Malware analysis FanDuel CT Player Location Check.exe Malicious activity

Add for printing

File name:	FanDuel CT Player Location Check.exe
Full analysis:	https://app.any.run/tasks/f58f0696-adf3-442c-980b-2aa15db0a50b
Verdict:	Malicious activity
Analysis date:	February 21, 2024, 15:16:18
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386, for MS Windows
MD5:	95CD48619D0C022B68D74A541B9416C1
SHA1:	555BF9E14624F7BB8B8A06A0067BAFB8FD898DF2
SHA256:	D3AE92E9FF472BE443FA243FCC113F761E94A2B26173B4870314A6151CAE305C
SSDEEP:	98304:Rs0+7MMgCcW7YA7/5iCpKg/Xorvictlznl8/2Nh45K3ghZDPBFXnrUB01iB:IIB01G

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.110 (8.110)
Skype version 8.110 (8.110)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - FanDuel CT Player Location Check.exe (PID: 3672)
  - FanDuel CT Player Location Check.exe (PID: 2852)
SUSPICIOUS
- Application launched itself
  - FanDuel CT Player Location Check.exe (PID: 3672)
- Executes as Windows Service
  - service.exe (PID: 1824)
- Creates a software uninstall entry
  - FanDuel CT Player Location Check.exe (PID: 2852)
- Executable content was dropped or overwritten
  - FanDuel CT Player Location Check.exe (PID: 2852)
INFO
- Reads the computer name
  - FanDuel CT Player Location Check.exe (PID: 3672)
  - FanDuel CT Player Location Check.exe (PID: 2852)
  - wmpnscfg.exe (PID: 3956)
  - service.exe (PID: 1824)
- Reads the machine GUID from the registry
  - FanDuel CT Player Location Check.exe (PID: 2852)
  - service.exe (PID: 1740)
  - service.exe (PID: 1824)
- Checks supported languages
  - FanDuel CT Player Location Check.exe (PID: 3672)
  - FanDuel CT Player Location Check.exe (PID: 2852)
  - wmpnscfg.exe (PID: 3956)
  - service.exe (PID: 1824)
  - service.exe (PID: 1740)
- Manual execution by a user
  - wmpnscfg.exe (PID: 3956)
- Create files in a temporary directory
  - FanDuel CT Player Location Check.exe (PID: 2852)
- Creates files in the program directory
  - FanDuel CT Player Location Check.exe (PID: 2852)
  - service.exe (PID: 1824)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Win32 Executable (generic) (52.9)
.exe	\|	Generic Win/DOS Executable (23.5)
.exe	\|	DOS Executable Generic (23.5)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2021:07:15 12:35:01+00:00
ImageFileCharacteristics:	Executable, 32-bit
PEType:	PE32
LinkerVersion:	14.25
CodeSize:	2542080
InitializedDataSize:	1026560
UninitializedDataSize:	-
EntryPoint:	0x132913
OSVersion:	6
ImageVersion:	-
SubsystemVersion:	6
Subsystem:	Windows GUI
FileVersionNumber:	3.0.2.59
ProductVersionNumber:	3.0.2.8
FileFlagsMask:	0x003f
FileFlags:	(none)
FileOS:	Windows NT 32-bit
ObjectFileType:	Unknown
FileSubtype:	-
LanguageCode:	English (U.S.)
CharacterSet:	Unicode
CompanyName:	GeoComply
FileDescription:	Player Location Check
FileVersion:	3.1.1.3
InternalName:	Player Location Check
LegalCopyright:	Copyright © 2020 GeoComply USA, Inc. All rights reserved.
OriginalFileName:	Player Location Check.exe
ProductName:	Player Location Check
ProductVersion:	3.1.1.3
Website:	https://www.geocomply.com

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

1740

"C:\Program Files\GeoComply\PlayerLocationCheck\Application\service.exe" /version

C:\Program Files\GeoComply\PlayerLocationCheck\Application\service.exe

—

FanDuel CT Player Location Check.exe

User:

admin

Company:

GeoComply

Integrity Level:

HIGH

Description:

GeoComply GeoLocation Service

Exit code:

Version:

3.1.1.3

Modules

Images
c:\program files\geocomply\playerlocationcheck\application\service.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll

1824

"C:\Program Files\GeoComply\//PlayerLocationCheck///Application/service.exe"

C:\Program Files\GeoComply\PlayerLocationCheck\Application\service.exe

—

services.exe

User:

SYSTEM

Company:

GeoComply

Integrity Level:

SYSTEM

Description:

GeoComply GeoLocation Service

Exit code:

Version:

3.1.1.3

Modules

Images
c:\program files\geocomply\playerlocationcheck\application\service.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll

1860

schtasks.exe /Create /RU "NT AUTHORITY\SYSTEM" /SC HOURLY /MO 1 /TN "GeoComply Update Task" /TR "\"C:\Program Files\GeoComply\\PlayerLocationCheck\Update\GeoComplyUpdate.exe\" /config=C:\Program Files\GeoComply\\PlayerLocationCheck\Update\GeoComplyUpdate.xml "

C:\Windows\System32\schtasks.exe

—

FanDuel CT Player Location Check.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Manages scheduled tasks

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll

2852

"C:\Users\admin\AppData\Local\Temp\FanDuel CT Player Location Check.exe" /runasadmin

C:\Users\admin\AppData\Local\Temp\FanDuel CT Player Location Check.exe

FanDuel CT Player Location Check.exe

User:

admin

Company:

GeoComply

Integrity Level:

HIGH

Description:

Player Location Check

Exit code:

Version:

3.1.1.3

Modules

Images
c:\users\admin\appdata\local\temp\fanduel ct player location check.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\iphlpapi.dll

3068

schtasks.exe /Delete /TN "GeoComply Update Task" /F

C:\Windows\System32\schtasks.exe

—

FanDuel CT Player Location Check.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Manages scheduled tasks

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll

3672

"C:\Users\admin\AppData\Local\Temp\FanDuel CT Player Location Check.exe"

C:\Users\admin\AppData\Local\Temp\FanDuel CT Player Location Check.exe

—

explorer.exe

User:

admin

Company:

GeoComply

Integrity Level:

MEDIUM

Description:

Player Location Check

Exit code:

Version:

3.1.1.3

Modules

Images
c:\users\admin\appdata\local\temp\fanduel ct player location check.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\iphlpapi.dll

3956

"C:\Program Files\Windows Media Player\wmpnscfg.exe"

C:\Program Files\Windows Media Player\wmpnscfg.exe

—

explorer.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows Media Player Network Sharing Service Configuration Application

Exit code:

Version:

12.0.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

Add for printing

Total events

3 937

Read events

3 900

Write events

Delete events

Modification events


(PID) Process:	(1824) service.exe	Key:	HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\182\52C64B7E
Operation:	write	Name:	LanguageList
Value: en-US
(PID) Process:	(1740) service.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:	write	Name:	LanguageList
Value: en-US
(PID) Process:	(2852) FanDuel CT Player Location Check.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0753064-8D66-41A7-9F23-7691290387BF}
Operation:	write	Name:	DisplayName
Value: Player Location Check
(PID) Process:	(2852) FanDuel CT Player Location Check.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0753064-8D66-41A7-9F23-7691290387BF}
Operation:	write	Name:	DisplayIcon
Value: C:\Program Files\GeoComply\PlayerLocationCheck\uninstall\0423bc1a-fda0-4510-a8e6-19090c7da560.exe,0
(PID) Process:	(2852) FanDuel CT Player Location Check.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0753064-8D66-41A7-9F23-7691290387BF}
Operation:	write	Name:	DisplayVersion
Value: 3.1.1.3
(PID) Process:	(2852) FanDuel CT Player Location Check.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0753064-8D66-41A7-9F23-7691290387BF}
Operation:	write	Name:	InstallLocation
Value: C:\Program Files\GeoComply\
(PID) Process:	(2852) FanDuel CT Player Location Check.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0753064-8D66-41A7-9F23-7691290387BF}
Operation:	write	Name:	NoModify
Value: 1
(PID) Process:	(2852) FanDuel CT Player Location Check.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0753064-8D66-41A7-9F23-7691290387BF}
Operation:	write	Name:	NoRepair
Value: 1
(PID) Process:	(2852) FanDuel CT Player Location Check.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0753064-8D66-41A7-9F23-7691290387BF}
Operation:	write	Name:	Publisher
Value: GeoComply
(PID) Process:	(2852) FanDuel CT Player Location Check.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0753064-8D66-41A7-9F23-7691290387BF}
Operation:	write	Name:	UninstallString
Value: "C:\Program Files\GeoComply\PlayerLocationCheck\uninstall\0423bc1a-fda0-4510-a8e6-19090c7da560.exe" /uninstall

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
2852	FanDuel CT Player Location Check.exe	C:\Users\admin\AppData\Local\Temp\tmp2852baaaaa\PlayerLocationCheck\Update\GeoComplyUpdate.inf		text
		MD5:87BA84BA03ADAB051016FE1994183D90	SHA256:F2379D32E9D62B222C1C8AA95C01D429AD670AAFFEF58A8557D74C4EEB93F633
2852	FanDuel CT Player Location Check.exe	C:\Users\admin\AppData\Local\Temp\tmp2852baaaaa\PlayerLocationCheck\Plugin\plugin.cfg		xml
		MD5:F93AD8F53FD5C1ADFA86D0403FD8F4E4	SHA256:3C070919A9239A1AE1E9379ACBEEBA4A3DD80232B08FB065235695D985FA5C1F
2852	FanDuel CT Player Location Check.exe	C:\Users\admin\AppData\Local\Temp\gc_plc_script.xml		text
		MD5:335477BB762C5D4A8186C916D6FD9CBD	SHA256:78C0CA3F3B714AF0899508C635CC96A6269079F8643A3EEFB5C1E8572B418CCB
2852	FanDuel CT Player Location Check.exe	C:\Users\admin\AppData\Local\Temp\tmp2852baaaaa\PlayerLocationCheck\Update\upgrade.manifest.xml		text
		MD5:376594EFD4F67327C5BD5AED3520708C	SHA256:8CF82E4ED00183B3E8096C00DFEAAA632EEE8BAD6445CCF5519D87B5167EF911
2852	FanDuel CT Player Location Check.exe	C:\Users\admin\AppData\Local\Temp\tmp2852baaaaa\PlayerLocationCheck\Application\PlayerLocationCheckTask.cmd		text
		MD5:AD16BD03020B675244094EF769B5D318	SHA256:8846E1DA279248513A3B53A842731174858516AD62704B421EC72FF515B5208C
2852	FanDuel CT Player Location Check.exe	C:\Users\admin\AppData\Local\Temp\tmp2852baaaaa\PlayerLocationCheck\Application\service.xml		text
		MD5:1EDF8636789B5C0A50A90C8E2E15ECFF	SHA256:83FEE2B5DAAFF59DC757D771FFC042CB2527DEE4BEA9A690239C88861BE2DF46
2852	FanDuel CT Player Location Check.exe	C:\Program Files\GeoComply\PlayerLocationCheck\Application\service.xml		text
		MD5:1EDF8636789B5C0A50A90C8E2E15ECFF	SHA256:83FEE2B5DAAFF59DC757D771FFC042CB2527DEE4BEA9A690239C88861BE2DF46
2852	FanDuel CT Player Location Check.exe	C:\Users\admin\AppData\Local\Temp\tmp2852baaaaa\PlayerLocationCheck\Plugin\3.1.1.3\version.cfg		xml
		MD5:0B634E4DF98B44A373ADF5EDBB5FFCAC	SHA256:51E3986B2397DAB925571F28EBCB2BE1804F68E43C769FC867314D93615E622B
2852	FanDuel CT Player Location Check.exe	C:\Users\admin\AppData\Local\Temp\tmp2852baaaaa\PlayerLocationCheck\Plugin\3.1.1.3\gcapi\gc-sdk-clnt.dll		executable
		MD5:BA889BB6887B11D9F0D712419A9BCAC2	SHA256:67BF44717D800C54E1D0136DF7F4D6B6585A90CE6006C91047F37CA8291C522D
2852	FanDuel CT Player Location Check.exe	C:\Users\admin\AppData\Local\Temp\tmp2852aaaaaa		compressed
		MD5:007D355477B7A9C5B82377A777AC67BE	SHA256:877676528AFB3CC5ACA5243B038D24BEC3FFE0BAE79A7E386541E71786B0DE11

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
2852	FanDuel CT Player Location Check.exe	GET	206	18.66.122.84:80	http://prod-downloads.geocomply.com/installer-packages/89AFE193-5BC0-4B1C-A4BC-CFB6F0E991EC/3.1.1.3/win/PROD-win-3.1.1.8-20221126-player-location-check-data.cab?Expires=1708530825&Signature=j7F9SPXdRlbbPcPWsT4lf-0Vi~~UilBZL6adSBqGwaur32NC-rq9U4s66d0jIi-5AQKBukSHFJEaGhBc9sV-v7Ozvz2H6jg48l9SJFL7KJQOCHDEFQjZykxRoxalSDGbBXNF4FkZepJrN2CtcfiIjmpVl4DHOdoIinewBdpyACEkK4Bnl5iPEJ1dtdn2qJDgFdSruRQDVKWcxDFu-lt0FJpVZj1kJtn0y-XRWKIOOQk~nQCt0JFBFw9L~g7qi09eHKi3DDQLSINuhpy-exExVqiAsUopZ29F~c19qoW6fKQZih~ejxRxteU3apyuAn~WFMQ6Zv4HrTavsCW7URP2rw__&Key-Pair-Id=APKAJAHZSWYHPOX2X2BQ	unknown	compressed	2.91 Mb	unknown
2852	FanDuel CT Player Location Check.exe	GET	206	18.66.122.41:80	http://prod-downloads.geocomply.com/installer-packages/89AFE193-5BC0-4B1C-A4BC-CFB6F0E991EC/3.1.1.3/win/PROD-win-3.1.1.8-20221126-player-location-check-data.cab?Expires=1708530825&Signature=j7F9SPXdRlbbPcPWsT4lf-0Vi~~UilBZL6adSBqGwaur32NC-rq9U4s66d0jIi-5AQKBukSHFJEaGhBc9sV-v7Ozvz2H6jg48l9SJFL7KJQOCHDEFQjZykxRoxalSDGbBXNF4FkZepJrN2CtcfiIjmpVl4DHOdoIinewBdpyACEkK4Bnl5iPEJ1dtdn2qJDgFdSruRQDVKWcxDFu-lt0FJpVZj1kJtn0y-XRWKIOOQk~nQCt0JFBFw9L~g7qi09eHKi3DDQLSINuhpy-exExVqiAsUopZ29F~c19qoW6fKQZih~ejxRxteU3apyuAn~WFMQ6Zv4HrTavsCW7URP2rw__&Key-Pair-Id=APKAJAHZSWYHPOX2X2BQ	unknown	binary	2.91 Mb	unknown
2852	FanDuel CT Player Location Check.exe	GET	206	18.66.122.49:80	http://prod-downloads.geocomply.com/installer-packages/89AFE193-5BC0-4B1C-A4BC-CFB6F0E991EC/3.1.1.3/win/PROD-win-3.1.1.8-20221126-player-location-check-data.cab?Expires=1708530825&Signature=j7F9SPXdRlbbPcPWsT4lf-0Vi~~UilBZL6adSBqGwaur32NC-rq9U4s66d0jIi-5AQKBukSHFJEaGhBc9sV-v7Ozvz2H6jg48l9SJFL7KJQOCHDEFQjZykxRoxalSDGbBXNF4FkZepJrN2CtcfiIjmpVl4DHOdoIinewBdpyACEkK4Bnl5iPEJ1dtdn2qJDgFdSruRQDVKWcxDFu-lt0FJpVZj1kJtn0y-XRWKIOOQk~nQCt0JFBFw9L~g7qi09eHKi3DDQLSINuhpy-exExVqiAsUopZ29F~c19qoW6fKQZih~ejxRxteU3apyuAn~WFMQ6Zv4HrTavsCW7URP2rw__&Key-Pair-Id=APKAJAHZSWYHPOX2X2BQ	unknown	binary	2.91 Mb	unknown
2852	FanDuel CT Player Location Check.exe	GET	206	18.66.122.29:80	http://prod-downloads.geocomply.com/installer-packages/89AFE193-5BC0-4B1C-A4BC-CFB6F0E991EC/3.1.1.3/win/PROD-win-3.1.1.8-20221126-player-location-check-data.cab?Expires=1708530825&Signature=j7F9SPXdRlbbPcPWsT4lf-0Vi~~UilBZL6adSBqGwaur32NC-rq9U4s66d0jIi-5AQKBukSHFJEaGhBc9sV-v7Ozvz2H6jg48l9SJFL7KJQOCHDEFQjZykxRoxalSDGbBXNF4FkZepJrN2CtcfiIjmpVl4DHOdoIinewBdpyACEkK4Bnl5iPEJ1dtdn2qJDgFdSruRQDVKWcxDFu-lt0FJpVZj1kJtn0y-XRWKIOOQk~nQCt0JFBFw9L~g7qi09eHKi3DDQLSINuhpy-exExVqiAsUopZ29F~c19qoW6fKQZih~ejxRxteU3apyuAn~WFMQ6Zv4HrTavsCW7URP2rw__&Key-Pair-Id=APKAJAHZSWYHPOX2X2BQ	unknown	binary	2.91 Mb	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:138	—	—	—	whitelisted
4	System	192.168.100.255:137	—	—	—	whitelisted
1080	svchost.exe	224.0.0.252:5355	—	—	—	unknown
2852	FanDuel CT Player Location Check.exe	52.2.40.53:443	logger.geocomply.net	AMAZON-AES	US	unknown
2852	FanDuel CT Player Location Check.exe	34.194.204.84:443	ums.geocomply.com	AMAZON-AES	US	unknown
2852	FanDuel CT Player Location Check.exe	18.66.122.29:80	prod-downloads.geocomply.com	AMAZON-02	US	unknown
2852	FanDuel CT Player Location Check.exe	18.66.122.49:80	prod-downloads.geocomply.com	AMAZON-02	US	unknown
2852	FanDuel CT Player Location Check.exe	18.66.122.41:80	prod-downloads.geocomply.com	AMAZON-02	US	unknown
2852	FanDuel CT Player Location Check.exe	18.66.122.84:80	prod-downloads.geocomply.com	AMAZON-02	US	unknown
2852	FanDuel CT Player Location Check.exe	52.2.188.128:443	logger.geocomply.net	AMAZON-AES	US	unknown

DNS requests

Domain	IP	Reputation
logger.geocomply.net	52.2.40.53 52.2.188.128	unknown
ums.geocomply.com	34.194.204.84	unknown
prod-downloads.geocomply.com	18.66.122.84 18.66.122.41 18.66.122.29 18.66.122.49	whitelisted

Threats

No threats detected

Add for printing

No debug info

General Info

FanDuel CT Player Location Check.exe

95CD48619D0C022B68D74A541B9416C1

555BF9E14624F7BB8B8A06A0067BAFB8FD898DF2

D3AE92E9FF472BE443FA243FCC113F761E94A2B26173B4870314A6151CAE305C

98304:Rs0+7MMgCcW7YA7/5iCpKg/Xorvictlznl8/2Nh45K3ghZDPBFXnrUB01iB:IIB01G

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

SUSPICIOUS

Application launched itself

Executes as Windows Service

Creates a software uninstall entry

Executable content was dropped or overwritten

INFO

Reads the computer name

Reads the machine GUID from the registry

Checks supported languages

Manual execution by a user

Create files in a temporary directory

Creates files in the program directory

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings