Malware analysis FanDuel CT Player Location Check.exe Malicious activity

Add for printing

File name:	FanDuel CT Player Location Check.exe
Full analysis:	https://app.any.run/tasks/f58f0696-adf3-442c-980b-2aa15db0a50b
Verdict:	Malicious activity
Analysis date:	February 21, 2024, 15:16:18
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386, for MS Windows
MD5:	95CD48619D0C022B68D74A541B9416C1
SHA1:	555BF9E14624F7BB8B8A06A0067BAFB8FD898DF2
SHA256:	D3AE92E9FF472BE443FA243FCC113F761E94A2B26173B4870314A6151CAE305C
SSDEEP:	98304:Rs0+7MMgCcW7YA7/5iCpKg/Xorvictlznl8/2Nh45K3ghZDPBFXnrUB01iB:IIB01G

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.110 (8.110)
Skype version 8.110 (8.110)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - FanDuel CT Player Location Check.exe (PID: 3672)
  - FanDuel CT Player Location Check.exe (PID: 2852)
SUSPICIOUS
- Application launched itself
  - FanDuel CT Player Location Check.exe (PID: 3672)
- Executes as Windows Service
  - service.exe (PID: 1824)
- Executable content was dropped or overwritten
  - FanDuel CT Player Location Check.exe (PID: 2852)
- Creates a software uninstall entry
  - FanDuel CT Player Location Check.exe (PID: 2852)
INFO
- Reads the computer name
  - FanDuel CT Player Location Check.exe (PID: 2852)
  - FanDuel CT Player Location Check.exe (PID: 3672)
  - wmpnscfg.exe (PID: 3956)
  - service.exe (PID: 1824)
- Checks supported languages
  - FanDuel CT Player Location Check.exe (PID: 3672)
  - wmpnscfg.exe (PID: 3956)
  - FanDuel CT Player Location Check.exe (PID: 2852)
  - service.exe (PID: 1824)
  - service.exe (PID: 1740)
- Reads the machine GUID from the registry
  - FanDuel CT Player Location Check.exe (PID: 2852)
  - service.exe (PID: 1824)
  - service.exe (PID: 1740)
- Manual execution by a user
  - wmpnscfg.exe (PID: 3956)
- Creates files in the program directory
  - service.exe (PID: 1824)
  - FanDuel CT Player Location Check.exe (PID: 2852)
- Create files in a temporary directory
  - FanDuel CT Player Location Check.exe (PID: 2852)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Win32 Executable (generic) (52.9)
.exe	\|	Generic Win/DOS Executable (23.5)
.exe	\|	DOS Executable Generic (23.5)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2021:07:15 12:35:01+00:00
ImageFileCharacteristics:	Executable, 32-bit
PEType:	PE32
LinkerVersion:	14.25
CodeSize:	2542080
InitializedDataSize:	1026560
UninitializedDataSize:	-
EntryPoint:	0x132913
OSVersion:	6
ImageVersion:	-
SubsystemVersion:	6
Subsystem:	Windows GUI
FileVersionNumber:	3.0.2.59
ProductVersionNumber:	3.0.2.8
FileFlagsMask:	0x003f
FileFlags:	(none)
FileOS:	Windows NT 32-bit
ObjectFileType:	Unknown
FileSubtype:	-
LanguageCode:	English (U.S.)
CharacterSet:	Unicode
CompanyName:	GeoComply
FileDescription:	Player Location Check
FileVersion:	3.1.1.3
InternalName:	Player Location Check
LegalCopyright:	Copyright © 2020 GeoComply USA, Inc. All rights reserved.
OriginalFileName:	Player Location Check.exe
ProductName:	Player Location Check
ProductVersion:	3.1.1.3
Website:	https://www.geocomply.com

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

1740

"C:\Program Files\GeoComply\PlayerLocationCheck\Application\service.exe" /version

C:\Program Files\GeoComply\PlayerLocationCheck\Application\service.exe

—

FanDuel CT Player Location Check.exe

User:

admin

Company:

GeoComply

Integrity Level:

HIGH

Description:

GeoComply GeoLocation Service

Exit code:

Version:

3.1.1.3

Modules

Images
c:\program files\geocomply\playerlocationcheck\application\service.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll

1824

"C:\Program Files\GeoComply\//PlayerLocationCheck///Application/service.exe"

C:\Program Files\GeoComply\PlayerLocationCheck\Application\service.exe

—

services.exe

User:

SYSTEM

Company:

GeoComply

Integrity Level:

SYSTEM

Description:

GeoComply GeoLocation Service

Exit code:

Version:

3.1.1.3

Modules

Images
c:\program files\geocomply\playerlocationcheck\application\service.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll

1860

schtasks.exe /Create /RU "NT AUTHORITY\SYSTEM" /SC HOURLY /MO 1 /TN "GeoComply Update Task" /TR "\"C:\Program Files\GeoComply\\PlayerLocationCheck\Update\GeoComplyUpdate.exe\" /config=C:\Program Files\GeoComply\\PlayerLocationCheck\Update\GeoComplyUpdate.xml "

C:\Windows\System32\schtasks.exe

—

FanDuel CT Player Location Check.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Manages scheduled tasks

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll

2852

"C:\Users\admin\AppData\Local\Temp\FanDuel CT Player Location Check.exe" /runasadmin

C:\Users\admin\AppData\Local\Temp\FanDuel CT Player Location Check.exe

FanDuel CT Player Location Check.exe

User:

admin

Company:

GeoComply

Integrity Level:

HIGH

Description:

Player Location Check

Exit code:

Version:

3.1.1.3

Modules

Images
c:\users\admin\appdata\local\temp\fanduel ct player location check.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\iphlpapi.dll

3068

schtasks.exe /Delete /TN "GeoComply Update Task" /F

C:\Windows\System32\schtasks.exe

—

FanDuel CT Player Location Check.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Manages scheduled tasks

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll

3672

"C:\Users\admin\AppData\Local\Temp\FanDuel CT Player Location Check.exe"

C:\Users\admin\AppData\Local\Temp\FanDuel CT Player Location Check.exe

—

explorer.exe

User:

admin

Company:

GeoComply

Integrity Level:

MEDIUM

Description:

Player Location Check

Exit code:

Version:

3.1.1.3

Modules

Images
c:\users\admin\appdata\local\temp\fanduel ct player location check.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\iphlpapi.dll

3956

"C:\Program Files\Windows Media Player\wmpnscfg.exe"

C:\Program Files\Windows Media Player\wmpnscfg.exe

—

explorer.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows Media Player Network Sharing Service Configuration Application

Exit code:

Version:

12.0.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

Add for printing

Total events

3 937

Read events

3 900

Write events

Delete events

Modification events


(PID) Process:	(1824) service.exe	Key:	HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\182\52C64B7E
Operation:	write	Name:	LanguageList
Value: en-US
(PID) Process:	(1740) service.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:	write	Name:	LanguageList
Value: en-US
(PID) Process:	(2852) FanDuel CT Player Location Check.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0753064-8D66-41A7-9F23-7691290387BF}
Operation:	write	Name:	DisplayName
Value: Player Location Check
(PID) Process:	(2852) FanDuel CT Player Location Check.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0753064-8D66-41A7-9F23-7691290387BF}
Operation:	write	Name:	DisplayIcon
Value: C:\Program Files\GeoComply\PlayerLocationCheck\uninstall\0423bc1a-fda0-4510-a8e6-19090c7da560.exe,0
(PID) Process:	(2852) FanDuel CT Player Location Check.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0753064-8D66-41A7-9F23-7691290387BF}
Operation:	write	Name:	DisplayVersion
Value: 3.1.1.3
(PID) Process:	(2852) FanDuel CT Player Location Check.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0753064-8D66-41A7-9F23-7691290387BF}
Operation:	write	Name:	InstallLocation
Value: C:\Program Files\GeoComply\
(PID) Process:	(2852) FanDuel CT Player Location Check.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0753064-8D66-41A7-9F23-7691290387BF}
Operation:	write	Name:	NoModify
Value: 1
(PID) Process:	(2852) FanDuel CT Player Location Check.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0753064-8D66-41A7-9F23-7691290387BF}
Operation:	write	Name:	NoRepair
Value: 1
(PID) Process:	(2852) FanDuel CT Player Location Check.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0753064-8D66-41A7-9F23-7691290387BF}
Operation:	write	Name:	Publisher
Value: GeoComply
(PID) Process:	(2852) FanDuel CT Player Location Check.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0753064-8D66-41A7-9F23-7691290387BF}
Operation:	write	Name:	UninstallString
Value: "C:\Program Files\GeoComply\PlayerLocationCheck\uninstall\0423bc1a-fda0-4510-a8e6-19090c7da560.exe" /uninstall

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
2852	FanDuel CT Player Location Check.exe	C:\Users\admin\AppData\Local\Temp\tmp2852baaaaa\PlayerLocationCheck\Update\GeoComplyUpdate.inf		text
		MD5:87BA84BA03ADAB051016FE1994183D90	SHA256:F2379D32E9D62B222C1C8AA95C01D429AD670AAFFEF58A8557D74C4EEB93F633
2852	FanDuel CT Player Location Check.exe	C:\Users\admin\AppData\Local\Temp\tmp2852baaaaa\PlayerLocationCheck\Update\GeoComplyUpdate.exe		executable
		MD5:34EDE8CC98C9CC1EB698C1E8418177FB	SHA256:96B6ACB66570EAE80670D7FC1A0C8BEA730DE30960170FF4C6BEF4EF1714C2CD
2852	FanDuel CT Player Location Check.exe	C:\Users\admin\AppData\Local\Temp\gc_plc_script.xml		text
		MD5:335477BB762C5D4A8186C916D6FD9CBD	SHA256:78C0CA3F3B714AF0899508C635CC96A6269079F8643A3EEFB5C1E8572B418CCB
2852	FanDuel CT Player Location Check.exe	C:\Users\admin\AppData\Local\Temp\tmp2852aaaaaa		compressed
		MD5:007D355477B7A9C5B82377A777AC67BE	SHA256:877676528AFB3CC5ACA5243B038D24BEC3FFE0BAE79A7E386541E71786B0DE11
2852	FanDuel CT Player Location Check.exe	C:\Users\admin\AppData\Local\Temp\tmp2852baaaaa\PlayerLocationCheck\Update\GeoComplyUpdateH.exe		executable
		MD5:0C2834FC49C398FF5E827AD172E6A339	SHA256:218C71F70FD9E5C706E2BC087A680791CC7037A858D02A393F991434945FE623
2852	FanDuel CT Player Location Check.exe	C:\Users\admin\AppData\Local\Temp\tmp2852baaaaa\PlayerLocationCheck\Application\service.exe		executable
		MD5:FD7A16949F3AB0CE655F98E9FA224D1F	SHA256:A5A0BEFE9FC49AD94077A12DDE77CB313FBDB0E0FD52B04AEF1D69A82C91B504
2852	FanDuel CT Player Location Check.exe	C:\Users\admin\AppData\Local\Temp\tmp2852baaaaa\PlayerLocationCheck\Plugin\3.1.1.3\gcapi\gc-sdk-clnt.dll		executable
		MD5:BA889BB6887B11D9F0D712419A9BCAC2	SHA256:67BF44717D800C54E1D0136DF7F4D6B6585A90CE6006C91047F37CA8291C522D
2852	FanDuel CT Player Location Check.exe	C:\Users\admin\AppData\Local\Temp\tmp2852baaaaa\PlayerLocationCheck\Update\GeoComplyUpdate.xml		text
		MD5:D15C114820E4646E16ABBD814BC5131E	SHA256:809C20F9E9C223FBDC6AE612FD05E480F2F72BE90D60AEC1CA76B7BF8FD65A49
2852	FanDuel CT Player Location Check.exe	C:\Users\admin\AppData\Local\Temp\tmp2852baaaaa\PlayerLocationCheck\Plugin\3.1.1.3\version.cfg		xml
		MD5:0B634E4DF98B44A373ADF5EDBB5FFCAC	SHA256:51E3986B2397DAB925571F28EBCB2BE1804F68E43C769FC867314D93615E622B
2852	FanDuel CT Player Location Check.exe	C:\Users\admin\AppData\Local\Temp\tmp2852baaaaa\PlayerLocationCheck\Plugin\3.1.1.3\wsapi\wsapi-plugin.dll		executable
		MD5:28FB091AB3E9B9E33AB21C8E7DA4CB5F	SHA256:879DF21B552B58B5A58BC9A7AAE20D088D267631449650494CB88AFF09D24F0C

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
2852	FanDuel CT Player Location Check.exe	GET	206	18.66.122.84:80	http://prod-downloads.geocomply.com/installer-packages/89AFE193-5BC0-4B1C-A4BC-CFB6F0E991EC/3.1.1.3/win/PROD-win-3.1.1.8-20221126-player-location-check-data.cab?Expires=1708530825&Signature=j7F9SPXdRlbbPcPWsT4lf-0Vi~~UilBZL6adSBqGwaur32NC-rq9U4s66d0jIi-5AQKBukSHFJEaGhBc9sV-v7Ozvz2H6jg48l9SJFL7KJQOCHDEFQjZykxRoxalSDGbBXNF4FkZepJrN2CtcfiIjmpVl4DHOdoIinewBdpyACEkK4Bnl5iPEJ1dtdn2qJDgFdSruRQDVKWcxDFu-lt0FJpVZj1kJtn0y-XRWKIOOQk~nQCt0JFBFw9L~g7qi09eHKi3DDQLSINuhpy-exExVqiAsUopZ29F~c19qoW6fKQZih~ejxRxteU3apyuAn~WFMQ6Zv4HrTavsCW7URP2rw__&Key-Pair-Id=APKAJAHZSWYHPOX2X2BQ	unknown	compressed	2.91 Mb	unknown
2852	FanDuel CT Player Location Check.exe	GET	206	18.66.122.49:80	http://prod-downloads.geocomply.com/installer-packages/89AFE193-5BC0-4B1C-A4BC-CFB6F0E991EC/3.1.1.3/win/PROD-win-3.1.1.8-20221126-player-location-check-data.cab?Expires=1708530825&Signature=j7F9SPXdRlbbPcPWsT4lf-0Vi~~UilBZL6adSBqGwaur32NC-rq9U4s66d0jIi-5AQKBukSHFJEaGhBc9sV-v7Ozvz2H6jg48l9SJFL7KJQOCHDEFQjZykxRoxalSDGbBXNF4FkZepJrN2CtcfiIjmpVl4DHOdoIinewBdpyACEkK4Bnl5iPEJ1dtdn2qJDgFdSruRQDVKWcxDFu-lt0FJpVZj1kJtn0y-XRWKIOOQk~nQCt0JFBFw9L~g7qi09eHKi3DDQLSINuhpy-exExVqiAsUopZ29F~c19qoW6fKQZih~ejxRxteU3apyuAn~WFMQ6Zv4HrTavsCW7URP2rw__&Key-Pair-Id=APKAJAHZSWYHPOX2X2BQ	unknown	binary	2.91 Mb	unknown
2852	FanDuel CT Player Location Check.exe	GET	206	18.66.122.29:80	http://prod-downloads.geocomply.com/installer-packages/89AFE193-5BC0-4B1C-A4BC-CFB6F0E991EC/3.1.1.3/win/PROD-win-3.1.1.8-20221126-player-location-check-data.cab?Expires=1708530825&Signature=j7F9SPXdRlbbPcPWsT4lf-0Vi~~UilBZL6adSBqGwaur32NC-rq9U4s66d0jIi-5AQKBukSHFJEaGhBc9sV-v7Ozvz2H6jg48l9SJFL7KJQOCHDEFQjZykxRoxalSDGbBXNF4FkZepJrN2CtcfiIjmpVl4DHOdoIinewBdpyACEkK4Bnl5iPEJ1dtdn2qJDgFdSruRQDVKWcxDFu-lt0FJpVZj1kJtn0y-XRWKIOOQk~nQCt0JFBFw9L~g7qi09eHKi3DDQLSINuhpy-exExVqiAsUopZ29F~c19qoW6fKQZih~ejxRxteU3apyuAn~WFMQ6Zv4HrTavsCW7URP2rw__&Key-Pair-Id=APKAJAHZSWYHPOX2X2BQ	unknown	binary	2.91 Mb	unknown
2852	FanDuel CT Player Location Check.exe	GET	206	18.66.122.41:80	http://prod-downloads.geocomply.com/installer-packages/89AFE193-5BC0-4B1C-A4BC-CFB6F0E991EC/3.1.1.3/win/PROD-win-3.1.1.8-20221126-player-location-check-data.cab?Expires=1708530825&Signature=j7F9SPXdRlbbPcPWsT4lf-0Vi~~UilBZL6adSBqGwaur32NC-rq9U4s66d0jIi-5AQKBukSHFJEaGhBc9sV-v7Ozvz2H6jg48l9SJFL7KJQOCHDEFQjZykxRoxalSDGbBXNF4FkZepJrN2CtcfiIjmpVl4DHOdoIinewBdpyACEkK4Bnl5iPEJ1dtdn2qJDgFdSruRQDVKWcxDFu-lt0FJpVZj1kJtn0y-XRWKIOOQk~nQCt0JFBFw9L~g7qi09eHKi3DDQLSINuhpy-exExVqiAsUopZ29F~c19qoW6fKQZih~ejxRxteU3apyuAn~WFMQ6Zv4HrTavsCW7URP2rw__&Key-Pair-Id=APKAJAHZSWYHPOX2X2BQ	unknown	binary	2.91 Mb	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:138	—	—	—	whitelisted
4	System	192.168.100.255:137	—	—	—	whitelisted
1080	svchost.exe	224.0.0.252:5355	—	—	—	unknown
2852	FanDuel CT Player Location Check.exe	52.2.40.53:443	logger.geocomply.net	AMAZON-AES	US	unknown
2852	FanDuel CT Player Location Check.exe	34.194.204.84:443	ums.geocomply.com	AMAZON-AES	US	unknown
2852	FanDuel CT Player Location Check.exe	18.66.122.29:80	prod-downloads.geocomply.com	AMAZON-02	US	unknown
2852	FanDuel CT Player Location Check.exe	18.66.122.49:80	prod-downloads.geocomply.com	AMAZON-02	US	unknown
2852	FanDuel CT Player Location Check.exe	18.66.122.41:80	prod-downloads.geocomply.com	AMAZON-02	US	unknown
2852	FanDuel CT Player Location Check.exe	18.66.122.84:80	prod-downloads.geocomply.com	AMAZON-02	US	unknown
2852	FanDuel CT Player Location Check.exe	52.2.188.128:443	logger.geocomply.net	AMAZON-AES	US	unknown

DNS requests

Domain	IP	Reputation
logger.geocomply.net	52.2.40.53 52.2.188.128	unknown
ums.geocomply.com	34.194.204.84	unknown
prod-downloads.geocomply.com	18.66.122.84 18.66.122.41 18.66.122.29 18.66.122.49	whitelisted

Threats

No threats detected

Add for printing

No debug info

General Info

FanDuel CT Player Location Check.exe

95CD48619D0C022B68D74A541B9416C1

555BF9E14624F7BB8B8A06A0067BAFB8FD898DF2

D3AE92E9FF472BE443FA243FCC113F761E94A2B26173B4870314A6151CAE305C

98304:Rs0+7MMgCcW7YA7/5iCpKg/Xorvictlznl8/2Nh45K3ghZDPBFXnrUB01iB:IIB01G

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

SUSPICIOUS

Application launched itself

Executes as Windows Service

Executable content was dropped or overwritten

Creates a software uninstall entry

INFO

Reads the computer name

Checks supported languages

Reads the machine GUID from the registry

Manual execution by a user

Creates files in the program directory

Create files in a temporary directory

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings