10.4
0-day
30 个模型检测该样本为恶意!
重新分析
更多

4461d8268fce93d4238b0e8acabbe3e2f5c5de757bf841790e9e284b0a086bdc

a55a45feadaa9585cd3604265e05c0c9.exe

分析耗时

131s

最近分析

文件大小

763.0KB
静态报毒 动态报毒 B@8LMFJR CASINO CLASSIC COMPONENT CONFIDENCE CROSSRIDER CROSSRIDER1 ELDORADO EZUBTA FJHTLB GAME GENERIC ML PUA HEMATITE HIGH CONFIDENCE MXRESICN PLAYTECH QVM20 R291161 SCORE SUSPICIOUS PE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Kingsoft 20200905 2013.8.14.323
McAfee Playtech 20200905 6.0.6.653
Tencent 20200905 1.0.0.1
CrowdStrike win/malicious_confidence_80% (D) 20190702 1.0
静态指标
Checks if process is being debugged by a debugger (1 个事件)
Time & API Arguments Status Return Repeated
1620828919.029625
IsDebuggerPresent
failed 0 0
This executable is signed
Tries to locate where the browsers are installed (3 个事件)
registry HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
registry HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Mozilla Firefox
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620808777.468625
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .ndata
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Performs some HTTP requests (20 个事件)
request GET http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
request GET http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
request GET http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
request GET http://fallback.playtech-installer.com/playtech_compressed_assets/poker_william_hill/index.7ze
request GET http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEHSfdSPcp6pyLdnEz5lZ6ec%3D
request GET http://fallback.playtech-installer.com/playtech_compressed_assets/poker_william_hill/templates/installer/william_hill_new.7ze
request GET http://fallback.playtech-installer.com/playtech_cabs/poker_william_hill/casino[en].cab?t=1620803723592
request GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=UvuO2xRWmgxXpm3QwtRFvsD0p%2Bi%2Fl5sFe%2ByjqX2mhV8nt1NytsDV3VnkHN9UNWISADCpGqcJnTceMGzeoUAttSCnYA8FPCa%2Fq8rYiJfBzWM57fvdxbQ5J2Qpr4G5aZqrnhWIo20gGbvMC%2FE%2FS7SMA8cHo8xXDGQ1rMmSkfWbtC%2F5JNqvZP5Lqpux5He3lcrrCCZUJ9Y9q0v%2FwkCexN4sf%2BG55X17Wh%2BC03mxHMplLm4hcsziJqEt8pgXdamwopmJvL4XBBJvi%2F8ZdPV3rUEw%2FK9YfWGsZ8%2FhR8wNWdeYiDcqpTgnD%2BazCVZIKvJEJhvxWkwxByQLrkTNTyRQJ8B1p8bCjEsK1lDNgweXPVHvnKL2kPpOd%2Bqz8BgTVWrYtetS%2FIBM6eJI%2BULaZQYg8vjO0OqzxuAKYY7g4NviuzxdrxyTqWPgipuWrBT5Tb2MfhOBm9mFdhwTBLhGVLwVWLO58a%2BVeCeWzsh0gYqdiQf24%2F6qoZSfbIt%2BJ2lJhc761YcJS0PvbV3wCM05%2B3KzwimoQQjgg6k7eZGVVA7r%2BuXsCEd3sbxEa9Z21vxfn7kFY4Ur2nAkyI4hFzWvcMnEwAOpIj6RSkf%2FWy2HmdYHqxEEmJF0%2B99G%2FTq1BaPllkjRyhu8rxX%2FJLMJEdHrJQKagCMViXAC0SlGrlBqIyXjsG7jxWo%3D
request GET https://c6m7w2m9.ssl.hwcdn.net/playtech_compressed_assets/poker_william_hill/templates/installer/william_hill_new.7ze
request GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=XMuGeE8MDK70x4DZh%2BjkGEr3AF5cUf2VX2rkueBtk0y1t6R1w2LB%2F7fKlF4nZ9FLozStzkXA0WsB7EaQDs08MsY2cQiPl87Xlr8qa9yxCWDo2THSveiHnBV2MIttHgrCZtvAa7XZsLJTPasAY9z1pLGA8GalI8yztbz3n2QLULifE%2BH4Tkr6f%2FzngiOAg69XCl92P9yv7af7l7%2B%2BJ19jLrzAsFS3DmOPcSIoHTfO5TZeiSlmbtRFqmQsRVeuqpwC7pJpJnA55SKBpQvge4Lx9jetXKU1JB9YyDY2GyZ1ktZ7%2FyvkvwlB4fLSmTKc5iG1tsIIsNcM9F%2BCl4GVoSiFDwT4IL9m4cu01Uczz1ZRjAYUjVsOzbiNsmurtP8VTAX%2F506G5Rq%2FR9P3IuWiDIBebjrvbDFwVPx0Hg1FJR2iInzCrYy5aT4ycKiNZUEavCZ4j4EkBfj8KqoGRLPTwa9P%2FsFIHwC2uRF67ISJTRHRlFPI8BxOMixAtWDPjKFpW%2FB5SlF4YBEqUX8oweZZR%2FctMQQJ2A%2F8UM9orNz%2F00XICJl0KRTLQgv0vvkY4LSqDTvDu5BK1YPNDcL5eRSnXlZA%2F0UKu3374qwWWgp2ih7DHTMW5OHPVme1h4RnP97osucMuHgrKvnVrfSVpfaOB%2FatguI5iq0Kq1yEzkljeWEIepI%3D
request GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=Ef6wfgbowR99g8gFB8D9e4SRrXqBP3Pao65gAUPcSit6LmolvqrkVAYv02YRssXhOd3E0azgLA7DCyBMIkgGIva%2Bkbdyf9C8DpRMklov%2F0p8pVqlFFamhgB0fPZiRSKD0EUQlhgFXMe%2B5MX4rUgENNTDCBonhvGxMnW2G43lhIBMD6j7BKQI%2BaWZ5o%2BkHwByTLo991AYN2RgORfQ1fKUA6VS7lX5JpFRKkvUXJkF5dM%2F0aF2iOlTPddWDcR4iXVgzN%2BAtG7snzm88m8SCkAzuK41lWMxRA0wv3%2Fmz428JO7EaQ00SLkLk7nk%2FpcFE4eJtyipl3tzjOuTJIYPWu0qgUgc1H5Vy4bPe%2FBA3qzgVR%2FG2q4I3c0XRvxIcO7Ad6NiqDfK19GYFZMKISOnrgIUIDRWEy2TA3eMQsR3M%2FsuZqxHUEvP0B%2Bwz%2FC1vZ33N8VZZ6o1omr1xCV70OfbJX2HOb901BDOb4J3SXT9RDT%2BYhaJcGT06Q3S5jGLFBPkfkz1iR4emV09mJrb0eM5pVpUmpITOjmDym3i2b2aQm22kb%2Fg9PVhJNDi0QFqBTeFAMw%2BvUx6bJeoycNQfIyIalyWssOoJmvLqic1SPNRwriO%2F27l6ewHeB2AhSvTre6vUudvuxJfvHPbUL608i8Z05lh%2FGEe7JS%2Fp6ksY46r7%2FjNHLs%3D
request GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=atcIkqLRu6rGbPWNqhasvnfwiQCrCzpQt3bMiG5gPn6v3USwA5KRl0OE1JWPg7q%2BJsT2j6Ur1FC16Q1Co213csF0nTRg%2BBL8paujHx4u6uO6wx79F7aEoLP3HOa9MLRpNQGRQPsa0eM16XcqXT9zOS3vTtUtBOFRYaHBB%2F3aj6GDhaPWne7U5TrRFWcpmwp4AXjCVVDGbnFY6tKDJcSA6w5UyyZk3XfVSPTsR8Yh%2FCvLMdUqBUwt3IoKY%2FPs%2FQ9vTQHLjt7%2FpYsauvE8%2FL2i0VIvzwPbRaKNobakLaQgb7J4Waf7z3M7OuQ2pF%2BC0d%2B%2FO7WACtrZzU0NWDlMgN%2FNGqLWyxWnHEGfuFWA7%2FA2dhubz87qr4xlOgb6lrLboevJEiltoaBFUmMxMy2ZnelLfn0bwWKBIwO4rZX4xuCgZmAvbWTMCfxwJCNZIXe9FfAhTo8kwkyNTgNDR%2F00vaXB79vt8%2Bi4XnGk3qboTU7n1FnzeOV3%2FE4cyozlUSkPMRdArayaDMVoGbyGlkwlOO97yWKUDzpGS2QnYx80dbBvFnRkDd%2Fs%2BRLvkTt6%2B77iLJAV6J0e1F33OMj64MrnxhoguhL8gnEu2tJ9zHmjoxl0ja0djTQgTCO6J%2FoiNRBDaCeB9LpEE0CYlnHMiPoU0F%2F6So%2BVDlKQcPl%2BJlFOG%2BMxYA4%3D
request GET https://c6m7w2m9.ssl.hwcdn.net/playtech_cabs/poker_william_hill/casino[en].cab?t=1620803719358
request GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=sBSA1mlGQee8tJjpfyvoo3ew9ASgUQmtZXunfCFM0y9FCsP2GlbX5ecLBdgWCMkY7j8%2FxUed2ZuLfkukZyZeqUUgoAcC9rB8Dtg%2BKMcov8jzlDcivSS%2BlXNtrtwhAQ8D1F2rUcGJ6qHuYsfXtU8Eh7GMdJX3kn%2F2kwDUOOnoAsLxmiXgIV0csnYlA0P0sUeTsTjBR9w1svjdQQRvBmV47MXw0q7IWABZXQWr3ukf1TNOq%2Buaxr8oZLMaxVbAKa9h8yFEleXIZwLzCn%2FE9m8rcU1I5at9313FDLnrNNFDDCVFlUkBla4PtJqHfIdy9HSpl3hDNKJBNwj%2Bk%2B5ejMjAi97tT5ISNu0%2BaeDXsG3s0%2FquOfwqJZzgrrGWtAt6rfj81ArzmAwcWhcFHKBS1w8amumznvbgbZLN%2BTk9uwM6RzxNwTXLAwpdUD4JKpI8hKLcCeMxDY5QT37UudmK1TzfvG5CNfSnrnw9HFzdMN3woVEwOu2GgNiBs%2B%2Fp6DWgPbAq95odTmlulSlHvVyFdn7993e%2BcmPbb%2BCi96ydMM5Wrewc9O6MmKK9KawXNCJIBCYVlJyVGYqINjHA2VBPEB3BDT9qQrMx1rANcTjOSfWfgEi1NgO9vqXOXsp6l%2Bq9LbjQccsA%2BUO8ix81CCBn4PmPIYDTugWpP7sLffPy6plnZMo%3D
request GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=Adf2XeeN7jN7ksfJfhR6l2PemordHy0mZ0Ox7bJU4oXrVe6c05TMTwS0u22I3fVkl5d0daplr1yg%2Ff7H0FqjA%2BSKVXnaOr63m137j22NVD24gkYx6DYAAHKzpYU6Z40k4kDZL4dc3Hholv9q9RKoM4AM6m5Y0nWZEvW2RiB4hFJulnitBa%2FCVtMsva4ZvM6YK0E8mvFKMQS8HDP8iOc0yH8wziV4SjdI9BX9HSTgppTaK7o17rWKooVcEfazN5ObBuwIQp5YczGoTOyT997pJSfOoV6hjCrF%2BKn%2FEcDBHQHtW2rUyvqJAMncCILDFU392wPglXFWWFXm8rDwbeLovqIpl5u1sjpHNPJepY0IuPBa%2BTs6aykSScEWVwMIUnEQttAvFNsxGhK0keqgAmeexcHKZUCXB04uXs6X4NDDLAEDZOZJrJ2Ku9nx4L%2F6pv2Nx10igmzSPhptNu1B51f5omrN%2FAaVju6vWEkIZTMP%2FZqrwo%2FgBUN3zJ5Rd6of6MFfPmO94v%2B7EdzovyyumM3EzRMDKserW6vLtgNkg68MP9bpgztDabEt%2Bg4bBkeR6WE%2FbF4MDbQLMPilE4ye1qcuqwAWxJV8sKreogpM3f19Pj%2FbN10NFmuL0rVMprpCbulR%2FIt3gsAJ3wW%2BEZUweZDggJ027m2Ngi1t4%2Fh1bb2V1Es%3D
request GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=TcTfKro5nV1C2mCM%2FM2Eg3iYazAJ4uDkk65qMpHlJlq8khNNZk%2FG6NJiSYKOwxIn38Smxom92X5pk49O7VmIwl240FkECTrseRuUgfyRHYd1vpHsv%2BJEqeMScKpETrv85Hpro6PLuJBRnTwu4ZkGMqGWf%2BD9A%2Be%2FquMwlCfuFiOJazGnYGe6jGYjX%2F1pzY5PebkesojGf9EfILcJ239aNAwWUuKgLCmRBZk%2BberchoFepfBLAYWX790EPteLywuci4J9WGqc4eDcIAzBQZQjNBwYJ%2FDfFuTRqF0eg%2B1no4dxuIPIgr5HkFu%2BUSfhMhRNOLxh%2Bd%2B%2BFcvEgqdZmciJ5Q7OKN0OO%2B2BMsLYAaujawI07Kb1RltyF5tw2aoLoWX4XkSgRV60cvzESCiNzkPfqQkkc96Nk84AT4Sftlo%2BXff1nVL0gO8a8YpRebbMpJs59LBGlQAIn7%2BfqGJnQGKlrKNC%2B0u78dAen0PU6ybYZ4EI8rk7tfTnpivGSmXJ%2FpKRztTBrOkM0z1o25vh5LNyjVP24xHU2AM7%2BgAkcge4x4YcjaabzNENgGreF%2F3RoYWm5EDM%2FubxaPjachOqqj%2FGS9seEYGVgz2f%2B0feIhpyY9YCB7K0ebOslCF1VacxD7zKEDA9DblefzXcbo6ajIKIQvBG3vhDtLVkljd89%2B%2Br2P0sgbq%2BoHapeqbIvIOcM4%2BXMB1D3%2FtvFNbsi1X7IF%2Fq8DgdrljRgxgdQg339KUCYEfDoM9RV%2FbDHVrwfMTEnABjVDCNV0wZ2D27Mz4sfEScMogndf4L6i9Q98IQuwcnT5h41mFs7DPyDyDB2t9kX0mZeXA8G4ua4U2nOOrUj0qtFUBDHMkTkTaC%2FBL7G2eJrFOwk8VVYkBKYUO1FUr%2BTQrKl8zl%2FtkOMFemiCDQNlKRCWyf5Z6O5vaLchM5MNly2MvFUBFXR%2BgJpVXgD1iiDBIKAHJZuWMaURIPAFu%2FNQaqq65%2Bspp6TGlGsNLzmm8nrD%2FaevEDMHg4m8HEf5MaP7eNvjrwVxQG614XSTA4ZsQ54mschKGVYkYRfRBJFwDb0EvRcObHD1q9Y8Zd3GqfGc8cKXU%2BPeS3lU8FYIgB0HqdhPAUXrg6P9QKjH6zkl7BrE%2F%2ByY4FGD4lkSYkRY4tLESnZMjsyarN9hM7yZUlGbHAs7muEo%2Bm58f3ya9noXrPBBm%2BMiGCbfCKlkim8uBbDIxlAiLHFVaOKyx%2BbH9P7FQz3nHhX0CmfpK8xwqeijlwfOHRUeB8ocUBFQZM61jSuD0342HfmKkdY3PnyKNPeQ7aHIK84NOt72kL55uUrVLSsoLEHzxbGVQ2nlJ%2FE%2FqLMGwlyKftfkGW0IPZBMxnyNt1vA%3D%3D
request GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=dVWJPLe8%2BxAqkWA6DcQEq3FPe94tfA1CIdtB2v8pPzo6CdaOGtD01EmkQWMkweGdEG13H6cJG4OplYsX2G2S04%2FMCbTRy22Sa5WhzZ9dinZPB3X8jHJidPRtutHKr10mMGitf%2BduHKGH1%2Bpv9p00ySVNqMhUh8CynoychNz83mrEdlfB8J4NV88XItt6UF498josy9D45xY6Jo%2FMj0v%2BUXb3czpgbII1tS9yxfLA9vJ7faL1Gx13Kue4Oir07YJk%2B8lSE6qeEpDSzFaKcfkqL7nffeV6edRhmUkv4rIQ22LgIVdVDiPwIl7rEUhldv1UVgKOWQcZVyUkdTJa8ZyPbSMadD5aAk0ZbeC9Jzy9unPpZ5XSGFTKyeACut5Oa8aCLVic%2B8ZWDJqe4NUWDxxiA1brQV6w55YpF71lM7UAdahZd9yVVYaTBld3j8OXTJIMtMCGaJREipFFD14fOPkwCUd73GLcX5T9ZMyY9fmVAk26uccbaHJW122tW4%2Fq6SBNa%2B1mzDBRUcUDr%2Fi1REerYXZCDpYUIEKT4x9Ypv%2B%2FVcyabrphs88%2FPI%2FK4AhZNsqVkJG7POXwnMPt2gkE3ApwWTDrzO65t%2FO3x6zOBwu4B88o6QRuGEv1BQib2XR4%2BcAW58%2BLIcEhqMSx8xjGT%2FZayuIb%2Bfg6P10pBowU847DgJY%3D
request GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=wXJkl3ZglAxLCjwbz37TAIh1pvlpeidwF4dLknKUGjS6FabSnrE4HZ7%2FuK5%2Bmkq0idP8A0NVHrPhGZxDoO3IdUGvkxqNV%2BsfzKYOeWJ5Y7CratbFLE%2BszbY4QgpXueCzMKLs3o%2BTsfxci2jIs4qaUVEWcqNUhMBOZz7brDQYhK4DldDmlcnhaiWYdfrTDt0D6wxWXtqCsF8sRlsPCe088FxlQ%2FtfmvjafohUTqr6Xgvq262i7quejr%2Fq3%2BE9uvfnmYqf31Z8ZSOHciWD1VQ0XB4obDE6a3S34vW7JSFXjZUlhoPfB78CdOEZqC5p7%2BkH1up5x8cB%2F86RyEptA%2Flww0ckyk1UldZrKZsJEvSMDnDPIqpQGwNMxNduKLoKkV5FJTHBZ0tope9Jh0JBCKy5faB53sgv3d%2Bd4GUJm3hcdXj9LoIjdMB8wSXy91cKT0sMVAeJaZfPbqqSmRwHqIEhVFi99sQ1BSM6UMZW04y7QTneGkCh92EX0cUiEhOHRCPRfLN4TI1XQ8DA9HQMuqtymC1kTVL2xtPbjoxmAMOPoCMLt3gkf%2FJgDeXrRWVphDBDUwsxyEDPoDC8SSW8xa97VxHMWFUEGb1PyJkxHAbHZ7ExiBb5awxQlAu3AAfinmaaSGKQBz1oereNNmpq7U4cBqXNJr7H%2BViZKmtDUElsOHhYiebRSe6%2FAwnSNlTM4CcDuMUBsjtXSvRWUt6qnYMP7Xvc8MYntBq%2By5D9QSUNPPIsmtQJrrOpjZM4gZBaJcIzz%2FF0e6wdQ%2BCW9JhsxphMgvzFcVrQgxgzxSXRhRlGLGeJZzzs8nH8s3sXA4r4cxUvxl5tf0mMANOdXAeSbMQaCHRWGC0RtzKyFpGVrHNM3L7L0SIXZ9TiY9mGBa3j7DEVV9l2iDMiC7i0esLxq0Mn5mWk7kDikugFv9wKyPUZu4QNthMRCQk%2BBNQz%2FSgr9tVDCXgXJItUytS32UnfCZnodMwToKv0DUTmQcGzoWXHOkJtD9dBn9I4sGwTdk3xbXs7H2kj4SBCavDZEG9pOQVeP1YLyx3Kz4U5k9ipsa8FtjvmmraLS81hNVJ7gYNK9x7gjdNSUUI2f%2BLAEjtAsUuDcvjKvMXOPgL989d4qNHoSeryGvMZnn%2F%2BMfRAg%2FCI%2FFlLDIYwTcMKJa2eAhsG7BJqzblSyATGL1yrCA6ydWR4l4cIi9%2Fx6RyMRZ59CeYnxnGwWyb7W2gKHNsxr6SmQFWd%2BUgf9zrvdxfQvJyJCDcJY689gid4G4UY%2B3w%2F8uoTyK4KYE1DyIi6GxPUqS4cTvi0%2BBoenqVM9%2FnsAInilf0pENARMXAGsbLSh8RQLg1Hwz%2F31Ar1mIq8siQ7PJgmA2vVAg%3D%3D
request GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=X5FqJb3rhuKGPoLjotpZcsho9z1Gg0%2FgDUf5NNgBwNkkVUZbp7R9GHwK8JTBeXgOxrnndb7tS9ZVH4eEmRpipskmFm2IaeHRaFZz2WDRr4qW%2B2%2Brp15dWV8yoh2rRe2Pgxd3b5phoZXv3GTVy3dLAx9maok1FU2UDJyoOZ%2FiNyE01yCS8%2FwJMDzNym1p5YbSFgFgtJ1jXvCjojhuNAR5IuVH%2BozaoFPpHptX7DfLxpw%2Bh3Ukw%2B991HVexmRM7MDFEWCEU6e%2FZKDRDCbN5lgdrVFJuiG2SYOmBu3KZ7t8LktsR0kdA%2BRqj14suVXOuTK%2Fwj%2FeyQuYv6cqJM7ZrLrFDR17pL6mplqdNi9MP1pqywiWzJJMSIydHEONQCSFdOZXkII8IRsEUSIcegA%2FZJR8YGlEVvnXSrE8uZh8TBqynubiem%2BlBcWzkp9Q3KR4lJZxOJ%2FrFy00Uh0AIN322y%2FM9ervnnutMsH1LVhc%2B31MCVo0VQEA44T80wTiXuyBgntrsHWSAdhcmGNVeNBvHlmKfIGghmoXqXXtamMjSr5HIrVwwu%2FPOkolgB0GtLN5Fc3CCPWgPNAJo0LBkgFm7je7zO5suHqUoclVYYAm54ccPR%2Ftvv9MBtcCcDYJvHQqraiOoxzRRMgVCR6ppsvtYePiqkIblrUamMTc0lTlbeSGtyYtl8f%2BHaaL0sKm%2FC5RDp5Qhzf62kfhEC4tiyTUvOGzHSMn60LKZbmu7YFvB7pNDBzIFKhvRPgZ2O10Hf7ia%2Bu2ZGCig51aTMAAapGCkNSfhFf%2F19OX1rTB3M6SgxpMnCeJF2nhkpd2fUl4mP%2BauYwlpieluWP0YawfYU2DVjr5SiKkZ4HtIYbebZwFw8%2FmG%2FqUt%2F3bE6xNrh1rXj8%2F85KMJhjTvpY1YhobExb%2FTVkpp%2BwYM1mVCNpzle01bOGD%2B9%2F%2FPHB1P1%2BlTKVOouMc8uDLN0XsPAPDrOeENLS9NrCbGQLXkyvRXK2miVYlvZowaX%2B7Fy9eHegcYI%2FnBf%2B2QeDO69L70DUrmiO13hDO4SJcVfKsNP7Dxr3YDplS49s56D4T4QZqGrF2ZjH%2Fdfave0mb0fxTXKQyl7gCU3YcHQrt7KBquRIKXNNhUB%2FlgbNEdHAVUcnTkKS94%2BdFKWTHBGigpkF11XZSXQfRMxaIeeaoqslRzxAvvaC5Sr6RedshvCaCtJ01%2FnAT86pXfWC%2B75bmEADnQflRBAIrYs6qmYkSFuQsCPauzvClZ%2BcGYQvieOZDL8IwRcfk4DAqwVJAt6xtua5D05%2Fo0HqUJIGk6fKfcLV%2F2GtL8FtFxbtHttWa2pQHBHvslLs71xFwBETSf43nwdnNRt9b1UhjdJPip1MuDA%3D%3D
request GET https://t8u4n6u7.ssl.hwcdn.net/stats.gif?data=pI98wr%2BvlkhECd4JCNQ95OdNlbqmI399PP98y%2FUXbjHxnSDQDKPDVH6DCqwBv9i%2FETJ40siiHNW84aYO0l5P6g1cEb5FrDQ0upHaQZAXN3%2F69xJd8ci1zrJQZ6l2vmYyEFoTx1AG2eKtMW8MfXhkMg5%2BjyWgxNN32Em137LjwyDFhm2Ckr%2FNOIzV36MFjNtB9g%2FysVy9BDvatO%2BcigssUIheeLwb5EVUAo5uhOOjQUdE%2FlnmmgzziZmRnRN4X2uF9xbRC%2Fm%2F%2BQ68TZVkAayDU1tAN5L2N8eP7EjMTbvJVhxpLsj1pVZJ0LFQ3h3OtD7WqQrdtBMyhOkh%2Bl1%2FN9TYIaW2cBhzf8KXEJvwe%2BEIYIGYYxWplaoju3O8VCXeGJIs%2Bwe6MysCiwvuAIEQGtxGmUJBNSQ7h%2FtVYSK8WOGX0Dvu5lNYfpu9Ib9u8JE8H3v57punK5VeZQ9Y9TasWuLmVnVzXp8qXIYFpsxdb84rAykgnKopUcOllokqrwxOvZ6n%2FIcLeWCVzMSuOTAhoW7%2BOX%2Ftc9waItiHt6LPcsST5fVI1TMWZeWt%2Fc1ucnB9Fdy%2BDRuQdzyl%2BGvm3szI3YeeRrev0bnx4nbEtGDb6j6pAiVP9zoOILHt8cgR%2FIRvCTBwHIovUBDqj%2BHz2oEyWoGJsabqZdTaBC5zBhk8%2BhUEOQ63%2BGIJD71PHtvIW%2F1BWFfZ3LmmkG%2Bhv3JSEwQhgyAHDV92OnUjvzEjNJht7DkEvDoJDmofVMYv4OyT%2Bx7ev3y9rZUO%2B3votKanZoKBpDcGoM1QJjaQF1QUhCjrfeCYl2Io75ETfNVrI7%2BmnN5CFYP3pjrop0Lqdb5ghO2t5%2FjOjFWV4VN5qwrZRv53XzaYdv%2BHCkOm9nG8%2FEaokUfH6PYXEpsKbrT488SSqxHrjR9FcRtMhe3IUEkZP3UzQcnJuJVeabXlTTWdpsr3vaDJbAjvcb7%2Fzia42S8%2Bf%2FtFeoeqH7TVTOAnEaxKXHeKobFFPT70jzcZJTHA8DlkrE02RGG%2BOwS06pDUisS4jrlDGKaW9CLw0fPyAxepMnj6r0x3YMhkfuw7BKjci3DbQKzX4r%2BsAadfjzdDPpYEoxJ80N77P94ZNWcmRS1UmF0gFuG1AmH80HndYiXMGHbM23qhX2ug1e2S%2BcInCIVx8V4j1HhXIpMQEt6IA6kHwMx6MZyxBEh5KJdqHteVtPBCx%2BivoR8DfyXZUjOalx1WgRNhlPbNKoaZnHMEpGYs2we1RwZFPXyeXWpAS7%2FR2rSFJDS9qIKZK1hLuFa8Lm68Bjkr2byLsUuR7Z6AUnjUmCDxRYu8LgR9xOIZ%2F%2FG%2BKxddCm8RkfPKVdbLE3rbKarQbKT%2FuWLGGg%3D%3D
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1620828836.654625
NtAllocateVirtualMemory
process_identifier: 1380
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02900000
success 0 0
1620828461.595771
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00000000041e0000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Steals private information from local Internet browsers (2 个事件)
registry HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox
registry HKEY_CURRENT_USER\Software\Mozilla\Mozilla Firefox
Creates executable files on the filesystem (2 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsd7C51.tmp\internala55a45feadaa9585cd3604265e05c0c9.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DDC5ED39176B41E097A77BDF3D6F712D\william_hill_new\js\template.js
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620828837.857625
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Checks for the Locally Unique Identifier on the system for a suspicious privilege (4 个事件)
Time & API Arguments Status Return Repeated
1620828918.654625
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1620828918.654625
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1620828918.670625
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1620828918.670625
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
Queries for potentially installed applications (6 个事件)
Time & API Arguments Status Return Repeated
1620828828.826625
RegOpenKeyExW
access: 0x00000001
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
options: 0
failed 2 0
1620828828.826625
RegOpenKeyExW
access: 0x00000001
base_handle: 0x80000002
key_handle: 0x000000e0
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
options: 0
success 0 0
1620828869.388625
RegOpenKeyExW
access: 0x00000001
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
options: 0
failed 2 0
1620828869.388625
RegOpenKeyExW
access: 0x00000001
base_handle: 0x80000002
key_handle: 0x000008c4
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
options: 0
success 0 0
1620828869.404625
RegOpenKeyExW
access: 0x00000001
base_handle: 0x80000001
key_handle: 0x00000000
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
options: 0
failed 2 0
1620828869.404625
RegOpenKeyExW
access: 0x00000001
base_handle: 0x80000002
key_handle: 0x000008c4
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
options: 0
success 0 0
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1620828869.420625
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Playtech WinClient Downloader/1.0
success 13369360 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Attempts to create or modify system certificates (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1620828840.451625
RegSetValueExA
key_handle: 0x00000540
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620828840.451625
RegSetValueExA
key_handle: 0x00000540
value: 0=¤aþF×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620828840.451625
RegSetValueExA
key_handle: 0x00000540
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620828840.451625
RegSetValueExW
key_handle: 0x00000540
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620828840.451625
RegSetValueExA
key_handle: 0x00000558
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620828840.451625
RegSetValueExA
key_handle: 0x00000558
value: 0=¤aþF×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620828840.451625
RegSetValueExA
key_handle: 0x00000558
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620828840.498625
RegSetValueExW
key_handle: 0x0000053c
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1620828865.092625
RegSetValueExA
key_handle: 0x00000828
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620828865.092625
RegSetValueExA
key_handle: 0x00000828
value: @(TpþF×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620828865.092625
RegSetValueExA
key_handle: 0x00000828
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620828865.092625
RegSetValueExW
key_handle: 0x00000828
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620828865.092625
RegSetValueExA
key_handle: 0x0000078c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620828865.092625
RegSetValueExA
key_handle: 0x0000078c
value: @(TpþF×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620828865.092625
RegSetValueExA
key_handle: 0x0000078c
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
Writes a potential ransom message to disk (1 个事件)
Time & API Arguments Status Return Repeated
1620828875.326625
NtWriteFile
file_handle: 0x000008c4
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\DDC5ED39176B41E097A77BDF3D6F712D\DDC5ED39176B41E097A77BDF3D6F712D_LogFile.txt
buffer: 05/12/21 15:14:35 (46968) -- ProcessId: 1380, ThreadId: 2668 -- DebugLog -- JSObject -- Invoke -- strJSONArg={"id":39,"params":{"inputFilePath":"C:/Users/Administrator.Oskar-PC/AppData/Local/Temp/DDC5ED39176B41E097A77BDF3D6F712D/william_hill_new (1).7z","outputFolder":"C:/Users/Administrator.Oskar-PC/AppData/Local/Temp/DDC5ED39176B41E097A77BDF3D6F712D","shouldDecrypt":true,"onFinishId":3,"deleteDecrypted":false}}
offset: 0
success 0 0
File has been identified by 30 AntiVirus engines on VirusTotal as malicious (30 个事件)
Elastic malicious (high confidence)
FireEye Generic.mg.a55a45feadaa9585
CAT-QuickHeal Trojan.Playtech
Zillya Adware.Hematite.Win32.1
SUPERAntiSpyware PUP.PlayTech/Variant
K7AntiVirus Adware ( 005513a71 )
K7GW Adware ( 005513a71 )
Invincea Generic ML PUA (PUA)
Cyren W32/PlayTech.A.gen!Eldorado
APEX Malicious
NANO-Antivirus Trojan.Win32.Crossrider1.fjhtlb
Rising PUF.PlayTech!1.B89C (CLASSIC)
Comodo Application.Win32.PlayTech.B@8lmfjr
VIPRE Trojan.Win32.Generic!BT
TrendMicro PUA.Win32.PlayTech.AI.component
Ikarus PUA.PlayTech
Avira GAME/Casino.Gen
Microsoft PUA:Win32/Playtech
GData Win32.Trojan.Agent.EZUBTA
Cynet Malicious (score: 90)
AhnLab-V3 PUP/Win32.Playtech.R291161
McAfee Playtech
VBA32 Trojan.Crossrider
ESET-NOD32 a variant of Win32/PlayTech.A potentially unwanted
TrendMicro-HouseCall PUA.Win32.PlayTech.AI.component
SentinelOne DFI - Suspicious PE
MaxSecure Win.MxResIcn.Heur.Gen
Fortinet W32/Agent.2208!tr
CrowdStrike win/malicious_confidence_80% (D)
Qihoo-360 HEUR/QVM20.1.B763.Malware.Gen
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (4 个事件)
dead_host 172.217.160.110:443
dead_host 23.1.237.49:80
dead_host 172.217.24.14:443
dead_host 23.1.237.27:80
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2012-02-19 23:01:49

Imports

Library ADVAPI32.dll:
0x429340 RegCloseKey
0x429344 RegCreateKeyExA
0x429348 RegDeleteKeyA
0x42934c RegDeleteValueA
0x429350 RegEnumKeyA
0x429354 RegEnumValueA
0x429358 RegOpenKeyExA
0x42935c RegQueryValueExA
0x429360 RegSetValueExA
Library COMCTL32.DLL:
0x429368 ImageList_AddMasked
0x42936c ImageList_Create
0x429370 ImageList_Destroy
0x429374 InitCommonControls
Library GDI32.dll:
0x42937c CreateBrushIndirect
0x429380 CreateFontIndirectA
0x429384 DeleteObject
0x429388 GetDeviceCaps
0x42938c SelectObject
0x429390 SetBkColor
0x429394 SetBkMode
0x429398 SetTextColor
Library KERNEL32.dll:
0x4293a0 CloseHandle
0x4293a4 CompareFileTime
0x4293a8 CopyFileA
0x4293ac CreateDirectoryA
0x4293b0 CreateFileA
0x4293b4 CreateProcessA
0x4293b8 CreateThread
0x4293bc DeleteFileA
0x4293c0 ExitProcess
0x4293c8 FindClose
0x4293cc FindFirstFileA
0x4293d0 FindNextFileA
0x4293d4 FreeLibrary
0x4293d8 GetCommandLineA
0x4293dc GetCurrentProcess
0x4293e0 GetDiskFreeSpaceA
0x4293e4 GetExitCodeProcess
0x4293e8 GetFileAttributesA
0x4293ec GetFileSize
0x4293f0 GetFullPathNameA
0x4293f4 GetLastError
0x4293f8 GetModuleFileNameA
0x4293fc GetModuleHandleA
0x429404 GetProcAddress
0x429408 GetShortPathNameA
0x42940c GetSystemDirectoryA
0x429410 GetTempFileNameA
0x429414 GetTempPathA
0x429418 GetTickCount
0x42941c GetVersion
0x429424 GlobalAlloc
0x429428 GlobalFree
0x42942c GlobalLock
0x429430 GlobalUnlock
0x429434 LoadLibraryA
0x429438 LoadLibraryExA
0x42943c MoveFileA
0x429440 MulDiv
0x429444 MultiByteToWideChar
0x429448 ReadFile
0x42944c RemoveDirectoryA
0x429450 SearchPathA
0x429458 SetErrorMode
0x42945c SetFileAttributesA
0x429460 SetFilePointer
0x429464 SetFileTime
0x429468 Sleep
0x42946c WaitForSingleObject
0x429470 WriteFile
0x429478 lstrcatA
0x42947c lstrcmpA
0x429480 lstrcmpiA
0x429484 lstrcpynA
0x429488 lstrlenA
Library ole32.dll:
0x429490 CoCreateInstance
0x429494 CoTaskMemFree
0x429498 OleInitialize
0x42949c OleUninitialize
Library SHELL32.DLL:
0x4294a4 SHBrowseForFolderA
0x4294a8 SHFileOperationA
0x4294ac SHGetFileInfoA
0x4294b8 ShellExecuteA
Library USER32.dll:
0x4294c0 AppendMenuA
0x4294c4 BeginPaint
0x4294c8 CallWindowProcA
0x4294cc CharNextA
0x4294d0 CharPrevA
0x4294d4 CheckDlgButton
0x4294d8 CloseClipboard
0x4294dc CreateDialogParamA
0x4294e0 CreatePopupMenu
0x4294e4 CreateWindowExA
0x4294e8 DefWindowProcA
0x4294ec DestroyWindow
0x4294f0 DialogBoxParamA
0x4294f4 DispatchMessageA
0x4294f8 DrawTextA
0x4294fc EmptyClipboard
0x429500 EnableMenuItem
0x429504 EnableWindow
0x429508 EndDialog
0x42950c EndPaint
0x429510 ExitWindowsEx
0x429514 FillRect
0x429518 FindWindowExA
0x42951c GetClassInfoA
0x429520 GetClientRect
0x429524 GetDC
0x429528 GetDlgItem
0x42952c GetDlgItemTextA
0x429530 GetMessagePos
0x429534 GetSysColor
0x429538 GetSystemMenu
0x42953c GetSystemMetrics
0x429540 GetWindowLongA
0x429544 GetWindowRect
0x429548 InvalidateRect
0x42954c IsWindow
0x429550 IsWindowEnabled
0x429554 IsWindowVisible
0x429558 LoadBitmapA
0x42955c LoadCursorA
0x429560 LoadImageA
0x429564 MessageBoxIndirectA
0x429568 OpenClipboard
0x42956c PeekMessageA
0x429570 PostQuitMessage
0x429574 RegisterClassA
0x429578 ScreenToClient
0x42957c SendMessageA
0x429580 SendMessageTimeoutA
0x429584 SetClassLongA
0x429588 SetClipboardData
0x42958c SetCursor
0x429590 SetDlgItemTextA
0x429594 SetForegroundWindow
0x429598 SetTimer
0x42959c SetWindowLongA
0x4295a0 SetWindowPos
0x4295a4 SetWindowTextA
0x4295a8 ShowWindow
0x4295b0 TrackPopupMenu
0x4295b4 wsprintfA
Library VERSION.dll:
0x4295bc GetFileVersionInfoA
0x4295c4 VerQueryValueA

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49184 124.225.105.97 www.download.windowsupdate.com 80
192.168.56.101 49185 124.225.105.97 www.download.windowsupdate.com 80
192.168.56.101 49186 151.139.128.14 ocsp.usertrust.com 80
192.168.56.101 49187 151.139.128.14 ocsp.usertrust.com 80
192.168.56.101 49188 151.139.128.14 ocsp.usertrust.com 80
192.168.56.101 49189 151.139.128.14 ocsp.usertrust.com 80
192.168.56.101 49193 151.139.128.14 ocsp.usertrust.com 80
192.168.56.101 49194 151.139.128.14 ocsp.usertrust.com 80
192.168.56.101 49180 205.185.208.154 c6m7w2m9.ssl.hwcdn.net 443
192.168.56.101 49181 205.185.208.154 c6m7w2m9.ssl.hwcdn.net 443
192.168.56.101 49191 205.185.208.154 c6m7w2m9.ssl.hwcdn.net 443
192.168.56.101 49196 205.185.208.154 c6m7w2m9.ssl.hwcdn.net 443
192.168.56.101 49197 205.185.208.154 c6m7w2m9.ssl.hwcdn.net 443
192.168.56.101 49210 205.185.208.154 c6m7w2m9.ssl.hwcdn.net 443
192.168.56.101 49211 205.185.208.154 c6m7w2m9.ssl.hwcdn.net 443
192.168.56.101 49212 205.185.208.154 c6m7w2m9.ssl.hwcdn.net 443
192.168.56.101 49213 205.185.208.154 c6m7w2m9.ssl.hwcdn.net 443
192.168.56.101 49214 205.185.208.154 c6m7w2m9.ssl.hwcdn.net 443
192.168.56.101 49215 205.185.208.154 c6m7w2m9.ssl.hwcdn.net 443
192.168.56.101 49216 205.185.208.154 c6m7w2m9.ssl.hwcdn.net 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 49710 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 52124 114.114.114.114 53
192.168.56.101 53661 114.114.114.114 53
192.168.56.101 55169 114.114.114.114 53
192.168.56.101 56137 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 57069 114.114.114.114 53
192.168.56.101 57236 114.114.114.114 53
192.168.56.101 57739 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60221 114.114.114.114 53
192.168.56.101 60761 114.114.114.114 53
192.168.56.101 60911 114.114.114.114 53
192.168.56.101 61908 114.114.114.114 53
192.168.56.101 62502 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137

HTTP & HTTPS Requests

URI Data
http://fallback.playtech-installer.com/playtech_compressed_assets/poker_william_hill/templates/installer/william_hill_new.7ze 
GET /playtech_compressed_assets/poker_william_hill/templates/installer/william_hill_new.7ze HTTP/1.1
Accept: */*
User-Agent: Playtech WinClient Downloader/1.0
Host: fallback.playtech-installer.com
Connection: Keep-Alive
Cache-Control: no-cache
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab 
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Cache-Control: max-age = 3600
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 03 Mar 2021 06:32:16 GMT
If-None-Match: "0d8f4f3f6fd71:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.download.windowsupdate.com
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.usertrust.com
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.comodoca.com
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEHSfdSPcp6pyLdnEz5lZ6ec%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEHSfdSPcp6pyLdnEz5lZ6ec%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.sectigo.com
http://fallback.playtech-installer.com/playtech_compressed_assets/poker_william_hill/index.7ze 
GET /playtech_compressed_assets/poker_william_hill/index.7ze HTTP/1.1
Accept: */*
User-Agent: Playtech WinClient Downloader/1.0
Host: fallback.playtech-installer.com
Connection: Keep-Alive
Cache-Control: no-cache
http://fallback.playtech-installer.com/playtech_cabs/poker_william_hill/casino[en].cab?t=1620803723592 
GET /playtech_cabs/poker_william_hill/casino[en].cab?t=1620803723592 HTTP/1.1
Accept: */*
User-Agent: Playtech WinClient Downloader/1.0
Host: fallback.playtech-installer.com
Connection: Keep-Alive
Cache-Control: no-cache

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.