ac regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome options: 0	success	0
1619389973.627249 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000001 key_handle: 0x00000000 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome options: 0	failed	2
1619389973.627249 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000002 key_handle: 0x000008ac regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome options: 0	success	0

Reads the systems User Agent and subsequently performs requests (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619389973.643249 InternetOpenW	proxy_bypass: access_type: 0 proxy_name: flags: 0 user_agent: Playtech WinClient Downloader/1.0	success	13369348	0

Attempts to create or modify system certificates (1 个事件)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob

Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)

Time & API	Arguments	Status
1619389942.049249 RegSetValueExA	key_handle: 0x00000538 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason	success
1619389942.049249 RegSetValueExA	key_handle: 0x00000538 value: )8E:× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime	success
1619389942.065249 RegSetValueExA	key_handle: 0x00000538 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision	success
1619389942.065249 RegSetValueExW	key_handle: 0x00000538 value: 网络 2 regkey_r: WpadNetworkName reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName	success
1619389942.065249 RegSetValueExA	key_handle: 0x00000550 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason	success
1619389942.065249 RegSetValueExA	key_handle: 0x00000550 value: )8E:× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime	success
1619389942.065249 RegSetValueExA	key_handle: 0x00000550 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision	success
1619389942.096249 RegSetValueExW	key_handle: 0x00000534 value: {40112ABE-63B3-43C3-BE93-1440EE3AF106} regkey_r: WpadLastNetwork reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork	success
1619389968.315249 RegSetValueExA	key_handle: 0x0000080c value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason	success
1619389968.315249 RegSetValueExA	key_handle: 0x0000080c value: °àT:× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime	success
1619389968.315249 RegSetValueExA	key_handle: 0x0000080c value: 0 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision	success
1619389968.315249 RegSetValueExW	key_handle: 0x0000080c value: 网络 2 regkey_r: WpadNetworkName reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName	success
1619389968.315249 RegSetValueExA	key_handle: 0x0000077c value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason	success
1619389968.315249 RegSetValueExA	key_handle: 0x0000077c value: °àT:× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime	success
1619389968.315249 RegSetValueExA	key_handle: 0x0000077c value: 0 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision	success

Writes a potential ransom message to disk (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619389992.690249 NtWriteFile	file_handle: 0x000008b4 filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\E209F001679248FBB0F61EC18BB5CAEA\E209F001679248FBB0F61EC18BB5CAEA_LogFile.txt buffer: 04/26/21 05:53:12 (59156) -- ProcessId: 1908, ThreadId: 1688 -- DebugLog -- JSObject -- Invoke -- strJSONArg={"id":39,"params":{"inputFilePath":"C:/Users/Administrator.Oskar-PC/AppData/Local/Temp/E209F001679248FBB0F61EC18BB5CAEA/william_hill_new (1).7z","outputFolder":"C:/Users/Administrator.Oskar-PC/AppData/Local/Temp/E209F001679248FBB0F61EC18BB5CAEA","shouldDecrypt":true,"onFinishId":3,"deleteDecrypted":false}} offset: 0	success	0	0

Generates some ICMP traffic

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)

dead_host	172.217.24.14:443
dead_host	192.168.56.101:49207
dead_host	142.250.204.142:443

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2012-02-19 23:01:49

Imports

Library ADVAPI32.dll:

• 0x429340 RegCloseKey

• 0x429344 RegCreateKeyExA

• 0x429348 RegDeleteKeyA

• 0x42934c RegDeleteValueA

• 0x429350 RegEnumKeyA

• 0x429354 RegEnumValueA

• 0x429358 RegOpenKeyExA

• 0x42935c RegQueryValueExA

• 0x429360 RegSetValueExA

Library COMCTL32.DLL:

• 0x429368 ImageList_AddMasked

• 0x42936c ImageList_Create

• 0x429370 ImageList_Destroy

• 0x429374 InitCommonControls

Library GDI32.dll:

• 0x42937c CreateBrushIndirect

• 0x429380 CreateFontIndirectA

• 0x429384 DeleteObject

• 0x429388 GetDeviceCaps

• 0x42938c SelectObject

• 0x429390 SetBkColor

• 0x429394 SetBkMode

• 0x429398 SetTextColor

Library KERNEL32.dll:

• 0x4293a0 CloseHandle

• 0x4293a4 CompareFileTime

• 0x4293a8 CopyFileA

• 0x4293ac CreateDirectoryA

• 0x4293b0 CreateFileA

• 0x4293b4 CreateProcessA

• 0x4293b8 CreateThread

• 0x4293bc DeleteFileA

• 0x4293c0 ExitProcess

• 0x4293c4 ExpandEnvironmentStringsA

• 0x4293c8 FindClose

• 0x4293cc FindFirstFileA

• 0x4293d0 FindNextFileA

• 0x4293d4 FreeLibrary

• 0x4293d8 GetCommandLineA

• 0x4293dc GetCurrentProcess

• 0x4293e0 GetDiskFreeSpaceA

• 0x4293e4 GetExitCodeProcess

• 0x4293e8 GetFileAttributesA

• 0x4293ec GetFileSize

• 0x4293f0 GetFullPathNameA

• 0x4293f4 GetLastError

• 0x4293f8 GetModuleFileNameA

• 0x4293fc GetModuleHandleA

• 0x429400 GetPrivateProfileStringA

• 0x429404 GetProcAddress

• 0x429408 GetShortPathNameA

• 0x42940c GetSystemDirectoryA

• 0x429410 GetTempFileNameA

• 0x429414 GetTempPathA

• 0x429418 GetTickCount

• 0x42941c GetVersion

• 0x429420 GetWindowsDirectoryA

• 0x429424 GlobalAlloc

• 0x429428 GlobalFree

• 0x42942c GlobalLock

• 0x429430 GlobalUnlock

• 0x429434 LoadLibraryA

• 0x429438 LoadLibraryExA

• 0x42943c MoveFileA

• 0x429440 MulDiv

• 0x429444 MultiByteToWideChar

• 0x429448 ReadFile

• 0x42944c RemoveDirectoryA

• 0x429450 SearchPathA

• 0x429454 SetCurrentDirectoryA

• 0x429458 SetErrorMode

• 0x42945c SetFileAttributesA

• 0x429460 SetFilePointer

• 0x429464 SetFileTime

• 0x429468 Sleep

• 0x42946c WaitForSingleObject

• 0x429470 WriteFile

• 0x429474 WritePrivateProfileStringA

• 0x429478 lstrcatA

• 0x42947c lstrcmpA

• 0x429480 lstrcmpiA

• 0x429484 lstrcpynA

• 0x429488 lstrlenA

Library ole32.dll:

• 0x429490 CoCreateInstance

• 0x429494 CoTaskMemFree

• 0x429498 OleInitialize

• 0x42949c OleUninitialize

Library SHELL32.DLL:

• 0x4294a4 SHBrowseForFolderA

• 0x4294a8 SHFileOperationA

• 0x4294ac SHGetFileInfoA

• 0x4294b0 SHGetPathFromIDListA

• 0x4294b4 SHGetSpecialFolderLocation

• 0x4294b8 ShellExecuteA

Library USER32.dll:

• 0x4294c0 AppendMenuA

• 0x4294c4 BeginPaint

• 0x4294c8 CallWindowProcA

• 0x4294cc CharNextA

• 0x4294d0 CharPrevA

• 0x4294d4 CheckDlgButton

• 0x4294d8 CloseClipboard

• 0x4294dc CreateDialogParamA

• 0x4294e0 CreatePopupMenu

• 0x4294e4 CreateWindowExA

• 0x4294e8 DefWindowProcA

• 0x4294ec DestroyWindow

• 0x4294f0 DialogBoxParamA

• 0x4294f4 DispatchMessageA

• 0x4294f8 DrawTextA

• 0x4294fc EmptyClipboard

• 0x429500 EnableMenuItem

• 0x429504 EnableWindow

• 0x429508 EndDialog

• 0x42950c EndPaint

• 0x429510 ExitWindowsEx

• 0x429514 FillRect

• 0x429518 FindWindowExA

• 0x42951c GetClassInfoA

• 0x429520 GetClientRect

• 0x429524 GetDC

• 0x429528 GetDlgItem

• 0x42952c GetDlgItemTextA

• 0x429530 GetMessagePos

• 0x429534 GetSysColor

• 0x429538 GetSystemMenu

• 0x42953c GetSystemMetrics

• 0x429540 GetWindowLongA

• 0x429544 GetWindowRect

• 0x429548 InvalidateRect

• 0x42954c IsWindow

• 0x429550 IsWindowEnabled

• 0x429554 IsWindowVisible

• 0x429558 LoadBitmapA

• 0x42955c LoadCursorA

• 0x429560 LoadImageA

• 0x429564 MessageBoxIndirectA

• 0x429568 OpenClipboard

• 0x42956c PeekMessageA

• 0x429570 PostQuitMessage

• 0x429574 RegisterClassA

• 0x429578 ScreenToClient

• 0x42957c SendMessageA

• 0x429580 SendMessageTimeoutA

• 0x429584 SetClassLongA

• 0x429588 SetClipboardData

• 0x42958c SetCursor

• 0x429590 SetDlgItemTextA

• 0x429594 SetForegroundWindow

• 0x429598 SetTimer

• 0x42959c SetWindowLongA

• 0x4295a0 SetWindowPos

• 0x4295a4 SetWindowTextA

• 0x4295a8 ShowWindow

• 0x4295ac SystemParametersInfoA

• 0x4295b0 TrackPopupMenu

• 0x4295b4 wsprintfA

Library VERSION.dll:

• 0x4295bc GetFileVersionInfoA

• 0x4295c0 GetFileVersionInfoSizeA

• 0x4295c4 VerQueryValueA

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
ocsp.sectigo.com	A 151.139.128.14	151.139.128.14
redirector.gvt1.com	A 203.208.41.33	203.208.41.33
ocsp.comodoca.com	A 151.139.128.14	151.139.128.14
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
t8u4n6u7.ssl.hwcdn.net	A 205.185.208.154	205.185.208.154
c6m7w2m9.ssl.hwcdn.net	A 205.185.208.154	205.185.208.154
fallback.playtech-installer.com	A 52.218.98.60 CNAME s3-website-eu-west-1.amazonaws.com CNAME pt-installer.s3-website-eu-west-1.amazonaws.com A 52.218.97.4	52.218.108.28
r1---sn-j5o7dn7e.gvt1.com	A 113.108.239.194 CNAME r1.sn-j5o7dn7e.gvt1.com	113.108.239.194
ocsp.usertrust.com	A 151.139.128.14	151.139.128.14
www.download.windowsupdate.com	A 218.93.204.35 A 115.238.242.35 A 124.225.184.35 A 59.36.203.35 A 140.249.32.35 A 113.96.164.35 A 116.253.62.35 CNAME download.windowsupdate.com.a.bdydns.com A 150.138.188.35 CNAME opencdnmsdl.jomodns.com A 117.91.181.35 CNAME 2-01-3cf7-0009.cdx.cedexis.net CNAME wu-fg-shim.trafficmanager.net A 49.79.225.35	171.107.85.35
clients2.google.com	A 172.217.24.14 CNAME clients.l.google.com A 142.250.204.142	172.217.24.14
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
update.googleapis.com	A 203.208.41.34	203.208.41.34
r3---sn-j5o7dn7e.gvt1.com	CNAME r3.sn-j5o7dn7e.gvt1.com A 113.108.239.196	113.108.239.196
cachedownload-poker.williamhill.com	A 38.29.169.96 CNAME e25755.d.akamaiedge.net A 38.29.169.106 CNAME cachedownload-poker.williamhill.com.edgekey.net	38.29.169.96
teredo.ipv6.microsoft.com		127.0.0.1

TCP

Source	Source Port	Destination	Destination Port
192.168.56.101	49223	113.108.239.194 r1---sn-j5o7dn7e.gvt1.com	80
192.168.56.101	49224	113.108.239.196 r3---sn-j5o7dn7e.gvt1.com	80
192.168.56.101	49183	113.96.164.35 www.download.windowsupdate.com	80
192.168.56.101	49184	117.91.181.35 www.download.windowsupdate.com	80
192.168.56.101	49186	151.139.128.14 ocsp.usertrust.com	80
192.168.56.101	49187	151.139.128.14 ocsp.usertrust.com	80
192.168.56.101	49190	151.139.128.14 ocsp.usertrust.com	80
192.168.56.101	49191	151.139.128.14 ocsp.usertrust.com	80
192.168.56.101	49194	151.139.128.14 ocsp.usertrust.com	80
192.168.56.101	49195	151.139.128.14 ocsp.usertrust.com	80
192.168.56.101	49222	203.208.41.33 redirector.gvt1.com	80
192.168.56.101	49221	203.208.41.34 update.googleapis.com	443
192.168.56.101	49181	205.185.208.154 c6m7w2m9.ssl.hwcdn.net	443
192.168.56.101	49182	205.185.208.154 c6m7w2m9.ssl.hwcdn.net	443
192.168.56.101	49192	205.185.208.154 c6m7w2m9.ssl.hwcdn.net	443
192.168.56.101	49197	205.185.208.154 c6m7w2m9.ssl.hwcdn.net	443
192.168.56.101	49206	205.185.208.154 c6m7w2m9.ssl.hwcdn.net	443
192.168.56.101	49208	205.185.208.154 c6m7w2m9.ssl.hwcdn.net	443
192.168.56.101	49209	205.185.208.154 c6m7w2m9.ssl.hwcdn.net	443
192.168.56.101	49210	205.185.208.154 c6m7w2m9.ssl.hwcdn.net	443

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	51660	114.114.114.114	53
192.168.56.101	52126	114.114.114.114	53
192.168.56.101	53210	114.114.114.114	53
192.168.56.101	53500	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	53661	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	55737	114.114.114.114	53
192.168.56.101	57236	114.114.114.114	53
192.168.56.101	59291	114.114.114.114	53
192.168.56.101	59369	114.114.114.114	53
192.168.56.101	60215	114.114.114.114	53
192.168.56.101	60911	114.114.114.114	53
192.168.56.101	62502	114.114.114.114	53
192.168.56.101	63429	114.114.114.114	53
192.168.56.101	64874	114.114.114.114	53
192.168.56.101	64877	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138

HTTP & HTTPS Requests

URI	Data
http://fallback.playtech-installer.com/playtech_compressed_assets/poker_william_hill/templates/installer/william_hill_new.7ze	GET /playtech_compressed_assets/poker_william_hill/templates/installer/william_hill_new.7ze HTTP/1.1 Accept: / User-Agent: Playtech WinClient Downloader/1.0 Host: fallback.playtech-installer.com Connection: Keep-Alive Cache-Control: no-cache
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab	GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1 Cache-Control: max-age = 3600 Connection: Keep-Alive Accept: / If-Modified-Since: Wed, 03 Mar 2021 06:32:16 GMT If-None-Match: "0d8f4f3f6fd71:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: www.download.windowsupdate.com
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D	GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.usertrust.com
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe	HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: redirector.gvt1.com
http://cachedownload-poker.williamhill.com/download/poker/client_update_urls.php	GET /download/poker/client_update_urls.php HTTP/1.1 Accept: / User-Agent: Playtech WinClient Downloader/1.0 Host: cachedownload-poker.williamhill.com Connection: Keep-Alive Cache-Control: no-cache
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D	GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.comodoca.com
http://fallback.playtech-installer.com/playtech_cabs/poker_william_hill/casino[en].cab?t=1619387601799	GET /playtech_cabs/poker_william_hill/casino[en].cab?t=1619387601799 HTTP/1.1 Accept: / User-Agent: Playtech WinClient Downloader/1.0 Host: fallback.playtech-installer.com Connection: Keep-Alive Cache-Control: no-cache
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEHSfdSPcp6pyLdnEz5lZ6ec%3D	GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEHSfdSPcp6pyLdnEz5lZ6ec%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.sectigo.com
http://fallback.playtech-installer.com/playtech_compressed_assets/poker_william_hill/index.7ze	GET /playtech_compressed_assets/poker_william_hill/index.7ze HTTP/1.1 Accept: / User-Agent: Playtech WinClient Downloader/1.0 Host: fallback.playtech-installer.com Connection: Keep-Alive Cache-Control: no-cache
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619360895&mv=m&mvi=1&pl=23&shardbypass=yes	HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619360895&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: r1---sn-j5o7dn7e.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.