9.0
极危
30 个模型检测该样本为恶意!
重新分析
更多

f5a5a0cead835e1f2e542639a86289b96efc83ce55c8d53c80ebdd4f8c342df4

6947f7305c84c17cbe352bf4f850e224.exe

分析耗时

105s

最近分析

文件大小

1.6MB
静态报毒 动态报毒 CROSSRIDER CROSSRIDER1 DS@8M1BFT ELDORADO GENERIC ML PUA GLRPKQ GRAYWARE HIGH CONFIDENCE JIY0N0 ONKGY PLAYTECH PLAYTECHPMF R300843 S9225160 SUSPICIOUS PE UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Playtech 20200912 6.0.6.653
Baidu 20190318 1.0.0.2
Avast Win32:PUP-gen [PUP] 20200913 18.4.3895.0
Kingsoft 20200913 2013.8.14.323
Tencent 20200913 1.0.0.1
CrowdStrike 20190702 1.0
静态指标
This executable is signed
This executable has a PDB path (1 个事件)
pdb_path F:\QT_DL_INSTALLER_BUILD\web-installer\WebInstaller\noneAdminRelease\WebInstaller.pdb
Tries to locate where the browsers are installed (3 个事件)
registry HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
registry HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Mozilla Firefox
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe
The file contains an unknown PE resource name possibly indicative of a packer (3 个事件)
resource name DATA
resource name PNG
resource name None
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:2012936746&cup2hreq=c9a1363efa0a9db7e08a034f66a0e19e340261c9071e58cba4c327d1c9b8159d
Performs some HTTP requests (11 个事件)
request GET http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
request GET http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
request GET http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
request GET http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl
request GET http://fallback.playtech-installer.com/playtech_compressed_assets/casino_casinocom/index.7ze
request GET http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEHSfdSPcp6pyLdnEz5lZ6ec%3D
request HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620753140&mv=m&mvi=1&pl=23&shardbypass=yes
request HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=a14531040ea67fbb&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620753373&mv=m&mvi=3
request GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=lu%2FvUCGVfCvrTSOrbStEWLGooaTIHGg4k1a5wtT%2BnBE9upq7NI6knZ7OV2GZ1fZgWQhyAz834Meod5yd783zVLqSJXwIJ2OWRNdgDBqWdu%2FQMlzy4V2766ExiGrihkCmesaGzXN3t5NfPtwqNVwO15HiQwCvh3GxL5HoqIBDyrswyuBcKtULZsZebfQhnVLKJS03TR0yVXvtnZ7QQTKjtPa2%2Bi%2FyY97r9lWHpmaaBEPScmeDM7373cOWciU%2BzLcrde%2Fdyyqo2xI2C%2BXJIfCMz7x%2BiB03XeEXctGGpmHH6CP%2Br87Bc2HYTU0CCpvr7wu7VllUTiIMkALVnEBbaEKwAcXQGuCjMz2mMlwAuxmmf5gzBhpDZYUNDBI2yjvH8vTWRcotq0NzMFm%2BajRQInLcNZ55IYfB3FIDZlBiCHaPyciK1SQgX0C5lYd6tghu7QA%2FOUvyoWm2MgXsVeXU%2FD743ta44Q22R7qlTbhWll5LnIV%2F7jw7abIS2s0h0X8B6mOSHv9uT4AtBRPKzISr4Wc5f5QM6lLefunOcCf4an2zh%2FQaSKaZ%2BFyWgmTqsiC04p04UHQNk9KXSE%2BQlnn4a7HsjYno04z9gT%2FPMaHAEnIdz6RbzEPGwWMnQUKGk411und%2FWxpavtgxeQv6FfSWcsvuQ4OLtcc2GAEaP2Vqt%2FV9tgA%3D
request POST https://update.googleapis.com/service/update2?cup2key=10:2012936746&cup2hreq=c9a1363efa0a9db7e08a034f66a0e19e340261c9071e58cba4c327d1c9b8159d
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:2012936746&cup2hreq=c9a1363efa0a9db7e08a034f66a0e19e340261c9071e58cba4c327d1c9b8159d
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1620782365.208876
NtAllocateVirtualMemory
process_identifier: 2712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02940000
success 0 0
1620781999.180145
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000004120000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Steals private information from local Internet browsers (2 个事件)
registry HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox
registry HKEY_CURRENT_USER\Software\Mozilla\Mozilla Firefox
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620782365.989876
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Queries for potentially installed applications (6 个事件)
Time & API Arguments Status Return Repeated
1620782363.833876
RegOpenKeyExW
access: 0x00000001
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
options: 0
failed 2 0
1620782363.833876
RegOpenKeyExW
access: 0x00000001
base_handle: 0x80000002
key_handle: 0x000000e0
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
options: 0
success 0 0
1620782401.129876
RegOpenKeyExW
access: 0x00000001
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
options: 0
failed 2 0
1620782401.129876
RegOpenKeyExW
access: 0x00000001
base_handle: 0x80000002
key_handle: 0x000008c4
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
options: 0
success 0 0
1620782401.129876
RegOpenKeyExW
access: 0x00000001
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
options: 0
failed 2 0
1620782401.129876
RegOpenKeyExW
access: 0x00000001
base_handle: 0x80000002
key_handle: 0x000008c4
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
options: 0
success 0 0
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1620782401.145876
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Playtech WinClient Downloader/1.0
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Attempts to create or modify system certificates (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1620782370.754876
RegSetValueExA
key_handle: 0x000004c8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620782370.754876
RegSetValueExA
key_handle: 0x000004c8
value: 0aa¼F×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620782370.754876
RegSetValueExA
key_handle: 0x000004c8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620782370.754876
RegSetValueExW
key_handle: 0x000004c8
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620782370.754876
RegSetValueExA
key_handle: 0x000004e0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620782370.754876
RegSetValueExA
key_handle: 0x000004e0
value: 0aa¼F×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620782370.754876
RegSetValueExA
key_handle: 0x000004e0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620782370.801876
RegSetValueExW
key_handle: 0x000004c4
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1620782396.489876
RegSetValueExA
key_handle: 0x00000530
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620782396.489876
RegSetValueExA
key_handle: 0x00000530
value: ¸'¼F×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620782396.504876
RegSetValueExA
key_handle: 0x00000530
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620782396.504876
RegSetValueExW
key_handle: 0x00000530
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620782396.504876
RegSetValueExA
key_handle: 0x00000630
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620782396.504876
RegSetValueExA
key_handle: 0x00000630
value: ¸'¼F×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620782396.504876
RegSetValueExA
key_handle: 0x00000630
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
File has been identified by 30 AntiVirus engines on VirusTotal as malicious (30 个事件)
Elastic malicious (high confidence)
CAT-QuickHeal PUA.PlaytechPMF.S9225160
McAfee Playtech
Cylance Unsafe
SUPERAntiSpyware PUP.PlayTech/Variant
K7AntiVirus Adware ( 005295061 )
K7GW Adware ( 005295061 )
Invincea Generic ML PUA (PUA)
Cyren W32/Trojan.DOG.gen!Eldorado
ESET-NOD32 a variant of Win32/PlayTech.A potentially unwanted
APEX Malicious
NANO-Antivirus Trojan.Win32.Crossrider1.glrpkq
ViRobot Adware.Playtech.1719672.UWY
Avast Win32:PUP-gen [PUP]
Comodo Application.Win32.Playtech.DS@8m1bft
F-Secure Adware.ADWARE/Crossrider.onkgy
DrWeb Trojan.Crossrider1.63459
VIPRE Trojan.Win32.Generic!BT
Ikarus PUA.PlayTech
GData Win32.Application.Agent.JIY0N0
Webroot W32.Adware.Gen
Avira ADWARE/Crossrider.onkgy
Antiy-AVL GrayWare/Win32.PlayTech.FC71
Microsoft PUA:Win32/Playtech
AhnLab-V3 PUP/Win32.Playtech.R300843
Malwarebytes PUP.Optional.PlayTech
Yandex Riskware.Agent!
SentinelOne DFI - Suspicious PE
Fortinet Riskware/PlayTech.FC71
AVG Win32:PUP-gen [PUP]
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-11-13 16:34:35

Imports

Library WININET.dll:
0x51a4d8 InternetConnectW
0x51a4dc HttpSendRequestW
0x51a4e0 InternetSetOptionW
0x51a4e4 HttpQueryInfoW
0x51a4e8 InternetReadFile
0x51a4f0 InternetCloseHandle
0x51a4f8 InternetCrackUrlW
0x51a500 HttpOpenRequestW
0x51a504 InternetOpenW
Library VERSION.dll:
0x51a4c8 VerQueryValueW
0x51a4cc GetFileVersionInfoW
Library gdiplus.dll:
0x51a50c GdiplusStartup
0x51a510 GdiplusShutdown
0x51a518 GdipReleaseDC
0x51a51c GdipGetImageWidth
0x51a520 GdipCloneImage
0x51a524 GdipFillRectangleI
0x51a528 GdipCreateFromHDC
0x51a534 GdipDisposeImage
0x51a538 GdipAlloc
0x51a53c GdipCreateSolidFill
0x51a544 GdipDrawImageRectI
0x51a548 GdipDeleteGraphics
0x51a54c GdipSetPenMode
0x51a550 GdipGetImageHeight
0x51a554 GdipDeletePen
0x51a558 GdipFree
0x51a55c GdipDeleteBrush
0x51a560 GdipCreatePen1
Library PSAPI.DLL:
Library CRYPT32.dll:
0x51a054 CryptMsgClose
0x51a058 CertGetNameStringW
0x51a064 CertCloseStore
0x51a068 CryptMsgGetParam
0x51a06c CryptQueryObject
Library KERNEL32.dll:
0x51a0a4 EncodePointer
0x51a0a8 ReadConsoleInputA
0x51a0ac SetConsoleMode
0x51a0b0 IsValidCodePage
0x51a0b4 GetACP
0x51a0b8 GetOEMCP
0x51a0c4 GetVersionExW
0x51a0c8 WriteFile
0x51a0cc ReadFile
0x51a0d0 GetStdHandle
0x51a0d4 GetLastError
0x51a0e4 WideCharToMultiByte
0x51a0e8 MultiByteToWideChar
0x51a0ec GetFullPathNameW
0x51a0f0 CreateDirectoryW
0x51a0f4 SetFileTime
0x51a0f8 CreateFileW
0x51a0fc lstrlenW
0x51a100 RemoveDirectoryW
0x51a104 CloseHandle
0x51a108 DeleteFileW
0x51a10c SetFileAttributesW
0x51a110 FindFirstFileW
0x51a114 FindClose
0x51a118 FindNextFileW
0x51a11c GetFileSize
0x51a120 SetFilePointer
0x51a124 SetEndOfFile
0x51a128 GlobalMemoryStatus
0x51a12c GetModuleHandleW
0x51a130 GetProcAddress
0x51a134 GetSystemInfo
0x51a138 VirtualFree
0x51a13c VirtualAlloc
0x51a140 WaitForSingleObject
0x51a144 SetEvent
0x51a14c ResetEvent
0x51a150 CreateEventW
0x51a154 FindResourceExW
0x51a158 FindResourceW
0x51a15c LoadResource
0x51a160 LockResource
0x51a168 OutputDebugStringW
0x51a16c GetCurrentThreadId
0x51a170 GetCurrentProcessId
0x51a178 CreateThread
0x51a17c CopyFileW
0x51a180 GetFileAttributesW
0x51a184 lstrlenA
0x51a18c FlushFileBuffers
0x51a190 GetLongPathNameW
0x51a194 GetVersion
0x51a198 MapViewOfFile
0x51a19c UnmapViewOfFile
0x51a1a0 FlushViewOfFile
0x51a1a4 Sleep
0x51a1a8 GetModuleFileNameW
0x51a1ac CreateFileMappingW
0x51a1b0 GetCurrentProcess
0x51a1b4 OpenProcess
0x51a1b8 TerminateProcess
0x51a1bc Process32FirstW
0x51a1c0 Process32NextW
0x51a1c8 HeapAlloc
0x51a1cc HeapFree
0x51a1d0 GetProcessHeap
0x51a1d4 GetTickCount
0x51a1d8 GetExitCodeProcess
0x51a1e0 GetProcessId
0x51a1e4 LocalAlloc
0x51a1e8 LocalFree
0x51a1f0 GlobalLock
0x51a1f4 GlobalAlloc
0x51a1f8 MulDiv
0x51a1fc lstrcmpW
0x51a200 GlobalUnlock
0x51a208 RaiseException
0x51a20c SetLastError
0x51a210 GlobalFree
0x51a214 GlobalHandle
0x51a218 FreeLibrary
0x51a21c LoadLibraryExW
0x51a220 lstrcmpiW
0x51a224 GetModuleHandleA
0x51a228 GetFileType
0x51a230 LoadLibraryA
0x51a234 GetVersionExA
0x51a244 TlsAlloc
0x51a248 TlsGetValue
0x51a24c TlsSetValue
0x51a250 TlsFree
0x51a254 GetStartupInfoW
0x51a258 HeapSize
0x51a25c RtlUnwind
0x51a260 GetConsoleCP
0x51a264 SetFilePointerEx
0x51a268 GetStringTypeW
0x51a26c LoadLibraryW
0x51a278 ReadConsoleW
0x51a27c IsDebuggerPresent
0x51a284 HeapReAlloc
0x51a288 ExitThread
0x51a290 GetLocalTime
0x51a298 GetCPInfo
0x51a29c GetModuleHandleExW
0x51a2a0 WriteConsoleW
0x51a2a4 GetCommandLineW
0x51a2a8 ExitProcess
0x51a2ac AreFileApisANSI
0x51a2b4 GetConsoleMode
0x51a2b8 SetStdHandle
0x51a2bc GetLocaleInfoW
0x51a2c0 IsValidLocale
0x51a2c4 GetUserDefaultLCID
0x51a2c8 EnumSystemLocalesW
0x51a2cc CompareStringW
0x51a2d0 LCMapStringW
0x51a2d8 HeapDestroy
0x51a2e0 InitializeSListHead
0x51a2ec SizeofResource
0x51a2f0 DecodePointer
Library USER32.dll:
0x51a368 EndPaint
0x51a36c GetMessageW
0x51a378 MessageBoxA
0x51a37c CallNextHookEx
0x51a380 GetClientRect
0x51a388 SetFocus
0x51a38c GetMenuItemInfoW
0x51a390 BeginPaint
0x51a394 GetClassInfoExW
0x51a398 TranslateMessage
0x51a3a0 IsDialogMessageW
0x51a3a4 RegisterClassExW
0x51a3a8 GetWindowPlacement
0x51a3b0 CheckMenuRadioItem
0x51a3b4 GetWindowTextW
0x51a3b8 PeekMessageW
0x51a3bc GetClassNameW
0x51a3c0 ReleaseDC
0x51a3c4 GetDlgItem
0x51a3c8 SetWindowLongW
0x51a3cc EndDialog
0x51a3d0 RedrawWindow
0x51a3d4 SendDlgItemMessageW
0x51a3d8 GetSysColor
0x51a3dc IsWindow
0x51a3e0 SetMenuDefaultItem
0x51a3e4 SetWindowsHookExW
0x51a3e8 UnhookWindowsHookEx
0x51a3ec ReleaseCapture
0x51a3f0 ClientToScreen
0x51a3f4 GetParent
0x51a3f8 EnableWindow
0x51a3fc SetWindowTextW
0x51a400 SetMenuItemInfoW
0x51a404 CallWindowProcW
0x51a408 DestroyWindow
0x51a414 SetTimer
0x51a418 ScreenToClient
0x51a41c MapDialogRect
0x51a420 CharNextW
0x51a428 FillRect
0x51a42c IsChild
0x51a430 GetWindow
0x51a434 MoveWindow
0x51a438 DispatchMessageW
0x51a43c KillTimer
0x51a440 InvalidateRect
0x51a444 GetWindowLongW
0x51a448 GetDesktopWindow
0x51a44c GetLastInputInfo
0x51a454 GetSystemMetrics
0x51a458 SwitchToThisWindow
0x51a45c UpdateLayeredWindow
0x51a460 GetWindowRect
0x51a464 PostQuitMessage
0x51a468 UnregisterClassW
0x51a46c LoadCursorW
0x51a470 GetDC
0x51a474 LoadIconW
0x51a47c SetWindowPos
0x51a480 ShowWindow
0x51a484 FindWindowExW
0x51a488 CreateWindowExW
0x51a48c MessageBoxW
0x51a490 RegisterClassW
0x51a494 ValidateRect
0x51a498 DefWindowProcW
0x51a49c PostMessageW
0x51a4a0 EnumWindows
0x51a4a8 SetCapture
0x51a4ac GetFocus
0x51a4b0 SetDlgItemTextW
0x51a4b4 AnimateWindow
0x51a4b8 CharUpperW
0x51a4bc SendMessageW
0x51a4c0 InvalidateRgn
Library GDI32.dll:
0x51a074 BitBlt
0x51a078 DeleteDC
0x51a07c CreateDIBSection
0x51a080 CreateSolidBrush
0x51a084 SelectObject
0x51a08c GetStockObject
0x51a090 GetObjectW
0x51a094 GetDeviceCaps
0x51a098 CreateCompatibleDC
0x51a09c DeleteObject
Library ADVAPI32.dll:
0x51a000 OpenProcessToken
0x51a004 RegOpenKeyExW
0x51a008 RegCloseKey
0x51a014 GetTokenInformation
0x51a018 RegSetValueW
0x51a01c RegDeleteKeyW
0x51a020 LookupAccountSidW
0x51a024 RegEnumKeyExW
0x51a028 RegCreateKeyExW
0x51a02c RegDeleteValueW
0x51a030 RegSetValueExW
0x51a034 RegQueryInfoKeyW
0x51a03c ReportEventA
0x51a044 RegQueryValueExW
Library SHELL32.dll:
0x51a334 ExtractIconW
0x51a338 SHFileOperationW
0x51a33c ShellExecuteW
0x51a340 ShellExecuteExW
0x51a34c SHBrowseForFolderW
0x51a350 SHGetDesktopFolder
Library ole32.dll:
0x51a568 CoCreateInstance
0x51a56c CoCreateGuid
0x51a570 OleLockRunning
0x51a574 CLSIDFromProgID
0x51a578 CLSIDFromString
0x51a580 StringFromGUID2
0x51a584 OleInitialize
0x51a588 OleUninitialize
0x51a58c CoTaskMemFree
0x51a590 CoGetClassObject
0x51a594 CoTaskMemAlloc
0x51a598 CoUninitialize
0x51a59c CoTaskMemRealloc
0x51a5a0 CoInitialize
Library OLEAUT32.dll:
0x51a2f8 SysFreeString
0x51a2fc VariantClear
0x51a300 VariantCopy
0x51a304 SysStringLen
0x51a308 VariantInit
0x51a30c SysAllocStringLen
0x51a310 DispCallFunc
0x51a314 LoadTypeLib
0x51a31c LoadRegTypeLib
0x51a320 VarUI4FromStr
0x51a324 SysAllocString
Library SHLWAPI.dll:
0x51a358
0x51a35c UrlEscapeW
Library COMCTL32.dll:

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49205 113.108.239.194 r1---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49206 113.108.239.196 r3---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49182 124.225.105.97 www.download.windowsupdate.com 80
192.168.56.101 49183 124.225.105.97 www.download.windowsupdate.com 80
192.168.56.101 49185 151.139.128.14 ocsp.usertrust.com 80
192.168.56.101 49186 151.139.128.14 ocsp.usertrust.com 80
192.168.56.101 49187 151.139.128.14 ocsp.usertrust.com 80
192.168.56.101 49188 151.139.128.14 ocsp.usertrust.com 80
192.168.56.101 49189 151.139.128.14 ocsp.usertrust.com 80
192.168.56.101 49192 151.139.128.14 ocsp.usertrust.com 80
192.168.56.101 49195 151.139.128.14 ocsp.usertrust.com 80
192.168.56.101 49196 151.139.128.14 ocsp.usertrust.com 80
192.168.56.101 49200 203.208.40.34 update.googleapis.com 443
192.168.56.101 49204 203.208.41.65 redirector.gvt1.com 80
192.168.56.101 49178 205.185.208.154 c6m7w2m9.ssl.hwcdn.net 443
192.168.56.101 49179 205.185.208.154 c6m7w2m9.ssl.hwcdn.net 443
192.168.56.101 49190 205.185.208.154 c6m7w2m9.ssl.hwcdn.net 443
192.168.56.101 49198 205.185.208.154 c6m7w2m9.ssl.hwcdn.net 443
192.168.56.101 49193 52.218.56.196 fallback.playtech-installer.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 50849 114.114.114.114 53
192.168.56.101 50921 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 52124 114.114.114.114 53
192.168.56.101 53500 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55331 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 55737 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 56743 114.114.114.114 53
192.168.56.101 57069 114.114.114.114 53
192.168.56.101 58656 114.114.114.114 53
192.168.56.101 58970 114.114.114.114 53
192.168.56.101 59990 114.114.114.114 53
192.168.56.101 60761 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 64877 114.114.114.114 53

HTTP & HTTPS Requests

URI Data
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab 
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Cache-Control: max-age = 3600
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 03 Mar 2021 06:32:16 GMT
If-None-Match: "0d8f4f3f6fd71:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.download.windowsupdate.com
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.usertrust.com
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com
http://fallback.playtech-installer.com/playtech_compressed_assets/casino_casinocom/index.7ze 
GET /playtech_compressed_assets/casino_casinocom/index.7ze HTTP/1.1
Accept: */*
C: \Users\Administrator.Oskar-PC\AppData\Local\Temp\2EE21763773B43CA872B9DDD90FB2D06\index.7ze
User-Agent: Playtech WinClient Downloader/1.0
Host: fallback.playtech-installer.com
Connection: Keep-Alive
Cache-Control: no-cache
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.comodoca.com
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620753140&mv=m&mvi=1&pl=23&shardbypass=yes 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620753140&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r1---sn-j5o7dn7e.gvt1.com
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEHSfdSPcp6pyLdnEz5lZ6ec%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEHSfdSPcp6pyLdnEz5lZ6ec%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.sectigo.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=a14531040ea67fbb&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620753373&mv=m&mvi=3 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=a14531040ea67fbb&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620753373&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl 
GET /USERTrustRSACertificationAuthority.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.usertrust.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.