SmartHawk

9.8

极危

该样本未表现出任何异常！

重新分析

下载样本

96015697cd77fa469796eedca61ddede506d57b1df32f8030a80c2237aa3b2f8

786197577fddb56aaab956ad6f90d0c8.exe

分析耗时

106s

最近分析

文件大小

869.4KB

静态报毒动态报毒

未检测暂无鹰眼引擎检测结果

未检测暂无反病毒引擎检测结果

This executable is signed

Tries to locate where the browsers are installed (3 个事件)

registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
registry	HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Mozilla Firefox
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620762825.125 GlobalMemoryStatusEx		success	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

.ndata

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)

suspicious_features

POST method with no referer header

suspicious_request

POST https://update.googleapis.com/service/update2?cup2key=10:3877898360&cup2hreq=1c9096c913d63135b5e4b9748b7398178684f886146eae4011107a974481f383

Performs some HTTP requests (21 个事件)

request	GET http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
request	GET http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
request	GET http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
request	GET http://fallback.playtech-installer.com/playtech_compressed_assets/casino_william_hill/index.7ze
request	GET http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEHSfdSPcp6pyLdnEz5lZ6ec%3D
request	GET http://fallback.playtech-installer.com/playtech_compressed_assets/casino_william_hill/templates/installer/whc_new_notif.7ze
request	HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request	HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620771620&mv=m&mvi=1&pl=23&shardbypass=yes
request	HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=fa7e7bc256ed127c&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620771620&mv=m&mvi=3
request	GET http://fallback.playtech-installer.com/playtech_cabs/casino_william_hill/casino[en].cab
request	GET https://c6m7w2m9.ssl.hwcdn.net/playtech_compressed_assets/casino_william_hill/templates/installer/whc_new_notif.7ze
request	GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=dq2hiufU0qxxSi3cug8qmstXxZjlOpfH9QkxjgFb%2FsXF6yg061rR21jZfcaYlq%2B5lyKm6wVEZ4K1%2BDZi9IIAfieHjGQf8GIKDVOfFGDXOi7cFsynXsbMON9AIfR8MurW6T86Cdh2nmKyzJzH3MHUDJydghvKr54c7nGaWC6hLww6tobyg2qmK3b3CgsXTowJp%2FSPWoZ6b8W9D%2BFZXX7oiwMvYLdfvGXAJkVHrP6ixMPnBLtNLzmWJBIknDZW3t8g9rkGwPt6T4g7haTjl3mNH4869T2vtayKT9sZEAkh5RjV8kfThvuBbfZiy5Jwhop7iP8HxMRnZFfbmFYBb3%2FzXGGmfT08z9TiVgcwGJNW2CH1BDmWmNzfaH5TSPHURer%2BvC3Ts3JNMFqElU7msmA%2BdlM9Wbf%2BHvUm1GIQ0f2Ye0mhcvBqzAdfQjoHGGAVyfxC3xM5h15oND0pudMLEx%2FeJmSE2YEvtiIr10fR7KIRGrVfrhyL4l4lc%2FyCLIrRG3aqEaTFnAygWRJyMXpp6%2FhF3MPjdWw4%2BhLx%2FHMVgJNL%2BWQ2qweceIemJzOVE%2FV3uHMDpeqvaVNBhWHn3yj50Gf2jmsyXTVBDbV09z1P7T75KQjNAvwvKBOCS8R569TywdA3yveAE7ZU%2F8sBAcddi7jRmQxCZpUkUsroM%2FTulRt%2F8b4%3D
request	POST https://update.googleapis.com/service/update2?cup2key=10:3877898360&cup2hreq=1c9096c913d63135b5e4b9748b7398178684f886146eae4011107a974481f383
request	GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=LG1WRkIyAcySO4HdRLyrjBk8m9d3wNHfm9AuyTFEnLuKDrtPJGIefwU91CQl4rZt4cibaen9WCuouCGszucwBgRdJ7MsUNouyFOIQHAvZf5FgxY3e3nbYqPje08rw0pVaEZEmuZ2v7i8oadIpUpl2PGq7X4ZbeFfR4JudjHWClXtz%2FOQbrSGCWsw7uvwK%2BrmTSMM5JzOSj%2FhJp49VllTxAz1lvuqe6cTzqe0RSO9tg6izxg9kDp6uXkImqF2V37Eu2DCFGEq6dkhsweBXyXNGCzyFO6mdpVlVBm%2FfpJ1JYQv3%2FeXu7MSNISKrz78C81pKt8uocpj8yf0PeOFjghVnfFqpFDCiX7ZTF%2BuRRbfTy80ukUHrt69ID6ee3%2BZ8Mt%2BzyLp%2Bka9OFm3tjwDPOslCT5QkS%2F%2BgnnMgwSJjObWS4zfQyp7Z5DeqYJjMNxMbTs36CQOZYPe9UjV4f%2BAOwp0i13K%2FdJxOpUFKS6bwYfkFHKpZiww1yxxa6R1WCvAOpNcEb2LRget%2FEU7F2puCnu8muaz7a2hTqbfIu%2BbPZS3Pq0C7CNZe6B3kSjz7N11H8m7yqbO0rmjEDxIBRiXlNVdpMOWfbczgjdIZaJRUc%2B9Pmc8DTGZIAD0t88iiOAzQZ4ZbHxnXai9LM%2F4bjQE8RTdO%2FmpDpkeahBYjiThEqIGttM%3D
request	GET https://c6m7w2m9.ssl.hwcdn.net/playtech_cabs/casino_william_hill/casino[en].cab
request	GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=Xc68CpeiuZtLH59a6Zo2jDRi%2BoTqEe4bSPojulssZwkzkfhi4IWBiZDzBvxQFCucjbf5TieXxaC%2B0LKwc3sYsC7ngudiOOZZImS28VrEs98UIG76oFfaYI37lK%2FrsqVE8%2FBl9SfSl6hrRXtFWs6idlPwMgWWkqjOxbbh%2Bt6YsRRNw%2BsZAPhlOzX9y4Mj8IL3QjdB%2BbvtyK14MyyUZSLMSmxf5qvJITOtQEc9B1JzWriSCQnxHxpCn%2BcFIlzg7sJEjsPBbnldL519Y12P67mBdhcemOjL5KNkvasZh%2BqgeKxc00G7VFqUbGfNnu79qqySY6HMQnFw%2Fo9xnMRRJAjQjK245t50cKgmw4QIyeQODJoROwZ7AncwoFnxoWDE90qEe2beQgBzuSc1Ns8if9msCPPB3y6uiRxbvTod26ixV9N8Gr9BPYKPkqj2gZV7LaXCCmVkjQMUFkQQExVFXmQVMAkwgWCxye5D7Jn7vMQ8NmNOjtI36yZc0Bmm%2BBaQUebehfyip%2By7GOS9gUlDY7MQqALbB6ec2Txd%2BrreOJIZfwALFetdcilfM1UofdwsoobdFeiUg5O7IllX5VwNc8vlHgDWJP3i8YA5ld9Ns6ZgNEGJCvop5SZHHUAnnW8%2F3oBQAI57dHjEp13dafh3BT7AENBaTidqtdSb0hwvS7K%2B8Q0%3D
request	GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=uZgJVjhvglm0Q0g29Bzt3EdfIOc0uNnnRvmvNc22RsEQruf7nYPaSnxuwmmE17OlbHzNO%2F7qZvnowOPTKybcwbEPAigv1HBI%2FygD214T%2Bu1LzsearBz%2BQ%2BNfySoPISUhY%2FJfXKkpChid2xuRTEbGKyQm4olu5jGTJf1WhYv8lw1rPZnPcwIODZZkBRfQXXWGOUBY%2FZg4at0w2wXfVccgULxIuXYETENGcmumKEG1tvuKmJ%2FH700V%2BocA5oG2oTISNqk9vJKnS2uxf0mxQ5sEXu8k7zsRHmm%2BP%2B%2FWsWdBfjArPUm5P55x3T4e35MD836AEipp3etfQ66kQJRxTKFDAVp%2B1mrPHUbK2SbGCYHeXkHu2vtvaTmZydHmbpU%2FzbqiDrMWnCCVp9z3WZN06WieyIwPt2LJyMBnB0oRHj1z61JoUMcBOlQLfCWlLOIUR8g0vFvR8aGJVkIKLoEXQvjO%2F45qm96FbVzjOqI6z37CjAa9yNnDFREBOa4U8sPLyUdTj0fuQORJJuAN%2FQcOUR%2F55ZRGc4uCHprR038NVFKO1saZV9bfwJH3b11kPPPlP5ZIAMegWlHSdoSL6dvF5OPz5XsJJ9zR01sjmLrJpEetjOp%2FdeV2vRyEF9eql8BJibi%2FhHxqkt3gGqBL56Ik66HyovNHl%2BTz%2F23WkBRASbQD0Eg%3D
request	GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=Pk%2BkEwu1v4yNgnnmmI96rSM%2FGEcAIitRUibJ4Hkr713ajMobU97vKN9PWt4iIKtXYiZhD7JEt2ujfml8nrAw%2Bgd3Zrgm%2Bt6C72iXvBdip%2B9pCLtq%2BWisXXQKW2j1wS1kUEcFQZLyLbOMB%2FKQrK7eE9HoY0EvOcvvWc7qrkc4It%2BLKHqk41AFwfTYorYYZ3eqGp%2B2OHEoskiH0ZMqDe9a8e3M87RFKtNZY%2FypAUVdg6VNQ%2BO3dBT21X%2B%2BMuCZqfyvShFvMgweUiPOkvvBGbGxHU%2FtpZi8ybwNaoOZYSSzIoC5bl6MhurPxbYiyaOXY1L3NbYyuRQ2PURjVgcRkAGV%2BoVFZTVi%2Fi7hY9IM%2FDJ%2FZ0j73MAyH%2FT5iYAo5tjX9feNsBUoROmOi25RpL0j7ITJ4yQCHRQKKJSLlwxNMh6b8E7kmetqecXiAClp8s8dQVZw6Hl%2ByJjQP%2FZegPstf3S4FV7ZVxmANV15EHMZMRBl7r8nziG3g2EWfWojCEU7tq%2BKXaXT1X28oN8Bo1iKx2iyVX0j7RLUrFKqHe%2BQhsQI1SazK5ex6ZPlD88%2FB6bXLwsPz9ALAKha%2BP9lTLpMVWoLXb0D%2FxGJwawv4BCt8XXRgdIi4Cgf2Q2OvIf%2FaIZiLanwrRPqP7Gu%2FuHqPQhxB7F4aS0TewRs91PZCB5jFiYvsuE%3D
request	GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=WydE%2FFql6JtdaINIgk54QN0q9M5JfZw5XYCmuKVZrsX6OKtJkE6CcgH8Sul3fodPbALpR%2Fvmz%2F55BL1cQRi3AhGc4HPgNMpu5Qncl66ogm%2Bm7pSR8ma4ImwMs%2FJejXPak65uWPgRr0HIJXW110%2BRuU%2FGJXcvUjn9sxcRYpqVBVzAZFwvQL6ilk1xzJUoiUc2TxFbSYgObsFwpNThdVBERxX4npNfh6Pgqo828Q5l9GRtKEqicvURkEjn1IQ8khihb2HGeeG5MKnR3tgy9xSACW8Y3aXDfoRLsfccs10HZ3LgRqRo0YTKsw2Ok2l44sFXnzFNOMxCbg8gPn9OZJu7286zfnW6qbDV2cPOzsJKseNZ5NGp2LmPYK6s8%2BNUaeh7JkxP2EGlUjTdLju7f2MPi4JCRex2AAce5VfFtinKoPGAGBphI389KpAipCFPB65FdtXYA8UxEO7RzmZMBgxubckFNgKNRVo0BvWJ5gVeFxEv0yYJyEbr4%2BTyqlmPG93%2FTuZoxdm16gvf4lKYY4InWADGSbgMqD40bQQnNSh413waebN1pqQjoNoVctPWPKj29arFGTZ1tWmk%2FyoGkNk3UOZBgGxd%2BXY%2FAJEiKlOe3jcHiHhP0STQcv0%2BcoNn49naK5yB2Ve5lBQJlGnlR45xi4FhL1V52fiQ1dj9FZQojY4%3D
request	GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=hInrY4bXAK2EAEXbakTfx17fx9rlI2FFLTwa7XN%2BfR4i6edGGydh%2BLaeUBd3cAFFqfIU41QaG8l32d8TsuFk808%2FpFUEoQNZDYAplx6yehGmYacAK%2BfXzVNOe9a93Yr9hHywioaWkb1te%2BSs6Pjvpi77X0e0WNi3ZxftUqQCW2pZjPZ%2BKFkf67c9HsIsxxU652tbbDCPtNT3jgMQgw8yF%2FBB3coC%2FgCPVFshgt5VVggnxjN0wR%2BwMh5Tq0ccxWjYlijpsPwCVq9RL4UvS7ARMDdP2h0X72tuqkrfDrtmA5byM40m4c3jACeHFWYxq6ba134QeBU3C6QEu5vuIhWvPQ8wcYWvaGiZxxb3YhIS8cfbwabgDMqKZhypp6yyDicxMM1HWxp1%2FRw3Ylk7OgcjTnIdsPtddLaBbGZdqJ4VtvAeiayl6yDxqNVMsgKOqbrz%2Fb8RrDSaMsPJ7eUOQlWu34n5BLgdix2mEiX%2BBtNpNJP%2Fyq9Fkj0sGpwum%2FMHIBC9aE3rw0ce%2FvlhbxerYIw%2FHDiRrq3ueTGFvO7M%2Bd1BUHB%2FTr4cJDG4oezJPJJtSeugXthK0%2FWeKmrp4MPjUewVQllQW2CS5WHWFHcz7oPjf1NzNM8s%2Fi149dxVP7K%2B5gAokkrT%2FpyURQtjNaah%2BjIRDoEywxsMkwRcd8g3R6t3hq8suM5irYUCm3xt88DlnMWo7Zz%2F33jh5ISAEWsZz7ZqfwWefkQHIYiuZIUSe2bSQpckyrHzFi1g%2FYYKczyP%2BMqCXc%2FXParQ5r2ESEJRhd3HWMhhDaucIDpWcX%2FjZ%2BqBzXq9i%2F%2FlWrcV87qyH6ELBilUxyUsG4%2BXDVCi%2FVeDz7zpxZxY%2B48JspCXq20OHyvNBs9kURP9cfW%2FCMFzSf%2Ba485tzghJaZ%2BEytWxnH5kF7dMGb0uRTx5qgEWkQqACyKoYnOSrL9qpkdhYL8a1E7n1lEsNm4D1br88z%2F%2B6wCFvp%2FN2VNCGg9HSNZafHKcgJulgL3czdG29rbKJdR50IO85abEyQs%2B6A9px2blAUvM7DM%2FF0uSb9sNie6mRUVRaJ13THynBdRGR3B486U%2FLaAExPCSs%2BwYoKJa5QGFJRWh5Mykqn37iooczGOI749dgWAioRoyIB%2BdB9YVxG7NzYTTbDl4Gm4zkRdEbPwJjd4Q%2F2yv%2BMGIhTsdFGhguLtgeZJDZWr%2F5iDfJepxw9TqiDmu7cZWhzPXTveGjtSEkaA2wW4MbPwJW9oQH%2BQFjRB7k0TnHfi580nweTbJ%2BldeoNaBj3Nc2xcuXXHI%2F3tnSuwZExNMmTImm5b9R%2BY6gl6pWJvYxq1E4dAfE9DTkZ5S9SiPrVMuHpwoaG3J0iTnyjsqCj5BxA%3D%3D
request	GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=LJ5BgM4lLwwxJHuEM%2FPXKUY0z%2FvrdN%2BVLe2IdiiHOQjTMIAT%2F6u4zh%2BkOmP2zCxOrLxjv1eH0Xq9FCKibf2xMb2RKGa9Qu2rA1QblzanBHJf4WtLAYVKXrdFb2%2BUkpce8T%2FT1djnF3c6WFw3vIj6N%2BnSbnI9tCvOxo8YsPumhsFimXbffY2YnyG8%2FapnILlDioYGxdDmN3bazZobdZARlENyNHK9p0MID8QO0cEC7rBKJd%2B3Btl2k66WGxaugDTVDoFyizyl6xP4Ses4alROGrRSrvZgJvj6%2FdEGdRjtY9bNRqW%2FliGAd%2F7t8dlMog%2Fj4JkgbQ%2FvF5nr1TlbHw%2FJLxIEPtdC9GRfSUl%2FGllwJ3CzT0nBzbOWnfDLwRMj0IgMq6OX76DsDW9PweQfqw0rtJFpYO6tAcq23Jv%2F95%2BzzlWnapZWog61SqoSl0VDrzrTabAsGMF01y7OFps72PIj%2B4PADorkxPo6kiwGVeOoMTPLbHbE8PboL36xa2wmw9ng5pj9EPJW%2BH2avt88SlmrFULCXICre8A8gy8aXvzesB4wwNRV1qfRZKau2gL5wedusqTmZX0UlYymGm1JvGjILfQgBLd%2BNciseQWhrJp9%2BEbDrZoTKjCMjhpb8YZtli6U2SUrrvIj2GcwnIAe8GA%2B3BP9hxyC67sQUnmNQu7k96F%2BJ6Rah41ndDVkwg5b58g%2B4SRROxn6Bkf6GbUHwu8NSAJHMy09hqzps%2FEUCiCq4qN7VG2N6sqOAxv7n2FyjJ%2F9TFFLGu%2BMv19lK%2BX8KZfUWCY9h7BNecmb%2Fkz1UnTN5CZ86riqXM2TzN9usomC0OZLsTWll2WRKUN2EdOq0zEA%2F8ybIhW%2BvldaduFzi7DCqWlhNY7VaznkrzrRwOwvurGAWMpnRfbHwk5yqyI3BvSOVtr9Oi91oigIdIEGLKdcSfAOPvJq5Y8NZjumuvK78n90dLI5hQPvIA1owpz1lzFztHllofUcO%2FRZiHyvyiQGi7%2Bdcg4x5d0bN6j4cbfHaJUpoAk2Fq7HPPTULUnQ5C%2F%2FdpMms5%2Fb2Z6UHZLk8V%2Bz6bWAH%2Bkb8N8sKzrGg6ObYg0BGvSaqWOGEBGAPm0rqt%2FKXJ8L%2BNpG27HcSGhrH6%2Fm2o8XneuBqRSa6QF72nO05dz%2BWU1nH%2Fm1xyYQV1Wh1Q32n7aur0qXDs4EXMrVuw2DtB6oSM7EXkXdxMLvT3usVoIQzQb2urq0e1ReYpNvvVnEX9b9wjjAaM%2BvfYsdKBZE5wBBDJKjdvvbiLBPVJSzKBW%2FEPhQTrpoc29xRDx%2F3BvH4a3HU8HjpVehKzeIG%2FKxpUxl9%2F43yaBC5iHBVub9HhELU1aLM0lBJpJlRhUyHeWF0A%3D%3D

Sends data using the HTTP POST Method (1 个事件)

request

POST https://update.googleapis.com/service/update2?cup2key=10:3877898360&cup2hreq=1c9096c913d63135b5e4b9748b7398178684f886146eae4011107a974481f383

Allocates read-write-execute memory (usually to unpack itself) (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1620800645.351874 NtAllocateVirtualMemory	process_identifier: 2764 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02aa0000	success	0	0
1620800707.711499 NtAllocateVirtualMemory	process_identifier: 1424 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x0000000004200000	success	0	0

Checks whether any human activity is being performed by constantly checking whether the foreground window changed

Steals private information from local Internet browsers (2 个事件)

registry	HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox
registry	HKEY_CURRENT_USER\Software\Mozilla\Mozilla Firefox

Creates executable files on the filesystem (3 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsx7C03.tmp\StdUtils.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsx7C03.tmp\internal786197577fddb56aaab956ad6f90d0c8.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\23B4D9439442473B8F5A8CF5FF07733E\whc_new_notif\js\template.js

Drops an executable to the user AppData folder (2 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsx7C03.tmp\StdUtils.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsx7C03.tmp\internal786197577fddb56aaab956ad6f90d0c8.exe

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (5 个事件)

Time & API	Arguments	Status	Return
1620800716.304874 Process32NextW	process_name: GoogleUpdate.exe snapshot_handle: 0x00000334 process_identifier: 3364	success	1
1620800716.304874 Process32NextW	process_name: GoogleUpdate.exe snapshot_handle: 0x00000334 process_identifier: 3448	success	1
1620800716.304874 Process32NextW	process_name: sppsvc.exe snapshot_handle: 0x00000334 process_identifier: 3496	success	1
1620800716.304874 Process32NextW	process_name: GoogleUpdate.exe snapshot_handle: 0x00000334 process_identifier: 3628	success	1
1620800716.304874 Process32NextW	process_name: inject-x64.exe snapshot_handle: 0x00000334 process_identifier: 3740	success	1

Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620800654.367874 GetAdaptersAddresses	flags: 0 family: 0	failed	111	0

Checks for the Locally Unique Identifier on the system for a suspicious privilege (4 个事件)

Time & API	Arguments	Status	Return
1620800716.289874 LookupPrivilegeValueW	system_name: privilege_name: SeDebugPrivilege	success	1
1620800716.304874 LookupPrivilegeValueW	system_name: privilege_name: SeDebugPrivilege	success	1
1620800716.320874 LookupPrivilegeValueW	system_name: privilege_name: SeDebugPrivilege	success	1
1620800716.320874 LookupPrivilegeValueW	system_name: privilege_name: SeDebugPrivilege	success	1

Queries for potentially installed applications (6 个事件)

Time & API	Arguments	Status	Return
1620800643.758874 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000001 key_handle: 0x00000000 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome options: 0	failed	2
1620800643.758874 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000002 key_handle: 0x000000dc regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome options: 0	success	0
1620800684.726874 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000001 key_handle: 0x00000000 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome options: 0	failed	2
1620800684.726874 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000002 key_handle: 0x000006b0 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome options: 0	success	0
1620800684.726874 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000001 key_handle: 0x00000000 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome options: 0	failed	2
1620800684.726874 RegOpenKeyExW	access: 0x00000001 base_handle: 0x80000002 key_handle: 0x000006b0 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome options: 0	success	0

Reads the systems User Agent and subsequently performs requests (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620800684.758874 InternetOpenW	proxy_bypass: access_type: 0 proxy_name: flags: 0 user_agent: Playtech WinClient Downloader/1.0	success	13369348	0

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Attempts to create or modify system certificates (1 个事件)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob

Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)

Time & API	Arguments	Status
1620800657.289874 RegSetValueExA	key_handle: 0x00000530 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason	success
1620800657.289874 RegSetValueExA	key_handle: 0x00000530 value: N4ÓF× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime	success
1620800657.289874 RegSetValueExA	key_handle: 0x00000530 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision	success
1620800657.289874 RegSetValueExW	key_handle: 0x00000530 value: 网络 2 regkey_r: WpadNetworkName reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName	success
1620800657.289874 RegSetValueExA	key_handle: 0x00000548 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason	success
1620800657.289874 RegSetValueExA	key_handle: 0x00000548 value: N4ÓF× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime	success
1620800657.289874 RegSetValueExA	key_handle: 0x00000548 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision	success
1620800657.304874 RegSetValueExW	key_handle: 0x0000052c value: {40112ABE-63B3-43C3-BE93-1440EE3AF106} regkey_r: WpadLastNetwork reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork	success
1620800680.258874 RegSetValueExA	key_handle: 0x00000648 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason	success
1620800680.258874 RegSetValueExA	key_handle: 0x00000648 value: ç*ÓF× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime	success
1620800680.258874 RegSetValueExA	key_handle: 0x00000648 value: 0 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision	success
1620800680.258874 RegSetValueExW	key_handle: 0x00000648 value: 网络 2 regkey_r: WpadNetworkName reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName	success
1620800680.258874 RegSetValueExA	key_handle: 0x00000594 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason	success
1620800680.258874 RegSetValueExA	key_handle: 0x00000594 value: ç*ÓF× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime	success
1620800680.258874 RegSetValueExA	key_handle: 0x00000594 value: 0 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision	success

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (5 个事件)

dead_host	172.217.160.110:443
dead_host	172.217.24.14:443
dead_host	192.168.56.101:49202
dead_host	192.168.56.101:49200
dead_host	192.168.56.101:49206

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2012-02-19 23:01:49

Imports

Library ADVAPI32.dll:

• 0x429340 RegCloseKey

• 0x429344 RegCreateKeyExA

• 0x429348 RegDeleteKeyA

• 0x42934c RegDeleteValueA

• 0x429350 RegEnumKeyA

• 0x429354 RegEnumValueA

• 0x429358 RegOpenKeyExA

• 0x42935c RegQueryValueExA

• 0x429360 RegSetValueExA

Library COMCTL32.DLL:

• 0x429368 ImageList_AddMasked

• 0x42936c ImageList_Create

• 0x429370 ImageList_Destroy

• 0x429374 InitCommonControls

Library GDI32.dll:

• 0x42937c CreateBrushIndirect

• 0x429380 CreateFontIndirectA

• 0x429384 DeleteObject

• 0x429388 GetDeviceCaps

• 0x42938c SelectObject

• 0x429390 SetBkColor

• 0x429394 SetBkMode

• 0x429398 SetTextColor

Library KERNEL32.dll:

• 0x4293a0 CloseHandle

• 0x4293a4 CompareFileTime

• 0x4293a8 CopyFileA

• 0x4293ac CreateDirectoryA

• 0x4293b0 CreateFileA

• 0x4293b4 CreateProcessA

• 0x4293b8 CreateThread

• 0x4293bc DeleteFileA

• 0x4293c0 ExitProcess

• 0x4293c4 ExpandEnvironmentStringsA

• 0x4293c8 FindClose

• 0x4293cc FindFirstFileA

• 0x4293d0 FindNextFileA

• 0x4293d4 FreeLibrary

• 0x4293d8 GetCommandLineA

• 0x4293dc GetCurrentProcess

• 0x4293e0 GetDiskFreeSpaceA

• 0x4293e4 GetExitCodeProcess

• 0x4293e8 GetFileAttributesA

• 0x4293ec GetFileSize

• 0x4293f0 GetFullPathNameA

• 0x4293f4 GetLastError

• 0x4293f8 GetModuleFileNameA

• 0x4293fc GetModuleHandleA

• 0x429400 GetPrivateProfileStringA

• 0x429404 GetProcAddress

• 0x429408 GetShortPathNameA

• 0x42940c GetSystemDirectoryA

• 0x429410 GetTempFileNameA

• 0x429414 GetTempPathA

• 0x429418 GetTickCount

• 0x42941c GetVersion

• 0x429420 GetWindowsDirectoryA

• 0x429424 GlobalAlloc

• 0x429428 GlobalFree

• 0x42942c GlobalLock

• 0x429430 GlobalUnlock

• 0x429434 LoadLibraryA

• 0x429438 LoadLibraryExA

• 0x42943c MoveFileA

• 0x429440 MulDiv

• 0x429444 MultiByteToWideChar

• 0x429448 ReadFile

• 0x42944c RemoveDirectoryA

• 0x429450 SearchPathA

• 0x429454 SetCurrentDirectoryA

• 0x429458 SetErrorMode

• 0x42945c SetFileAttributesA

• 0x429460 SetFilePointer

• 0x429464 SetFileTime

• 0x429468 Sleep

• 0x42946c WaitForSingleObject

• 0x429470 WriteFile

• 0x429474 WritePrivateProfileStringA

• 0x429478 lstrcatA

• 0x42947c lstrcmpA

• 0x429480 lstrcmpiA

• 0x429484 lstrcpynA

• 0x429488 lstrlenA

Library ole32.dll:

• 0x429490 CoCreateInstance

• 0x429494 CoTaskMemFree

• 0x429498 OleInitialize

• 0x42949c OleUninitialize

Library SHELL32.DLL:

• 0x4294a4 SHBrowseForFolderA

• 0x4294a8 SHFileOperationA

• 0x4294ac SHGetFileInfoA

• 0x4294b0 SHGetPathFromIDListA

• 0x4294b4 SHGetSpecialFolderLocation

• 0x4294b8 ShellExecuteA

Library USER32.dll:

• 0x4294c0 AppendMenuA

• 0x4294c4 BeginPaint

• 0x4294c8 CallWindowProcA

• 0x4294cc CharNextA

• 0x4294d0 CharPrevA

• 0x4294d4 CheckDlgButton

• 0x4294d8 CloseClipboard

• 0x4294dc CreateDialogParamA

• 0x4294e0 CreatePopupMenu

• 0x4294e4 CreateWindowExA

• 0x4294e8 DefWindowProcA

• 0x4294ec DestroyWindow

• 0x4294f0 DialogBoxParamA

• 0x4294f4 DispatchMessageA

• 0x4294f8 DrawTextA

• 0x4294fc EmptyClipboard

• 0x429500 EnableMenuItem

• 0x429504 EnableWindow

• 0x429508 EndDialog

• 0x42950c EndPaint

• 0x429510 ExitWindowsEx

• 0x429514 FillRect

• 0x429518 FindWindowExA

• 0x42951c GetClassInfoA

• 0x429520 GetClientRect

• 0x429524 GetDC

• 0x429528 GetDlgItem

• 0x42952c GetDlgItemTextA

• 0x429530 GetMessagePos

• 0x429534 GetSysColor

• 0x429538 GetSystemMenu

• 0x42953c GetSystemMetrics

• 0x429540 GetWindowLongA

• 0x429544 GetWindowRect

• 0x429548 InvalidateRect

• 0x42954c IsWindow

• 0x429550 IsWindowEnabled

• 0x429554 IsWindowVisible

• 0x429558 LoadBitmapA

• 0x42955c LoadCursorA

• 0x429560 LoadImageA

• 0x429564 MessageBoxIndirectA

• 0x429568 OpenClipboard

• 0x42956c PeekMessageA

• 0x429570 PostQuitMessage

• 0x429574 RegisterClassA

• 0x429578 ScreenToClient

• 0x42957c SendMessageA

• 0x429580 SendMessageTimeoutA

• 0x429584 SetClassLongA

• 0x429588 SetClipboardData

• 0x42958c SetCursor

• 0x429590 SetDlgItemTextA

• 0x429594 SetForegroundWindow

• 0x429598 SetTimer

• 0x42959c SetWindowLongA

• 0x4295a0 SetWindowPos

• 0x4295a4 SetWindowTextA

• 0x4295a8 ShowWindow

• 0x4295ac SystemParametersInfoA

• 0x4295b0 TrackPopupMenu

• 0x4295b4 wsprintfA

Library VERSION.dll:

• 0x4295bc GetFileVersionInfoA

• 0x4295c0 GetFileVersionInfoSizeA

• 0x4295c4 VerQueryValueA

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
ocsp.sectigo.com	A 151.139.128.14	151.139.128.14
r3---sn-j5o7dn7e.gvt1.com	CNAME r3.sn-j5o7dn7e.gvt1.com A 113.108.239.196	113.108.239.196
ocsp.comodoca.com	A 151.139.128.14	151.139.128.14
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
t8u4n6u7.ssl.hwcdn.net	A 205.185.208.154	205.185.208.154
c6m7w2m9.ssl.hwcdn.net	A 205.185.208.154	205.185.208.154
cachedownload.williamhill.com	CNAME e25755.d.akamaiedge.net A 23.54.19.114 A 23.54.19.137 CNAME cachedownload-poker.williamhill.com.edgekey.net	23.54.19.114
clients2.google.com	A 172.217.160.110 CNAME clients.l.google.com A 216.58.200.78	216.58.200.78
ocsp.usertrust.com	A 151.139.128.14	151.139.128.14
www.download.windowsupdate.com	A 124.225.105.97 CNAME 2-01-3cf7-0009.cdx.cedexis.net CNAME www.download.windowsupdate.com.cdn.dnsv1.com CNAME windowsupdate.sched.s11.tdnsv5.com CNAME 3573033.pack.cdntip.com CNAME wu-fg-shim.trafficmanager.net	36.25.252.1
fallback.playtech-installer.com	CNAME s3-website-eu-west-1.amazonaws.com CNAME pt-installer.s3-website-eu-west-1.amazonaws.com A 52.218.62.116	52.218.26.148
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
r1---sn-j5o7dn7e.gvt1.com	A 113.108.239.194 CNAME r1.sn-j5o7dn7e.gvt1.com	113.108.239.194
update.googleapis.com	A 113.108.239.162	180.163.151.162
redirector.gvt1.com	A 113.108.239.161	113.108.239.161
teredo.ipv6.microsoft.com

TCP

Source	Source Port	Destination	Destination Port
192.168.56.101	49208	113.108.239.161 redirector.gvt1.com	80
192.168.56.101	49204	113.108.239.162 update.googleapis.com	443
192.168.56.101	49209	113.108.239.194 r1---sn-j5o7dn7e.gvt1.com	80
192.168.56.101	49210	113.108.239.196 r3---sn-j5o7dn7e.gvt1.com	80
192.168.56.101	49185	124.225.105.97 www.download.windowsupdate.com	80
192.168.56.101	49186	124.225.105.97 www.download.windowsupdate.com	80
192.168.56.101	49187	151.139.128.14 ocsp.usertrust.com	80
192.168.56.101	49188	151.139.128.14 ocsp.usertrust.com	80
192.168.56.101	49189	151.139.128.14 ocsp.usertrust.com	80
192.168.56.101	49190	151.139.128.14 ocsp.usertrust.com	80
192.168.56.101	49194	151.139.128.14 ocsp.usertrust.com	80
192.168.56.101	49195	151.139.128.14 ocsp.usertrust.com	80
192.168.56.101	49181	205.185.208.154 c6m7w2m9.ssl.hwcdn.net	443
192.168.56.101	49182	205.185.208.154 c6m7w2m9.ssl.hwcdn.net	443
192.168.56.101	49192	205.185.208.154 c6m7w2m9.ssl.hwcdn.net	443
192.168.56.101	49197	205.185.208.154 c6m7w2m9.ssl.hwcdn.net	443
192.168.56.101	49198	205.185.208.154 c6m7w2m9.ssl.hwcdn.net	443
192.168.56.101	49212	205.185.208.154 c6m7w2m9.ssl.hwcdn.net	443
192.168.56.101	49213	205.185.208.154 c6m7w2m9.ssl.hwcdn.net	443
192.168.56.101	49214	205.185.208.154 c6m7w2m9.ssl.hwcdn.net	443

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	51660	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	52124	114.114.114.114	53
192.168.56.101	53210	114.114.114.114	53
192.168.56.101	53500	114.114.114.114	53
192.168.56.101	53661	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	57236	114.114.114.114	53
192.168.56.101	57739	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	59291	114.114.114.114	53
192.168.56.101	60215	114.114.114.114	53
192.168.56.101	60761	114.114.114.114	53
192.168.56.101	60911	114.114.114.114	53
192.168.56.101	62502	114.114.114.114	53
192.168.56.101	64877	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123

HTTP & HTTPS Requests

URI	Data
http://fallback.playtech-installer.com/playtech_compressed_assets/casino_william_hill/index.7ze	GET /playtech_compressed_assets/casino_william_hill/index.7ze HTTP/1.1 Accept: / C: \Users\Administrator.Oskar-PC\AppData\Local\Temp\23B4D9439442473B8F5A8CF5FF07733E\index.7ze User-Agent: Playtech WinClient Downloader/1.0 Host: fallback.playtech-installer.com Connection: Keep-Alive Cache-Control: no-cache
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab	GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1 Cache-Control: max-age = 3600 Connection: Keep-Alive Accept: / If-Modified-Since: Wed, 03 Mar 2021 06:32:16 GMT If-None-Match: "0d8f4f3f6fd71:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: www.download.windowsupdate.com
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620771620&mv=m&mvi=1&pl=23&shardbypass=yes	HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620771620&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: r1---sn-j5o7dn7e.gvt1.com
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D	GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.usertrust.com
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe	HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: redirector.gvt1.com
http://fallback.playtech-installer.com/playtech_cabs/casino_william_hill/casino[en].cab	GET /playtech_cabs/casino_william_hill/casino[en].cab HTTP/1.1 Accept: / C: \Users\Administrator.Oskar-PC\AppData\Local\Temp\23B4D9439442473B8F5A8CF5FF07733E\pack (2).cab User-Agent: Playtech WinClient Downloader/1.0 Host: fallback.playtech-installer.com Connection: Keep-Alive Cache-Control: no-cache
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=fa7e7bc256ed127c&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620771620&mv=m&mvi=3	HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=fa7e7bc256ed127c&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620771620&mv=m&mvi=3 HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: r3---sn-j5o7dn7e.gvt1.com
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D	GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.comodoca.com
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEHSfdSPcp6pyLdnEz5lZ6ec%3D	GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEHSfdSPcp6pyLdnEz5lZ6ec%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.sectigo.com
http://fallback.playtech-installer.com/playtech_compressed_assets/casino_william_hill/templates/installer/whc_new_notif.7ze	GET /playtech_compressed_assets/casino_william_hill/templates/installer/whc_new_notif.7ze HTTP/1.1 Accept: / C: \Users\Administrator.Oskar-PC\AppData\Local\Temp\23B4D9439442473B8F5A8CF5FF07733E\whc_new_notif (1).7z User-Agent: Playtech WinClient Downloader/1.0 Host: fallback.playtech-installer.com Connection: Keep-Alive Cache-Control: no-cache

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.